Search in sources :

Example 11 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class DJLDAPv3Repo method search.

/**
     * Performs a search in the directory based on the provided parameters.
     * Using the pattern and avPairs parameters an example search filter would look something like:
     * <code>(&(|(attr1=value1)(attr2=value2))(searchAttr=pattern)(objectclassfilter))</code>.
     *
     * @param token Not used.
     * @param type The type of the identity.
     * @param crestQuery Either a string, coming from something like the CREST endpoint _queryId or a fully
     *                        fledged query filter, coming from a CREST endpoint's _queryFilter
     * @param maxTime The time limit for this search (in seconds). When maxTime &lt; 1, the default time limit will
     * be used.
     * @param maxResults The number of maximum results we should receive for this search. When maxResults &lt; 1 the
     * default sizelimit will be used.
     * @param returnAttrs The attributes that should be returned from the "search hits".
     * @param returnAllAttrs <code>true</code> if all user attribute should be returned.
     * @param filterOp When avPairs is provided, this logical operation will be used between them. Use
     * {@link IdRepo#AND_MOD} or {@link IdRepo#OR_MOD}.
     * @param avPairs Attribute-value pairs based on the search should be performed.
     * @param recursive Deprecated setting, not used.
     * @return The search results based on the provided parameters.
     * @throws IdRepoException Shouldn't be thrown as the returned RepoSearchResults will contain the error code.
     */
@Override
public RepoSearchResults search(SSOToken token, IdType type, CrestQuery crestQuery, int maxTime, int maxResults, Set<String> returnAttrs, boolean returnAllAttrs, int filterOp, Map<String, Set<String>> avPairs, boolean recursive) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("search invoked with type: " + type + " crestQuery: " + crestQuery + " avPairs: " + avPairs + " maxTime: " + maxTime + " maxResults: " + maxResults + " returnAttrs: " + returnAttrs + " returnAllAttrs: " + returnAllAttrs + " filterOp: " + filterOp + " recursive: " + recursive);
    }
    DN baseDN = getBaseDN(type);
    // Recursive is a deprecated setting on IdSearchControl, hence we should use the searchscope defined in the
    // datastore configuration.
    SearchScope scope = defaultScope;
    String searchAttr = getSearchAttribute(type);
    String[] attrs;
    Filter first;
    if (crestQuery.hasQueryId()) {
        first = Filter.valueOf(searchAttr + "=" + crestQuery.getQueryId());
    } else {
        first = crestQuery.getQueryFilter().accept(new LdapFromJsonQueryFilterVisitor(), null);
    }
    Filter filter = Filter.and(first, getObjectClassFilter(type));
    Filter tempFilter = constructFilter(filterOp, avPairs);
    if (tempFilter != null) {
        filter = Filter.and(tempFilter, filter);
    }
    if (returnAllAttrs || (returnAttrs != null && returnAttrs.contains("*"))) {
        Set<String> predefinedAttrs = getDefinedAttributes(type);
        attrs = predefinedAttrs.toArray(new String[predefinedAttrs.size()]);
        returnAllAttrs = true;
    } else if (returnAttrs != null && !returnAttrs.isEmpty()) {
        returnAttrs.add(searchAttr);
        attrs = returnAttrs.toArray(new String[returnAttrs.size()]);
    } else {
        attrs = new String[] { searchAttr };
    }
    SearchRequest searchRequest = LDAPRequests.newSearchRequest(baseDN, scope, filter, attrs);
    searchRequest.setSizeLimit(maxResults < 1 ? defaultSizeLimit : maxResults);
    searchRequest.setTimeLimit(maxTime < 1 ? defaultTimeLimit : maxTime);
    Connection conn = null;
    Set<String> names = new HashSet<String>();
    Map<String, Map<String, Set<String>>> entries = new HashMap<String, Map<String, Set<String>>>();
    int errorCode = RepoSearchResults.SUCCESS;
    try {
        conn = connectionFactory.getConnection();
        ConnectionEntryReader reader = conn.search(searchRequest);
        while (reader.hasNext()) {
            Map<String, Set<String>> attributes = new HashMap<String, Set<String>>();
            if (reader.isEntry()) {
                SearchResultEntry entry = reader.readEntry();
                String name = entry.parseAttribute(searchAttr).asString();
                names.add(name);
                if (returnAllAttrs) {
                    for (Attribute attribute : entry.getAllAttributes()) {
                        LDAPUtils.addAttributeToMapAsString(attribute, attributes);
                    }
                    entries.put(name, attributes);
                } else if (returnAttrs != null && !returnAttrs.isEmpty()) {
                    for (String attr : returnAttrs) {
                        Attribute attribute = entry.getAttribute(attr);
                        if (attribute != null) {
                            LDAPUtils.addAttributeToMapAsString(attribute, attributes);
                        }
                    }
                    entries.put(name, attributes);
                } else {
                //there is no attribute to return, don't populate the entries map
                }
            } else {
                //ignore search result references
                reader.readReference();
            }
        }
    } catch (LdapException ere) {
        ResultCode resultCode = ere.getResult().getResultCode();
        if (resultCode.equals(ResultCode.NO_SUCH_OBJECT)) {
            return new RepoSearchResults(new HashSet<String>(0), RepoSearchResults.SUCCESS, Collections.EMPTY_MAP, type);
        } else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED) || resultCode.equals(ResultCode.CLIENT_SIDE_TIMEOUT)) {
            errorCode = RepoSearchResults.TIME_LIMIT_EXCEEDED;
        } else if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
            errorCode = RepoSearchResults.SIZE_LIMIT_EXCEEDED;
        } else {
            DEBUG.error("Unexpected error occurred during search", ere);
            errorCode = resultCode.intValue();
        }
    } catch (SearchResultReferenceIOException srrioe) {
        //should never ever happen...
        DEBUG.error("Got reference instead of entry", srrioe);
        throw newIdRepoException(IdRepoErrorCode.SEARCH_FAILED, CLASS_NAME);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
    return new RepoSearchResults(names, errorCode, entries, type);
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) Set(java.util.Set) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) CollectionUtils.asSet(org.forgerock.openam.utils.CollectionUtils.asSet) LdapFromJsonQueryFilterVisitor(org.forgerock.openam.ldap.LdapFromJsonQueryFilterVisitor) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) Attribute(org.forgerock.opendj.ldap.Attribute) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Filter(org.forgerock.opendj.ldap.Filter) SearchScope(org.forgerock.opendj.ldap.SearchScope) RepoSearchResults(com.sun.identity.idm.RepoSearchResults) Map(java.util.Map) HashMap(java.util.HashMap) CaseInsensitiveHashMap(com.sun.identity.common.CaseInsensitiveHashMap) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 12 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class DJLDAPv3Repo method getGroupMemberships.

