use of org.forgerock.opendj.ldap.SearchScope in project OpenAM by OpenRock.
the class Application method initLDAPAttributes.
private boolean initLDAPAttributes(String serviceName) throws AuthLoginException {
String serverHost = null;
currentConfig = getOrgServiceTemplate(getRequestOrg(), serviceName);
try {
// All LDAP module Attribute Initialization done here ...
serverHost = CollectionHelper.getServerMapAttr(currentConfig, ISAuthConstants.LDAP_SERVER);
if (serverHost == null) {
debug.message("No server for configuring");
return false;
}
String baseDN = CollectionHelper.getServerMapAttr(currentConfig, ISAuthConstants.LDAP_BASEDN);
if (baseDN == null) {
debug.error("Fatal error: baseDN for search has invalid value");
throw new AuthLoginException(amAuthApplication, "basednnull", null);
}
String bindDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_BINDDN, "");
String bindPassword = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_BINDPWD, "");
String userNamingAttr = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_UNA, "uid");
Set userSearchAttrs = (Set) currentConfig.get(ISAuthConstants.LDAP_USERSEARCH);
String searchFilter = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SEARCHFILTER, "");
boolean ssl = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SSL, "false"));
String tmp = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SEARCHSCOPE, "SUBTREE");
// SUBTREE is the default
SearchScope searchScope = SearchScope.WHOLE_SUBTREE;
if (tmp.equalsIgnoreCase("OBJECT")) {
searchScope = SearchScope.BASE_OBJECT;
} else if (tmp.equalsIgnoreCase("ONELEVEL")) {
searchScope = SearchScope.SINGLE_LEVEL;
}
String returnUserDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_RETURNUSERDN, "true");
// set LDAP Parameters
int index = serverHost.indexOf(':');
int serverPort = 389;
String port = null;
if (index != -1) {
port = serverHost.substring(index + 1);
serverPort = Integer.parseInt(port);
serverHost = serverHost.substring(0, index);
}
// set the optional attributes here
ldapUtil = new LDAPAuthUtils(Collections.singleton(serverHost + ":" + serverPort), Collections.<String>emptySet(), ldapSSL, AMResourceBundleCache.getInstance().getResBundle(amAuthApplication, getLoginLocale()), baseDN, debug);
ldapUtil.setScope(searchScope);
ldapUtil.setFilter(searchFilter);
ldapUtil.setUserNamingAttribute(userNamingAttr);
ldapUtil.setUserSearchAttribute(userSearchAttrs);
ldapUtil.setAuthPassword(bindPassword.toCharArray());
ldapUtil.setAuthDN(bindDN);
ldapUtil.setReturnUserDN(returnUserDN);
if (debug.messageEnabled()) {
debug.message("bindDN-> " + bindDN + "\nbaseDN-> " + baseDN + "\nuserNamingAttr-> " + userNamingAttr + "\nuserSearchAttr(s)-> " + userSearchAttrs + "\nsearchFilter-> " + searchFilter + "\nsearchScope-> " + searchScope + "\nssl-> " + ssl + "\nHost: " + serverHost + "\nINDEDX : " + index + "\nPORT : " + serverPort);
}
return true;
} catch (Exception ex) {
debug.error("LDAP Init Exception", ex);
throw new AuthLoginException(amAuthApplication, "basicLDAPex", null, ex);
}
}
use of org.forgerock.opendj.ldap.SearchScope in project OpenAM by OpenRock.
the class LDAP method initializeLDAP.
