use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.
the class EmbeddedOpenDS method delOpenDSServer.
/**
* Removes host:port from OpenDJ replication
*/
public static void delOpenDSServer(Connection lc, String delServer) {
String replServerDN = "cn=" + delServer + ",cn=Servers,cn=admin data";
final String[] attrs = { "ds-cfg-key-id" };
Debug debug = Debug.getInstance(SetupConstants.DEBUG_NAME);
if (lc == null) {
debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not connect to local OpenDJ instance." + replServerDN);
return;
}
String trustKey = null;
try {
SearchResultEntry le = lc.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(replServerDN, attrs));
if (le != null) {
Attribute la = le.getAttribute(attrs[0]);
if (la != null) {
trustKey = la.firstValueAsString();
}
String keyDN = "ds-cfg-key-id=" + trustKey + ",cn=instance keys,cn=admin data";
lc.delete(LDAPRequests.newDeleteRequest(keyDN));
} else {
debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not find trustkey for:" + replServerDN);
}
} catch (Exception ex) {
debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting replication key:", ex);
}
try {
lc.delete(LDAPRequests.newDeleteRequest(replServerDN));
} catch (Exception ex) {
debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting deleting server entry:" + replServerDN, ex);
}
try {
ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(replDN).addModification(new Modification(ModificationType.DELETE, Attributes.singletonAttribute("uniqueMember", "cn=" + delServer)));
lc.modify(modifyRequest);
} catch (Exception ex) {
debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting removing :" + replDN, ex);
}
}
use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.
the class EmbeddedOpenDS method getServerSet.
/**
* Gets list of replicated servers from local OpenDJ directory.
*/
public static Set getServerSet(Connection lc) {
final String[] attrs = { "uniqueMember" };
Debug debug = Debug.getInstance(SetupConstants.DEBUG_NAME);
try {
if (lc != null) {
SearchResultEntry le = lc.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(replDN, attrs));
if (le != null) {
Set hostSet = new HashSet();
Attribute la = le.getAttribute(attrs[0]);
if (la != null) {
for (ByteString value : la) {
hostSet.add(value.toString().substring(3, value.length()));
}
}
return hostSet;
} else {
debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not find trustkey for:" + replDN);
}
} else {
debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not connect to local opends instance.");
}
} catch (Exception ex) {
debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting replication key:", ex);
}
return null;
}
use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.
the class DataLayer method getAttributes.
/**
* Returns attributes for the given attribute names.
*
* @param principal Authentication Principal.
* @param guid Distinguished name.
* @param attrNames Attribute names.
* @return collection of Attr.
*
* @supported.api
*/
public Collection<Attr> getAttributes(Principal principal, Guid guid, Collection<String> attrNames) {
String id = guid.getDn();
SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)", attrNames.toArray(EMPTY_STRING_ARRAY));
ConnectionEntryReader ldapEntry;
try {
ldapEntry = readLDAPEntry(principal, request);
if (ldapEntry == null) {
debug.warning("No attributes returned may not have permission to read");
return Collections.emptySet();
}
Collection<Attr> attributes = new ArrayList<>();
while (ldapEntry.hasNext()) {
if (ldapEntry.isEntry()) {
SearchResultEntry entry = ldapEntry.readEntry();
for (Attribute attr : entry.getAllAttributes()) {
attributes.add(new Attr(attr));
}
}
}
return attributes;
} catch (Exception e) {
debug.warning("Exception in DataLayer.getAttributes for DN: {}", id, e);
return null;
}
}
use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project ddf by codice.
the class LdapClaimsHandler method retrieveClaimValues.