/**
     * Returns the group membership informations for this given user. In case the memberOf attribute is configured,
     * this will try to query the user entry and return the group DNs found in the memberOf attribute. Otherwise a
     * search request will be issued using the uniqueMember attribute looking for matches with the user DN.
     *
     * @param dn The DN of the user identity.
     * @return The DNs of the groups that the provided user is member of.
     * @throws IdRepoException If there was an error while retrieving the group membership information.
     */
private Set<String> getGroupMemberships(String dn) throws IdRepoException {
    Set<String> results = new HashSet<String>();
    if (memberOfAttr == null) {
        Filter filter = Filter.and(groupSearchFilter, Filter.equality(uniqueMemberAttr, dn));
        SearchRequest searchRequest = LDAPRequests.newSearchRequest(getBaseDN(IdType.GROUP), defaultScope, filter, DN_ATTR);
        searchRequest.setTimeLimit(defaultTimeLimit);
        searchRequest.setSizeLimit(defaultSizeLimit);
        Connection conn = null;
        try {
            conn = connectionFactory.getConnection();
            ConnectionEntryReader reader = conn.search(searchRequest);
            while (reader.hasNext()) {
                if (reader.isEntry()) {
                    results.add(reader.readEntry().getName().toString());
                } else {
                    //ignore search result references
                    reader.readReference();
                }
            }
        } catch (LdapException ere) {
            DEBUG.error("An error occurred while trying to retrieve group memberships for " + dn + " using " + uniqueMemberAttr, ere);
            handleErrorResult(ere);
        } catch (SearchResultReferenceIOException srrioe) {
            //should never ever happen...
            DEBUG.error("Got reference instead of entry", srrioe);
            throw newIdRepoException(IdRepoErrorCode.SEARCH_FAILED, CLASS_NAME);
        } finally {
            IOUtils.closeIfNotNull(conn);
        }
    } else {
        Connection conn = null;
        try {
            conn = connectionFactory.getConnection();
            SearchResultEntry entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(dn, memberOfAttr));
            Attribute attr = entry.getAttribute(memberOfAttr);
            if (attr != null) {
                results.addAll(LDAPUtils.getAttributeValuesAsStringSet(attr));
            }
        } catch (LdapException ere) {
            DEBUG.error("An error occurred while trying to retrieve group memberships for " + dn + " using " + memberOfAttr + " attribute", ere);
            handleErrorResult(ere);
        } finally {
            IOUtils.closeIfNotNull(conn);
        }
    }
    return results;
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Filter(org.forgerock.opendj.ldap.Filter) Attribute(org.forgerock.opendj.ldap.Attribute) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) Connection(org.forgerock.opendj.ldap.Connection) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 13 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class DataLayer method read.

