Search in sources :

Example 41 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class DirectoryServicesImpl method getMembers.

/**
     * Get members for roles, dynamic group or static group
     * 
     * @param token
     *            SSOToken
     * @param entryDN
     *            DN of the role or group
     * @param objectType
     *            objectType of the target object, AMObject.ROLE or
     *            AMObject.GROUP
     * @return Set Member DNs
     */
public Set getMembers(SSOToken token, String entryDN, int objectType) throws AMException {
    try {
        SearchResults results;
        switch(objectType) {
            case AMObject.ROLE:
            case AMObject.MANAGED_ROLE:
                ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(entryDN));
                results = role.getMemberIDs();
                return searchResultsToSet(results);
            case AMObject.FILTERED_ROLE:
                FilteredRole filteredRole = (FilteredRole) UMSObject.getObject(token, new Guid(entryDN));
                results = filteredRole.getMemberIDs();
                return searchResultsToSet(results);
            case AMObject.GROUP:
            case AMObject.STATIC_GROUP:
                StaticGroup group = (StaticGroup) UMSObject.getObject(token, new Guid(entryDN));
                results = group.getMemberIDs();
                return searchResultsToSet(results);
            case AMObject.DYNAMIC_GROUP:
                DynamicGroup dynamicGroup = (DynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
                results = dynamicGroup.getMemberIDs();
                return searchResultsToSet(results);
            case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
                // TODO: See if it works after removing this workaround
                // fake object to get around UMS problem.
                // UMS AssignableDynamicGroup has a class resolver, it is
                // added to resolver list in static block. So I need to
                // construct a dummy AssignableDynamicGroup
                AssignableDynamicGroup adgroup = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
                results = adgroup.getMemberIDs();
                return searchResultsToSet(results);
            default:
                throw new AMException(token, "114");
        }
    } catch (EntryNotFoundException e) {
        debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
        String msgid = getEntryNotFoundMsgID(objectType);
        String entryName = getEntryName(e);
        Object[] args = { entryName };
        throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
    } catch (UMSException e) {
        debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
        LdapException le = (LdapException) e.getRootCause();
        if (le != null) {
            ResultCode resultCode = le.getResult().getResultCode();
            if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode) || ResultCode.ADMIN_LIMIT_EXCEEDED.equals(resultCode)) {
                throw new AMException(token, "505", e);
            }
        }
        throw new AMException(token, "454", e);
    }
}
Also used : DynamicGroup(com.iplanet.ums.DynamicGroup) AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup) UMSException(com.iplanet.ums.UMSException) AMException(com.iplanet.am.sdk.AMException) Guid(com.iplanet.ums.Guid) AMSearchResults(com.iplanet.am.sdk.AMSearchResults) SearchResults(com.iplanet.ums.SearchResults) StaticGroup(com.iplanet.ums.StaticGroup) ManagedRole(com.iplanet.ums.ManagedRole) FilteredRole(com.iplanet.ums.FilteredRole) EntryNotFoundException(com.iplanet.ums.EntryNotFoundException) LdapException(org.forgerock.opendj.ldap.LdapException) AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup) ResultCode(org.forgerock.opendj.ldap.ResultCode)

Example 42 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class LocalLdapAuthModule method authenticate.

