use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.
the class IdRepoUtils method getADAMInstanceGUID.
private static String getADAMInstanceGUID(Map attrValues) throws Exception {
try (ConnectionFactory factory = getLDAPConnection(attrValues);
Connection ld = factory.getConnection()) {
String attrName = "schemaNamingContext";
String[] attrs = { attrName };
ConnectionEntryReader res = ld.search(LDAPRequests.newSearchRequest("", SearchScope.BASE_OBJECT, "(objectclass=*)"));
if (res.hasNext()) {
SearchResultEntry entry = res.readEntry();
Attribute ldapAttr = entry.getAttribute(attrName);
if (ldapAttr != null) {
String value = ldapAttr.firstValueAsString();
int index = value.lastIndexOf("=");
if (index != -1) {
return value.substring(index + 1).trim();
}
}
}
}
return null;
}
use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.
the class UmaLabelsStore method read.
/**
* Reads a label from the underlying database.
* @param realm The current realm.
* @param username The user that owns the label.
* @param id The id of the label.
* @return The retrieved label details.
* @throws ResourceException Thrown if the label cannot be read.
*/
public ResourceSetLabel read(String realm, String username, String id) throws ResourceException {
try (Connection connection = getConnection()) {
SearchResultEntry entry = connection.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(getLabelDn(realm, username, id)));
Set<String> resourceSets = new HashSet<>();
final Attribute resourceSetAttribute = entry.getAttribute(RESOURCE_SET_ATTR);
if (resourceSetAttribute != null) {
for (ByteString resourceSetId : resourceSetAttribute) {
resourceSets.add(resourceSetId.toString());
}
}
return getResourceSetLabel(entry, resourceSets);
} catch (LdapException e) {
final ResultCode resultCode = e.getResult().getResultCode();
if (resultCode.equals(ResultCode.NO_SUCH_OBJECT)) {
throw new NotFoundException();
}
throw new InternalServerErrorException("Could not read", e);
}
}
use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.
the class UmaLabelsStore method query.
private Set<ResourceSetLabel> query(String realm, String username, Filter filter, boolean includeResourceSets) throws ResourceException {
try (Connection connection = getConnection()) {
Set<ResourceSetLabel> result = new HashSet<>();
String[] attrs;
if (includeResourceSets) {
attrs = new String[] { ID_ATTR, NAME_ATTR, TYPE_ATTR, RESOURCE_SET_ATTR };
} else {
attrs = new String[] { ID_ATTR, NAME_ATTR, TYPE_ATTR };
}
ConnectionEntryReader searchResult = connection.search(LDAPRequests.newSearchRequest(getUserDn(realm, username), SearchScope.SUBORDINATES, filter, attrs));
while (searchResult.hasNext()) {
if (searchResult.isReference()) {
debug.warning("Encountered reference {} searching for resource set labels for user {} in realm {}", searchResult.readReference(), username, realm);
} else {
final SearchResultEntry entry = searchResult.readEntry();
result.add(getResourceSetLabel(entry, getResourceSetIds(entry)));
}
}
return result;
} catch (LdapException e) {
if (e.getResult().getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
return Collections.emptySet();
}
throw new InternalServerErrorException("Could not complete search", e);
} catch (SearchResultReferenceIOException e) {
throw new InternalServerErrorException("Shouldn't get a reference as these have been handled", e);
}
}
use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.
the class LDAPUsers method getUserDN.
/**
* Gets the DN for a user identified
* by the token. If the Directory server is locally installed to speed
* up the search, no directoty search is performed and the DN obtained
* from the token is returned. If the directory is remote
* a LDAP search is performed to get the user DN.