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
Principal principal = parameters.getPrincipal();
String user = AttributeMapLoader.getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return new ProcessedClaimCollection();
}
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
Connection connection = null;
try {
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", this.getObjectClass())).and(new EqualsFilter(this.getUserNameAttribute(), user));
List<String> searchAttributeList = new ArrayList<String>();
for (Claim claim : claims) {
if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
searchAttributeList.add(getClaimsLdapAttributeMapping().get(claim.getClaimType().toString()));
} else {
LOGGER.debug("Unsupported claim: {}", claim.getClaimType());
}
}
String[] searchAttributes = null;
searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
connection = connectionFactory.getConnection();
if (connection != null) {
BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
BindResult bindResult = connection.bind(request);
if (bindResult.isSuccess()) {
String baseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDN(), overrideCertDn);
LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", baseDN, filter.toString());
ConnectionEntryReader entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), searchAttributes);
SearchResultEntry entry;
while (entryReader.hasNext()) {
entry = entryReader.readEntry();
for (Claim claim : claims) {
URI claimType = claim.getClaimType();
String ldapAttribute = getClaimsLdapAttributeMapping().get(claimType.toString());
Attribute attr = entry.getAttribute(ldapAttribute);
if (attr == null) {
LOGGER.trace("Claim '{}' is null", claim.getClaimType());
} else {
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(claimType);
c.setPrincipal(principal);
for (ByteString value : attr) {
String itemValue = value.toString();
if (this.isX500FilterEnabled()) {
try {
X500Principal x500p = new X500Principal(itemValue);
itemValue = x500p.getName();
int index = itemValue.indexOf('=');
itemValue = itemValue.substring(index + 1, itemValue.indexOf(',', index));
} catch (Exception ex) {
// Ignore, not X500 compliant thus use the whole
// string as the value
LOGGER.debug("Not X500 compliant", ex);
}
}
c.addValue(itemValue);
}
claimsColl.add(c);
}
}
}
} else {
LOGGER.info("LDAP Connection failed.");
}
}
} catch (LdapException e) {
LOGGER.info("Cannot connect to server, therefore unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
LOGGER.debug("Cannot connect to server, therefore unable to set user attributes.", e);
} catch (SearchResultReferenceIOException e) {
LOGGER.info("Unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
LOGGER.debug("Unable to set user attributes.", e);
} finally {
if (connection != null) {
connection.close();
}
}
return claimsColl;
}
use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project ddf by codice.
the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNotNullPrincipal.
@Test
public void testRetrieveClaimsValuesNotNullPrincipal() throws LdapException, SearchResultReferenceIOException {
BindResult bindResult = mock(BindResult.class);
ClaimsParameters claimsParameters;
Connection connection = mock(Connection.class);
ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
LDAPConnectionFactory connectionFactory = PowerMockito.mock(LDAPConnectionFactory.class);
LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
ProcessedClaimCollection processedClaims;
RoleClaimsHandler claimsHandler;
SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
String groupName = "avengers";
when(bindResult.isSuccess()).thenReturn(true);
membershipAttribute.add("tstark");
when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
// hasNext() returns 'true' the first time, then 'false' every time after.
when(membershipReader.hasNext()).thenReturn(true, false);
when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
groupNameAttribute.add(groupName);
when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
when(groupNameReader.hasNext()).thenReturn(true, false);
when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
when(connection.bind(anyObject())).thenReturn(bindResult);
when(connection.search(anyObject(), anyObject(), eq("(&(objectClass=groupOfNames)(member=uid=tstark,))"), anyVararg())).thenReturn(groupNameReader);
when(connection.search(anyString(), anyObject(), anyString(), matches("uid"))).thenReturn(membershipReader);
when(connectionFactory.getConnection()).thenReturn(connection);
claimsHandler = new RoleClaimsHandler();
claimsHandler.setLdapConnectionFactory(connectionFactory);
claimsHandler.setBindMethod("Simple");
claimsHandler.setBindUserCredentials("foo");
claimsHandler.setBindUserDN("bar");
claimsParameters = new ClaimsParameters();
claimsParameters.setPrincipal(new UserPrincipal(USER_CN));
ClaimCollection claimCollection = new ClaimCollection();
processedClaims = claimsHandler.retrieveClaimValues(claimCollection, claimsParameters);
assertThat(processedClaims, hasSize(1));
ProcessedClaim claim = processedClaims.get(0);
assertThat(claim.getPrincipal(), equalTo(new UserPrincipal(USER_CN)));
assertThat(claim.getValues(), hasSize(1));
assertThat(claim.getValues().get(0), equalTo(groupName));
}
Aggregations