Search in sources :

Example 36 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class LDAPGroups method isMemberOfGroup.

/**
     * Find out if a user belongs to a particular group
     * @param groupName the ldap DN of the group
     * @param userDN the ldap DN of the user
     * @return <code>true</code> if the user is member of the group;
     * <code>false</code> otherwise.
     */
private boolean isMemberOfGroup(String groupName, DN userDN, String userRDN, SSOToken token) throws SSOException, PolicyException {
    if (debug.messageEnabled()) {
        debug.message("LDAPGroups.isMemberOfGroup():" + " entering with groupName = " + groupName + ",userDN = " + userDN);
    }
    if ((groupName == null) || (groupName.length() == 0) || (userDN == null)) {
        return false;
    }
    String tokenID = token.getTokenID().toString();
    boolean groupMatch = false;
    SearchResultEntry entry;
    try (Connection conn = connPool.getConnection()) {
        entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(groupName));
    } catch (Exception e) {
        debug.warning("LDAPGroups: invalid group name {} specified in the policy definition.", groupName);
        return false;
    }
    debug.message("LDAPGroups.isMemberOfGroup(): get {} group attribute", STATIC_GROUP_MEMBER_ATTR);
    Attribute attribute = entry.getAttribute(STATIC_GROUP_MEMBER_ATTR);
    if (attribute != null) {
        for (ByteString memberDNStr : attribute) {
            debug.message("LDAPGroups.isMemberOfGroup(): memberDNStr = ", memberDNStr);
            DN memberDN = DN.valueOf(memberDNStr.toString());
            if (userDN.equals(memberDN)) {
                groupMatch = true;
                break;
            }
        }
    }
    if (!groupMatch) {
        debug.message("LDAPGroups.isMemberOfGroup(): get {} group attribute", STATIC_GROUP_MEMBER_ALT_ATTR);
        attribute = entry.getAttribute(STATIC_GROUP_MEMBER_ALT_ATTR);
        if (attribute != null) {
            for (ByteString memberDNStr : attribute) {
                debug.message("LDAPGroups.isMemberOfGroup(): memberDNStr = ", memberDNStr);
                DN memberDN = DN.valueOf(memberDNStr.toString());
                if (userDN.equals(memberDN)) {
                    groupMatch = true;
                    break;
                }
            }
        }
    }
    if (!groupMatch) {
        attribute = entry.getAttribute(DYNAMIC_GROUP_MEMBER_URL);
        if (attribute != null) {
            for (ByteString memberUrl : attribute) {
                try {
                    LDAPUrl ldapUrl = LDAPUrl.valueOf(memberUrl.toString());
                    Set members = findDynamicGroupMembersByUrl(ldapUrl, userRDN);
                    Iterator iter = members.iterator();
                    while (iter.hasNext()) {
                        String memberDNStr = (String) iter.next();
                        DN memberDN = DN.valueOf(memberDNStr);
                        if (userDN.equals(memberDN)) {
                            groupMatch = true;
                            break;
                        }
                    }
                } catch (LocalizedIllegalArgumentException e) {
                    throw new PolicyException(e);
                }
            }
        }
    }
    debug.message("LDAPGroups.isMemberOfGroup():adding entry {} {} {} {} in subject evaluation cache.", tokenID, ldapServer, groupName, groupMatch);
    SubjectEvaluationCache.addEntry(tokenID, ldapServer, groupName, groupMatch);
    return groupMatch;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ByteString(org.forgerock.opendj.ldap.ByteString) LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException) LDAPUrl(org.forgerock.opendj.ldap.LDAPUrl) PolicyException(com.sun.identity.policy.PolicyException) Iterator(java.util.Iterator) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 37 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class EmbeddedOpenDS method delOpenDSServer.

/**
     * Removes host:port from OpenDJ replication
     */
public static void delOpenDSServer(Connection lc, String delServer) {
    String replServerDN = "cn=" + delServer + ",cn=Servers,cn=admin data";
    final String[] attrs = { "ds-cfg-key-id" };
    Debug debug = Debug.getInstance(SetupConstants.DEBUG_NAME);
    if (lc == null) {
        debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not connect to local OpenDJ instance." + replServerDN);
        return;
    }
    String trustKey = null;
    try {
        SearchResultEntry le = lc.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(replServerDN, attrs));
        if (le != null) {
            Attribute la = le.getAttribute(attrs[0]);
            if (la != null) {
                trustKey = la.firstValueAsString();
            }
            String keyDN = "ds-cfg-key-id=" + trustKey + ",cn=instance keys,cn=admin data";
            lc.delete(LDAPRequests.newDeleteRequest(keyDN));
        } else {
            debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not find trustkey for:" + replServerDN);
        }
    } catch (Exception ex) {
        debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting replication key:", ex);
    }
    try {
        lc.delete(LDAPRequests.newDeleteRequest(replServerDN));
    } catch (Exception ex) {
        debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting deleting server entry:" + replServerDN, ex);
    }
    try {
        ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(replDN).addModification(new Modification(ModificationType.DELETE, Attributes.singletonAttribute("uniqueMember", "cn=" + delServer)));
        lc.modify(modifyRequest);
    } catch (Exception ex) {
        debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting removing :" + replDN, ex);
    }
}
Also used : Modification(org.forgerock.opendj.ldap.Modification) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) ModifyRequest(org.forgerock.opendj.ldap.requests.ModifyRequest) Debug(com.sun.identity.shared.debug.Debug) FileNotFoundException(java.io.FileNotFoundException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) LdapException(org.forgerock.opendj.ldap.LdapException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 38 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class EmbeddedOpenDS method getServerSet.

