Example 6 with Control
use of org.forgerock.opendj.ldap.controls.Control in project OpenAM by OpenRock.
the class DataLayer method search.
/**
* Performs synchronous search based on specified ldap filter. This is low
* level API which assumes caller knows how to construct a data store filer.
*
* @param principal Authenticated Principal.
* @param guid Unique identifier for the entry.
* @param scope Scope can be either <code>SCOPE_ONE</code>,
* <code>SCOPE_SUB</code> or <code>SCOPE_BASE</code>.
* @param searchFilter Search filter for this search.
* @param attrNames Attribute name for retrieving.
* @param attrOnly if true, returns the names but not the values of the
* attributes found.
* @param searchControl Search Control.
* @exception UMSException if failure.
* @exception InvalidSearchFilterException if failure
*
* @supported.api
*/
public SearchResults search(java.security.Principal principal, Guid guid, int scope, String searchFilter, String[] attrNames, boolean attrOnly, SearchControl searchControl) throws UMSException {
String id = guid.getDn();
// always add "objectclass" to attributes to get, to find the right java
// class
String[] attrNames1 = null;
if (attrNames != null) {
attrNames1 = new String[attrNames.length + 1];
System.arraycopy(attrNames, 0, attrNames1, 0, attrNames.length);
attrNames1[attrNames1.length - 1] = "objectclass";
} else {
attrNames1 = new String[] { "objectclass" };
}
ConnectionEntryReader ldapResults = null;
// if searchFilter is null, search for everything under the base
if (searchFilter == null) {
searchFilter = "(objectclass=*)";
}
ResultCode errorCode;
try {
Connection conn = getConnection(principal);
List<Control> controls = getSearchControls(searchControl);
// assume replica case when replicaRetryNum is not 0
if (replicaRetryNum != 0) {
readLDAPEntry(conn, id, null);
}
SearchRequest request = null;
int retry = 0;
while (retry <= connNumRetry) {
if (debug.messageEnabled()) {
debug.message("DataLayer.search retry: " + retry);
}
if (searchControl != null && searchControl.isGetAllReturnAttributesEnabled()) {
/*
* The array {"*"} is used, because LDAPv3 defines
* "*" as a special string indicating all
* attributes. This gets all the attributes.
*/
attrNames1 = new String[] { "*" };
}
request = LDAPRequests.newSearchRequest(id, SearchScope.valueOf(scope), searchFilter, attrNames1);
break;
}
for (Control control : controls) {
request.addControl(control);
}
ldapResults = conn.search(request);
// TODO: need review and see if conn is recorded properly for
// subsequent use
//
SearchResults result = new SearchResults(conn, ldapResults, conn, this);
result.set(SearchResults.BASE_ID, id);
result.set(SearchResults.SEARCH_FILTER, searchFilter);
result.set(SearchResults.SEARCH_SCOPE, scope);
if ((searchControl != null) && (searchControl.contains(SearchControl.KeyVlvRange) || searchControl.contains(SearchControl.KeyVlvJumpTo))) {
result.set(SearchResults.EXPECT_VLV_RESPONSE, Boolean.TRUE);
}
if (searchControl != null && searchControl.contains(SearchControl.KeySortKeys)) {
SortKey[] sortKeys = searchControl.getSortKeys();
if (sortKeys != null && sortKeys.length > 0) {
result.set(SearchResults.SORT_KEYS, sortKeys);
}
}
return result;
} catch (LdapException e) {
errorCode = e.getResult().getResultCode();
if (debug.warningEnabled()) {
debug.warning("Exception in DataLayer.search: ", e);
}
String msg = i18n.getString(IUMSConstants.SEARCH_FAILED);
if (ResultCode.TIME_LIMIT_EXCEEDED.equals(errorCode)) {
int timeLimit = searchControl != null ? searchControl.getTimeOut() : 0;
throw new TimeLimitExceededException(String.valueOf(timeLimit), e);
} else if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(errorCode)) {
int sizeLimit = searchControl != null ? searchControl.getMaxResults() : 0;
throw new SizeLimitExceededException(String.valueOf(sizeLimit), e);
} else if (ResultCode.CLIENT_SIDE_PARAM_ERROR.equals(errorCode) || ResultCode.PROTOCOL_ERROR.equals(errorCode)) {
throw new InvalidSearchFilterException(searchFilter, e);
} else {
throw new UMSException(msg, e);
}
}
}
Also used :
SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest)
Connection(org.forgerock.opendj.ldap.Connection)
ByteString(org.forgerock.opendj.ldap.ByteString)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
VirtualListViewRequestControl(org.forgerock.opendj.ldap.controls.VirtualListViewRequestControl)
ServerSideSortRequestControl(org.forgerock.opendj.ldap.controls.ServerSideSortRequestControl)
ProxiedAuthV1RequestControl(org.forgerock.opendj.ldap.controls.ProxiedAuthV1RequestControl)
Control(org.forgerock.opendj.ldap.controls.Control)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 7 with Control
use of org.forgerock.opendj.ldap.controls.Control in project OpenAM by OpenRock.
the class LDAPAuthUtils method checkControls.
/**
* checks for an LDAP v3 server whether the control has returned
* if a password has expired or password is expiring and password
* policy is enabled on the server.
