Example 6 with RDN
use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class DelegationResourceNameSplitter method getIndexes.
@Override
public ResourceSearchIndexes getIndexes(String resource, String realm) {
Matcher match = PATTERN.matcher(resource);
if (!match.matches()) {
return super.getIndexes(resource, realm);
}
String rootSuffix = SMSEntry.getRootSuffix();
String dn = match.group(2);
if (dn.trim().length() == 0) {
dn = rootSuffix;
}
String prefix = match.group(1);
String suffix = match.group(3);
if (LDAPUtils.isDN(dn)) {
DN rootDN = DN.valueOf(rootSuffix);
DN dnObject = DN.valueOf(dn);
if (rootDN.equals(dnObject)) {
return super.getIndexes(resource, realm);
} else {
ResourceSearchIndexes indexes = null;
StringBuilder buff = new StringBuilder();
boolean start = false;
List<RDN> rdns = new ArrayList<>();
for (RDN rdn : dnObject) {
rdns.add(rdn);
}
for (int i = rdns.size() - 1; i >= 0; --i) {
if (buff.length() > 0) {
buff.insert(0, ",");
}
buff.insert(0, rdns.get(i).toString());
if (!start) {
start = rootDN.equals(DN.valueOf(buff.toString()));
if (start) {
indexes = super.getIndexes(prefix + buff.toString() + suffix, realm);
}
} else {
ResourceSearchIndexes idx = super.getIndexes(prefix + buff.toString() + suffix, realm);
indexes.addAll(idx);
}
}
return indexes;
}
} else {
return super.getIndexes(resource, realm);
}
}Example 7 with RDN
use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class PersistentObject method rename.
/**
* Renames the RDN to a new value. Note: The modified or added attribute
* values are not saved by this call.
*
* @param newRDN
* the new RDN value
* @param deleteOldName
* if true old RDN value is deleted, otherwise the old value is
* retained.
*
* @throws AccessRightsException
* if an access rights exception occurs.
* @throws EntryNotFoundException
* if the entry is not found
* @throws UMSException
* on failure to save to persistent storage
*
* @supported.api
*/
public void rename(String newRDN, boolean deleteOldName) throws AccessRightsException, EntryNotFoundException, UMSException {
String required = null;
if (m_principal == null) {
required = "principal";
} else if (m_guid == null) {
required = "guid";
}
if (required != null) {
// TODO: This is not an illegal argument case. Should be
// a more sophisticated exception.
String[] args = new String[1];
args[0] = required;
String msg = i18n.getString(IUMSConstants.NO_REQUIRED, args);
throw new UMSException(msg);
}
try {
DataLayer.getInstance().rename(getPrincipal(), getGuid(), newRDN, deleteOldName);
} finally {
// Must be set to new ID since the orignal DN would have changed now
RDN rdn = RDN.valueOf(newRDN);
DN parentDN = DN.valueOf(m_guid.toString()).parent();
parentDN.child(rdn);
m_guid.setDn(parentDN.toString());
}
}
Also used :
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
ByteString(org.forgerock.opendj.ldap.ByteString)
RDN(org.forgerock.opendj.ldap.RDN)
Example 8 with RDN
use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class CreateServerConfigXML method canonicalize.
private String canonicalize(String nSuffix) {
StringBuilder buff = new StringBuilder(1024);
DN dn = DN.valueOf(nSuffix);
for (Iterator<RDN> iter = dn.iterator(); iter.hasNext(); ) {
RDN rdn = iter.next();
buff.append(DN.escapeAttributeValue(rdn.toString()));
if (iter.hasNext()) {
buff.append(",");
}
}
return buff.toString();
}Example 9 with RDN
use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class DirectoryServicesImpl method validateAttributeUniqueness.
