use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class CreateServiceConfig method createOrganization.
/*
* create the sub-organization.
*/
static void createOrganization(SSOToken token, String orgDN) throws SMSException {
// Check if the organization already exists
try {
// Normalize DN, so it can be parsed and compared
Object[] args1 = { orgDN };
DN ldapName = DN.valueOf(orgDN);
orgDN = ldapName.toString();
if (orgDN.length() == 0) {
SMSEntry.debug.error("CreateServiceConfig." + "createOrganization() : Detected invalid characters. " + "Invalid realm name: " + args1[0]);
throw (new SMSException(IUMSConstants.UMS_BUNDLE_NAME, "sms-invalid-org-name", args1));
}
CachedSMSEntry cEntry = CachedSMSEntry.getInstance(token, orgDN);
if (cEntry.isDirty()) {
cEntry.refresh();
}
SMSEntry e = cEntry.getClonedSMSEntry();
if (!e.isNewEntry()) {
SMSEntry.debug.error("Organization already exists: " + orgDN);
throw (new OrganizationAlreadyExistsException(IUMSConstants.UMS_BUNDLE_NAME, IUMSConstants.SMS_organization_already_exists_no_args, null));
}
// Reverse RDN order
List<RDN> rdns = new ArrayList<>();
for (RDN rdn : ldapName) {
rdns.add(0, rdn);
}
// Need to start from baseDN, to create intermediate nodes
String partdn = rdns.get(0).toString();
// Obtain the baseDN
int index = 0;
while (index < rdns.size() - 1 && !partdn.equalsIgnoreCase(DNMapper.serviceDN)) {
partdn = rdns.get(++index).toString() + "," + partdn;
}
// Check the intermediate nodes
while (index < rdns.size() - 1) {
partdn = rdns.get(++index).toString() + "," + partdn;
cEntry = CachedSMSEntry.getInstance(token, partdn);
if (cEntry.isDirty()) {
cEntry.refresh();
}
e = cEntry.getClonedSMSEntry();
if (e.isNewEntry()) {
// Create the realm
// Add needed object classes
e.addAttribute(SMSEntry.ATTR_OBJECTCLASS, SMSEntry.OC_REALM_SERVICE);
e.addAttribute(SMSEntry.ATTR_OBJECTCLASS, SMSEntry.OC_TOP);
e.save(token);
cEntry.refresh(e);
}
}
} catch (SSOException ssoe) {
SMSEntry.debug.error("CreateServiceConfig: Unable to " + "create organization ", ssoe);
throw (new SMSException(SMSEntry.bundle.getString("sms-INVALID_SSO_TOKEN"), "sms-INVALID_SSO_TOKEN"));
}
}
use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class DNMapper method realmNameToAMSDKName.
/**
* Converts realm name to AMSDK compliant organization name
*/
public static String realmNameToAMSDKName(String realmName) {
String dn = orgNameToDN(realmName);
String dnlc = dn.toLowerCase();
if (debug.messageEnabled()) {
debug.message("DNMapper.realmNameToAMSDKName realmName =" + realmName);
debug.message("DNMapper.realmNameToAMSDKName orgDN =" + dn);
}
// Check for baseDN and internal hidden realm names
if ((dnlc.equals(SMSEntry.baseDN)) && (!dnlc.equals(SMSEntry.amsdkbaseDN))) {
return (SMSEntry.amsdkbaseDN);
}
if (dnlc.equals(SMSEntry.baseDN) || dnlc.startsWith(SMSEntry.SUN_INTERNAL_REALM_PREFIX)) {
return (SMSEntry.baseDN);
}
// If realm is not enabled, remove "ou=services" node
StringBuilder buf = new StringBuilder(dn.length());
String orgAttr = OrgConfigViaAMSDK.getNamingAttrForOrg();
// If orgAttr is null or is "o", return after removing "ou=services"
if (orgAttr == null || orgAttr.equalsIgnoreCase(SMSEntry.ORGANIZATION_RDN)) {
String answer = replaceString(dn, ",ou=services,", ",");
if (debug.messageEnabled()) {
debug.message("DNMapper.realmNameToAMSDKName sdkName =" + answer);
}
return (answer);
}
// Remove the baseDN and parse the DN
int index = dnlc.indexOf(serviceDN);
if (index == -1) {
// Try the baseDN
index = dnlc.indexOf(SMSEntry.baseDN);
}
String answer = (index == -1) ? dn : dn.substring(0, index - 1);
DN answerDN = DN.valueOf(answer);
for (RDN rdn : answerDN) {
buf.append(orgAttr).append(SMSEntry.EQUALS).append(rdnValue(rdn));
buf.append(',');
}
// Append baseDN and return
buf.append(SMSEntry.baseDN);
if (debug.messageEnabled()) {
debug.message("DNMapper.realmNameToAMSDKName sdkName =" + buf.toString());
}
return (buf.toString());
}
use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class DirectoryServicesImpl method removeSubtree.
