Search in sources :

Example 41 with ResultCode

use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.

the class LDAPGroups method findDynamicGroupMembersByUrl.

/**
     * Finds the dynamic group member DNs 
     * @param url the url to be used for the group member search
     * @return the set of group member DNs satisfied the search url
     */
private Set findDynamicGroupMembersByUrl(LDAPUrl url, String userRDN) throws PolicyException {
    Connection ld = null;
    Set<String> groupMemberDNs = new HashSet<>();
    try (Connection conn = connPool.getConnection()) {
        // Need to pass the user dn in the filter
        StringBuilder filter = new StringBuilder(25);
        filter.append("(&").append(userRDN);
        String groupFilter = url.getFilter().toString();
        int index = groupFilter.indexOf("(");
        if (index != 0) {
            filter.append("(").append(groupFilter).append("))");
        } else {
            filter.append(groupFilter).append(")");
        }
        debug.message("search filter in LDAPGroups : {}", filter);
        String[] attrs = { userRDNAttrName };
        SearchRequest searchRequest = LDAPRequests.newSearchRequest(url.getName(), url.getScope(), Filter.valueOf(filter.toString()), attrs);
        ConnectionEntryReader reader = conn.search(searchRequest);
        while (reader.hasNext()) {
            if (reader.isReference()) {
                //Ignore
                reader.readReference();
            } else {
                SearchResultEntry entry = reader.readEntry();
                if (entry != null) {
                    groupMemberDNs.add(entry.getName().toString());
                }
            }
        }
    } catch (LdapException le) {
        String[] objs = { orgName };
        ResultCode resultCode = le.getResult().getResultCode();
        if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPGroups.findDynamicGroupMembersByUrl(): exceeded the size limit");
            throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
        } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPGroups.findDynamicGroupMembersByUrl(): exceeded the time limit");
            throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
        } else {
            throw new PolicyException(le);
        }
    } catch (Exception e) {
        throw new PolicyException(e);
    }
    return groupMemberDNs;
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) Connection(org.forgerock.opendj.ldap.Connection) ByteString(org.forgerock.opendj.ldap.ByteString) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 42 with ResultCode

use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.

the class LDAPFilterCondition method searchFilterSatisfied.

/**
     * returns a boolean result indicating if the specified
     * <code>searchFilter</code> is satisfied by 
     * making a directory search using the filter.
     */
private boolean searchFilterSatisfied(String searchFilter) throws SSOException, PolicyException {
    if (debug.messageEnabled()) {
        debug.message("LDAPFilterCondition.searchFilterSatified():" + "entering, searchFitler=" + searchFilter);
    }
    boolean filterSatisfied = false;
    String[] attrs = { userRDNAttrName };
    // search the remote ldap         
    Connection ld = null;
    try (Connection conn = connPool.getConnection()) {
        SearchRequest searchRequest = LDAPRequests.newSearchRequest(baseDN, userSearchScope, searchFilter, attrs);
        ConnectionEntryReader reader = conn.search(searchRequest);
        if (reader.hasNext()) {
            if (reader.isReference()) {
                //Ignore
                reader.readReference();
            } else {
                SearchResultEntry entry = reader.readEntry();
                if (entry != null) {
                    String dn = entry.getName().toString();
                    if (dn != null && dn.length() != 0) {
                        debug.message("LDAPFilterCondition.searchFilterSatified(): dn={}", dn);
                        filterSatisfied = true;
                    }
                }
            }
        }
    } catch (LdapException le) {
        ResultCode resultCode = le.getResult().getResultCode();
        if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPFilterCondition.searchFilterSatified(): exceeded the size limit");
        } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPFilterCondition.searchFilterSatified(): exceeded the time limit");
        } else if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
            throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
        } else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
            String[] objs = { baseDN };
            throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_users_base_dn", objs, null);
        }
        String errorMsg = le.getMessage();
        String additionalMsg = le.getResult().getDiagnosticMessage();
        if (additionalMsg != null) {
            throw new PolicyException(errorMsg + ": " + additionalMsg);
        } else {
            throw new PolicyException(errorMsg);
        }
    } catch (SearchResultReferenceIOException e) {
        debug.warning("LDAPFilterCondition.searchFilterSatified()" + ": Partial results have been received, status code 9." + " The message provided by the LDAP server is: \n" + e.getMessage());
    }
    debug.message("LDAPFilterCondition.searchFilterSatified():returning, filterSatisfied={}", filterSatisfied);
    return filterSatisfied;
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) Connection(org.forgerock.opendj.ldap.Connection) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 43 with ResultCode

use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.

