Example 1 with ResultCode
use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.
the class DirectoryServicesImpl method getMembers.
/**
* Get members for roles, dynamic group or static group
*
* @param token
* SSOToken
* @param entryDN
* DN of the role or group
* @param objectType
* objectType of the target object, AMObject.ROLE or
* AMObject.GROUP
* @return Set Member DNs
*/
public Set getMembers(SSOToken token, String entryDN, int objectType) throws AMException {
try {
SearchResults results;
switch(objectType) {
case AMObject.ROLE:
case AMObject.MANAGED_ROLE:
ManagedRole role = (ManagedRole) UMSObject.getObject(token, new Guid(entryDN));
results = role.getMemberIDs();
return searchResultsToSet(results);
case AMObject.FILTERED_ROLE:
FilteredRole filteredRole = (FilteredRole) UMSObject.getObject(token, new Guid(entryDN));
results = filteredRole.getMemberIDs();
return searchResultsToSet(results);
case AMObject.GROUP:
case AMObject.STATIC_GROUP:
StaticGroup group = (StaticGroup) UMSObject.getObject(token, new Guid(entryDN));
results = group.getMemberIDs();
return searchResultsToSet(results);
case AMObject.DYNAMIC_GROUP:
DynamicGroup dynamicGroup = (DynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
results = dynamicGroup.getMemberIDs();
return searchResultsToSet(results);
case AMObject.ASSIGNABLE_DYNAMIC_GROUP:
// TODO: See if it works after removing this workaround
// fake object to get around UMS problem.
// UMS AssignableDynamicGroup has a class resolver, it is
// added to resolver list in static block. So I need to
// construct a dummy AssignableDynamicGroup
AssignableDynamicGroup adgroup = (AssignableDynamicGroup) UMSObject.getObject(token, new Guid(entryDN));
results = adgroup.getMemberIDs();
return searchResultsToSet(results);
default:
throw new AMException(token, "114");
}
} catch (EntryNotFoundException e) {
debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
String msgid = getEntryNotFoundMsgID(objectType);
String entryName = getEntryName(e);
Object[] args = { entryName };
throw new AMException(AMSDKBundle.getString(msgid, args), msgid, args);
} catch (UMSException e) {
debug.error("DirectoryServicesImpl.getMembers() entryDN " + entryDN + " objectType: " + objectType + " Unable to get members: ", e);
LdapException le = (LdapException) e.getRootCause();
if (le != null) {
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode) || ResultCode.ADMIN_LIMIT_EXCEEDED.equals(resultCode)) {
throw new AMException(token, "505", e);
}
}
throw new AMException(token, "454", e);
}
}
Also used :
DynamicGroup(com.iplanet.ums.DynamicGroup)
AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup)
UMSException(com.iplanet.ums.UMSException)
AMException(com.iplanet.am.sdk.AMException)
Guid(com.iplanet.ums.Guid)
AMSearchResults(com.iplanet.am.sdk.AMSearchResults)
SearchResults(com.iplanet.ums.SearchResults)
StaticGroup(com.iplanet.ums.StaticGroup)
ManagedRole(com.iplanet.ums.ManagedRole)
FilteredRole(com.iplanet.ums.FilteredRole)
EntryNotFoundException(com.iplanet.ums.EntryNotFoundException)
LdapException(org.forgerock.opendj.ldap.LdapException)
AssignableDynamicGroup(com.iplanet.ums.AssignableDynamicGroup)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 2 with ResultCode
use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.
the class DataLayer method rename.