/**
* Private method used by "removeEntry" to delete an entire subtree
*/
private void removeSubtree(SSOToken token, String entryDN, boolean softDelete) throws AMException, SSOException {
int type = AMObject.UNKNOWN_OBJECT_TYPE;
try {
Guid guid = new Guid(entryDN);
PersistentObject po = UMSObject.getObjectHandle(internalToken, guid);
// first get all the children of the object
SearchControl control = new SearchControl();
control.setSearchScope(SearchControl.SCOPE_SUB);
String searchFilter = "(|(objectclass=*)(objectclass=ldapsubEntry))";
List list = new ArrayList();
// get number of RDNs in the entry itself
int entryRDNs = DN.valueOf(entryDN).size();
// to count maximum level of RDNs in the search return
int maxRDNCount = entryRDNs;
// go through all search results, add DN to the list, and
// set the maximun RDN count, will be used to remove DNs
SearchResults children = po.getChildren(searchFilter, control);
while (children.hasMoreElements()) {
PersistentObject object = children.next();
DN dn = DN.valueOf(object.getDN());
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeEntry(): " + "found child: " + object.getDN());
}
int count = dn.size();
if (count > maxRDNCount) {
maxRDNCount = count;
}
list.add(dn);
}
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl.removeEntry(): max " + "RDNs: " + maxRDNCount);
}
// go through all search results, delete entries from the
// bottom up, starting from entries whose's RDN count
// equals the maxRDNCount
// TODO : If the list has too many entries, then the multiple
// iteration in the inner for loop may be the bottleneck.
// One enhancement to the existing algorithm is to store all
// the entries by level in a different List. Per Sai's comments
int len = list.size();
for (int i = maxRDNCount; i >= entryRDNs; i--) {
for (int j = 0; j < len; j++) {
DN dn = (DN) list.get(j);
// check if we need delete it now
if (dn.size() == i) {
// remove the entry
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl." + "removeEntry(): del " + dn.toString());
}
String rfcDN = dn.toString();
type = AMObject.UNKNOWN_OBJECT_TYPE;
try {
type = getObjectType(internalToken, rfcDN);
} catch (AMException ae) {
// Not a managed type, just delete it.
Guid g = new Guid(rfcDN);
UMSObject.removeObject(token, g);
}
// Do a non-recursive delete
if (type != AMObject.UNKNOWN_OBJECT_TYPE && type != AMObject.UNDETERMINED_OBJECT_TYPE) {
try {
removeSingleEntry(token, rfcDN, type, softDelete);
} catch (AMPreCallBackException amp) {
debug.error("DirectoryServicesImpl." + "removeSubTree: Aborting delete of: " + rfcDN + " due to pre-callback exception", amp);
}
}
// remove the deleted entry from the list
list.remove(j);
// move back pointer, as current element is removed
j--;
// reduce list length
len--;
}
}
}
} catch (AccessRightsException e) {
debug.error("DirectoryServicesImpl.removeEntry() Insufficient " + "access rights to remove entry: " + entryDN, e);
throw new AMException(token, "460");
} catch (EntryNotFoundException e) {
String entry = getEntryName(e);
debug.error("DirectoryServicesImpl.removeEntry() Entry not found: " + entry, e);
String msgid = getEntryNotFoundMsgID(type);
Object[] args = { entry };
String locale = CommonUtils.getUserLocale(token);
throw new AMException(AMSDKBundle.getString(msgid, args, locale), msgid, args);
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.removeEntry() Unable to remove: " + " Internal error occurred: ", e);
throw new AMException(token, "325", e);
}
}
use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class SMSAuditor method getRealmFromDN.
/**
* Extract the realm from the LDAP DN
* @param dn The DN from which to extract the realm
* @return The extracted realm's name
*/
public static String getRealmFromDN(String dn) {
Stack stack = new Stack();
for (Iterator<RDN> itr = DN.valueOf(dn).iterator(); itr.hasNext(); ) {
RDN rdn = itr.next();
if (LDAPUtils.rdnType(rdn).equals("ou") && LDAPUtils.rdnValue(rdn).equals("GlobalConfig")) {
return null;
} else if (LDAPUtils.rdnType(rdn).equals("o")) {
stack.push(LDAPUtils.rdnValue(rdn));
}
}
StringBuilder builder = new StringBuilder();
while (!stack.empty()) {
builder.append("/");
builder.append(stack.pop());
}
if (builder.length() > 0) {
return builder.toString();
}
return "/";
}
use of org.forgerock.opendj.ldap.RDN in project OpenAM by OpenRock.
the class PolicyUtils method getDNDisplayString.
/**
* Returns a display string for an LDAP distinguished name.
*
* @param strDN distinguished name.
* @return display string for the LDAP distinguished name.
*/
public static String getDNDisplayString(String strDN) {
String displayString = null;
/*
* Given a value of cn=Accounting Managers,ou=groups,dc=iplanet,dc=com,
* this method returns com > iplanet > groups > Accounting Managers
*/
DN dn = DN.valueOf(strDN);
if (!LDAPUtils.isDN(strDN)) {
displayString = strDN;
} else {
List<RDN> rdns = new ArrayList<>();
for (RDN rdn : dn) {
rdns.add(0, rdn);
}
StringBuilder buff = new StringBuilder(1024);
for (int i = 0; i < rdns.size(); i++) {
RDN rdn = rdns.get(i);
buff.append(LDAPUtils.rdnValue(rdn));
if (i < rdns.size() - 1) {
buff.append(" > ");
}
}
displayString = buff.toString();
}
return displayString;
}
Aggregations