Example 81 with Connection
use of org.forgerock.opendj.ldap.Connection in project OpenAM by OpenRock.
the class DataLayer method search.
/**
* Performs synchronous search based on specified ldap filter. This is low
* level API which assumes caller knows how to construct a data store filer.
*
* @param principal Authenticated Principal.
* @param guid Unique identifier for the entry.
* @param scope Scope can be either <code>SCOPE_ONE</code>,
* <code>SCOPE_SUB</code> or <code>SCOPE_BASE</code>.
* @param searchFilter Search filter for this search.
* @param attrNames Attribute name for retrieving.
* @param attrOnly if true, returns the names but not the values of the
* attributes found.
* @param searchControl Search Control.
* @exception UMSException if failure.
* @exception InvalidSearchFilterException if failure
*
* @supported.api
*/
public SearchResults search(java.security.Principal principal, Guid guid, int scope, String searchFilter, String[] attrNames, boolean attrOnly, SearchControl searchControl) throws UMSException {
String id = guid.getDn();
// always add "objectclass" to attributes to get, to find the right java
// class
String[] attrNames1 = null;
if (attrNames != null) {
attrNames1 = new String[attrNames.length + 1];
System.arraycopy(attrNames, 0, attrNames1, 0, attrNames.length);
attrNames1[attrNames1.length - 1] = "objectclass";
} else {
attrNames1 = new String[] { "objectclass" };
}
ConnectionEntryReader ldapResults = null;
// if searchFilter is null, search for everything under the base
if (searchFilter == null) {
searchFilter = "(objectclass=*)";
}
ResultCode errorCode;
try {
Connection conn = getConnection(principal);
List<Control> controls = getSearchControls(searchControl);
// assume replica case when replicaRetryNum is not 0
if (replicaRetryNum != 0) {
readLDAPEntry(conn, id, null);
}
SearchRequest request = null;
int retry = 0;
while (retry <= connNumRetry) {
if (debug.messageEnabled()) {
debug.message("DataLayer.search retry: " + retry);
}
if (searchControl != null && searchControl.isGetAllReturnAttributesEnabled()) {
/*
* The array {"*"} is used, because LDAPv3 defines
* "*" as a special string indicating all
* attributes. This gets all the attributes.
*/
attrNames1 = new String[] { "*" };
}
request = LDAPRequests.newSearchRequest(id, SearchScope.valueOf(scope), searchFilter, attrNames1);
break;
}
for (Control control : controls) {
request.addControl(control);
}
ldapResults = conn.search(request);
// TODO: need review and see if conn is recorded properly for
// subsequent use
//
SearchResults result = new SearchResults(conn, ldapResults, conn, this);
result.set(SearchResults.BASE_ID, id);
result.set(SearchResults.SEARCH_FILTER, searchFilter);
result.set(SearchResults.SEARCH_SCOPE, scope);
if ((searchControl != null) && (searchControl.contains(SearchControl.KeyVlvRange) || searchControl.contains(SearchControl.KeyVlvJumpTo))) {
result.set(SearchResults.EXPECT_VLV_RESPONSE, Boolean.TRUE);
}
if (searchControl != null && searchControl.contains(SearchControl.KeySortKeys)) {
SortKey[] sortKeys = searchControl.getSortKeys();
if (sortKeys != null && sortKeys.length > 0) {
result.set(SearchResults.SORT_KEYS, sortKeys);
}
}
return result;
} catch (LdapException e) {
errorCode = e.getResult().getResultCode();
if (debug.warningEnabled()) {
debug.warning("Exception in DataLayer.search: ", e);
}
String msg = i18n.getString(IUMSConstants.SEARCH_FAILED);
if (ResultCode.TIME_LIMIT_EXCEEDED.equals(errorCode)) {
int timeLimit = searchControl != null ? searchControl.getTimeOut() : 0;
throw new TimeLimitExceededException(String.valueOf(timeLimit), e);
} else if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(errorCode)) {
int sizeLimit = searchControl != null ? searchControl.getMaxResults() : 0;
throw new SizeLimitExceededException(String.valueOf(sizeLimit), e);
} else if (ResultCode.CLIENT_SIDE_PARAM_ERROR.equals(errorCode) || ResultCode.PROTOCOL_ERROR.equals(errorCode)) {
throw new InvalidSearchFilterException(searchFilter, e);
} else {
throw new UMSException(msg, e);
}
}
}
Also used :
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
VirtualListViewRequestControl(org.forgerock.opendj.ldap.controls.VirtualListViewRequestControl)
ServerSideSortRequestControl(org.forgerock.opendj.ldap.controls.ServerSideSortRequestControl)
ProxiedAuthV1RequestControl(org.forgerock.opendj.ldap.controls.ProxiedAuthV1RequestControl)
Control(org.forgerock.opendj.ldap.controls.Control)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 82 with Connection
use of org.forgerock.opendj.ldap.Connection in project OpenAM by OpenRock.
the class DataLayer method addEntry.