public void rename(java.security.Principal principal, Guid guid, String newName, boolean deleteOldName) throws UMSException {
String id = guid.getDn();
ResultCode errorCode;
try {
ModifyDNRequest request = LDAPRequests.newModifyDNRequest(id, newName);
int retry = 0;
while (retry <= connNumRetry) {
if (debug.messageEnabled()) {
debug.message("DataLayer.rename retry: " + retry);
}
try (Connection conn = getConnection(principal)) {
conn.applyChange(request);
return;
} catch (LdapException e) {
errorCode = e.getResult().getResultCode();
if (!retryErrorCodes.contains(errorCode) || retry == connNumRetry) {
throw e;
}
retry++;
try {
Thread.sleep(connRetryInterval);
} catch (InterruptedException ex) {
}
}
}
} catch (LdapException e) {
if (debug.warningEnabled()) {
debug.warning("Exception in DataLayer.rename for DN: " + id, e);
}
errorCode = e.getResult().getResultCode();
if (ResultCode.NO_SUCH_OBJECT.equals(errorCode)) {
throw new EntryNotFoundException(id, e);
} else if (ResultCode.INSUFFICIENT_ACCESS_RIGHTS.equals(errorCode)) {
throw new AccessRightsException(id, e);
} else {
throw new UMSException(id, e);
}
}
}
Also used :
ModifyDNRequest(org.forgerock.opendj.ldap.requests.ModifyDNRequest)
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 3 with ResultCode
use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.
the class DataLayer method modify.
/**
* Modifies an ldap entry.
*
* @param principal Authentication Principal.
* @param guid globally unique identifier for the entry.
* @param modifications Set of modifications for the entry.
* @exception AccessRightsException if insufficient access
* @exception EntryNotFoundException if the entry is not found.
* @exception UMSException if failure
*
* @supported.api
*/
public void modify(Principal principal, Guid guid, Collection<Modification> modifications) throws UMSException {
String id = guid.getDn();
ResultCode errorCode;
try {
ModifyRequest request = LDAPRequests.newModifyRequest(id);
for (Modification modification : modifications) {
request.addModification(modification);
}
int retry = 0;
while (retry <= connNumRetry) {
if (debug.messageEnabled()) {
debug.message("DataLayer.modify retry: " + retry);
}
try (Connection conn = getConnection(principal)) {
conn.modify(request);
return;
} catch (LdapException e) {
if (!retryErrorCodes.contains("" + e.getResult().getResultCode().toString()) || retry == connNumRetry) {
throw e;
}
retry++;
try {
Thread.sleep(connRetryInterval);
} catch (InterruptedException ex) {
}
}
}
} catch (LdapException e) {
if (debug.warningEnabled()) {
debug.warning("Exception in DataLayer.modify for DN: " + id, e);
}
errorCode = e.getResult().getResultCode();
if (ResultCode.NO_SUCH_OBJECT.equals(errorCode)) {
throw new EntryNotFoundException(id, e);
} else if (ResultCode.INSUFFICIENT_ACCESS_RIGHTS.equals(errorCode)) {
throw new AccessRightsException(id, e);
} else {
throw new UMSException(id, e);
}
}
}
Also used :
Modification(org.forgerock.opendj.ldap.Modification)
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
ModifyRequest(org.forgerock.opendj.ldap.requests.ModifyRequest)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 4 with ResultCode
use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.
the class SMSLdapObject method create.
/**
* Create an entry in the directory using the principal name
*/
private static void create(Principal p, String dn, Map attrs) throws SMSException, SSOException {
int retry = 0;
Entry entry = copyMapToEntry(attrs).setName(dn);
while (retry <= connNumRetry) {
debug.message("SMSLdapObject.create() retry: {}", retry);
try (Connection conn = getConnection(p)) {
conn.add(LDAPRequests.newAddRequest(entry));
debug.message("SMSLdapObject.create Successfully created entry: {}", dn);
break;
} catch (LdapException e) {
ResultCode errorCode = e.getResult().getResultCode();
if (errorCode.equals(ResultCode.ENTRY_ALREADY_EXISTS) && retry > 0) {
// During install time and other times,
// this error gets throws due to unknown issue. Issue:
// Hence mask it.
