Examples with BindRequest org.forgerock.opendj.ldap.requests.BindRequest used on opensource projects

Example 6 with BindRequest

use of org.forgerock.opendj.ldap.requests.BindRequest in project OpenAM by OpenRock.

the class AddAMSDKIdRepoPlugin method getLDAPConnection.

private ConnectionFactory getLDAPConnection(DSEntry ds) throws Exception {
    BindRequest bindRequest = LDAPRequests.newSimpleBindRequest(bindDN, bindPwd.toCharArray());
    Options options = Options.defaultOptions().set(CONNECT_TIMEOUT, new Duration((long) 300, TimeUnit.MILLISECONDS)).set(AUTHN_BIND_REQUEST, bindRequest);
    if (ds.ssl) {
        options = options.set(SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
    }
    return new LDAPConnectionFactory(ds.host, ds.port, options);
}

Example 7 with BindRequest

use of org.forgerock.opendj.ldap.requests.BindRequest in project OpenAM by OpenRock.

the class DJLDAPv3Repo method changePassword.

/**
     * Changes password for the given identity by binding as the user first (i.e. this is not password reset). In case
     * of Active Directory the password will be encoded first. This will issue a DELETE for the old password and an ADD
     * for the new password value.
     *
     * @param token Not used.
     * @param type The type of the identity, this should be always USER.
     * @param name The name of the identity.
     * @param attrName The name of the password attribute, usually "userpassword" or "unicodepwd".
     * @param oldPassword The current password of the identity.
     * @param newPassword The new password of the idenity.
     * @throws IdRepoException If the identity type is invalid, or the entry cannot be found, or some other LDAP error
     * occurs while changing the password (like password policy related errors).
     */
@Override
public void changePassword(SSOToken token, IdType type, String name, String attrName, String oldPassword, String newPassword) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("changePassword invoked");
    }
    if (!type.equals(IdType.USER)) {
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.CHANGE_PASSWORD_ONLY_FOR_USER, new Object[] { CLASS_NAME });
    }
    String dn = getDN(type, name);
    BindRequest bindRequest = LDAPRequests.newSimpleBindRequest(dn, oldPassword.toCharArray());
    ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(dn);
    byte[] encodedOldPwd = helper.encodePassword(oldPassword);
    byte[] encodedNewPwd = helper.encodePassword(newPassword);
    modifyRequest.addModification(ModificationType.DELETE, attrName, encodedOldPwd);
    modifyRequest.addModification(ModificationType.ADD, attrName, encodedNewPwd);
    Connection conn = null;
    try {
        conn = bindConnectionFactory.getConnection();
        conn.bind(bindRequest);
        conn.modify(modifyRequest);
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while trying to change password for identity: " + name, ere);
        try {
            handleErrorResult(ere);
        } catch (IdRepoException e) {
            throw new PasswordPolicyException(e);
        }
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
}

Example 8 with BindRequest

use of org.forgerock.opendj.ldap.requests.BindRequest in project ddf by codice.

the class LdapClaimsHandler method retrieveClaimValues.

@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
    Principal principal = parameters.getPrincipal();
    String user = AttributeMapLoader.getUser(principal);
    if (user == null) {
        LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
        return new ProcessedClaimCollection();
    }
    ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
    Connection connection = null;
    try {
        AndFilter filter = new AndFilter();
        filter.and(new EqualsFilter("objectclass", this.getObjectClass())).and(new EqualsFilter(this.getUserNameAttribute(), user));
        List<String> searchAttributeList = new ArrayList<String>();
        for (Claim claim : claims) {
            if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
                searchAttributeList.add(getClaimsLdapAttributeMapping().get(claim.getClaimType().toString()));
            } else {
                LOGGER.debug("Unsupported claim: {}", claim.getClaimType());
            }
        }
        String[] searchAttributes = null;
        searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
        connection = connectionFactory.getConnection();
        if (connection != null) {
            BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
            BindResult bindResult = connection.bind(request);
            if (bindResult.isSuccess()) {
                String baseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDN(), overrideCertDn);
                LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", baseDN, filter.toString());
                ConnectionEntryReader entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), searchAttributes);
                SearchResultEntry entry;
                while (entryReader.hasNext()) {
                    entry = entryReader.readEntry();
                    for (Claim claim : claims) {
                        URI claimType = claim.getClaimType();
                        String ldapAttribute = getClaimsLdapAttributeMapping().get(claimType.toString());
                        Attribute attr = entry.getAttribute(ldapAttribute);
                        if (attr == null) {
                            LOGGER.trace("Claim '{}' is null", claim.getClaimType());
                        } else {
                            ProcessedClaim c = new ProcessedClaim();
                            c.setClaimType(claimType);
                            c.setPrincipal(principal);
                            for (ByteString value : attr) {
                                String itemValue = value.toString();
                                if (this.isX500FilterEnabled()) {
                                    try {
                                        X500Principal x500p = new X500Principal(itemValue);
                                        itemValue = x500p.getName();
                                        int index = itemValue.indexOf('=');
                                        itemValue = itemValue.substring(index + 1, itemValue.indexOf(',', index));
                                    } catch (Exception ex) {
                                        // Ignore, not X500 compliant thus use the whole
                                        // string as the value
                                        LOGGER.debug("Not X500 compliant", ex);
                                    }
                                }
                                c.addValue(itemValue);
                            }
                            claimsColl.add(c);
                        }
                    }
                }
            } else {
                LOGGER.info("LDAP Connection failed.");
            }
        }
    } catch (LdapException e) {
        LOGGER.info("Cannot connect to server, therefore unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
        LOGGER.debug("Cannot connect to server, therefore unable to set user attributes.", e);
    } catch (SearchResultReferenceIOException e) {
        LOGGER.info("Unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
        LOGGER.debug("Unable to set user attributes.", e);
    } finally {
        if (connection != null) {
            connection.close();
        }
    }
    return claimsColl;
}