/**
* Validate attribute uniqueness
*
* @param newEntry
* true if create a new user
* @throws AMException
* if attribute uniqueness is violated
*/
void validateAttributeUniqueness(String entryDN, int profileType, boolean newEntry, Map modMap) throws AMException {
boolean attrExists = false;
if (modMap == null || modMap.isEmpty()) {
return;
}
try {
if (profileType == AMTemplate.DYNAMIC_TEMPLATE || profileType == AMTemplate.ORGANIZATION_TEMPLATE || profileType == AMTemplate.POLICY_TEMPLATE) {
// no namespace validation for these objects
return;
}
DN dn = DN.valueOf(entryDN);
int size = dn.size();
if (size < 2) {
return;
}
List<RDN> rdns = new ArrayList<>();
for (Iterator<RDN> iter = dn.iterator(); iter.hasNext(); ) {
rdns.add(iter.next());
}
String orgDN = rdns.get(rdns.size() - 1).toString();
AMStoreConnection amsc = new AMStoreConnection(CommonUtils.getInternalToken());
DN rootDN = DN.valueOf(AMStoreConnection.getAMSdkBaseDN());
DN thisDN = DN.valueOf(orgDN);
for (int i = size - 2; i >= 0; i--) {
if (debug.messageEnabled()) {
debug.message("AMObjectImpl.validateAttributeUniqueness: " + "try DN = " + orgDN);
}
int type = -1;
if (!rootDN.isInScopeOf(thisDN, SearchScope.SUBORDINATES)) {
try {
type = amsc.getAMObjectType(orgDN);
} catch (AMException ame) {
if (debug.warningEnabled()) {
debug.warning("AMObjectImpl." + "validateAttributeUniqueness: " + "Unable to determine object type of " + orgDN + " :Attribute uniqueness check aborted..", ame);
}
return;
}
}
Set list = null;
AMObject amobj = null;
if (type == AMObject.ORGANIZATION) {
AMOrganization amorg = amsc.getOrganization(orgDN);
list = amorg.getAttribute(UNIQUE_ATTRIBUTE_LIST_ATTRIBUTE);
amobj = amorg;
} else if (type == AMObject.ORGANIZATIONAL_UNIT) {
AMOrganizationalUnit amorgu = amsc.getOrganizationalUnit(orgDN);
list = amorgu.getAttribute(UNIQUE_ATTRIBUTE_LIST_ATTRIBUTE);
amobj = amorgu;
}
if ((list != null) && !list.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("AMObjectImpl." + "validateAttributeUniqueness: list =" + list);
}
/*
* After adding the uniquness attributes 'ou,cn' to the
* list, creating a role with the same name as the existing
* user say 'amadmin' fails with 'Attribute uniqueness
* violation' The filter (|(cn='attrname')) is used for all
* objects. Fixed the code to look for 'Role' profile types
* and set the filter as
* (&(objectclass=ldapsubentry)
* (objectclass=nsroledefinition)
* (cn='attrname'))
*
* The same issue happens when a group is created with
* existing user name. Fixed the code to look for 'Group'
* profile types and set the filter as
* (&(objectClass=groupofuniquenames)
* (objectClass=iplanet-am-managed-group)(cn='attrname'))
* The logic in the while loop is iterate through the
* attribute unique list and check if the list contains the
* naming attribute of the object we are trying to create.
* If the naming attribute is in the list,then look if the
* profile type of the object we are trying to create is
* 'role' or 'group', add appropriate objectclasses and the
* entry rdn to the search filter. This filter is used to
* search the iDS and determine the attribute uniqueness
* violation. The boolean variable 'attrExists' is set to
* false initially. This variable is set to true when the
* profile type is 'role' or 'group'. The check for this
* boolean variable decides the number of matching closing
* parens of the three different types of filters.