the class LDAPUsers method getValidValues.

/**
     * Returns a list of possible values for the <code>LDAPUsers
     * </code> that satisfy the given <code>pattern</code>.
     *
     * @param token the <code>SSOToken</code> that will be used
     * to determine the possible values
     * @param pattern search pattern that will be used to narrow
     * the list of valid names.
     *
     * @return <code>ValidValues</code> object
     *
     * @exception SSOException if <code>SSOToken</code> is not valid
     * @exception PolicyException if unable to get the list of valid
     * names.
     */
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
    if (!initialized) {
        throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_not_yet_initialized", null, null));
    }
    String searchFilter = getSearchFilter(pattern);
    Set<String> validUserDNs = new HashSet<>();
    int status = ValidValues.SUCCESS;
    try (Connection ld = connPool.getConnection()) {
        ConnectionEntryReader res = search(searchFilter, ld, userRDNAttrName);
        while (res.hasNext()) {
            try {
                if (res.isEntry()) {
                    SearchResultEntry entry = res.readEntry();
                    String name = entry.getName().toString();
                    validUserDNs.add(name);
                    debug.message("LDAPUsers.getValidValues(): found user name={}", name);
                } else {
                    // ignore referrals
                    debug.message("LDAPUsers.getValidValues(): Ignoring reference: {}", res.readReference());
                }
            } catch (LdapException e) {
                ResultCode resultCode = e.getResult().getResultCode();
                if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidValues(): exceeded the size limit");
                    status = ValidValues.SIZE_LIMIT_EXCEEDED;
                } else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidValues(): exceeded the time limit");
                    status = ValidValues.TIME_LIMIT_EXCEEDED;
                } else {
                    throw new PolicyException(e);
                }
            } catch (SearchResultReferenceIOException e) {
            // ignore referrals
            }
        }
    } catch (LdapException e) {
        throw handleResultException(e);
    }
    return new ValidValues(status, validUserDNs);
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) ValidValues(com.sun.identity.policy.ValidValues) Connection(org.forgerock.opendj.ldap.Connection) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 44 with ResultCode

use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.

the class DataLayer method changePassword.

/**
     * Changes user password.
     * 
     * @param guid globally unique identifier for the entry.
     * @param attrName password attribute name
     * @param oldPassword old password
     * @param newPassword new password
     * @exception AccessRightsException if insufficient access
     * @exception EntryNotFoundException if the entry is not found.
     * @exception UMSException if failure
     *
     * @supported.api
     */
public void changePassword(Guid guid, String attrName, String oldPassword, String newPassword) throws UMSException {
    Modification modification = new Modification(ModificationType.REPLACE, Attributes.singletonAttribute(attrName, newPassword));
    String id = guid.getDn();
    try {
        DSConfigMgr dsCfg = DSConfigMgr.getDSConfigMgr();
        String hostAndPort = dsCfg.getHostName("default");
        // All connections will use authentication
        SimpleBindRequest bindRequest = LDAPRequests.newSimpleBindRequest(id, oldPassword.toCharArray());
        Options options = Options.defaultOptions().set(AUTHN_BIND_REQUEST, bindRequest);
        try (ConnectionFactory factory = new LDAPConnectionFactory(hostAndPort, 389, options)) {
            Connection ldc = factory.getConnection();
            ldc.modify(LDAPRequests.newModifyRequest(id).addModification(modification));
        } catch (LdapException ldex) {
            if (debug.warningEnabled()) {
                debug.warning("DataLayer.changePassword:", ldex);
            }
            ResultCode errorCode = ldex.getResult().getResultCode();
            if (ResultCode.NO_SUCH_OBJECT.equals(errorCode)) {
                throw new EntryNotFoundException(id, ldex);
            } else if (ResultCode.INSUFFICIENT_ACCESS_RIGHTS.equals(errorCode)) {
                throw new AccessRightsException(id, ldex);
            } else {
                throw new UMSException(id, ldex);
            }
        }
    } catch (LDAPServiceException ex) {
        debug.error("DataLayer.changePassword:", ex);
        throw new UMSException(id, ex);
    }
}
Also used : Modification(org.forgerock.opendj.ldap.Modification) Options(org.forgerock.util.Options) Connection(org.forgerock.opendj.ldap.Connection) DSConfigMgr(com.iplanet.services.ldap.DSConfigMgr) ByteString(org.forgerock.opendj.ldap.ByteString) SimpleBindRequest(org.forgerock.opendj.ldap.requests.SimpleBindRequest) ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory) LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode)

