Search in sources :

Example 6 with SearchScope

use of org.forgerock.opendj.ldap.SearchScope in project OpenAM by OpenRock.

the class Application method initLDAPAttributes.

private boolean initLDAPAttributes(String serviceName) throws AuthLoginException {
    String serverHost = null;
    currentConfig = getOrgServiceTemplate(getRequestOrg(), serviceName);
    try {
        // All LDAP module Attribute Initialization done here ...
        serverHost = CollectionHelper.getServerMapAttr(currentConfig, ISAuthConstants.LDAP_SERVER);
        if (serverHost == null) {
            debug.message("No server for configuring");
            return false;
        }
        String baseDN = CollectionHelper.getServerMapAttr(currentConfig, ISAuthConstants.LDAP_BASEDN);
        if (baseDN == null) {
            debug.error("Fatal error: baseDN for search has invalid value");
            throw new AuthLoginException(amAuthApplication, "basednnull", null);
        }
        String bindDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_BINDDN, "");
        String bindPassword = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_BINDPWD, "");
        String userNamingAttr = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_UNA, "uid");
        Set userSearchAttrs = (Set) currentConfig.get(ISAuthConstants.LDAP_USERSEARCH);
        String searchFilter = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SEARCHFILTER, "");
        boolean ssl = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SSL, "false"));
        String tmp = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SEARCHSCOPE, "SUBTREE");
        // SUBTREE is the default
        SearchScope searchScope = SearchScope.WHOLE_SUBTREE;
        if (tmp.equalsIgnoreCase("OBJECT")) {
            searchScope = SearchScope.BASE_OBJECT;
        } else if (tmp.equalsIgnoreCase("ONELEVEL")) {
            searchScope = SearchScope.SINGLE_LEVEL;
        }
        String returnUserDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_RETURNUSERDN, "true");
        // set LDAP Parameters
        int index = serverHost.indexOf(':');
        int serverPort = 389;
        String port = null;
        if (index != -1) {
            port = serverHost.substring(index + 1);
            serverPort = Integer.parseInt(port);
            serverHost = serverHost.substring(0, index);
        }
        // set the optional attributes here
        ldapUtil = new LDAPAuthUtils(Collections.singleton(serverHost + ":" + serverPort), Collections.<String>emptySet(), ldapSSL, AMResourceBundleCache.getInstance().getResBundle(amAuthApplication, getLoginLocale()), baseDN, debug);
        ldapUtil.setScope(searchScope);
        ldapUtil.setFilter(searchFilter);
        ldapUtil.setUserNamingAttribute(userNamingAttr);
        ldapUtil.setUserSearchAttribute(userSearchAttrs);
        ldapUtil.setAuthPassword(bindPassword.toCharArray());
        ldapUtil.setAuthDN(bindDN);
        ldapUtil.setReturnUserDN(returnUserDN);
        if (debug.messageEnabled()) {
            debug.message("bindDN-> " + bindDN + "\nbaseDN-> " + baseDN + "\nuserNamingAttr-> " + userNamingAttr + "\nuserSearchAttr(s)-> " + userSearchAttrs + "\nsearchFilter-> " + searchFilter + "\nsearchScope-> " + searchScope + "\nssl-> " + ssl + "\nHost: " + serverHost + "\nINDEDX : " + index + "\nPORT : " + serverPort);
        }
        return true;
    } catch (Exception ex) {
        debug.error("LDAP Init Exception", ex);
        throw new AuthLoginException(amAuthApplication, "basicLDAPex", null, ex);
    }
}
Also used : LDAPAuthUtils(org.forgerock.openam.ldap.LDAPAuthUtils) Set(java.util.Set) SearchScope(org.forgerock.opendj.ldap.SearchScope) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) IdRepoException(com.sun.identity.idm.IdRepoException) LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)

Example 7 with SearchScope

use of org.forgerock.opendj.ldap.SearchScope in project OpenAM by OpenRock.

the class LDAP method initializeLDAP.

