use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.
the class DirectoryServicesImpl method getMembers.
/**
* Get members for roles, dynamic group or static group
*
* @param token
* SSOToken
* @param entryDN
* DN of the role or group
* @param objectType
* objectType of the target object, AMObject.ROLE or
* AMObject.GROUP
* @return Set Member DNs
*/
public Set getMembers(SSOToken token, String entryDN, int objectType) throws AMException {
try {
SearchResults results;
switch(objectType) {
case AMObject.ROLE:
case AMObject.MANAGED_ROLE:
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(entryDN));
results = role.getMemberIDs();
return searchResultsToSet(results);
case AMObject.FILTERED_ROLE:
FilteredRole filteredRole = (FilteredRole) UMSObject.getObject(token, new Guid(entryDN));
results = filteredRole.getMemberIDs();
return searchResultsToSet(results);
case AMObject.GROUP:
case AMObject.STATIC_GROUP:
StaticGroup group = (StaticGroup) UMSObject.getObject(token, new Guid(entryDN));
results = group.getMemberIDs();
return searchResultsToSet(results);
case AMObject.DYNAMIC_GROUP:
DynamicGroup dynamicGroup = (DynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
results = dynamicGroup.getMemberIDs();
return searchResultsToSet(results);
case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
// TODO: See if it works after removing this workaround
// fake object to get around UMS problem.
// UMS AssignableDynamicGroup has a class resolver, it is
// added to resolver list in static block. So I need to
// construct a dummy AssignableDynamicGroup
AssignableDynamicGroup adgroup = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
results = adgroup.getMemberIDs();
return searchResultsToSet(results);
default:
throw new AMException(token, "114");
}
} catch (EntryNotFoundException e) {
debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
String msgid = getEntryNotFoundMsgID(objectType);
String entryName = getEntryName(e);
Object[] args = { entryName };
throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
LdapException le = (LdapException) e.getRootCause();
if (le != null) {
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode) || ResultCode.ADMIN_LIMIT_EXCEEDED.equals(resultCode)) {
throw new AMException(token, "505", e);
}
}
throw new AMException(token, "454", e);
}
}
use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.
the class LocalLdapAuthModule method authenticate.
private boolean authenticate(String dn, String passwd) throws LoginException {
// LDAP connection used for authentication
Connection localConn = null;
String host;
int port;
Options ldapOptions = Options.defaultOptions();
// Check if organization is present in options
String orgUrl = (String) options.get(LoginContext.ORGNAME);
if ((orgUrl == null) || (orgUrl.equals(LoginContext.LDAP_AUTH_URL)) || (orgUrl.equals(LoginContext.LDAPS_AUTH_URL)) || !(orgUrl.startsWith(LoginContext.LDAP_AUTH_URL) || orgUrl.startsWith(LoginContext.LDAPS_AUTH_URL))) {
try {
DSConfigMgr dscm = DSConfigMgr.getDSConfigMgr();
// We need a handle on server instance so we can know the
// Connection type. If it is SSL, the connection needs to be
// accordingly created. Note: The user type does not make
// a difference, as the connection type is Server group based,
// so passing any user type for the second argument.
ServerInstance si = dscm.getServerInstance(DSConfigMgr.DEFAULT, LDAPUser.Type.AUTH_BASIC);
String hostName = dscm.getHostName(DSConfigMgr.DEFAULT);
if (si.getConnectionType() == Server.Type.CONN_SSL) {
try {
ldapOptions.set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
} catch (GeneralSecurityException e) {
debug.error("getConnection.JSSESocketFactory", e);
throw new LDAPServiceException(AuthI18n.authI18n.getString(IUMSConstants.DSCFG_JSSSFFAIL));
}
}
if (dn != null && passwd != null) {
// The 389 port number passed is overridden by the
// hostName:port
// constructed by the getHostName method. So, this is not
// a hardcoded port number.
host = hostName;
port = 389;
} else {
// Throw LoginException
throw new LoginException(AuthI18n.authI18n.getString(IUMSConstants.DSCFG_CONNECTFAIL));
}
} catch (LDAPServiceException ex) {
debug.error("Authenticate failed: " + ex);
throw new LoginException(ex.getMessage());
}
} else {
try {
if (debug.messageEnabled()) {
debug.message("authenticate(): orgUrl= " + orgUrl);
}
// Get hostname
int start;
boolean useSSL = false;
if (orgUrl.startsWith(LoginContext.LDAPS_AUTH_URL)) {
start = LoginContext.LDAPS_AUTH_URL.length();
useSSL = true;
} else {
start = LoginContext.LDAP_AUTH_URL.length();
}
int end = orgUrl.indexOf(':', start);
if (end == -1) {
end = orgUrl.indexOf('/', start);
if (end == -1)
end = orgUrl.length();
}
String hostName = orgUrl.substring(start, end);
// Get port number
String portNumber = "389";
start = end + 1;
if (start < orgUrl.length()) {
end = orgUrl.indexOf('/', start);
if (end == -1)
end = orgUrl.length();
portNumber = orgUrl.substring(start, end);
}
if (useSSL) {
try {
ldapOptions.set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
} catch (GeneralSecurityException e) {
debug.error("authentication().JSSESocketFactory()", e);
throw (new LoginException(e.getMessage()));
}
}
if (debug.messageEnabled()) {
debug.message("before connect(), hostName=" + hostName + ",port=" + portNumber);
}
host = hostName;
port = Integer.parseInt(portNumber);
} catch (Exception e) {
debug.error("authentication", e);
throw (new LoginException(e.getMessage()));
}
}
try (ConnectionFactory factory = LDAPUtils.createFailoverConnectionFactory(host, port, dn, passwd, ldapOptions);
Connection conn = factory.getConnection()) {
return true;
} catch (LdapException e) {
throw new LoginException(e.getMessage());
}
}
use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.
