Examples with LDAPUrl org.forgerock.opendj.ldap.LDAPUrl used on opensource projects

Example 1 with LDAPUrl

use of org.forgerock.opendj.ldap.LDAPUrl in project OpenAM by OpenRock.

the class AMObjectImpl method replaceAciMacros.

protected String replaceAciMacros(String aci, String roleDN, String orgDN, String groupDN, String pcDN) {
    String result;
    result = replaceAciMacro(aci, "ROLENAME", roleDN);
    result = replaceAciMacro(result, "ORGANIZATION", orgDN);
    result = replaceAciMacro(result, "GROUPNAME", groupDN);
    result = replaceAciMacro(result, "PCNAME", pcDN);
    String filter = null;
    String adgFilter = "(memberof=*" + entryDN + ")";
    String sgFilter = "(iplanet-am-static-group-dn=*" + entryDN + ")";
    if (profileType == DYNAMIC_GROUP) {
        Set attr = (Set) stringValueModMap.get("memberurl");
        if ((attr != null) && attr.iterator().hasNext()) {
            String memberurl = (String) attr.iterator().next();
            try {
                LDAPUrl ldapurl = LDAPUrl.valueOf(memberurl);
                filter = "(|" + adgFilter + sgFilter + ldapurl.getFilter() + ")";
            } catch (LocalizedIllegalArgumentException ex) {
                if (debug.messageEnabled()) {
                    debug.message("AMObject.create: " + "Invalid member url " + memberurl);
                }
            }
        }
        if (filter == null) {
            filter = "(|" + adgFilter + sgFilter + ")";
        }
    } else if ((profileType == ASSIGNABLE_DYNAMIC_GROUP) || (profileType == GROUP)) {
        filter = "(|" + adgFilter + sgFilter + ")";
    }
    if (filter != null) {
        result = replaceAciMacro(result, "FILTER", filter);
    }
    return result;
}

Example 2 with LDAPUrl

use of org.forgerock.opendj.ldap.LDAPUrl in project OpenAM by OpenRock.

the class DynamicGroup method setSearchFilter.

/**
     * Sets the search filter used to evaluate this dynamic group.
     * 
     * @param filter Search filter for evaluating members of the group.
     *
     * @supported.api
     */
public void setSearchFilter(String filter) {
    LDAPUrl url = getUrl();
    SearchScope scope = url.getScope();
    Guid baseGuid = new Guid(url.getName().toString());
    try {
        setUrl(baseGuid, Filter.valueOf(filter), scope);
    } catch (Exception e) {
        // TODO - Log Exception
        debug.error("DynamicGroup.setSearchFilter : Exception : " + e.getMessage());
    }
}

Example 3 with LDAPUrl

use of org.forgerock.opendj.ldap.LDAPUrl in project OpenAM by OpenRock.

the class DynamicGroup method getUrl.

/**
     * Returns the native LDAP URL used to evaluate this dynamic group.
     * 
     * @return LDAP URL for evaluating members of the group
     */
protected LDAPUrl getUrl() {
    Attr attr = getAttribute(MEMBER_URL_NAME);
    LDAPUrl url = null;
    try {
        // TODO: Need to support multiple values of memberUrl?
        if (attr != null && attr.getStringValues().length > 0) {
            // Converting the url string to
            // application/x-www-form-urlencoded as expected by
            // LDAPUrl constructor.
            url = LDAPUrl.valueOf(URLEncDec.encodeLDAPUrl(attr.getStringValues()[0]));
        }
    } catch (LocalizedIllegalArgumentException ex) {
        debug.error("DynamicGroup.setSearchFilter : Exception : " + ex.getMessage());
        throw new IllegalArgumentException(ex.getMessage());
    }
    return url;
}

Example 4 with LDAPUrl

use of org.forgerock.opendj.ldap.LDAPUrl in project OpenAM by OpenRock.

the class AssignableDynamicGroup method setSearchFilter.

/**
     * Sets the search filter used to evaluate this dynamic group. For an 
     * <code>AssignableDynamicGroup</code>, the filter is always
     * <code>"memberof=THIS_DN"</code>, so this method should not generally be
     * called outside the package.
     * 
     * @param filter Search filter for evaluating members of the group the
     *        scope in the filter has to be <code>LDAPv2.SCOPE_ONE</code> or
     *        <code>LDAPv2.SCOPE_SUB</code>.
     *
     * @supported.api
     */
public void setSearchFilter(String filter) {
    LDAPUrl url = getUrl();
    SearchScope scope = url.getScope();
    if (SearchScope.SINGLE_LEVEL.equals(scope) && SearchScope.WHOLE_SUBTREE.equals(scope)) {
        String msg = i18n.getString(IUMSConstants.ILLEGAL_ADGROUP_SCOPE);
        throw new IllegalArgumentException(msg);
    }
    Guid baseGuid = new Guid(url.getName().toString());
    setUrl(baseGuid, Filter.valueOf(filter), scope);
}

Example 5 with LDAPUrl

use of org.forgerock.opendj.ldap.LDAPUrl in project OpenAM by OpenRock.

the class AssignableDynamicGroup method addMember.

/**
     * Adds a member to the group. The change is saved to persistent storage.
     * 
     * @param member Object to be added as member.
     * @exception UMSException if fail to save to persistent storage or if the
     *            user is not within the scope of the group.
     *
     * @supported.api
     */
public void addMember(PersistentObject member) throws UMSException {
    // check whether the userGuid is within the scope of memberUrl
    DN userDN = DN.valueOf(member.getGuid().getDn());
    LDAPUrl memberUrl = getUrl();
    DN memberDN = memberUrl.getName();
    if (!userDN.isInScopeOf(memberDN, SearchScope.WHOLE_SUBTREE)) {
        String[] args = new String[2];
        args[0] = userDN.toString();
        args[1] = memberUrl.toString();
        throw new UMSException(i18n.getString(IUMSConstants.USER_NOT_IN_GROUP_SCOPE, args));
    } else if ((userDN.size() - memberDN.size()) > 1 && SearchScope.SINGLE_LEVEL.equals(memberUrl.getScope())) {
        String[] args = new String[2];
        args[0] = userDN.toString();
        args[1] = memberUrl.toString();
        throw new UMSException(i18n.getString(IUMSConstants.USER_NOT_IN_GROUP_SCOPE, args));
    }
    member.modify(new Attr(MEMBER_ATTR_NAME, this.getDN()), ModificationType.ADD);
    member.save();
}