/**
     * TODO-JAVADOC
     */
public boolean initializeLDAP() throws AuthLoginException {
    debug.message("LDAP initialize()");
    try {
        Set<String> primaryServers = CollectionHelper.getServerMapAttrs(currentConfig, "iplanet-am-auth-ldap-server");
        Set<String> secondaryServers = CollectionHelper.getServerMapAttrs(currentConfig, "iplanet-am-auth-ldap-server2");
        String baseDN = CollectionHelper.getServerMapAttr(currentConfig, "iplanet-am-auth-ldap-base-dn");
        if (baseDN == null) {
            debug.error("BaseDN for search was null");
        }
        String pLen = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-min-password-length");
        if (pLen != null) {
            try {
                requiredPasswordLength = Integer.parseInt(pLen);
            } catch (NumberFormatException ex) {
                debug.error("LDAP.initializeLDAP : " + pLen, ex);
            }
        }
        bindDN = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-bind-dn", "");
        char[] bindPassword = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-bind-passwd", "").toCharArray();
        String userNamingAttr = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-user-naming-attribute", "uid");
        Set userSearchAttrs = (Set) currentConfig.get("iplanet-am-auth-ldap-user-search-attributes");
        String searchFilter = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-search-filter", "");
        final String connectionMode = CollectionHelper.getMapAttr(currentConfig, "openam-auth-ldap-connection-mode", "LDAP");
        useStartTLS = connectionMode.equalsIgnoreCase("StartTLS");
        isSecure = connectionMode.equalsIgnoreCase("LDAPS") || useStartTLS;
        getUserCreationAttrs(currentConfig);
        String tmp = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-search-scope", "SUBTREE");
        String authLevel = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-auth-level");
        if (authLevel != null) {
            try {
                setAuthLevel(Integer.parseInt(authLevel));
            } catch (Exception e) {
                debug.error("Unable to set auth level " + authLevel);
            }
        }
        SearchScope searchScope = SearchScope.WHOLE_SUBTREE;
        if (tmp.equalsIgnoreCase("OBJECT")) {
            searchScope = SearchScope.BASE_OBJECT;
        } else if (tmp.equalsIgnoreCase("ONELEVEL")) {
            searchScope = SearchScope.SINGLE_LEVEL;
        }
        String returnUserDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_RETURNUSERDN, "true");
        regEx = CollectionHelper.getMapAttr(currentConfig, INVALID_CHARS);
        boolean beheraEnabled = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-behera-password-policy-enabled", "false")).booleanValue();
        sslTrustAll = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-ssl-trust-all", "false")).booleanValue();
        int heartBeatInterval = CollectionHelper.getIntMapAttr(currentConfig, "openam-auth-ldap-heartbeat-interval", 10, debug);
        String heartBeatTimeUnit = CollectionHelper.getMapAttr(currentConfig, "openam-auth-ldap-heartbeat-timeunit", "SECONDS");
        final int operationTimeout = CollectionHelper.getIntMapAttr(currentConfig, OPERATION_TIMEOUT_ATTR, 0, debug);
        isProfileCreationEnabled = isDynamicProfileCreationEnabled();
        // set the optional attributes here
        ldapUtil = new LDAPAuthUtils(primaryServers, secondaryServers, isSecure, bundle, baseDN, debug);
        ldapUtil.setScope(searchScope);
        ldapUtil.setFilter(searchFilter);
        ldapUtil.setUserNamingAttribute(userNamingAttr);
        ldapUtil.setUserSearchAttribute(userSearchAttrs);
        ldapUtil.setAuthPassword(bindPassword);
        ldapUtil.setAuthDN(bindDN);
        ldapUtil.setReturnUserDN(returnUserDN);
        ldapUtil.setUserAttributes(userCreationAttrs);
        ldapUtil.setTrustAll(sslTrustAll);
        ldapUtil.setUseStartTLS(useStartTLS);
        ldapUtil.setDynamicProfileCreationEnabled(isProfileCreationEnabled);
        ldapUtil.setBeheraEnabled(beheraEnabled);
        ldapUtil.setHeartBeatInterval(heartBeatInterval);
        ldapUtil.setHeartBeatTimeUnit(heartBeatTimeUnit);
        ldapUtil.setOperationTimeout(operationTimeout);
        if (debug.messageEnabled()) {
            debug.message("bindDN-> " + bindDN + "\nrequiredPasswordLength-> " + requiredPasswordLength + "\nbaseDN-> " + baseDN + "\nuserNamingAttr-> " + userNamingAttr + "\nuserSearchAttr(s)-> " + userSearchAttrs + "\nuserCreationAttrs-> " + userCreationAttrs + "\nsearchFilter-> " + searchFilter + "\nsearchScope-> " + searchScope + "\nisSecure-> " + isSecure + "\nuseStartTLS-> " + useStartTLS + "\ntrustAll-> " + sslTrustAll + "\nauthLevel-> " + authLevel + "\nbeheraEnabled->" + beheraEnabled + "\nprimaryServers-> " + primaryServers + "\nsecondaryServers-> " + secondaryServers + "\nheartBeatInterval-> " + heartBeatInterval + "\nheartBeatTimeUnit-> " + heartBeatTimeUnit + "\noperationTimeout-> " + operationTimeout + "\nPattern : " + regEx);
        }
        return true;
    } catch (Exception ex) {
        debug.error("Init Exception", ex);
        throw new AuthLoginException(AM_AUTH, "LDAPex", null, ex);
    }
}
Also used : LDAPAuthUtils(org.forgerock.openam.ldap.LDAPAuthUtils) HashSet(java.util.HashSet) EnumSet(java.util.EnumSet) Set(java.util.Set) SearchScope(org.forgerock.opendj.ldap.SearchScope) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) UserNamePasswordValidationException(com.sun.identity.authentication.spi.UserNamePasswordValidationException) LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException) AMAuthCallBackException(com.sun.identity.authentication.spi.AMAuthCallBackException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)