/**
* Adds entry to the server.
*
* @param principal Authenticated Principal.
* @param guid Distinguished name.
* @param attrSet attribute set containing name/value pairs.
* @exception AccessRightsException if insufficient access>
* @exception EntryAlreadyExistsException if the entry already exists.
* @exception UMSException if fail to add entry.
*
* @supported.api
*/
public void addEntry(java.security.Principal principal, Guid guid, AttrSet attrSet) throws UMSException {
String id = guid.getDn();
ResultCode errorCode;
try {
AddRequest request = LDAPRequests.newAddRequest(id);
for (Attribute attribute : attrSet.toLDAPAttributeSet()) {
request.addAttribute(attribute);
}
int retry = 0;
while (retry <= connNumRetry) {
if (debug.messageEnabled()) {
debug.message("DataLayer.addEntry retry: " + retry);
}
try (Connection conn = getConnection(principal)) {
conn.add(request);
return;
} catch (LdapException e) {
errorCode = e.getResult().getResultCode();
if (!retryErrorCodes.contains(errorCode) || retry == connNumRetry) {
throw e;
}
retry++;
try {
Thread.sleep(connRetryInterval);
} catch (InterruptedException ex) {
}
}
}
} catch (LdapException e) {
if (debug.warningEnabled()) {
debug.warning("Exception in DataLayer.addEntry for DN: " + id, e);
}
errorCode = e.getResult().getResultCode();
String[] args = { id };
if (ResultCode.ENTRY_ALREADY_EXISTS.equals(errorCode)) {
throw new EntryAlreadyExistsException(i18n.getString(IUMSConstants.ENTRY_ALREADY_EXISTS, args), e);
} else if (ResultCode.INSUFFICIENT_ACCESS_RIGHTS.equals(errorCode)) {
throw new AccessRightsException(i18n.getString(IUMSConstants.INSUFFICIENT_ACCESS_ADD, args), e);
} else {
throw new UMSException(i18n.getString(IUMSConstants.UNABLE_TO_ADD_ENTRY, args), e);
}
}
}
Also used :
AddRequest(org.forgerock.opendj.ldap.requests.AddRequest)
Attribute(org.forgerock.opendj.ldap.Attribute)
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 83 with Connection
use of org.forgerock.opendj.ldap.Connection in project OpenAM by OpenRock.
the class DataLayer method getConnection.
/**
* Get connection from pool. Reauthenticate if necessary
*
* @return connection that is available to use.
*
* @supported.api
*/
public Connection getConnection(java.security.Principal principal) throws LdapException {
if (_ldapPool == null)
return null;
if (debug.messageEnabled()) {
debug.message("Invoking _ldapPool.getConnection()");
}
// proxy as given principal
ProxiedAuthV1RequestControl.newControl(principal.getName());
Connection conn = _ldapPool.getConnection();
if (debug.messageEnabled()) {
debug.message("Got Connection : " + conn);
}
return conn;
}
Also used :
Connection(org.forgerock.opendj.ldap.Connection)
Example 84 with Connection
use of org.forgerock.opendj.ldap.Connection in project OpenAM by OpenRock.
the class DataLayer method deleteEntry.
/**
* Delete entry from the server
*
* @param guid
* globally unique identifier for the entry
* @exception AccessRightsException
* insufficient access
* @exception EntryNotFoundException
* if the entry is not found
* @exception UMSException
* Fail to delete the entry
*
* @supported.api
*/
public void deleteEntry(java.security.Principal principal, Guid guid) throws UMSException {
if (guid == null) {
String msg = i18n.getString(IUMSConstants.BAD_ID);
throw new IllegalArgumentException(msg);
}
String id = guid.getDn();
ResultCode errorCode;
try {
DeleteRequest request = LDAPRequests.newDeleteRequest(id);
int retry = 0;
while (retry <= connNumRetry) {
if (debug.messageEnabled()) {
debug.message("DataLayer.deleteEntry retry: " + retry);
}
try (Connection conn = getConnection(principal)) {
conn.delete(request);
return;
} catch (LdapException e) {
if (!retryErrorCodes.contains(e.getResult().getResultCode()) || retry == connNumRetry) {
throw e;
}
retry++;
try {
Thread.sleep(connRetryInterval);
} catch (InterruptedException ex) {
}
}
}
} catch (LdapException e) {
debug.error("Exception in DataLayer.deleteEntry for DN: " + id, e);
errorCode = e.getResult().getResultCode();
String[] args = { id };
if (ResultCode.NO_SUCH_OBJECT.equals(errorCode)) {
throw new EntryNotFoundException(i18n.getString(IUMSConstants.ENTRY_NOT_FOUND, args), e);
} else if (ResultCode.INSUFFICIENT_ACCESS_RIGHTS.equals(errorCode)) {
throw new AccessRightsException(i18n.getString(IUMSConstants.INSUFFICIENT_ACCESS_DELETE, args), e);
} else {
throw new UMSException(i18n.getString(IUMSConstants.UNABLE_TO_DELETE_ENTRY, args), e);
}
}
}
Also used :
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
DeleteRequest(org.forgerock.opendj.ldap.requests.DeleteRequest)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 85 with Connection
use of org.forgerock.opendj.ldap.Connection in project ddf by codice.
