Examples with LdapException org.forgerock.opendj.ldap.LdapException used on opensource projects

Example 76 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class LDAPGroups method findDynamicGroupMembersByUrl.

/**
     * Finds the dynamic group member DNs 
     * @param url the url to be used for the group member search
     * @return the set of group member DNs satisfied the search url
     */
private Set findDynamicGroupMembersByUrl(LDAPUrl url, String userRDN) throws PolicyException {
    Connection ld = null;
    Set<String> groupMemberDNs = new HashSet<>();
    try (Connection conn = connPool.getConnection()) {
        // Need to pass the user dn in the filter
        StringBuilder filter = new StringBuilder(25);
        filter.append("(&").append(userRDN);
        String groupFilter = url.getFilter().toString();
        int index = groupFilter.indexOf("(");
        if (index != 0) {
            filter.append("(").append(groupFilter).append("))");
        } else {
            filter.append(groupFilter).append(")");
        }
        debug.message("search filter in LDAPGroups : {}", filter);
        String[] attrs = { userRDNAttrName };
        SearchRequest searchRequest = LDAPRequests.newSearchRequest(url.getName(), url.getScope(), Filter.valueOf(filter.toString()), attrs);
        ConnectionEntryReader reader = conn.search(searchRequest);
        while (reader.hasNext()) {
            if (reader.isReference()) {
                //Ignore
                reader.readReference();
            } else {
                SearchResultEntry entry = reader.readEntry();
                if (entry != null) {
                    groupMemberDNs.add(entry.getName().toString());
                }
            }
        }
    } catch (LdapException le) {
        String[] objs = { orgName };
        ResultCode resultCode = le.getResult().getResultCode();
        if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPGroups.findDynamicGroupMembersByUrl(): exceeded the size limit");
            throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
        } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPGroups.findDynamicGroupMembersByUrl(): exceeded the time limit");
            throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
        } else {
            throw new PolicyException(le);
        }
    } catch (Exception e) {
        throw new PolicyException(e);
    }
    return groupMemberDNs;
}

Example 77 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class LDAPFilterCondition method searchFilterSatisfied.

/**
     * returns a boolean result indicating if the specified
     * <code>searchFilter</code> is satisfied by 
     * making a directory search using the filter.
     */
private boolean searchFilterSatisfied(String searchFilter) throws SSOException, PolicyException {
    if (debug.messageEnabled()) {
        debug.message("LDAPFilterCondition.searchFilterSatified():" + "entering, searchFitler=" + searchFilter);
    }
    boolean filterSatisfied = false;
    String[] attrs = { userRDNAttrName };
    // search the remote ldap         
    Connection ld = null;
    try (Connection conn = connPool.getConnection()) {
        SearchRequest searchRequest = LDAPRequests.newSearchRequest(baseDN, userSearchScope, searchFilter, attrs);
        ConnectionEntryReader reader = conn.search(searchRequest);
        if (reader.hasNext()) {
            if (reader.isReference()) {
                //Ignore
                reader.readReference();
            } else {
                SearchResultEntry entry = reader.readEntry();
                if (entry != null) {
                    String dn = entry.getName().toString();
                    if (dn != null && dn.length() != 0) {
                        debug.message("LDAPFilterCondition.searchFilterSatified(): dn={}", dn);
                        filterSatisfied = true;
                    }
                }
            }
        }
    } catch (LdapException le) {
        ResultCode resultCode = le.getResult().getResultCode();
        if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPFilterCondition.searchFilterSatified(): exceeded the size limit");
        } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPFilterCondition.searchFilterSatified(): exceeded the time limit");
        } else if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
            throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
        } else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
            String[] objs = { baseDN };
            throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_users_base_dn", objs, null);
        }
        String errorMsg = le.getMessage();
        String additionalMsg = le.getResult().getDiagnosticMessage();
        if (additionalMsg != null) {
            throw new PolicyException(errorMsg + ": " + additionalMsg);
        } else {
            throw new PolicyException(errorMsg);
        }
    } catch (SearchResultReferenceIOException e) {
        debug.warning("LDAPFilterCondition.searchFilterSatified()" + ": Partial results have been received, status code 9." + " The message provided by the LDAP server is: \n" + e.getMessage());
    }
    debug.message("LDAPFilterCondition.searchFilterSatified():returning, filterSatisfied={}", filterSatisfied);
    return filterSatisfied;
}

Example 78 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class LDAPUsers method getValidValues.