*/
Iterator iter = list.iterator();
StringBuffer filterSB = new StringBuffer();
StringBuffer newEntrySB = new StringBuffer();
filterSB.append("(|");
while (iter.hasNext()) {
String[] attrList = getAttrList((String) iter.next());
Set attr = getAttrValues(attrList, modMap);
for (int j = 0; j < attrList.length; j++) {
String attrName = attrList[j];
if (attrName.equals(getNamingAttribute(profileType)) && newEntry) {
if ((profileType == AMObject.ROLE) || (profileType == AMObject.MANAGED_ROLE) || (profileType == AMObject.FILTERED_ROLE)) {
newEntrySB.append("(&");
newEntrySB.append("(objectclass=ldapsubentry)");
newEntrySB.append("(" + "objectclass=nsroledefinition)");
attrExists = true;
} else if ((profileType == AMObject.GROUP) || (profileType == AMObject.STATIC_GROUP) || (profileType == AMObject.ASSIGNABLE_DYNAMIC_GROUP) || (profileType == AMObject.DYNAMIC_GROUP)) {
newEntrySB.append("(&");
newEntrySB.append("(objectclass=iplanet-am-managed-group)");
newEntrySB.append("(objectclass=groupofuniquenames)");
attrExists = true;
} else if (profileType == AMObject.ORGANIZATION) {
newEntrySB.append("(&(!");
newEntrySB.append("(objectclass=");
newEntrySB.append(SMSEntry.OC_REALM_SERVICE);
newEntrySB.append("))");
attrExists = true;
}
filterSB.append("(").append(rdns.get(0)).append(")");
}
if (attr != null && !attr.isEmpty()) {
Iterator itr = attr.iterator();
while (itr.hasNext()) {
filterSB.append("(").append(attrName);
filterSB.append("=").append(itr.next());
filterSB.append(")");
}
}
// if
}
}
if (filterSB.length() > 2) {
if (attrExists) {
// pre-pend the creation filter part to the filter
// This is being done so that the filter is
// correctly created as
// (&(<creation-filter)(|(<attr filter>)))
newEntrySB.append(filterSB.toString()).append("))");
filterSB = newEntrySB;
} else {
filterSB.append(")");
}
if (debug.messageEnabled()) {
debug.message("AMObjectImpl." + "validateAttributeUniqueness: " + "filter = " + filterSB.toString());
}
Set users = amobj.search(AMConstants.SCOPE_SUB, filterSB.toString());
// In that case,ignore the violation
if (users != null && users.size() == 1) {
String userDN = (String) users.iterator().next();
DN dnObject = DN.valueOf(userDN);
if (dnObject.equals(DN.valueOf(entryDN))) {
return;
}
}
if ((users != null) && !users.isEmpty()) {
throw new AMException(AMSDKBundle.getString("162"), "162");
}
}
}
orgDN = rdns.get(i).toString() + "," + orgDN;
thisDN = DN.valueOf(orgDN);
}
} catch (SSOException ex) {
if (debug.warningEnabled()) {
debug.warning("Unable to validate attribute uniqneness", ex);
}
}
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
ArrayList(java.util.ArrayList)
AMException(com.iplanet.am.sdk.AMException)
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
SSOException(com.iplanet.sso.SSOException)
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
AMOrganization(com.iplanet.am.sdk.AMOrganization)
Iterator(java.util.Iterator)
AMOrganizationalUnit(com.iplanet.am.sdk.AMOrganizationalUnit)
AMObject(com.iplanet.am.sdk.AMObject)
RDN(org.forgerock.opendj.ldap.RDN)
Example 10 with RDN
use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class DirectoryServicesImpl method getTopLevelContainers.
