Search in sources :

Example 46 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.

the class EmbeddedOpenDS method delOpenDSServer.

/**
     * Removes host:port from OpenDJ replication
     */
public static void delOpenDSServer(Connection lc, String delServer) {
    String replServerDN = "cn=" + delServer + ",cn=Servers,cn=admin data";
    final String[] attrs = { "ds-cfg-key-id" };
    Debug debug = Debug.getInstance(SetupConstants.DEBUG_NAME);
    if (lc == null) {
        debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not connect to local OpenDJ instance." + replServerDN);
        return;
    }
    String trustKey = null;
    try {
        SearchResultEntry le = lc.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(replServerDN, attrs));
        if (le != null) {
            Attribute la = le.getAttribute(attrs[0]);
            if (la != null) {
                trustKey = la.firstValueAsString();
            }
            String keyDN = "ds-cfg-key-id=" + trustKey + ",cn=instance keys,cn=admin data";
            lc.delete(LDAPRequests.newDeleteRequest(keyDN));
        } else {
            debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not find trustkey for:" + replServerDN);
        }
    } catch (Exception ex) {
        debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting replication key:", ex);
    }
    try {
        lc.delete(LDAPRequests.newDeleteRequest(replServerDN));
    } catch (Exception ex) {
        debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting deleting server entry:" + replServerDN, ex);
    }
    try {
        ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(replDN).addModification(new Modification(ModificationType.DELETE, Attributes.singletonAttribute("uniqueMember", "cn=" + delServer)));
        lc.modify(modifyRequest);
    } catch (Exception ex) {
        debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting removing :" + replDN, ex);
    }
}
Also used : Modification(org.forgerock.opendj.ldap.Modification) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) ModifyRequest(org.forgerock.opendj.ldap.requests.ModifyRequest) Debug(com.sun.identity.shared.debug.Debug) FileNotFoundException(java.io.FileNotFoundException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) LdapException(org.forgerock.opendj.ldap.LdapException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 47 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.

the class EmbeddedOpenDS method getServerSet.

/**
     * Gets list of replicated servers from local OpenDJ directory.
     */
public static Set getServerSet(Connection lc) {
    final String[] attrs = { "uniqueMember" };
    Debug debug = Debug.getInstance(SetupConstants.DEBUG_NAME);
    try {
        if (lc != null) {
            SearchResultEntry le = lc.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(replDN, attrs));
            if (le != null) {
                Set hostSet = new HashSet();
                Attribute la = le.getAttribute(attrs[0]);
                if (la != null) {
                    for (ByteString value : la) {
                        hostSet.add(value.toString().substring(3, value.length()));
                    }
                }
                return hostSet;
            } else {
                debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not find trustkey for:" + replDN);
            }
        } else {
            debug.error("EmbeddedOpenDS:syncOpenDSServer():" + "Could not connect to local opends instance.");
        }
    } catch (Exception ex) {
        debug.error("EmbeddedOpenDS.syncOpenDSServer()." + " Error getting replication key:", ex);
    }
    return null;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) ByteString(org.forgerock.opendj.ldap.ByteString) Debug(com.sun.identity.shared.debug.Debug) FileNotFoundException(java.io.FileNotFoundException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) LdapException(org.forgerock.opendj.ldap.LdapException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) HashSet(java.util.HashSet)

Example 48 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project OpenAM by OpenRock.

the class DataLayer method getAttributes.

/**
     * Returns attributes for the given attribute names.
     * 
     * @param principal Authentication Principal.
     * @param guid Distinguished name.
     * @param attrNames Attribute names.
     * @return collection of Attr.
     *
     * @supported.api
     */
public Collection<Attr> getAttributes(Principal principal, Guid guid, Collection<String> attrNames) {
    String id = guid.getDn();
    SearchRequest request = LDAPRequests.newSearchRequest(id, SearchScope.BASE_OBJECT, "(objectclass=*)", attrNames.toArray(EMPTY_STRING_ARRAY));
    ConnectionEntryReader ldapEntry;
    try {
        ldapEntry = readLDAPEntry(principal, request);
        if (ldapEntry == null) {
            debug.warning("No attributes returned may not have permission to read");
            return Collections.emptySet();
        }
        Collection<Attr> attributes = new ArrayList<>();
        while (ldapEntry.hasNext()) {
            if (ldapEntry.isEntry()) {
                SearchResultEntry entry = ldapEntry.readEntry();
                for (Attribute attr : entry.getAllAttributes()) {
                    attributes.add(new Attr(attr));
                }
            }
        }
        return attributes;
    } catch (Exception e) {
        debug.warning("Exception in DataLayer.getAttributes for DN: {}", id, e);
        return null;
    }
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Attribute(org.forgerock.opendj.ldap.Attribute) ArrayList(java.util.ArrayList) ByteString(org.forgerock.opendj.ldap.ByteString) Attr(com.iplanet.services.ldap.Attr) LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException) LdapException(org.forgerock.opendj.ldap.LdapException) IOException(java.io.IOException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 49 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project ddf by codice.

the class LdapClaimsHandler method retrieveClaimValues.

