Example 46 with ResultCode
use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.
the class LDAPRoles method getValidValues.
/**
* Returns a list of possible values for the <code>LDAPRoles
* </code> that satisfy the given <code>pattern</code>.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
* @param pattern search pattern that will be used to narrow
* the list of valid names.
*
* @return <code>ValidValues</code> object
*
* @exception SSOException if <code>SSOToken></code> is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
if (!initialized) {
throw (new PolicyException(ResBundleUtils.rbName, "ldaproles_subject_not_yet_initialized", null, null));
}
String searchFilter = null;
if ((pattern != null) && !(pattern.trim().length() == 0)) {
searchFilter = "(&" + roleSearchFilter + "(" + roleRDNAttrName + "=" + pattern + "))";
} else {
searchFilter = roleSearchFilter;
}
if (debug.messageEnabled()) {
debug.message("LDAPRoles.getValidValues(): role search filter is: " + searchFilter);
}
String[] attrs = { roleRDNAttrName };
Set<String> validRoleDNs = new HashSet<>();
int status = ValidValues.SUCCESS;
try (Connection conn = connPool.getConnection()) {
SearchRequest searchRequest = LDAPRequests.newSearchRequest(baseDN, roleSearchScope, searchFilter, attrs);
ConnectionEntryReader reader = conn.search(searchRequest);
while (reader.hasNext()) {
if (reader.isReference()) {
//Ignore
reader.readReference();
} else {
SearchResultEntry entry = reader.readEntry();
if (entry != null) {
validRoleDNs.add(entry.getName().toString());
debug.message("LDAPRoles.getValidValues(): found role name={}", entry.getName().toString());
}
}
}
} catch (LdapException le) {
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("LDAPRoles.getValidValues(): exceeded the size limit");
return new ValidValues(ValidValues.SIZE_LIMIT_EXCEEDED, validRoleDNs);
} else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("LDAPRoles.getValidValues(): exceeded the time limit");
return new ValidValues(ValidValues.TIME_LIMIT_EXCEEDED, validRoleDNs);
} else if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
String[] objs = { baseDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_base_dn", objs, null);
}
String errorMsg = le.getMessage();
String additionalMsg = le.getResult().getDiagnosticMessage();
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
} catch (Exception e) {
throw new PolicyException(e);
}
return new ValidValues(status, validRoleDNs);
}
Also used :
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
ValidValues(com.sun.identity.policy.ValidValues)
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
LdapException(org.forgerock.opendj.ldap.LdapException)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
InvalidNameException(com.sun.identity.policy.InvalidNameException)
SSOException(com.iplanet.sso.SSOException)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
PolicyException(com.sun.identity.policy.PolicyException)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
HashSet(java.util.HashSet)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 47 with ResultCode
use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.
the class LDAPGroups method findDynamicGroupMembersByUrl.
/**
* Finds the dynamic group member DNs
* @param url the url to be used for the group member search
* @return the set of group member DNs satisfied the search url
*/
private Set findDynamicGroupMembersByUrl(LDAPUrl url, String userRDN) throws PolicyException {
Connection ld = null;
Set<String> groupMemberDNs = new HashSet<>();
try (Connection conn = connPool.getConnection()) {
// Need to pass the user dn in the filter
StringBuilder filter = new StringBuilder(25);
filter.append("(&").append(userRDN);
String groupFilter = url.getFilter().toString();
int index = groupFilter.indexOf("(");
if (index != 0) {
filter.append("(").append(groupFilter).append("))");
} else {
filter.append(groupFilter).append(")");
}
debug.message("search filter in LDAPGroups : {}", filter);
String[] attrs = { userRDNAttrName };
SearchRequest searchRequest = LDAPRequests.newSearchRequest(url.getName(), url.getScope(), Filter.valueOf(filter.toString()), attrs);
ConnectionEntryReader reader = conn.search(searchRequest);
while (reader.hasNext()) {
if (reader.isReference()) {
//Ignore
reader.readReference();
} else {
SearchResultEntry entry = reader.readEntry();
if (entry != null) {
groupMemberDNs.add(entry.getName().toString());
}
}
}
} catch (LdapException le) {
String[] objs = { orgName };
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("LDAPGroups.findDynamicGroupMembersByUrl(): exceeded the size limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
} else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("LDAPGroups.findDynamicGroupMembersByUrl(): exceeded the time limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
} else {
throw new PolicyException(le);
}
} catch (Exception e) {
throw new PolicyException(e);
}
return groupMemberDNs;
}
Also used :
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
LdapException(org.forgerock.opendj.ldap.LdapException)
NameNotFoundException(com.sun.identity.policy.NameNotFoundException)
PolicyException(com.sun.identity.policy.PolicyException)
InvalidNameException(com.sun.identity.policy.InvalidNameException)
SSOException(com.iplanet.sso.SSOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
PolicyException(com.sun.identity.policy.PolicyException)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
HashSet(java.util.HashSet)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 48 with ResultCode
use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.
the class LDAPFilterCondition method searchFilterSatisfied.
/**
* returns a boolean result indicating if the specified
* <code>searchFilter</code> is satisfied by
* making a directory search using the filter.