public Set getTopLevelContainers(SSOToken token) throws AMException, SSOException {
String userDN = token.getPrincipal().getName();
AMStoreConnection amsc = new AMStoreConnection(internalToken);
AMUser auser = amsc.getUser(userDN);
Set set = new HashSet();
Set roleDNs = auser.getRoleDNs();
roleDNs.addAll(auser.getFilteredRoleDNs());
Iterator iter = roleDNs.iterator();
while (iter.hasNext()) {
String roleDN = (String) iter.next();
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl." + "getTopLevelContainers: roleDN=" + roleDN);
}
AMRole role = amsc.getRole(roleDN);
set.addAll(role.getAttribute(ROLE_MANAGED_CONTAINER_DN_ATTRIBUTE));
}
if (set.isEmpty()) {
String filter = "(|" + SearchFilterManager.getGlobalSearchFilter(AMObject.ORGANIZATION) + SearchFilterManager.getGlobalSearchFilter(AMObject.ORGANIZATIONAL_UNIT) + SearchFilterManager.getGlobalSearchFilter(AMObject.PEOPLE_CONTAINER) + SearchFilterManager.getGlobalSearchFilter(AMObject.DYNAMIC_GROUP) + SearchFilterManager.getGlobalSearchFilter(AMObject.ASSIGNABLE_DYNAMIC_GROUP) + SearchFilterManager.getGlobalSearchFilter(AMObject.GROUP) + ")";
set = search(token, AMStoreConnection.getAMSdkBaseDN(), filter, SCOPE_SUB);
}
HashSet resultSet = new HashSet();
iter = set.iterator();
while (iter.hasNext()) {
String containerDN = (String) iter.next();
DN cDN = DN.valueOf(containerDN);
Iterator iter2 = resultSet.iterator();
HashSet tmpSet = new HashSet();
boolean toAdd = true;
while (iter2.hasNext()) {
String resultDN = (String) iter2.next();
DN rDN = DN.valueOf(resultDN);
if (cDN.isInScopeOf(rDN, SearchScope.SUBORDINATES)) {
toAdd = false;
tmpSet.add(resultDN);
break;
} else if (!rDN.isInScopeOf(cDN, SearchScope.SUBORDINATES)) {
tmpSet.add(resultDN);
}
}
if (toAdd) {
tmpSet.add(containerDN);
}
resultSet = tmpSet;
}
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.getTopLevelContainers");
iter = resultSet.iterator();
StringBuilder tmpBuffer = new StringBuilder();
while (iter.hasNext()) {
String tmpDN = (String) iter.next();
tmpBuffer.append(tmpDN).append("\n");
}
debug.message("containerDNs\n" + tmpBuffer.toString());
}
return resultSet;
}
Also used :
AMStoreConnection(com.iplanet.am.sdk.AMStoreConnection)
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
AMUser(com.iplanet.am.sdk.AMUser)
Iterator(java.util.Iterator)
RDN(org.forgerock.opendj.ldap.RDN)
DN(org.forgerock.opendj.ldap.DN)
AMRole(com.iplanet.am.sdk.AMRole)
HashSet(java.util.HashSet)
Aggregations
RDN (org.forgerock.opendj.ldap.RDN)18
DN (org.forgerock.opendj.ldap.DN)17
ArrayList (java.util.ArrayList)7
HashSet (java.util.HashSet)4
Iterator (java.util.Iterator)4
Set (java.util.Set)4
SSOException (com.iplanet.sso.SSOException)3
Map (java.util.Map)3
AMException (com.iplanet.am.sdk.AMException)2
AMStoreConnection (com.iplanet.am.sdk.AMStoreConnection)2
AttrSet (com.iplanet.services.ldap.AttrSet)2
OrderedSet (com.sun.identity.shared.datastruct.OrderedSet)2
TreeSet (java.util.TreeSet)2
AMObject (com.iplanet.am.sdk.AMObject)1
AMOrganization (com.iplanet.am.sdk.AMOrganization)1
AMOrganizationalUnit (com.iplanet.am.sdk.AMOrganizationalUnit)1
AMPreCallBackException (com.iplanet.am.sdk.AMPreCallBackException)1
AMRole (com.iplanet.am.sdk.AMRole)1
AMSearchResults (com.iplanet.am.sdk.AMSearchResults)1
AMUser (com.iplanet.am.sdk.AMUser)1
