Search in sources :

Example 1 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.

the class IdRepoUtils method getADAMInstanceGUID.

private static String getADAMInstanceGUID(Map attrValues) throws Exception {
    try (ConnectionFactory factory = getLDAPConnection(attrValues);
        Connection ld = factory.getConnection()) {
        String attrName = "schemaNamingContext";
        String[] attrs = { attrName };
        ConnectionEntryReader res = ld.search(LDAPRequests.newSearchRequest("", SearchScope.BASE_OBJECT, "(objectclass=*)"));
        if (res.hasNext()) {
            SearchResultEntry entry = res.readEntry();
            Attribute ldapAttr = entry.getAttribute(attrName);
            if (ldapAttr != null) {
                String value = ldapAttr.firstValueAsString();
                int index = value.lastIndexOf("=");
                if (index != -1) {
                    return value.substring(index + 1).trim();
                }
            }
        }
    }
    return null;
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory) LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory) Attribute(org.forgerock.opendj.ldap.Attribute) Connection(org.forgerock.opendj.ldap.Connection) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 2 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.

the class UmaLabelsStore method read.

/**
     * Reads a label from the underlying database.
     * @param realm The current realm.
     * @param username The user that owns the label.
     * @param id The id of the label.
     * @return The retrieved label details.
     * @throws ResourceException Thrown if the label cannot be read.
     */
public ResourceSetLabel read(String realm, String username, String id) throws ResourceException {
    try (Connection connection = getConnection()) {
        SearchResultEntry entry = connection.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(getLabelDn(realm, username, id)));
        Set<String> resourceSets = new HashSet<>();
        final Attribute resourceSetAttribute = entry.getAttribute(RESOURCE_SET_ATTR);
        if (resourceSetAttribute != null) {
            for (ByteString resourceSetId : resourceSetAttribute) {
                resourceSets.add(resourceSetId.toString());
            }
        }
        return getResourceSetLabel(entry, resourceSets);
    } catch (LdapException e) {
        final ResultCode resultCode = e.getResult().getResultCode();
        if (resultCode.equals(ResultCode.NO_SUCH_OBJECT)) {
            throw new NotFoundException();
        }
        throw new InternalServerErrorException("Could not read", e);
    }
}
Also used : Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) Connection(org.forgerock.opendj.ldap.Connection) NotFoundException(org.forgerock.json.resource.NotFoundException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ByteString(org.forgerock.opendj.ldap.ByteString) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) HashSet(java.util.HashSet)

Example 3 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.

the class UmaLabelsStore method query.

private Set<ResourceSetLabel> query(String realm, String username, Filter filter, boolean includeResourceSets) throws ResourceException {
    try (Connection connection = getConnection()) {
        Set<ResourceSetLabel> result = new HashSet<>();
        String[] attrs;
        if (includeResourceSets) {
            attrs = new String[] { ID_ATTR, NAME_ATTR, TYPE_ATTR, RESOURCE_SET_ATTR };
        } else {
            attrs = new String[] { ID_ATTR, NAME_ATTR, TYPE_ATTR };
        }
        ConnectionEntryReader searchResult = connection.search(LDAPRequests.newSearchRequest(getUserDn(realm, username), SearchScope.SUBORDINATES, filter, attrs));
        while (searchResult.hasNext()) {
            if (searchResult.isReference()) {
                debug.warning("Encountered reference {} searching for resource set labels for user {} in realm {}", searchResult.readReference(), username, realm);
            } else {
                final SearchResultEntry entry = searchResult.readEntry();
                result.add(getResourceSetLabel(entry, getResourceSetIds(entry)));
            }
        }
        return result;
    } catch (LdapException e) {
        if (e.getResult().getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
            return Collections.emptySet();
        }
        throw new InternalServerErrorException("Could not complete search", e);
    } catch (SearchResultReferenceIOException e) {
        throw new InternalServerErrorException("Shouldn't get a reference as these have been handled", e);
    }
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Connection(org.forgerock.opendj.ldap.Connection) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 4 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.

the class LDAPUsers method getUserDN.

