Examples with LdapException org.forgerock.opendj.ldap.LdapException used on opensource projects

Example 51 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class DirectoryServicesImpl method search.

/**
     * Searches the Directory
     * 
     * @param token
     *            SSOToken
     * @param entryDN
     *            DN of the entry to start the search with
     * @param searchFilter
     *            search filter
     * @param searchScope
     *            search scope, BASE, ONELEVEL or SUBTREE
     * @return Set set of matching DNs
     */
public Set search(SSOToken token, String entryDN, String searchFilter, int searchScope) throws AMException {
    Set resultSet = Collections.EMPTY_SET;
    try {
        PersistentObject po = UMSObject.getObjectHandle(token, new Guid(entryDN));
        SearchControl control = new SearchControl();
        control.setSearchScope(searchScope);
        SearchResults results = po.search(searchFilter, control);
        resultSet = searchResultsToSet(results);
    } catch (UMSException ue) {
        LdapException lex = (LdapException) ue.getRootCause();
        ResultCode errorCode = lex.getResult().getResultCode();
        if (retryErrorCodes.contains("" + errorCode)) {
            throw new AMException(token, Integer.toString(errorCode.intValue()), ue);
        }
        if (debug.warningEnabled()) {
            debug.warning("DirectoryServicesImpl.search(token:, entryDN: " + entryDN + ", searchFilter: " + searchFilter + "searchScope: " + searchScope + " error occurred: ", ue);
        }
        processInternalException(token, ue, "341");
    }
    return resultSet;
}

Example 52 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class Step4 method validateUMDomainName.

public boolean validateUMDomainName() {
    setPath(null);
    Context ctx = getContext();
    String strSSL = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_SSL);
    boolean ssl = (strSSL != null) && (strSSL.equals("SSL"));
    String domainName = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_DOMAINNAME);
    String rootSuffixAD = dnsDomainToDN(domainName);
    getContext().setSessionAttribute(SessionAttributeNames.USER_STORE_ROOT_SUFFIX, rootSuffixAD);
    String[] hostAndPort = { "" };
    try {
        hostAndPort = getLdapHostAndPort(domainName);
    } catch (NamingException nex) {
        writeToResponse(getLocalizedString("cannot.connect.to.UM.datastore"));
        return false;
    } catch (IOException ioex) {
        writeToResponse(getLocalizedString("cannot.connect.to.UM.datastore"));
        return false;
    }
    String host = hostAndPort[0];
    int port = Integer.parseInt(hostAndPort[1]);
    String bindDN = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_LOGIN_ID);
    String rootSuffix = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_ROOT_SUFFIX);
    String bindPwd = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_LOGIN_PWD);
    try (Connection conn = getConnection(host, port, bindDN, bindPwd.toCharArray(), 3, ssl)) {
        //String filter = "cn=" + "\"" + rootSuffix + "\"";
        String[] attrs = { "" };
        conn.search(LDAPRequests.newSearchRequest(rootSuffix, SearchScope.BASE_OBJECT, ObjectClassFilter, attrs));
        writeToResponse("ok");
    } catch (LdapException lex) {
        ResultCode resultCode = lex.getResult().getResultCode();
        if (!writeErrorToResponse(resultCode)) {
            writeToResponse(getLocalizedString("cannot.connect.to.UM.datastore"));
        }
    } catch (Exception e) {
        writeToResponse(getLocalizedString("cannot.connect.to.UM.datastore"));
    }
    return false;
}

Example 53 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class Step4 method validateUMHost.

public boolean validateUMHost() {
    Context ctx = getContext();
    String strSSL = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_SSL);
    boolean ssl = (strSSL != null) && (strSSL.equals("SSL"));
    String host = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_HOST);
    String strPort = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_PORT);
    int port = Integer.parseInt(strPort);
    String bindDN = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_LOGIN_ID);
    String rootSuffix = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_ROOT_SUFFIX);
    String bindPwd = (String) ctx.getSessionAttribute(SessionAttributeNames.USER_STORE_LOGIN_PWD);
    try (Connection conn = getConnection(host, port, bindDN, bindPwd.toCharArray(), 5, ssl)) {
        //String filter = "cn=" + "\"" + rootSuffix + "\"";    // NOT SURE Why "cn" is specified. would never work.
        String[] attrs = { "" };
        conn.search(LDAPRequests.newSearchRequest(rootSuffix, SearchScope.BASE_OBJECT, ObjectClassFilter, attrs));
        writeToResponse("ok");
    } catch (LdapException lex) {
        ResultCode resultCode = lex.getResult().getResultCode();
        if (!writeErrorToResponse(resultCode)) {
            writeToResponse(getLocalizedString("cannot.connect.to.SM.datastore"));
        }
    } catch (Exception e) {
        writeToResponse(getLocalizedString("cannot.connect.to.SM.datastore"));
    }
    setPath(null);
    return false;
}

Example 54 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method create.