/**
     * Reads an ldap entry.
     * 
     * @param principal Authentication Principal.
     * @param guid Globally unique identifier for the entry.
     * @param attrNames Attributes to read.
     * @return an attribute set representing the entry in LDAP.
     * @exception EntryNotFoundException if the entry is not found.
     * @exception UMSException if fail to read the entry.
     *
     * @supported.api
     */
public AttrSet read(java.security.Principal principal, Guid guid, String[] attrNames) throws UMSException {
    String id = guid.getDn();
    ConnectionEntryReader entryReader;
    SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)", attrNames);
    entryReader = readLDAPEntry(principal, request);
    if (entryReader == null) {
        throw new AccessRightsException(id);
    }
    Collection<Attribute> attrs = new ArrayList<>();
    try (ConnectionEntryReader reader = entryReader) {
        while (reader.hasNext()) {
            if (reader.isReference()) {
                reader.readReference();
            //TODO AME-7017
            }
            SearchResultEntry entry = entryReader.readEntry();
            for (Attribute attr : entry.getAllAttributes()) {
                attrs.add(attr);
            }
        }
        if (attrs.isEmpty()) {
            throw new EntryNotFoundException(i18n.getString(IUMSConstants.ENTRY_NOT_FOUND, new String[] { id }));
        }
        return new AttrSet(attrs);
    } catch (IOException e) {
        throw new UMSException(i18n.getString(IUMSConstants.UNABLE_TO_READ_ENTRY, new String[] { id }), e);
    }
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) Attribute(org.forgerock.opendj.ldap.Attribute) ArrayList(java.util.ArrayList) ByteString(org.forgerock.opendj.ldap.ByteString) IOException(java.io.IOException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) AttrSet(com.iplanet.services.ldap.AttrSet)

Example 14 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class DataLayer method getAttributeString.

/**
     * Returns String values of the attribute.
     * 
     * @param principal Authentication Principal.
     * @param guid distinguished name.
     * @param attrName attribute name.
     *
     * @supported.api
     */
public String[] getAttributeString(Principal principal, Guid guid, String attrName) {
    String id = guid.getDn();
    SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)");
    try {
        try (ConnectionEntryReader reader = readLDAPEntry(principal, request)) {
            Attribute attribute = reader.readEntry().getAttribute(attrName);
            Collection<String> values = new ArrayList<>();
            for (ByteString byteString : attribute) {
                values.add(byteString.toString());
            }
            return values.toArray(new String[0]);
        }
    } catch (Exception e) {
        if (debug.warningEnabled()) {
            debug.warning("Exception in DataLayer.getAttributeString for DN: " + id, e);
        }
        return null;
    }
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) ArrayList(java.util.ArrayList) ByteString(org.forgerock.opendj.ldap.ByteString) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) LdapException(org.forgerock.opendj.ldap.LdapException) IOException(java.io.IOException)

Example 15 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class OpenDJUpgrader method findBaseDNs.

private List<DN> findBaseDNs() throws IOException {
    final List<DN> baseDNs = new LinkedList<DN>();
    final SearchRequest request = LDAPRequests.newSearchRequest("cn=backends,cn=config", SearchScope.WHOLE_SUBTREE, "(objectclass=ds-cfg-backend)", "ds-cfg-base-dn");
    try (LDIFEntryReader reader = new LDIFEntryReader(new FileInputStream(installRoot + "/config/config.ldif"))) {
        final EntryReader filteredReader = LDIF.search(reader, request);
        while (filteredReader.hasNext()) {
            final Entry entry = filteredReader.readEntry();
            final Attribute values = entry.getAttribute("ds-cfg-base-dn");
            if (values != null) {
                for (final ByteString value : values) {
                    baseDNs.add(DN.valueOf(value.toString()));
                }
            }
        }
    }
    return baseDNs;
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) EntryReader(org.forgerock.opendj.ldif.EntryReader) LDIFEntryReader(org.forgerock.opendj.ldif.LDIFEntryReader) ZipEntry(java.util.zip.ZipEntry) Entry(org.forgerock.opendj.ldap.Entry) LDIFEntryReader(org.forgerock.opendj.ldif.LDIFEntryReader) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) DN(org.forgerock.opendj.ldap.DN) LinkedList(java.util.LinkedList) FileInputStream(java.io.FileInputStream)

Aggregations

SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)32 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)26 LdapException (org.forgerock.opendj.ldap.LdapException)25 Connection (org.forgerock.opendj.ldap.Connection)20 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)19 ByteString (org.forgerock.opendj.ldap.ByteString)18 ResultCode (org.forgerock.opendj.ldap.ResultCode)15 HashSet (java.util.HashSet)13 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)10 Attribute (org.forgerock.opendj.ldap.Attribute)9 DN (org.forgerock.opendj.ldap.DN)9 SSOException (com.iplanet.sso.SSOException)8 PolicyException (com.sun.identity.policy.PolicyException)8 InvalidNameException (com.sun.identity.policy.InvalidNameException)7 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)7 LinkedHashSet (java.util.LinkedHashSet)7 SMSException (com.sun.identity.sm.SMSException)6 Filter (org.forgerock.opendj.ldap.Filter)6 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)5 ArrayList (java.util.ArrayList)4