*/
private boolean searchFilterSatisfied(String searchFilter) throws SSOException, PolicyException {
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.searchFilterSatified():" + "entering, searchFitler=" + searchFilter);
}
boolean filterSatisfied = false;
String[] attrs = { userRDNAttrName };
// search the remote ldap
Connection ld = null;
try (Connection conn = connPool.getConnection()) {
SearchRequest searchRequest = LDAPRequests.newSearchRequest(baseDN, userSearchScope, searchFilter, attrs);
ConnectionEntryReader reader = conn.search(searchRequest);
if (reader.hasNext()) {
if (reader.isReference()) {
//Ignore
reader.readReference();
} else {
SearchResultEntry entry = reader.readEntry();
if (entry != null) {
String dn = entry.getName().toString();
if (dn != null && dn.length() != 0) {
debug.message("LDAPFilterCondition.searchFilterSatified(): dn={}", dn);
filterSatisfied = true;
}
}
}
}
} catch (LdapException le) {
ResultCode resultCode = le.getResult().getResultCode();
if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("LDAPFilterCondition.searchFilterSatified(): exceeded the size limit");
} else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
debug.warning("LDAPFilterCondition.searchFilterSatified(): exceeded the time limit");
} else if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
} else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
String[] objs = { baseDN };
throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_users_base_dn", objs, null);
}
String errorMsg = le.getMessage();
String additionalMsg = le.getResult().getDiagnosticMessage();
if (additionalMsg != null) {
throw new PolicyException(errorMsg + ": " + additionalMsg);
} else {
throw new PolicyException(errorMsg);
}
} catch (SearchResultReferenceIOException e) {
debug.warning("LDAPFilterCondition.searchFilterSatified()" + ": Partial results have been received, status code 9." + " The message provided by the LDAP server is: \n" + e.getMessage());
}
debug.message("LDAPFilterCondition.searchFilterSatified():returning, filterSatisfied={}", filterSatisfied);
return filterSatisfied;
}
Also used :
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
PolicyException(com.sun.identity.policy.PolicyException)
Connection(org.forgerock.opendj.ldap.Connection)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 49 with ResultCode
use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.
the class LDAPUsers method getValidValues.
/**
* Returns a list of possible values for the <code>LDAPUsers
* </code> that satisfy the given <code>pattern</code>.
*
* @param token the <code>SSOToken</code> that will be used
* to determine the possible values
* @param pattern search pattern that will be used to narrow
* the list of valid names.
*
* @return <code>ValidValues</code> object
*
* @exception SSOException if <code>SSOToken</code> is not valid
* @exception PolicyException if unable to get the list of valid
* names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
if (!initialized) {
throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_not_yet_initialized", null, null));
}
String searchFilter = getSearchFilter(pattern);
Set<String> validUserDNs = new HashSet<>();
int status = ValidValues.SUCCESS;
try (Connection ld = connPool.getConnection()) {
ConnectionEntryReader res = search(searchFilter, ld, userRDNAttrName);
while (res.hasNext()) {
try {
if (res.isEntry()) {
SearchResultEntry entry = res.readEntry();
String name = entry.getName().toString();
validUserDNs.add(name);
debug.message("LDAPUsers.getValidValues(): found user name={}", name);
} else {
// ignore referrals
debug.message("LDAPUsers.getValidValues(): Ignoring reference: {}", res.readReference());
}
} catch (LdapException e) {
ResultCode resultCode = e.getResult().getResultCode();
if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
debug.warning("LDAPUsers.getValidValues(): exceeded the size limit");
status = ValidValues.SIZE_LIMIT_EXCEEDED;
} else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
debug.warning("LDAPUsers.getValidValues(): exceeded the time limit");
status = ValidValues.TIME_LIMIT_EXCEEDED;
} else {
throw new PolicyException(e);
}
} catch (SearchResultReferenceIOException e) {
// ignore referrals
}
}
} catch (LdapException e) {
throw handleResultException(e);
}
return new ValidValues(status, validUserDNs);
}
Also used :
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
PolicyException(com.sun.identity.policy.PolicyException)
ValidValues(com.sun.identity.policy.ValidValues)
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
HashSet(java.util.HashSet)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Aggregations
ResultCode (org.forgerock.opendj.ldap.ResultCode)49
LdapException (org.forgerock.opendj.ldap.LdapException)37
Connection (org.forgerock.opendj.ldap.Connection)29
ByteString (org.forgerock.opendj.ldap.ByteString)18
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)18
SMSException (com.sun.identity.sm.SMSException)17
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)17
SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)15
HashSet (java.util.HashSet)14
PolicyException (com.sun.identity.policy.PolicyException)13
SSOException (com.iplanet.sso.SSOException)9
InvalidNameException (com.sun.identity.policy.InvalidNameException)9
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)9
SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)7
ValidValues (com.sun.identity.policy.ValidValues)6
LinkedHashSet (java.util.LinkedHashSet)6
InternalSearchOperation (org.opends.server.protocols.internal.InternalSearchOperation)6
AMException (com.iplanet.am.sdk.AMException)4
AMSearchResults (com.iplanet.am.sdk.AMSearchResults)4
IOException (java.io.IOException)4