private boolean authenticate(String dn, String passwd) throws LoginException {
    // LDAP connection used for authentication
    Connection localConn = null;
    String host;
    int port;
    Options ldapOptions = Options.defaultOptions();
    // Check if organization is present in options
    String orgUrl = (String) options.get(LoginContext.ORGNAME);
    if ((orgUrl == null) || (orgUrl.equals(LoginContext.LDAP_AUTH_URL)) || (orgUrl.equals(LoginContext.LDAPS_AUTH_URL)) || !(orgUrl.startsWith(LoginContext.LDAP_AUTH_URL) || orgUrl.startsWith(LoginContext.LDAPS_AUTH_URL))) {
        try {
            DSConfigMgr dscm = DSConfigMgr.getDSConfigMgr();
            // We need a handle on server instance so we can know the
            // Connection type. If it is SSL, the connection needs to be
            // accordingly created. Note: The user type does not make
            // a difference, as the connection type is Server group based,
            // so passing any user type for the second argument.
            ServerInstance si = dscm.getServerInstance(DSConfigMgr.DEFAULT, LDAPUser.Type.AUTH_BASIC);
            String hostName = dscm.getHostName(DSConfigMgr.DEFAULT);
            if (si.getConnectionType() == Server.Type.CONN_SSL) {
                try {
                    ldapOptions.set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
                } catch (GeneralSecurityException e) {
                    debug.error("getConnection.JSSESocketFactory", e);
                    throw new LDAPServiceException(AuthI18n.authI18n.getString(IUMSConstants.DSCFG_JSSSFFAIL));
                }
            }
            if (dn != null && passwd != null) {
                // The 389 port number passed is overridden by the
                // hostName:port
                // constructed by the getHostName method. So, this is not
                // a hardcoded port number.
                host = hostName;
                port = 389;
            } else {
                // Throw LoginException
                throw new LoginException(AuthI18n.authI18n.getString(IUMSConstants.DSCFG_CONNECTFAIL));
            }
        } catch (LDAPServiceException ex) {
            debug.error("Authenticate failed: " + ex);
            throw new LoginException(ex.getMessage());
        }
    } else {
        try {
            if (debug.messageEnabled()) {
                debug.message("authenticate(): orgUrl= " + orgUrl);
            }
            // Get hostname
            int start;
            boolean useSSL = false;
            if (orgUrl.startsWith(LoginContext.LDAPS_AUTH_URL)) {
                start = LoginContext.LDAPS_AUTH_URL.length();
                useSSL = true;
            } else {
                start = LoginContext.LDAP_AUTH_URL.length();
            }
            int end = orgUrl.indexOf(':', start);
            if (end == -1) {
                end = orgUrl.indexOf('/', start);
                if (end == -1)
                    end = orgUrl.length();
            }
            String hostName = orgUrl.substring(start, end);
            // Get port number
            String portNumber = "389";
            start = end + 1;
            if (start < orgUrl.length()) {
                end = orgUrl.indexOf('/', start);
                if (end == -1)
                    end = orgUrl.length();
                portNumber = orgUrl.substring(start, end);
            }
            if (useSSL) {
                try {
                    ldapOptions.set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
                } catch (GeneralSecurityException e) {
                    debug.error("authentication().JSSESocketFactory()", e);
                    throw (new LoginException(e.getMessage()));
                }
            }
            if (debug.messageEnabled()) {
                debug.message("before connect(), hostName=" + hostName + ",port=" + portNumber);
            }
            host = hostName;
            port = Integer.parseInt(portNumber);
        } catch (Exception e) {
            debug.error("authentication", e);
            throw (new LoginException(e.getMessage()));
        }
    }
    try (ConnectionFactory factory = LDAPUtils.createFailoverConnectionFactory(host, port, dn, passwd, ldapOptions);
        Connection conn = factory.getConnection()) {
        return true;
    } catch (LdapException e) {
        throw new LoginException(e.getMessage());
    }
}
Also used : Options(org.forgerock.util.Options) GeneralSecurityException(java.security.GeneralSecurityException) Connection(org.forgerock.opendj.ldap.Connection) DSConfigMgr(com.iplanet.services.ldap.DSConfigMgr) LoginException(javax.security.auth.login.LoginException) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) LdapException(org.forgerock.opendj.ldap.LdapException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory) LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory) LoginException(javax.security.auth.login.LoginException) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) ServerInstance(com.iplanet.services.ldap.ServerInstance) SSLContextBuilder(org.forgerock.opendj.ldap.SSLContextBuilder) LdapException(org.forgerock.opendj.ldap.LdapException)

Example 43 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class LocalLdapAuthModule method readServerConfig.

private void readServerConfig() throws LoginException {
    if (readServerConfiguration)
        return;
    try {
        DSConfigMgr cfgMgr = DSConfigMgr.getDSConfigMgr();
        conn = cfgMgr.getNewBasicConnectionFactory().getConnection();
        ServerInstance si = cfgMgr.getServerInstance(DSConfigMgr.DEFAULT, LDAPUser.Type.AUTH_BASIC);
        baseDN = si.getBaseDN();
        readServerConfiguration = true;
    } catch (LDAPServiceException | LdapException ex) {
        throw new LoginException(ex.getMessage());
    }
}
Also used : DSConfigMgr(com.iplanet.services.ldap.DSConfigMgr) LoginException(javax.security.auth.login.LoginException) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) ServerInstance(com.iplanet.services.ldap.ServerInstance) LdapException(org.forgerock.opendj.ldap.LdapException)

Example 44 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project OpenAM by OpenRock.

the class LocalLdapAuthModule method getDN.