Example 8 with SearchScope

use of org.forgerock.opendj.ldap.SearchScope in project OpenAM by OpenRock.

the class DynamicGroup method setSearchBase.

/**
     * Sets the search base used to evaluate this dynamic group.
     * 
     * @param baseGuid Search base for evaluating members of the group.
     *
     * @supported.api
     */
public void setSearchBase(Guid baseGuid) {
    LDAPUrl url = getUrl();
    SearchScope scope = url.getScope();
    Filter filter = url.getFilter();
    try {
        setUrl(baseGuid, filter, scope);
    } catch (Exception e) {
        // TODO - Log Exception
        debug.error("DynamicGroup.setSearchFilter : Exception : " + e.getMessage());
    }
}
Also used : LDAPUrl(org.forgerock.opendj.ldap.LDAPUrl) Filter(org.forgerock.opendj.ldap.Filter) SearchScope(org.forgerock.opendj.ldap.SearchScope) LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)

Aggregations

SearchScope (org.forgerock.opendj.ldap.SearchScope)8 Set (java.util.Set)3 LDAPUrl (org.forgerock.opendj.ldap.LDAPUrl)3 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2 InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)2 HashSet (java.util.HashSet)2 LinkedHashSet (java.util.LinkedHashSet)2 LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)2 LDAPAuthUtils (org.forgerock.openam.ldap.LDAPAuthUtils)2 LDAPUtilException (org.forgerock.openam.ldap.LDAPUtilException)2 Attribute (org.forgerock.opendj.ldap.Attribute)2 ByteString (org.forgerock.opendj.ldap.ByteString)2 Connection (org.forgerock.opendj.ldap.Connection)2 Filter (org.forgerock.opendj.ldap.Filter)2 LdapException (org.forgerock.opendj.ldap.LdapException)2 ResultCode (org.forgerock.opendj.ldap.ResultCode)2 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)2 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)2 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)2 AMAuthCallBackException (com.sun.identity.authentication.spi.AMAuthCallBackException)1