/**
     * Gets list of replicated servers from local OpenDJ directory.
     */
public static Set getServerSet(Connection lc) {
    final String[] attrs = { "uniqueMember" };
    Debug debug = Debug.getInstance(SetupConstants.DEBUG_NAME);
    try {
        if (lc != null) {
            SearchResultEntry le = lc.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(replDN, attrs));
            if (le != null) {
                Set hostSet = new HashSet();
                Attribute la = le.getAttribute(attrs[0]);
                if (la != null) {
                    for (ByteString value : la) {
                        hostSet.add(value.toString().substring(3, value.length()));
                    }
                }
                return hostSet;
            } else {
                debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not find trustkey for:" + replDN);
            }
        } else {
            debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not connect to local opends instance.");
        }
    } catch (Exception ex) {
        debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting replication key:", ex);
    }
    return null;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) ByteString(org.forgerock.opendj.ldap.ByteString) Debug(com.sun.identity.shared.debug.Debug) FileNotFoundException(java.io.FileNotFoundException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) LdapException(org.forgerock.opendj.ldap.LdapException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) HashSet(java.util.HashSet)

Example 39 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class LdapTokenAttributeConversion method stripObjectClass.

/**
     * Only strips out the ObjectClass if it is present.
     *
     * @param entry Non null Entry to process.
     *
     * @return The Entry reference passed in.
     */
public static Entry stripObjectClass(Entry entry) {
    Attribute attribute = entry.getAttribute(CoreTokenConstants.OBJECT_CLASS);
    if (attribute != null) {
        AttributeDescription description = attribute.getAttributeDescription();
        entry.removeAttribute(description);
    }
    return entry;
}
Also used : Attribute(org.forgerock.opendj.ldap.Attribute) AttributeDescription(org.forgerock.opendj.ldap.AttributeDescription)

Example 40 with Attribute

use of org.forgerock.opendj.ldap.Attribute in project OpenAM by OpenRock.

the class LdapTokenAttributeConversion method mapFromEntry.

/**
     * Convert an Entry into a more convenient Mapping of CoreTokenField to Object.
     *
     * This function is important because no every operation with LDAP needs to return a
     * fully initialised Token. Instead users may be interested in only certain
     * attributes of the Token, and choose to query just those as a performance enhancement.
     *
     * @param entry Non null entry to convert.
     *
     * @return A mapping of zero or more CoreTokenFields to Objects.
     */
public Map<CoreTokenField, Object> mapFromEntry(Entry entry) {
    stripObjectClass(entry);
    Map<CoreTokenField, Object> r = new LinkedHashMap<>();
    for (Attribute a : entry.getAllAttributes()) {
        AttributeDescription description = a.getAttributeDescription();
        CoreTokenField field = CoreTokenField.fromLDAPAttribute(description.toString());
        // Special case for Token Type
        if (CoreTokenField.TOKEN_TYPE.equals(field)) {
            String value = entry.parseAttribute(description).asString();
            r.put(field, TokenType.valueOf(value));
            continue;
        }
        if (CoreTokenFieldTypes.isCalendar(field)) {
            String dateString = entry.parseAttribute(description).asString();
            Calendar calendar = conversion.fromLDAPDate(dateString);
            r.put(field, calendar);
        } else if (CoreTokenFieldTypes.isString(field)) {
            String value = entry.parseAttribute(description).asString();
            if (EMPTY.equals(value)) {
                value = "";
            }
            r.put(field, value);
        } else if (CoreTokenFieldTypes.isInteger(field)) {
            Integer value = entry.parseAttribute(description).asInteger();
            r.put(field, value);
        } else if (CoreTokenFieldTypes.isByteArray(field)) {
            byte[] data = entry.parseAttribute(description).asByteString().toByteArray();
            r.put(field, data);
        } else {
            throw new IllegalStateException();
        }
    }
    return r;
}
Also used : Attribute(org.forgerock.opendj.ldap.Attribute) Calendar(java.util.Calendar) CoreTokenField(org.forgerock.openam.tokens.CoreTokenField) LinkedHashMap(java.util.LinkedHashMap) AttributeDescription(org.forgerock.opendj.ldap.AttributeDescription)

Aggregations

Attribute (org.forgerock.opendj.ldap.Attribute)48 ByteString (org.forgerock.opendj.ldap.ByteString)35 LdapException (org.forgerock.opendj.ldap.LdapException)30 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)28 Connection (org.forgerock.opendj.ldap.Connection)25 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)16 HashSet (java.util.HashSet)14 IOException (java.io.IOException)13 LinkedAttribute (org.forgerock.opendj.ldap.LinkedAttribute)11 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)10 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)9 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)8 FileNotFoundException (java.io.FileNotFoundException)6 ArrayList (java.util.ArrayList)6 LinkedHashSet (java.util.LinkedHashSet)6 Set (java.util.Set)6 Modification (org.forgerock.opendj.ldap.Modification)6 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 HashMap (java.util.HashMap)5 ModifyRequest (org.forgerock.opendj.ldap.requests.ModifyRequest)5