private String getDN(String uid) throws LoginException {
    String retVal = "";
    if (uid == null) {
        throw (new LoginException(AuthI18n.authI18n.getString("com.iplanet.auth.invalid-username")));
    }
    if (LDAPUtils.isDN(uid)) {
        return uid;
    }
    String namingAttribute = UIDATTR;
    try {
        String orgName = (String) options.get(LoginContext.ORGNAME);
        if ((orgName != null) && !LDAPUtils.isDN(orgName)) {
            // Use orgname only if it a DN, else baseDN
            orgName = baseDN;
        }
        if (com.sun.identity.sm.ServiceManager.isAMSDKConfigured()) {
            namingAttribute = TemplateManager.getTemplateManager().getCreationTemplate(TEMPLATE_NAME, (orgName == null) ? null : new Guid(orgName)).getNamingAttribute();
        }
    } catch (Exception e) {
    // Ignore the exception and use the default naming attribute
    }
    StringBuilder filter = new StringBuilder();
    filter.append('(').append(namingAttribute).append('=').append(uid).append(')');
    String[] attrs = { "noAttr" };
    ConnectionEntryReader results = null;
    try {
        // Read the serverconfig.xml for LDAP information
        if (!readServerConfiguration) {
            readServerConfig();
        }
        if (conn == null) {
            debug.warning("LocalLdapAuthModule.getDN(): lda connection is null");
            throw (new LoginException("INVALID_USER_NAME"));
        } else {
            results = conn.search(LDAPRequests.newSearchRequest(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), attrs));
        }
        if (results.hasNext()) {
            SearchResultEntry entry = results.readEntry();
            retVal = entry.getName().toString();
        }
        if (retVal == null || retVal.equals("")) {
            throw new LoginException("INVALID_USER_NAME");
        }
        return retVal;
    } catch (LdapException | SearchResultReferenceIOException ex) {
        throw new LoginException(ex.getMessage());
    } finally {
        IOUtils.closeIfNotNull(conn);
        conn = null;
    }
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) LoginException(javax.security.auth.login.LoginException) Guid(com.iplanet.ums.Guid) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) LoginException(javax.security.auth.login.LoginException) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) LdapException(org.forgerock.opendj.ldap.LdapException) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 45 with LdapException

use of org.forgerock.opendj.ldap.LdapException in project admin-console-beta by connexta.

the class ServerGuesser method getClaimAttributeOptions.

public Set<String> getClaimAttributeOptions(String baseUserDn) {
    try {
        // Find all object classes with names like *person* in the core schema
        // this will catch person, organizationalPerson, inetOrgPerson, etc. if present
        SortedSet<String> attributes = extractAttributes(Schema.getCoreSchema().getObjectClasses(), oc -> oc.getNameOrOID().toLowerCase().matches(".*person.*"));
        // Find any given user with the clearance attribute
        SearchRequest clearanceReq = Requests.newSearchRequest(DN.valueOf(baseUserDn), SearchScope.WHOLE_SUBTREE, Filter.present("2.16.840.1.101.2.2.1.203"), "objectClass");
        ConnectionEntryReader clearanceReader = connection.search(clearanceReq);
        if (clearanceReader.hasNext()) {
            SearchResultEntry entry = clearanceReader.readEntry();
            RootDSE rootDSE = RootDSE.readRootDSE(connection);
            DN subschemaDN = rootDSE.getSubschemaSubentry();
            Schema subschema = Schema.readSchema(connection, subschemaDN);
            // Check against both the subschema and the default schema
            attributes.addAll(extractAttributes(Entries.getObjectClasses(entry, subschema), STRUCT_OR_AUX));
            attributes.addAll(extractAttributes(Entries.getObjectClasses(entry), STRUCT_OR_AUX));
        }
        return attributes;
    } catch (SearchResultReferenceIOException | LdapException e) {
        LOGGER.warn("Error retrieving attributes from LDAP server; this may indicate a configuration issue with config.");
        return Collections.emptySet();
    }
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Schema(org.forgerock.opendj.ldap.schema.Schema) DN(org.forgerock.opendj.ldap.DN) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) RootDSE(org.forgerock.opendj.ldap.RootDSE) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Aggregations

LdapException (org.forgerock.opendj.ldap.LdapException)90 Connection (org.forgerock.opendj.ldap.Connection)64 ByteString (org.forgerock.opendj.ldap.ByteString)45 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)38 ResultCode (org.forgerock.opendj.ldap.ResultCode)37 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)37 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)24 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)24 HashSet (java.util.HashSet)22 Attribute (org.forgerock.opendj.ldap.Attribute)19 PolicyException (com.sun.identity.policy.PolicyException)13 SMSException (com.sun.identity.sm.SMSException)12 ModifyRequest (org.forgerock.opendj.ldap.requests.ModifyRequest)12 SSOException (com.iplanet.sso.SSOException)11 LinkedHashSet (java.util.LinkedHashSet)11 DN (org.forgerock.opendj.ldap.DN)11 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)10 IOException (java.io.IOException)10 InvalidNameException (com.sun.identity.policy.InvalidNameException)9 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)9