/**
     * Gets the DN for a user identified 
     * by the token. If the Directory server is locally installed to speed
     * up the search, no directoty search is performed and the DN obtained
     * from the token is returned. If the directory is remote
     * a LDAP search is performed to get the user DN.
     */
private DN getUserDN(SSOToken token) throws SSOException, PolicyException {
    Set<String> qualifiedUserDNs = new HashSet<>();
    String userLocalDN = token.getPrincipal().getName();
    DN userDN = null;
    if (localDS && !PolicyUtils.principalNameEqualsUuid(token)) {
        userDN = DN.valueOf(userLocalDN);
    } else {
        // try to figure out the user name from the local user DN
        int beginIndex = userLocalDN.indexOf("=");
        int endIndex = userLocalDN.indexOf(",");
        if ((beginIndex <= 0) || (endIndex <= 0) || (beginIndex >= endIndex)) {
            throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_invalid_local_user_dn", null, null));
        }
        String userName = userLocalDN.substring(beginIndex + 1, endIndex);
        String searchFilter = null;
        if ((userSearchFilter != null) && !(userSearchFilter.length() == 0)) {
            searchFilter = "(&" + userSearchFilter + PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled) + ")";
        } else {
            searchFilter = PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled);
        }
        if (debug.messageEnabled()) {
            debug.message("LDAPUsers.getUserDN(): search filter is: " + searchFilter);
        }
        String[] attrs = { userRDNAttrName };
        // search the remote ldap and find out the user DN
        try (Connection ld = connPool.getConnection()) {
            ConnectionEntryReader res = search(searchFilter, ld, attrs);
            while (res.hasNext()) {
                try {
                    SearchResultEntry entry = res.readEntry();
                    qualifiedUserDNs.add(entry.getName().toString());
                } catch (SearchResultReferenceIOException e) {
                    // ignore referrals
                    continue;
                } catch (LdapException e) {
                    String[] objs = { orgName };
                    ResultCode resultCode = e.getResult().getResultCode();
                    if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
                        debug.warning("LDAPUsers.getUserDN(): exceeded the size limit");
                        throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
                    } else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
                        debug.warning("LDAPUsers.getUserDN(): exceeded the time limit");
                        throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
                    } else {
                        throw new PolicyException(e);
                    }
                }
            }
        } catch (LdapException e) {
            throw handleResultException(e);
        } catch (Exception e) {
            throw new PolicyException(e);
        }
        // check if the user belongs to any of the selected users
        if (qualifiedUserDNs.size() > 0) {
            debug.message("LDAPUsers.getUserDN(): qualified users={}", qualifiedUserDNs);
            Iterator<String> iter = qualifiedUserDNs.iterator();
            // we only take the first qualified DN
            userDN = DN.valueOf(iter.next());
        }
    }
    return userDN;
}
Also used : Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 5 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.

the class LDAPUsers method getValidEntries.

/**
     * Returns a set of possible values that satisfy the <code>pattern</code>.
     * The returned <code>ValidValues</code> object contains a set of
     * map of user DN to a map of user's attribute name to a string array of
     * attribute values.
     *
     * @param token Single Sign On token for fetching the possible values.
     * @param pattern Search pattern of which possible values are matched to.
     * @param attributeNames Array of attribute names to be to returned.
     * @return a set of possible values that satify the <code>pattern</code>.
     * @throws SSOException if <code>SSOToken</code> is invalid.
     * @throws PolicyException if there are problems getting these values.
     */
public ValidValues getValidEntries(SSOToken token, String pattern, String[] attributeNames) throws SSOException, PolicyException {
    if (!initialized) {
        throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_not_yet_initialized", null, null));
    }
    Set<Map<String, Map<String, String[]>>> results = new HashSet<>();
    String searchFilter = getSearchFilter(pattern);
    int status = ValidValues.SUCCESS;
    try (Connection ld = connPool.getConnection()) {
        ConnectionEntryReader res = search(searchFilter, ld, attributeNames);
        Map<String, Map<String, String[]>> map = new HashMap<>();
        results.add(map);
        while (res.hasNext()) {
            try {
                SearchResultEntry entry = res.readEntry();
                if (entry != null) {
                    String userDN = entry.getName().toString();
                    map.put(userDN, getUserAttributeValues(entry, attributeNames));
                }
            } catch (SearchResultReferenceIOException lre) {
                // ignore referrals
                continue;
            } catch (LdapException e) {
                ResultCode resultCode = e.getResult().getResultCode();
                if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidEntries(): exceeded the size limit");
                    status = ValidValues.SIZE_LIMIT_EXCEEDED;
                } else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidEntries(): exceeded the time limit");
                    status = ValidValues.TIME_LIMIT_EXCEEDED;
                } else {
                    throw new PolicyException(e);
                }
            }
        }
    } catch (LdapException e) {
        throw handleResultException(e);
    } catch (Exception e) {
        throw new PolicyException(e);
    }
    return new ValidValues(status, results);
}
Also used : HashMap(java.util.HashMap) ValidValues(com.sun.identity.policy.ValidValues) Connection(org.forgerock.opendj.ldap.Connection) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) HashMap(java.util.HashMap) Map(java.util.Map) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Aggregations

SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)62 LdapException (org.forgerock.opendj.ldap.LdapException)46 ByteString (org.forgerock.opendj.ldap.ByteString)43 Connection (org.forgerock.opendj.ldap.Connection)43 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)43 Attribute (org.forgerock.opendj.ldap.Attribute)30 HashSet (java.util.HashSet)25 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)24 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)19 IOException (java.io.IOException)18 PolicyException (com.sun.identity.policy.PolicyException)15 ResultCode (org.forgerock.opendj.ldap.ResultCode)15 SSOException (com.iplanet.sso.SSOException)14 DN (org.forgerock.opendj.ldap.DN)11 InvalidNameException (com.sun.identity.policy.InvalidNameException)10 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)10 LinkedAttribute (org.forgerock.opendj.ldap.LinkedAttribute)10 ArrayList (java.util.ArrayList)9 BindResult (org.forgerock.opendj.ldap.responses.BindResult)8 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)7