*/
private DN getUserDN(SSOToken token) throws SSOException, PolicyException {
Set<String> qualifiedUserDNs = new HashSet<>();
String userLocalDN = token.getPrincipal().getName();
DN userDN = null;
if (localDS && !PolicyUtils.principalNameEqualsUuid(token)) {
userDN = DN.valueOf(userLocalDN);
} else {
// try to figure out the user name from the local user DN
int beginIndex = userLocalDN.indexOf("=");
int endIndex = userLocalDN.indexOf(",");
if ((beginIndex <= 0) || (endIndex <= 0) || (beginIndex >= endIndex)) {
throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_invalid_local_user_dn", null, null));
}
String userName = userLocalDN.substring(beginIndex + 1, endIndex);
String searchFilter = null;
if ((userSearchFilter != null) && !(userSearchFilter.length() == 0)) {
searchFilter = "(&" + userSearchFilter + PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled) + ")";
} else {
searchFilter = PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled);
}
if (debug.messageEnabled()) {
debug.message("LDAPUsers.getUserDN(): search filter is: " + searchFilter);
}
String[] attrs = { userRDNAttrName };
// search the remote ldap and find out the user DN
try (Connection ld = connPool.getConnection()) {
ConnectionEntryReader res = search(searchFilter, ld, attrs);
while (res.hasNext()) {
try {
SearchResultEntry entry = res.readEntry();
qualifiedUserDNs.add(entry.getName().toString());
} catch (SearchResultReferenceIOException e) {
// ignore referrals
continue;
} catch (LdapException e) {
String[] objs = { orgName };
ResultCode resultCode = e.getResult().getResultCode();
if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
debug.warning("LDAPUsers.getUserDN(): exceeded the size limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
} else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
debug.warning("LDAPUsers.getUserDN(): exceeded the time limit");
throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
} else {
throw new PolicyException(e);
}
}
}
} catch (LdapException e) {
throw handleResultException(e);
} catch (Exception e) {
throw new PolicyException(e);
}
// check if the user belongs to any of the selected users
if (qualifiedUserDNs.size() > 0) {
debug.message("LDAPUsers.getUserDN(): qualified users={}", qualifiedUserDNs);
Iterator<String> iter = qualifiedUserDNs.iterator();
// we only take the first qualified DN
userDN = DN.valueOf(iter.next());
}
}
return userDN;
}
use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.
the class LDAPUsers method getValidEntries.
/**
* Returns a set of possible values that satisfy the <code>pattern</code>.
* The returned <code>ValidValues</code> object contains a set of
* map of user DN to a map of user's attribute name to a string array of
* attribute values.
*
* @param token Single Sign On token for fetching the possible values.
* @param pattern Search pattern of which possible values are matched to.
* @param attributeNames Array of attribute names to be to returned.
* @return a set of possible values that satify the <code>pattern</code>.
* @throws SSOException if <code>SSOToken</code> is invalid.
* @throws PolicyException if there are problems getting these values.
*/
public ValidValues getValidEntries(SSOToken token, String pattern, String[] attributeNames) throws SSOException, PolicyException {
if (!initialized) {
throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_not_yet_initialized", null, null));
}
Set<Map<String, Map<String, String[]>>> results = new HashSet<>();
String searchFilter = getSearchFilter(pattern);
int status = ValidValues.SUCCESS;
try (Connection ld = connPool.getConnection()) {
ConnectionEntryReader res = search(searchFilter, ld, attributeNames);
Map<String, Map<String, String[]>> map = new HashMap<>();
results.add(map);
while (res.hasNext()) {
try {
SearchResultEntry entry = res.readEntry();
if (entry != null) {
String userDN = entry.getName().toString();
map.put(userDN, getUserAttributeValues(entry, attributeNames));
}
} catch (SearchResultReferenceIOException lre) {
// ignore referrals
continue;
} catch (LdapException e) {
ResultCode resultCode = e.getResult().getResultCode();
if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
debug.warning("LDAPUsers.getValidEntries(): exceeded the size limit");
status = ValidValues.SIZE_LIMIT_EXCEEDED;
} else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
debug.warning("LDAPUsers.getValidEntries(): exceeded the time limit");
status = ValidValues.TIME_LIMIT_EXCEEDED;
} else {
throw new PolicyException(e);
}
}
}
} catch (LdapException e) {
throw handleResultException(e);
} catch (Exception e) {
throw new PolicyException(e);
}
return new ValidValues(status, results);
}
Aggregations