Example 9 with BindRequest

use of org.forgerock.opendj.ldap.requests.BindRequest in project ddf by codice.

the class RoleClaimsHandler method retrieveClaimValues.

@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
    String[] attributes = { groupNameAttribute, memberNameAttribute };
    ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
    Connection connection = null;
    try {
        Principal principal = parameters.getPrincipal();
        String user = AttributeMapLoader.getUser(principal);
        if (user == null) {
            LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
            return new ProcessedClaimCollection();
        }
        connection = connectionFactory.getConnection();
        if (connection != null) {
            BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
            BindResult bindResult = connection.bind(request);
            String membershipValue = user;
            AndFilter filter;
            ConnectionEntryReader entryReader;
            if (!membershipUserAttribute.equals(loginUserAttribute)) {
                String baseDN = AttributeMapLoader.getBaseDN(principal, userBaseDn, overrideCertDn);
                filter = new AndFilter();
                filter.and(new EqualsFilter(this.getLoginUserAttribute(), user));
                entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), membershipUserAttribute);
                while (entryReader.hasNext()) {
                    SearchResultEntry entry = entryReader.readEntry();
                    Attribute attr = entry.getAttribute(membershipUserAttribute);
                    if (attr != null) {
                        for (ByteString value : attr) {
                            membershipValue = value.toString();
                        }
                    }
                }
            }
            filter = new AndFilter();
            String userBaseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDn(), overrideCertDn);
            filter.and(new EqualsFilter("objectClass", getObjectClass())).and(new EqualsFilter(getMemberNameAttribute(), getMembershipUserAttribute() + "=" + membershipValue + "," + userBaseDN));
            if (bindResult.isSuccess()) {
                LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", groupBaseDn, filter.toString());
                entryReader = connection.search(groupBaseDn, SearchScope.WHOLE_SUBTREE, filter.toString(), attributes);
                SearchResultEntry entry;
                while (entryReader.hasNext()) {
                    entry = entryReader.readEntry();
                    Attribute attr = entry.getAttribute(groupNameAttribute);
                    if (attr == null) {
                        LOGGER.trace("Claim '{}' is null", roleClaimType);
                    } else {
                        ProcessedClaim c = new ProcessedClaim();
                        c.setClaimType(getRoleURI());
                        c.setPrincipal(principal);
                        for (ByteString value : attr) {
                            String itemValue = value.toString();
                            c.addValue(itemValue);
                        }
                        claimsColl.add(c);
                    }
                }
            } else {
                LOGGER.info("LDAP Connection failed.");
            }
        }
    } catch (LdapException e) {
        LOGGER.info("Cannot connect to server, therefore unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
        LOGGER.debug("Cannot connect to server, therefore unable to set role claims.", e);
    } catch (SearchResultReferenceIOException e) {
        LOGGER.info("Unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
        LOGGER.debug("Unable to set role claims.", e);
    } finally {
        if (connection != null) {
            connection.close();
        }
    }
    return claimsColl;
}

Example 10 with BindRequest

use of org.forgerock.opendj.ldap.requests.BindRequest in project admin-console-beta by connexta.

the class LdapTestingUtils method selectBindMethod.

private static BindRequest selectBindMethod(String bindMethod, String bindUser, String password, String realm, String kdcAddress) {
    BindRequest request;
    switch(bindMethod) {
        case SIMPLE:
            request = Requests.newSimpleBindRequest(bindUser, password.toCharArray());
            break;
        //                    break;
        case DIGEST_MD5_SASL:
            request = Requests.newDigestMD5SASLBindRequest(bindUser, password.toCharArray());
            ((DigestMD5SASLBindRequest) request).setCipher(DigestMD5SASLBindRequest.CIPHER_HIGH);
            ((DigestMD5SASLBindRequest) request).getQOPs().clear();
            ((DigestMD5SASLBindRequest) request).getQOPs().add(DigestMD5SASLBindRequest.QOP_AUTH_CONF);
            ((DigestMD5SASLBindRequest) request).getQOPs().add(DigestMD5SASLBindRequest.QOP_AUTH_INT);
            ((DigestMD5SASLBindRequest) request).getQOPs().add(DigestMD5SASLBindRequest.QOP_AUTH);
            if (realm != null && !realm.equals("")) {
                ((DigestMD5SASLBindRequest) request).setRealm(realm);
            }
            break;
        default:
            request = Requests.newSimpleBindRequest(bindUser, password.toCharArray());
            break;
    }
    return request;
}