the class LdapClaimsHandler method retrieveClaimValues.
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
Principal principal = parameters.getPrincipal();
String user = AttributeMapLoader.getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return new ProcessedClaimCollection();
}
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
Connection connection = null;
try {
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", this.getObjectClass())).and(new EqualsFilter(this.getUserNameAttribute(), user));
List<String> searchAttributeList = new ArrayList<String>();
for (Claim claim : claims) {
if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
searchAttributeList.add(getClaimsLdapAttributeMapping().get(claim.getClaimType().toString()));
} else {
LOGGER.debug("Unsupported claim: {}", claim.getClaimType());
}
}
String[] searchAttributes = null;
searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
connection = connectionFactory.getConnection();
if (connection != null) {
BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
BindResult bindResult = connection.bind(request);
if (bindResult.isSuccess()) {
String baseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDN(), overrideCertDn);
LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", baseDN, filter.toString());
ConnectionEntryReader entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), searchAttributes);
SearchResultEntry entry;
while (entryReader.hasNext()) {
entry = entryReader.readEntry();
for (Claim claim : claims) {
URI claimType = claim.getClaimType();
String ldapAttribute = getClaimsLdapAttributeMapping().get(claimType.toString());
Attribute attr = entry.getAttribute(ldapAttribute);
if (attr == null) {
LOGGER.trace("Claim '{}' is null", claim.getClaimType());
} else {
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(claimType);
c.setPrincipal(principal);
for (ByteString value : attr) {
String itemValue = value.toString();
if (this.isX500FilterEnabled()) {
try {
X500Principal x500p = new X500Principal(itemValue);
itemValue = x500p.getName();
int index = itemValue.indexOf('=');
itemValue = itemValue.substring(index + 1, itemValue.indexOf(',', index));
} catch (Exception ex) {
// Ignore, not X500 compliant thus use the whole
// string as the value
LOGGER.debug("Not X500 compliant", ex);
}
}
c.addValue(itemValue);
}
claimsColl.add(c);
}
}
}
} else {
LOGGER.info("LDAP Connection failed.");
}
}
} catch (LdapException e) {
LOGGER.info("Cannot connect to server, therefore unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
LOGGER.debug("Cannot connect to server, therefore unable to set user attributes.", e);
} catch (SearchResultReferenceIOException e) {
LOGGER.info("Unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
LOGGER.debug("Unable to set user attributes.", e);
} finally {
if (connection != null) {
connection.close();
}
}
return claimsColl;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
Connection(org.forgerock.opendj.ldap.Connection)
ArrayList(java.util.ArrayList)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
ByteString(org.forgerock.opendj.ldap.ByteString)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
URI(java.net.URI)
LdapException(org.forgerock.opendj.ldap.LdapException)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
AndFilter(org.springframework.ldap.filter.AndFilter)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
X500Principal(javax.security.auth.x500.X500Principal)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
LdapException(org.forgerock.opendj.ldap.LdapException)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Aggregations
Connection (org.forgerock.opendj.ldap.Connection)88
LdapException (org.forgerock.opendj.ldap.LdapException)70
ByteString (org.forgerock.opendj.ldap.ByteString)45
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)42
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)35
ResultCode (org.forgerock.opendj.ldap.ResultCode)29
Attribute (org.forgerock.opendj.ldap.Attribute)25
HashSet (java.util.HashSet)23
SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)20
SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)17
IOException (java.io.IOException)16
SSOException (com.iplanet.sso.SSOException)15
PolicyException (com.sun.identity.policy.PolicyException)14
SMSException (com.sun.identity.sm.SMSException)13
ModifyRequest (org.forgerock.opendj.ldap.requests.ModifyRequest)12
LinkedAttribute (org.forgerock.opendj.ldap.LinkedAttribute)11
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)10
InvalidNameException (com.sun.identity.policy.InvalidNameException)10
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)10
LinkedHashSet (java.util.LinkedHashSet)10