debug.warning("SMSLdapObject.create() Entry Already Exists Error for DN {}", dn);
break;
}
if (!retryErrorCodes.contains(errorCode) || retry >= connNumRetry) {
debug.error("SMSLdapObject.create() Error in creating: {} By Principal: {}", dn, p.getName(), e);
throw new SMSException(e, "sms-entry-cannot-create");
}
retry++;
try {
Thread.sleep(connRetryInterval);
} catch (InterruptedException ex) {
//ignored
}
}
}
}
Also used :
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
SMSDataEntry(com.sun.identity.sm.SMSDataEntry)
SMSEntry(com.sun.identity.sm.SMSEntry)
LinkedHashMapEntry(org.forgerock.opendj.ldap.LinkedHashMapEntry)
Entry(org.forgerock.opendj.ldap.Entry)
SMSException(com.sun.identity.sm.SMSException)
Connection(org.forgerock.opendj.ldap.Connection)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 5 with ResultCode
use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.
the class SMSEmbeddedLdapObject method delete.
/**
* Delete the entry in the directory. This will delete sub-entries also!
*/
public void delete(SSOToken token, String dn) throws SMSException, SSOException {
SMSAuditor auditor = newAuditor(token, dn, readCurrentState(dn));
// Check if there are sub-entries, delete if present
Iterator se = subEntries(token, dn, "*", 0, false, false).iterator();
while (se.hasNext()) {
String entry = (String) se.next();
if (debug.messageEnabled()) {
debug.message("SMSEmbeddedLdapObject: deleting sub-entry: " + entry);
}
delete(token, getNamingAttribute() + "=" + entry + "," + dn);
}
// Check if there are suborganizations, delete if present
// The recursive 'false' here has the scope SCOPE_ONE
// while searching for the suborgs.
// Loop through the suborg at the first level and if there
// is no next suborg, delete that.
Set subOrgNames = searchSubOrgNames(token, dn, "*", 0, false, false, false);
for (Iterator so = subOrgNames.iterator(); so.hasNext(); ) {
String subOrg = (String) so.next();
if (debug.messageEnabled()) {
debug.message("SMSEmbeddedLdapObject: deleting " + "suborganization: " + subOrg);
}
delete(token, subOrg);
}
DeleteOperation dop = icConn.processDelete(dn);
ResultCode resultCode = dop.getResultCode();
if (resultCode != ResultCode.SUCCESS) {
if (debug.warningEnabled()) {
debug.warning("SMSEmbeddedLdapObject.delete: " + "Unable to delete entry:" + dn);
}
throw (new SMSException("", "sms-entry-cannot-delete"));
}
objectChanged(dn, DELETE);
if (auditor != null) {
auditor.auditDelete();
}
}
Also used :
SMSAuditor(org.forgerock.openam.auditors.SMSAuditor)
DeleteOperation(org.opends.server.core.DeleteOperation)
Set(java.util.Set)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
SMSException(com.sun.identity.sm.SMSException)
Iterator(java.util.Iterator)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Aggregations
ResultCode (org.forgerock.opendj.ldap.ResultCode)49
LdapException (org.forgerock.opendj.ldap.LdapException)37
Connection (org.forgerock.opendj.ldap.Connection)29
ByteString (org.forgerock.opendj.ldap.ByteString)18
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)18
SMSException (com.sun.identity.sm.SMSException)17
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)17
SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)15
HashSet (java.util.HashSet)14
PolicyException (com.sun.identity.policy.PolicyException)13
SSOException (com.iplanet.sso.SSOException)9
InvalidNameException (com.sun.identity.policy.InvalidNameException)9
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)9
SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)7
ValidValues (com.sun.identity.policy.ValidValues)6
LinkedHashSet (java.util.LinkedHashSet)6
InternalSearchOperation (org.opends.server.protocols.internal.InternalSearchOperation)6
AMException (com.iplanet.am.sdk.AMException)4
AMSearchResults (com.iplanet.am.sdk.AMSearchResults)4
IOException (java.io.IOException)4