Example 45 with ResultCode

use of org.forgerock.opendj.ldap.ResultCode in project OpenAM by OpenRock.

the class DataLayer method readLDAPEntry.

public ConnectionEntryReader readLDAPEntry(Principal principal, SearchRequest request) throws UMSException {
    LdapException ldapEx = null;
    int retry = 0;
    int connRetry = 0;
    while (retry <= replicaRetryNum && connRetry <= connNumRetry) {
        if (debug.messageEnabled()) {
            debug.message("DataLayer.readLDAPEntry: connRetry: " + connRetry);
            debug.message("DataLayer.readLDAPEntry: retry: " + retry);
        }
        try (Connection conn = getConnection(principal)) {
            return conn.search(request);
        } catch (LdapException e) {
            ResultCode errorCode = e.getResult().getResultCode();
            if (ResultCode.NO_SUCH_OBJECT.equals(errorCode)) {
                if (debug.messageEnabled()) {
                    debug.message("Replica: entry not found: " + request.getName().toString() + " retry: " + retry);
                }
                if (retry == replicaRetryNum) {
                    ldapEx = e;
                } else {
                    try {
                        Thread.sleep(replicaRetryInterval);
                    } catch (Exception ex) {
                    }
                }
                retry++;
            } else if (retryErrorCodes.contains("" + errorCode)) {
                if (connRetry == connNumRetry) {
                    ldapEx = e;
                } else {
                    try {
                        Thread.sleep(connRetryInterval);
                    } catch (Exception ex) {
                    }
                }
                connRetry++;
            } else {
                throw new UMSException(e.getMessage(), e);
            }
        }
    }
    throw new UMSException(ldapEx.getMessage(), ldapEx);
}
Also used : Connection(org.forgerock.opendj.ldap.Connection) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) LdapException(org.forgerock.opendj.ldap.LdapException) IOException(java.io.IOException)

Aggregations

ResultCode (org.forgerock.opendj.ldap.ResultCode)49 LdapException (org.forgerock.opendj.ldap.LdapException)37 Connection (org.forgerock.opendj.ldap.Connection)29 ByteString (org.forgerock.opendj.ldap.ByteString)18 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)18 SMSException (com.sun.identity.sm.SMSException)17 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)17 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)15 HashSet (java.util.HashSet)14 PolicyException (com.sun.identity.policy.PolicyException)13 SSOException (com.iplanet.sso.SSOException)9 InvalidNameException (com.sun.identity.policy.InvalidNameException)9 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)9 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)7 ValidValues (com.sun.identity.policy.ValidValues)6 LinkedHashSet (java.util.LinkedHashSet)6 InternalSearchOperation (org.opends.server.protocols.internal.InternalSearchOperation)6 AMException (com.iplanet.am.sdk.AMException)4 AMSearchResults (com.iplanet.am.sdk.AMSearchResults)4 IOException (java.io.IOException)4