Examples with SearchRequest org.forgerock.opendj.ldap.requests.SearchRequest used on opensource projects

Example 26 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class UpgradeEntitlementsStep method upgradeEntitlementIndexes.

private void upgradeEntitlementIndexes() throws UpgradeException {
    Connection conn = null;
    Connection modConn = null;
    try {
        conn = getConnection();
        //obtaining a second connection to perform the modifications.
        modConn = getConnection();
        SearchRequest sr = LDAPRequests.newSearchRequest(SMSEntry.getRootSuffix(), SearchScope.WHOLE_SUBTREE, ENTITLEMENT_INDEX_FILTER, SUN_KEY_VALUE, SUN_XML_KEY_VALUE);
        ConnectionEntryReader reader = conn.search(sr);
        int counter = 0;
        long lastReport = System.currentTimeMillis();
        while (reader.hasNext()) {
            if (reader.isEntry()) {
                if (System.currentTimeMillis() - lastReport > 3000) {
                    UpgradeProgress.reportEnd("upgrade.entitlement.privilege", counter, policyRuleCount);
                    lastReport = System.currentTimeMillis();
                }
                SearchResultEntry entry = reader.readEntry();
                Set<String> newValues = processEntry(entry);
                ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(entry.getName());
                modifyRequest.addModification(ModificationType.REPLACE, SUN_XML_KEY_VALUE, newValues.toArray());
                if (DEBUG.messageEnabled()) {
                    DEBUG.message("Upgrading entitlements index for: " + entry.getName());
                }
                modConn.modify(modifyRequest);
                counter++;
            } else {
                reader.readReference();
            }
        }
        UpgradeProgress.reportEnd("upgrade.entitlement.privilege", policyRuleCount, policyRuleCount);
    } catch (Exception ex) {
        DEBUG.error("An error occurred while upgrading the entitlement indexes", ex);
        throw new UpgradeException(ex);
    } finally {
        IOUtils.closeIfNotNull(conn);
        IOUtils.closeIfNotNull(modConn);
    }
}

Example 27 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class LDAPv3PersistentSearch method startSearch.

private void startSearch(Connection conn) throws LdapException {
    if (mode == null) {
        detectPersistentSearchMode(conn);
    }
    Control control = null;
    String[] attrs = null;
    //exception already.
    switch(mode) {
        case NONE:
            {
                DEBUG.error("Persistent search is not supported by the directory, persistent search will be disabled");
                return;
            }
        case STANDARD:
            {
                control = PersistentSearchRequestControl.newControl(IS_CRITICAL, CHANGES_ONLY, RETURN_CONTROLS, EnumSet.allOf(PersistentSearchChangeType.class));
                List<String> attributes = new ArrayList<>(attributeNames);
                attributes.add(DN_ATTR);
                attrs = attributes.toArray(new String[0]);
            }
            break;
        case AD:
            {
                control = GenericControl.newControl(AD_NOTIFICATION_OID, true);
                List<String> attributes = new ArrayList<>(attributeNames);
                attributes.addAll(AD_DEFAULT_ATTRIBUTES);
                attributes.add(DN_ATTR);
                attrs = attributes.toArray(new String[0]);
            }
    }
    SearchRequest searchRequest = LDAPRequests.newSearchRequest(searchBaseDN, searchScope, searchFilter, attrs);
    searchRequest.addControl(control);
    if (DEBUG.messageEnabled()) {
        DEBUG.message("Starting persistent search against baseDN: " + searchBaseDN + ", scope: " + searchScope.toString() + ", filter: " + searchFilter + ", attrs: " + Arrays.toString(attrs) + " against " + factory.toString());
    }
    //since psearch wasn't running until now, let's clear the caches to make sure that if something got into the
    //cache, while PS was stopped, those gets cleared out and we start with a clean cache.
    clearCaches();
    futureResult = conn.searchAsync(searchRequest, null, new PersistentSearchResultHandler());
}

Example 28 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class LDAPRoles method getValidValues.

/**
     * Returns a list of possible values for the <code>LDAPRoles
     * </code> that satisfy the given <code>pattern</code>.
     *
     * @param token the <code>SSOToken</code> that will be used
     * to determine the possible values
     * @param pattern search pattern that will be used to narrow
     * the list of valid names.
     *
     * @return <code>ValidValues</code> object
     *
     * @exception SSOException if <code>SSOToken></code> is not valid
     * @exception PolicyException if unable to get the list of valid
     * names.
     */
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
    if (!initialized) {
        throw (new PolicyException(ResBundleUtils.rbName, "ldaproles_subject_not_yet_initialized", null, null));
    }
    String searchFilter = null;
    if ((pattern != null) && !(pattern.trim().length() == 0)) {
        searchFilter = "(&" + roleSearchFilter + "(" + roleRDNAttrName + "=" + pattern + "))";
    } else {
        searchFilter = roleSearchFilter;
    }
    if (debug.messageEnabled()) {
        debug.message("LDAPRoles.getValidValues(): role search filter is: " + searchFilter);
    }
    String[] attrs = { roleRDNAttrName };
    Set<String> validRoleDNs = new HashSet<>();
    int status = ValidValues.SUCCESS;
    try (Connection conn = connPool.getConnection()) {
        SearchRequest searchRequest = LDAPRequests.newSearchRequest(baseDN, roleSearchScope, searchFilter, attrs);
        ConnectionEntryReader reader = conn.search(searchRequest);
        while (reader.hasNext()) {
            if (reader.isReference()) {
                //Ignore
                reader.readReference();
            } else {
                SearchResultEntry entry = reader.readEntry();
                if (entry != null) {
                    validRoleDNs.add(entry.getName().toString());
                    debug.message("LDAPRoles.getValidValues(): found role name={}", entry.getName().toString());
                }
            }
        }
    } catch (LdapException le) {
        ResultCode resultCode = le.getResult().getResultCode();
        if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPRoles.getValidValues(): exceeded the size limit");
            return new ValidValues(ValidValues.SIZE_LIMIT_EXCEEDED, validRoleDNs);
        } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPRoles.getValidValues(): exceeded the time limit");
            return new ValidValues(ValidValues.TIME_LIMIT_EXCEEDED, validRoleDNs);
        } else if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
            throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
        } else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
            String[] objs = { baseDN };
            throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_base_dn", objs, null);
        }
        String errorMsg = le.getMessage();
        String additionalMsg = le.getResult().getDiagnosticMessage();
        if (additionalMsg != null) {
            throw new PolicyException(errorMsg + ": " + additionalMsg);
        } else {
            throw new PolicyException(errorMsg);
        }
    } catch (Exception e) {
        throw new PolicyException(e);
    }
    return new ValidValues(status, validRoleDNs);
}