*
* @return The PasswordPolicyResult or null if there were no controls
*/
private PasswordPolicyResult checkControls(List<Control> controls) {
PasswordPolicyResult result = null;
if ((controls != null) && (!controls.isEmpty())) {
for (Control control : controls) {
if (control instanceof PasswordExpiredResponseControl) {
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_EXPIRED);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_EXPIRED);
}
}
if (control instanceof PasswordPolicyResponseControl) {
PasswordPolicyErrorType policyErrorType = ((PasswordPolicyResponseControl) control).getErrorType();
if (policyErrorType != null) {
switch(policyErrorType) {
case ACCOUNT_LOCKED:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.ACCOUNT_LOCKED);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.ACCOUNT_LOCKED);
}
break;
case CHANGE_AFTER_RESET:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.CHANGE_AFTER_RESET);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.CHANGE_AFTER_RESET);
}
break;
case INSUFFICIENT_PASSWORD_QUALITY:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.INSUFFICIENT_PASSWORD_QUALITY);
}
break;
case MUST_SUPPLY_OLD_PASSWORD:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.MUST_SUPPLY_OLD_PASSWORD);
}
break;
case PASSWORD_EXPIRED:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_EXPIRED);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_EXPIRED);
}
break;
case PASSWORD_IN_HISTORY:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_IN_HISTORY);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_IN_HISTORY);
}
break;
case PASSWORD_MOD_NOT_ALLOWED:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_MOD_NOT_ALLOWED);
}
break;
case PASSWORD_TOO_SHORT:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_TOO_SHORT);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_TOO_SHORT);
}
break;
case PASSWORD_TOO_YOUNG:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyErrorType.PASSWORD_TOO_YOUNG);
} else {
result.setPasswordPolicyErrorType(PasswordPolicyErrorType.PASSWORD_TOO_YOUNG);
}
break;
}
}
PasswordPolicyWarningType policyWarningType = ((PasswordPolicyResponseControl) control).getWarningType();
if (policyWarningType != null) {
switch(policyWarningType) {
case GRACE_LOGINS_REMAINING:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyWarningType.GRACE_LOGINS_REMAINING, ((PasswordPolicyResponseControl) control).getWarningValue());
} else {
result.setPasswordPolicyWarningType(PasswordPolicyWarningType.GRACE_LOGINS_REMAINING, ((PasswordPolicyResponseControl) control).getWarningValue());
}
break;
case TIME_BEFORE_EXPIRATION:
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, ((PasswordPolicyResponseControl) control).getWarningValue());
} else {
result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, ((PasswordPolicyResponseControl) control).getWarningValue());
}
break;
}
}
}
if (control instanceof PasswordExpiringResponseControl) {
PasswordExpiringResponseControl expiringControl = (PasswordExpiringResponseControl) control;
if (control.hasValue()) {
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, expiringControl.getSecondsUntilExpiration());
} else {
result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, expiringControl.getSecondsUntilExpiration());
}
} else {
if (result == null) {
result = new PasswordPolicyResult(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, NO_EXPIRY_TIME);
} else {
result.setPasswordPolicyWarningType(PasswordPolicyWarningType.TIME_BEFORE_EXPIRATION, NO_EXPIRY_TIME);
}
}
}
}
}
return result;
}
Also used :
PasswordExpiredResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl)
PasswordPolicyWarningType(org.forgerock.opendj.ldap.controls.PasswordPolicyWarningType)
PasswordExpiringResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl)
PasswordExpiringResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl)
PasswordExpiredResponseControl(org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl)
PasswordPolicyRequestControl(org.forgerock.opendj.ldap.controls.PasswordPolicyRequestControl)
Control(org.forgerock.opendj.ldap.controls.Control)
PasswordPolicyResponseControl(org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl)
PasswordPolicyErrorType(org.forgerock.opendj.ldap.controls.PasswordPolicyErrorType)
PasswordPolicyResponseControl(org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl)
Aggregations
Control (org.forgerock.opendj.ldap.controls.Control)7
PasswordExpiredResponseControl (org.forgerock.opendj.ldap.controls.PasswordExpiredResponseControl)4
PasswordExpiringResponseControl (org.forgerock.opendj.ldap.controls.PasswordExpiringResponseControl)4
PasswordPolicyRequestControl (org.forgerock.opendj.ldap.controls.PasswordPolicyRequestControl)4
PasswordPolicyResponseControl (org.forgerock.opendj.ldap.controls.PasswordPolicyResponseControl)4
Connection (org.forgerock.opendj.ldap.Connection)3
LdapException (org.forgerock.opendj.ldap.LdapException)3
ArrayList (java.util.ArrayList)2
ByteString (org.forgerock.opendj.ldap.ByteString)2
SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)2
BindResult (org.forgerock.opendj.ldap.responses.BindResult)2
List (java.util.List)1
DecodeException (org.forgerock.opendj.ldap.DecodeException)1
DecodeOptions (org.forgerock.opendj.ldap.DecodeOptions)1
ResultCode (org.forgerock.opendj.ldap.ResultCode)1
EntryChangeNotificationResponseControl (org.forgerock.opendj.ldap.controls.EntryChangeNotificationResponseControl)1
GenericControl (org.forgerock.opendj.ldap.controls.GenericControl)1
PasswordPolicyErrorType (org.forgerock.opendj.ldap.controls.PasswordPolicyErrorType)1
PasswordPolicyWarningType (org.forgerock.opendj.ldap.controls.PasswordPolicyWarningType)1
PersistentSearchChangeType (org.forgerock.opendj.ldap.controls.PersistentSearchChangeType)1