/**
     * Returns a list of possible values for the <code>LDAPUsers
     * </code> that satisfy the given <code>pattern</code>.
     *
     * @param token the <code>SSOToken</code> that will be used
     * to determine the possible values
     * @param pattern search pattern that will be used to narrow
     * the list of valid names.
     *
     * @return <code>ValidValues</code> object
     *
     * @exception SSOException if <code>SSOToken</code> is not valid
     * @exception PolicyException if unable to get the list of valid
     * names.
     */
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
    if (!initialized) {
        throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_not_yet_initialized", null, null));
    }
    String searchFilter = getSearchFilter(pattern);
    Set<String> validUserDNs = new HashSet<>();
    int status = ValidValues.SUCCESS;
    try (Connection ld = connPool.getConnection()) {
        ConnectionEntryReader res = search(searchFilter, ld, userRDNAttrName);
        while (res.hasNext()) {
            try {
                if (res.isEntry()) {
                    SearchResultEntry entry = res.readEntry();
                    String name = entry.getName().toString();
                    validUserDNs.add(name);
                    debug.message("LDAPUsers.getValidValues(): found user name={}", name);
                } else {
                    // ignore referrals
                    debug.message("LDAPUsers.getValidValues(): Ignoring reference: {}", res.readReference());
                }
            } catch (LdapException e) {
                ResultCode resultCode = e.getResult().getResultCode();
                if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidValues(): exceeded the size limit");
                    status = ValidValues.SIZE_LIMIT_EXCEEDED;
                } else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidValues(): exceeded the time limit");
                    status = ValidValues.TIME_LIMIT_EXCEEDED;
                } else {
                    throw new PolicyException(e);
                }
            } catch (SearchResultReferenceIOException e) {
            // ignore referrals
            }
        }
    } catch (LdapException e) {
        throw handleResultException(e);
    }
    return new ValidValues(status, validUserDNs);
}

Example 79 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class LdifUtils method createSchemaFromLDIF.

/**
     * Creates LDAP schema from LDIF file.
     *
     * @param ldif LDIF object.
     * @param ld LDAP Connection.
     * @throws IOException If an error occurs when reading the LDIF file.
     */
public static void createSchemaFromLDIF(LDIFChangeRecordReader ldif, final Connection ld) throws IOException {
    while (ldif.hasNext()) {
        final ChangeRecord changeRecord = ldif.readChangeRecord();
        changeRecord.accept(new ChangeRecordVisitor<Void, Void>() {

            @Override
            public Void visitChangeRecord(Void aVoid, AddRequest change) {
                try {
                    change.addControl(TransactionIdControl.newControl(AuditRequestContext.createSubTransactionIdValue()));
                    ld.add(change);
                } catch (LdapException e) {
                    if (ResultCode.ENTRY_ALREADY_EXISTS.equals(e.getResult().getResultCode())) {
                        for (Attribute attr : change.getAllAttributes()) {
                            ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(change.getName());
                            modifyRequest.addModification(new Modification(ModificationType.ADD, attr));
                            try {
                                ld.modify(modifyRequest);
                            } catch (LdapException ex) {
                                DEBUG.warning("LDAPUtils.createSchemaFromLDIF - Could not modify schema: {}", modifyRequest, ex);
                            }
                        }
                    } else {
                        DEBUG.warning("LDAPUtils.createSchemaFromLDIF - Could not add to schema: {}", change, e);
                    }
                }
                return null;
            }

            @Override
            public Void visitChangeRecord(Void aVoid, ModifyRequest change) {
                try {
                    change.addControl(TransactionIdControl.newControl(AuditRequestContext.createSubTransactionIdValue()));
                    ld.modify(change);
                } catch (LdapException e) {
                    DEBUG.warning("LDAPUtils.createSchemaFromLDIF - Could not modify schema: {}", change, e);
                }
                return null;
            }

            @Override
            public Void visitChangeRecord(Void aVoid, ModifyDNRequest change) {
                return null;
            }

            @Override
            public Void visitChangeRecord(Void aVoid, DeleteRequest change) {
                DEBUG.message("Delete request ignored: {}", changeRecord);
                return null;
            }
        }, null);
    }
}

Example 80 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class DataLayer method changePassword.

/**
     * Changes user password.
     * 
     * @param guid globally unique identifier for the entry.
     * @param attrName password attribute name
     * @param oldPassword old password
     * @param newPassword new password
     * @exception AccessRightsException if insufficient access
     * @exception EntryNotFoundException if the entry is not found.
     * @exception UMSException if failure
     *
     * @supported.api
     */
public void changePassword(Guid guid, String attrName, String oldPassword, String newPassword) throws UMSException {
    Modification modification = new Modification(ModificationType.REPLACE, Attributes.singletonAttribute(attrName, newPassword));
    String id = guid.getDn();
    try {
        DSConfigMgr dsCfg = DSConfigMgr.getDSConfigMgr();
        String hostAndPort = dsCfg.getHostName("default");
        // All connections will use authentication
        SimpleBindRequest bindRequest = LDAPRequests.newSimpleBindRequest(id, oldPassword.toCharArray());
        Options options = Options.defaultOptions().set(AUTHN_BIND_REQUEST, bindRequest);
        try (ConnectionFactory factory = new LDAPConnectionFactory(hostAndPort, 389, options)) {
            Connection ldc = factory.getConnection();
            ldc.modify(LDAPRequests.newModifyRequest(id).addModification(modification));
        } catch (LdapException ldex) {
            if (debug.warningEnabled()) {
                debug.warning("DataLayer.changePassword:", ldex);
            }
            ResultCode errorCode = ldex.getResult().getResultCode();
            if (ResultCode.NO_SUCH_OBJECT.equals(errorCode)) {
                throw new EntryNotFoundException(id, ldex);
            } else if (ResultCode.INSUFFICIENT_ACCESS_RIGHTS.equals(errorCode)) {
                throw new AccessRightsException(id, ldex);
            } else {
                throw new UMSException(id, ldex);
            }
        }
    } catch (LDAPServiceException ex) {
        debug.error("DataLayer.changePassword:", ex);
        throw new UMSException(id, ex);
    }
}