Example 29 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class LDAPGroups method findDynamicGroupMembersByUrl.

/**
     * Finds the dynamic group member DNs 
     * @param url the url to be used for the group member search
     * @return the set of group member DNs satisfied the search url
     */
private Set findDynamicGroupMembersByUrl(LDAPUrl url, String userRDN) throws PolicyException {
    Connection ld = null;
    Set<String> groupMemberDNs = new HashSet<>();
    try (Connection conn = connPool.getConnection()) {
        // Need to pass the user dn in the filter
        StringBuilder filter = new StringBuilder(25);
        filter.append("(&").append(userRDN);
        String groupFilter = url.getFilter().toString();
        int index = groupFilter.indexOf("(");
        if (index != 0) {
            filter.append("(").append(groupFilter).append("))");
        } else {
            filter.append(groupFilter).append(")");
        }
        debug.message("search filter in LDAPGroups : {}", filter);
        String[] attrs = { userRDNAttrName };
        SearchRequest searchRequest = LDAPRequests.newSearchRequest(url.getName(), url.getScope(), Filter.valueOf(filter.toString()), attrs);
        ConnectionEntryReader reader = conn.search(searchRequest);
        while (reader.hasNext()) {
            if (reader.isReference()) {
                //Ignore
                reader.readReference();
            } else {
                SearchResultEntry entry = reader.readEntry();
                if (entry != null) {
                    groupMemberDNs.add(entry.getName().toString());
                }
            }
        }
    } catch (LdapException le) {
        String[] objs = { orgName };
        ResultCode resultCode = le.getResult().getResultCode();
        if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPGroups.findDynamicGroupMembersByUrl(): exceeded the size limit");
            throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
        } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPGroups.findDynamicGroupMembersByUrl(): exceeded the time limit");
            throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
        } else {
            throw new PolicyException(le);
        }
    } catch (Exception e) {
        throw new PolicyException(e);
    }
    return groupMemberDNs;
}

Example 30 with SearchRequest

use of org.forgerock.opendj.ldap.requests.SearchRequest in project OpenAM by OpenRock.

the class LDAPFilterCondition method searchFilterSatisfied.

/**
     * returns a boolean result indicating if the specified
     * <code>searchFilter</code> is satisfied by 
     * making a directory search using the filter.
     */
private boolean searchFilterSatisfied(String searchFilter) throws SSOException, PolicyException {
    if (debug.messageEnabled()) {
        debug.message("LDAPFilterCondition.searchFilterSatified():" + "entering, searchFitler=" + searchFilter);
    }
    boolean filterSatisfied = false;
    String[] attrs = { userRDNAttrName };
    // search the remote ldap         
    Connection ld = null;
    try (Connection conn = connPool.getConnection()) {
        SearchRequest searchRequest = LDAPRequests.newSearchRequest(baseDN, userSearchScope, searchFilter, attrs);
        ConnectionEntryReader reader = conn.search(searchRequest);
        if (reader.hasNext()) {
            if (reader.isReference()) {
                //Ignore
                reader.readReference();
            } else {
                SearchResultEntry entry = reader.readEntry();
                if (entry != null) {
                    String dn = entry.getName().toString();
                    if (dn != null && dn.length() != 0) {
                        debug.message("LDAPFilterCondition.searchFilterSatified(): dn={}", dn);
                        filterSatisfied = true;
                    }
                }
            }
        }
    } catch (LdapException le) {
        ResultCode resultCode = le.getResult().getResultCode();
        if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPFilterCondition.searchFilterSatified(): exceeded the size limit");
        } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("LDAPFilterCondition.searchFilterSatified(): exceeded the time limit");
        } else if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
            throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
        } else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
            String[] objs = { baseDN };
            throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_users_base_dn", objs, null);
        }
        String errorMsg = le.getMessage();
        String additionalMsg = le.getResult().getDiagnosticMessage();
        if (additionalMsg != null) {
            throw new PolicyException(errorMsg + ": " + additionalMsg);
        } else {
            throw new PolicyException(errorMsg);
        }
    } catch (SearchResultReferenceIOException e) {
        debug.warning("LDAPFilterCondition.searchFilterSatified()" + ": Partial results have been received, status code 9." + " The message provided by the LDAP server is: \n" + e.getMessage());
    }
    debug.message("LDAPFilterCondition.searchFilterSatified():returning, filterSatisfied={}", filterSatisfied);
    return filterSatisfied;
}