/**
* TODO-JAVADOC
*/
public boolean initializeLDAP() throws AuthLoginException {
debug.message("LDAP initialize()");
try {
Set<String> primaryServers = CollectionHelper.getServerMapAttrs(currentConfig, "iplanet-am-auth-ldap-server");
Set<String> secondaryServers = CollectionHelper.getServerMapAttrs(currentConfig, "iplanet-am-auth-ldap-server2");
String baseDN = CollectionHelper.getServerMapAttr(currentConfig, "iplanet-am-auth-ldap-base-dn");
if (baseDN == null) {
debug.error("BaseDN for search was null");
}
String pLen = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-min-password-length");
if (pLen != null) {
try {
requiredPasswordLength = Integer.parseInt(pLen);
} catch (NumberFormatException ex) {
debug.error("LDAP.initializeLDAP : " + pLen, ex);
}
}
bindDN = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-bind-dn", "");
char[] bindPassword = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-bind-passwd", "").toCharArray();
String userNamingAttr = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-user-naming-attribute", "uid");
Set userSearchAttrs = (Set) currentConfig.get("iplanet-am-auth-ldap-user-search-attributes");
String searchFilter = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-search-filter", "");
final String connectionMode = CollectionHelper.getMapAttr(currentConfig, "openam-auth-ldap-connection-mode", "LDAP");
useStartTLS = connectionMode.equalsIgnoreCase("StartTLS");
isSecure = connectionMode.equalsIgnoreCase("LDAPS") || useStartTLS;
getUserCreationAttrs(currentConfig);
String tmp = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-search-scope", "SUBTREE");
String authLevel = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-auth-level");
if (authLevel != null) {
try {
setAuthLevel(Integer.parseInt(authLevel));
} catch (Exception e) {
debug.error("Unable to set auth level " + authLevel);
}
}
SearchScope searchScope = SearchScope.WHOLE_SUBTREE;
if (tmp.equalsIgnoreCase("OBJECT")) {
searchScope = SearchScope.BASE_OBJECT;
} else if (tmp.equalsIgnoreCase("ONELEVEL")) {
searchScope = SearchScope.SINGLE_LEVEL;
}
String returnUserDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_RETURNUSERDN, "true");
regEx = CollectionHelper.getMapAttr(currentConfig, INVALID_CHARS);
boolean beheraEnabled = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-behera-password-policy-enabled", "false")).booleanValue();
sslTrustAll = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-ssl-trust-all", "false")).booleanValue();
int heartBeatInterval = CollectionHelper.getIntMapAttr(currentConfig, "openam-auth-ldap-heartbeat-interval", 10, debug);
String heartBeatTimeUnit = CollectionHelper.getMapAttr(currentConfig, "openam-auth-ldap-heartbeat-timeunit", "SECONDS");
final int operationTimeout = CollectionHelper.getIntMapAttr(currentConfig, OPERATION_TIMEOUT_ATTR, 0, debug);
isProfileCreationEnabled = isDynamicProfileCreationEnabled();
// set the optional attributes here
ldapUtil = new LDAPAuthUtils(primaryServers, secondaryServers, isSecure, bundle, baseDN, debug);
ldapUtil.setScope(searchScope);
ldapUtil.setFilter(searchFilter);
ldapUtil.setUserNamingAttribute(userNamingAttr);
ldapUtil.setUserSearchAttribute(userSearchAttrs);
ldapUtil.setAuthPassword(bindPassword);
ldapUtil.setAuthDN(bindDN);
ldapUtil.setReturnUserDN(returnUserDN);
ldapUtil.setUserAttributes(userCreationAttrs);
ldapUtil.setTrustAll(sslTrustAll);
ldapUtil.setUseStartTLS(useStartTLS);
ldapUtil.setDynamicProfileCreationEnabled(isProfileCreationEnabled);
ldapUtil.setBeheraEnabled(beheraEnabled);
ldapUtil.setHeartBeatInterval(heartBeatInterval);
ldapUtil.setHeartBeatTimeUnit(heartBeatTimeUnit);
ldapUtil.setOperationTimeout(operationTimeout);
if (debug.messageEnabled()) {
debug.message("bindDN-> " + bindDN + "\nrequiredPasswordLength-> " + requiredPasswordLength + "\nbaseDN-> " + baseDN + "\nuserNamingAttr-> " + userNamingAttr + "\nuserSearchAttr(s)-> " + userSearchAttrs + "\nuserCreationAttrs-> " + userCreationAttrs + "\nsearchFilter-> " + searchFilter + "\nsearchScope-> " + searchScope + "\nisSecure-> " + isSecure + "\nuseStartTLS-> " + useStartTLS + "\ntrustAll-> " + sslTrustAll + "\nauthLevel-> " + authLevel + "\nbeheraEnabled->" + beheraEnabled + "\nprimaryServers-> " + primaryServers + "\nsecondaryServers-> " + secondaryServers + "\nheartBeatInterval-> " + heartBeatInterval + "\nheartBeatTimeUnit-> " + heartBeatTimeUnit + "\noperationTimeout-> " + operationTimeout + "\nPattern : " + regEx);
}
return true;
} catch (Exception ex) {
debug.error("Init Exception", ex);
throw new AuthLoginException(AM_AUTH, "LDAPex", null, ex);
}
}
use of org.forgerock.opendj.ldap.SearchScope in project OpenAM by OpenRock.
the class DynamicGroup method setSearchBase.
/**
* Sets the search base used to evaluate this dynamic group.
*
* @param baseGuid Search base for evaluating members of the group.
*
* @supported.api
*/
public void setSearchBase(Guid baseGuid) {
LDAPUrl url = getUrl();
SearchScope scope = url.getScope();
Filter filter = url.getFilter();
try {
setUrl(baseGuid, filter, scope);
} catch (Exception e) {
// TODO - Log Exception
debug.error("DynamicGroup.setSearchFilter : Exception : " + e.getMessage());
}
}
Aggregations