/**
     * Creates a new identity using the passed in attributes. The following steps will be performed with the passed in
     * data:
     * <ul>
     *  <li>The password will be encoded in case we are dealing with AD.</li>
     *  <li>If the attribute map contains the default status attribute, then it will be converted to the status values
     *      specified in the configuration.</li>
     *  <li>Performing creation attribute mapping, so certain attributes can have default values (coming from other
     *      attributes, or from the identity name if there is no mapping for the attribute).</li>
     *  <li>Removes all attributes that are not defined in the configuration.</li>
     * </ul>
     * If the default group member setting is being used and a new group identity is being created, the newly created
     * group will also have the default group member assigned.
     *
     * @param token Not used.
     * @param type The type of the identity.
     * @param name The name of the identity.
     * @param attrMap The attributes of the new identity, that needs to be stored.
     * @return The DN of the newly created identity
     * @throws IdRepoException If there is an error while creating the new identity, or if it's a group and there is a
     * problem while adding the default group member.
     */
@Override
public String create(SSOToken token, IdType type, String name, Map<String, Set<String>> attrMap) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("Create invoked on " + type + ": " + name + " attrMap = " + IdRepoUtils.getAttrMapWithoutPasswordAttrs(attrMap, null));
    }
    String dn = generateDN(type, name);
    Set<String> objectClasses = getObjectClasses(type);
    //First we should make sure that we wrap the attributes with a case insensitive hashmap.
    attrMap = new CaseInsensitiveHashMap(attrMap);
    byte[] encodedPwd = helper.encodePassword(type, attrMap.get(AD_UNICODE_PWD_ATTR));
    //Let's set the userstatus as it is configured in the datastore.
    mapUserStatus(type, attrMap);
    //In case some attributes are missing use the create attribute mapping to get those values.
    mapCreationAttributes(type, name, attrMap);
    //and lastly we should make sure that we get rid of the attributes that are not known by the datastore.
    attrMap = removeUndefinedAttributes(type, attrMap);
    Set<String> ocs = attrMap.get(OBJECT_CLASS_ATTR);
    if (ocs != null) {
        ocs.addAll(objectClasses);
    } else {
        attrMap.put(OBJECT_CLASS_ATTR, objectClasses);
    }
    attrMap.put(getSearchAttribute(type), asSet(name));
    Entry entry = new LinkedHashMapEntry(dn);
    Set<String> attributeValue;
    for (Map.Entry<String, Set<String>> attr : attrMap.entrySet()) {
        // Add only attributes whose values are not empty or null
        attributeValue = attr.getValue();
        if (attributeValue != null && !attributeValue.isEmpty()) {
            entry.addAttribute(attr.getKey(), attributeValue.toArray());
        }
    }
    if (type.equals(IdType.GROUP) && defaultGroupMember != null) {
        entry.addAttribute(uniqueMemberAttr, defaultGroupMember);
    }
    if (encodedPwd != null) {
        entry.replaceAttribute(AD_UNICODE_PWD_ATTR, encodedPwd);
    }
    Connection conn = null;
    try {
        conn = connectionFactory.getConnection();
        conn.add(LDAPRequests.newAddRequest(entry));
        if (type.equals(IdType.GROUP) && defaultGroupMember != null) {
            if (memberOfAttr != null) {
                ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(defaultGroupMember);
                modifyRequest.addModification(ModificationType.ADD, memberOfAttr, dn);
                conn.modify(modifyRequest);
            }
        }
    } catch (LdapException ere) {
        DEBUG.error("Unable to add a new entry: " + name + " attrMap: " + IdRepoUtils.getAttrMapWithoutPasswordAttrs(attrMap, null), ere);
        if (ResultCode.ENTRY_ALREADY_EXISTS.equals(ere.getResult().getResultCode())) {
            throw IdRepoDuplicateObjectException.nameAlreadyExists(name);
        } else {
            handleErrorResult(ere);
        }
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
    return dn;
}

Example 55 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class DataLayer method changePassword.

/**
     * Changes user password.
     * 
     * @param guid globally unique identifier for the entry.
     * @param attrName password attribute name
     * @param oldPassword old password
     * @param newPassword new password
     * @exception AccessRightsException if insufficient access
     * @exception EntryNotFoundException if the entry is not found.
     * @exception UMSException if failure
     *
     * @supported.api
     */
public void changePassword(Guid guid, String attrName, String oldPassword, String newPassword) throws UMSException {
    Modification modification = new Modification(ModificationType.REPLACE, Attributes.singletonAttribute(attrName, newPassword));
    String id = guid.getDn();
    try {
        DSConfigMgr dsCfg = DSConfigMgr.getDSConfigMgr();
        String hostAndPort = dsCfg.getHostName("default");
        // All connections will use authentication
        SimpleBindRequest bindRequest = LDAPRequests.newSimpleBindRequest(id, oldPassword.toCharArray());
        Options options = Options.defaultOptions().set(AUTHN_BIND_REQUEST, bindRequest);
        try (ConnectionFactory factory = new LDAPConnectionFactory(hostAndPort, 389, options)) {
            Connection ldc = factory.getConnection();
            ldc.modify(LDAPRequests.newModifyRequest(id).addModification(modification));
        } catch (LdapException ldex) {
            if (debug.warningEnabled()) {
                debug.warning("DataLayer.changePassword:", ldex);
            }
            ResultCode errorCode = ldex.getResult().getResultCode();
            if (ResultCode.NO_SUCH_OBJECT.equals(errorCode)) {
                throw new EntryNotFoundException(id, ldex);
            } else if (ResultCode.INSUFFICIENT_ACCESS_RIGHTS.equals(errorCode)) {
                throw new AccessRightsException(id, ldex);
            } else {
                throw new UMSException(id, ldex);
            }
        }
    } catch (LDAPServiceException ex) {
        debug.error("DataLayer.changePassword:", ex);
        throw new UMSException(id, ex);
    }
}