the class LocalLdapAuthModule method readServerConfig.
private void readServerConfig() throws LoginException {
if (readServerConfiguration)
return;
try {
DSConfigMgr cfgMgr = DSConfigMgr.getDSConfigMgr();
conn = cfgMgr.getNewBasicConnectionFactory().getConnection();
ServerInstance si = cfgMgr.getServerInstance(DSConfigMgr.DEFAULT, LDAPUser.Type.AUTH_BASIC);
baseDN = si.getBaseDN();
readServerConfiguration = true;
} catch (LDAPServiceException | LdapException ex) {
throw new LoginException(ex.getMessage());
}
}
use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.
the class LocalLdapAuthModule method getDN.
private String getDN(String uid) throws LoginException {
String retVal = "";
if (uid == null) {
throw (new LoginException(AuthI18n.authI18n.getString("com.iplanet.auth.invalid-username")));
}
if (LDAPUtils.isDN(uid)) {
return uid;
}
String namingAttribute = UIDATTR;
try {
String orgName = (String) options.get(LoginContext.ORGNAME);
if ((orgName != null) && !LDAPUtils.isDN(orgName)) {
// Use orgname only if it a DN, else baseDN
orgName = baseDN;
}
if (com.sun.identity.sm.ServiceManager.isAMSDKConfigured()) {
namingAttribute = TemplateManager.getTemplateManager().getCreationTemplate(TEMPLATE_NAME, (orgName == null) ? null : new Guid(orgName)).getNamingAttribute();
}
} catch (Exception e) {
// Ignore the exception and use the default naming attribute
}
StringBuilder filter = new StringBuilder();
filter.append('(').append(namingAttribute).append('=').append(uid).append(')');
String[] attrs = { "noAttr" };
ConnectionEntryReader results = null;
try {
// Read the serverconfig.xml for LDAP information
if (!readServerConfiguration) {
readServerConfig();
}
if (conn == null) {
debug.warning("LocalLdapAuthModule.getDN(): lda connection is null");
throw (new LoginException("INVALID_USER_NAME"));
} else {
results = conn.search(LDAPRequests.newSearchRequest(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), attrs));
}
if (results.hasNext()) {
SearchResultEntry entry = results.readEntry();
retVal = entry.getName().toString();
}
if (retVal == null || retVal.equals("")) {
throw new LoginException("INVALID_USER_NAME");
}
return retVal;
} catch (LdapException | SearchResultReferenceIOException ex) {
throw new LoginException(ex.getMessage());
} finally {
IOUtils.closeIfNotNull(conn);
conn = null;
}
}
use of org.forgerock.opendj.ldap.LdapException in project admin-console-beta by connexta.
the class ServerGuesser method getClaimAttributeOptions.
public Set<String> getClaimAttributeOptions(String baseUserDn) {
try {
// Find all object classes with names like *person* in the core schema
// this will catch person, organizationalPerson, inetOrgPerson, etc. if present
SortedSet<String> attributes = extractAttributes(Schema.getCoreSchema().getObjectClasses(), oc -> oc.getNameOrOID().toLowerCase().matches(".*person.*"));
// Find any given user with the clearance attribute
SearchRequest clearanceReq = Requests.newSearchRequest(DN.valueOf(baseUserDn), SearchScope.WHOLE_SUBTREE, Filter.present("2.16.840.1.101.2.2.1.203"), "objectClass");
ConnectionEntryReader clearanceReader = connection.search(clearanceReq);
if (clearanceReader.hasNext()) {
SearchResultEntry entry = clearanceReader.readEntry();
RootDSE rootDSE = RootDSE.readRootDSE(connection);
DN subschemaDN = rootDSE.getSubschemaSubentry();
Schema subschema = Schema.readSchema(connection, subschemaDN);
// Check against both the subschema and the default schema
attributes.addAll(extractAttributes(Entries.getObjectClasses(entry, subschema), STRUCT_OR_AUX));
attributes.addAll(extractAttributes(Entries.getObjectClasses(entry), STRUCT_OR_AUX));
}
return attributes;
} catch (SearchResultReferenceIOException | LdapException e) {
LOGGER.warn("Error retrieving attributes from LDAP server; this may indicate a configuration issue with config.");
return Collections.emptySet();
}
}
Aggregations