@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
    Principal principal = parameters.getPrincipal();
    String user = AttributeMapLoader.getUser(principal);
    if (user == null) {
        LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
        return new ProcessedClaimCollection();
    }
    ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
    Connection connection = null;
    try {
        AndFilter filter = new AndFilter();
        filter.and(new EqualsFilter("objectclass", this.getObjectClass())).and(new EqualsFilter(this.getUserNameAttribute(), user));
        List<String> searchAttributeList = new ArrayList<String>();
        for (Claim claim : claims) {
            if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
                searchAttributeList.add(getClaimsLdapAttributeMapping().get(claim.getClaimType().toString()));
            } else {
                LOGGER.debug("Unsupported claim: {}", claim.getClaimType());
            }
        }
        String[] searchAttributes = null;
        searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
        connection = connectionFactory.getConnection();
        if (connection != null) {
            BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
            BindResult bindResult = connection.bind(request);
            if (bindResult.isSuccess()) {
                String baseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDN(), overrideCertDn);
                LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", baseDN, filter.toString());
                ConnectionEntryReader entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), searchAttributes);
                SearchResultEntry entry;
                while (entryReader.hasNext()) {
                    entry = entryReader.readEntry();
                    for (Claim claim : claims) {
                        URI claimType = claim.getClaimType();
                        String ldapAttribute = getClaimsLdapAttributeMapping().get(claimType.toString());
                        Attribute attr = entry.getAttribute(ldapAttribute);
                        if (attr == null) {
                            LOGGER.trace("Claim '{}' is null", claim.getClaimType());
                        } else {
                            ProcessedClaim c = new ProcessedClaim();
                            c.setClaimType(claimType);
                            c.setPrincipal(principal);
                            for (ByteString value : attr) {
                                String itemValue = value.toString();
                                if (this.isX500FilterEnabled()) {
                                    try {
                                        X500Principal x500p = new X500Principal(itemValue);
                                        itemValue = x500p.getName();
                                        int index = itemValue.indexOf('=');
                                        itemValue = itemValue.substring(index + 1, itemValue.indexOf(',', index));
                                    } catch (Exception ex) {
                                        // Ignore, not X500 compliant thus use the whole
                                        // string as the value
                                        LOGGER.debug("Not X500 compliant", ex);
                                    }
                                }
                                c.addValue(itemValue);
                            }
                            claimsColl.add(c);
                        }
                    }
                }
            } else {
                LOGGER.info("LDAP Connection failed.");
            }
        }
    } catch (LdapException e) {
        LOGGER.info("Cannot connect to server, therefore unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
        LOGGER.debug("Cannot connect to server, therefore unable to set user attributes.", e);
    } catch (SearchResultReferenceIOException e) {
        LOGGER.info("Unable to set user attributes. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information");
        LOGGER.debug("Unable to set user attributes.", e);
    } finally {
        if (connection != null) {
            connection.close();
        }
    }
    return claimsColl;
}
Also used : ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) Attribute(org.forgerock.opendj.ldap.Attribute) ByteString(org.forgerock.opendj.ldap.ByteString) Connection(org.forgerock.opendj.ldap.Connection) ArrayList(java.util.ArrayList) BindRequest(org.forgerock.opendj.ldap.requests.BindRequest) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) URI(java.net.URI) LdapException(org.forgerock.opendj.ldap.LdapException) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) AndFilter(org.springframework.ldap.filter.AndFilter) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) BindResult(org.forgerock.opendj.ldap.responses.BindResult) X500Principal(javax.security.auth.x500.X500Principal) EqualsFilter(org.springframework.ldap.filter.EqualsFilter) LdapException(org.forgerock.opendj.ldap.LdapException) X500Principal(javax.security.auth.x500.X500Principal) Principal(java.security.Principal) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 50 with SearchResultEntry

use of org.forgerock.opendj.ldap.responses.SearchResultEntry in project ddf by codice.

the class RoleClaimsHandlerTest method testRetrieveClaimsValuesNotNullPrincipal.

@Test
public void testRetrieveClaimsValuesNotNullPrincipal() throws LdapException, SearchResultReferenceIOException {
    BindResult bindResult = mock(BindResult.class);
    ClaimsParameters claimsParameters;
    Connection connection = mock(Connection.class);
    ConnectionEntryReader membershipReader = mock(ConnectionEntryReader.class);
    ConnectionEntryReader groupNameReader = mock(ConnectionEntryReader.class);
    LDAPConnectionFactory connectionFactory = PowerMockito.mock(LDAPConnectionFactory.class);
    LinkedAttribute membershipAttribute = new LinkedAttribute("uid");
    LinkedAttribute groupNameAttribute = new LinkedAttribute("cn");
    ProcessedClaimCollection processedClaims;
    RoleClaimsHandler claimsHandler;
    SearchResultEntry membershipSearchResult = mock(SearchResultEntry.class);
    SearchResultEntry groupNameSearchResult = mock(SearchResultEntry.class);
    String groupName = "avengers";
    when(bindResult.isSuccess()).thenReturn(true);
    membershipAttribute.add("tstark");
    when(membershipSearchResult.getAttribute(anyString())).thenReturn(membershipAttribute);
    // hasNext() returns 'true' the first time, then 'false' every time after.
    when(membershipReader.hasNext()).thenReturn(true, false);
    when(membershipReader.readEntry()).thenReturn(membershipSearchResult);
    groupNameAttribute.add(groupName);
    when(groupNameSearchResult.getAttribute(anyString())).thenReturn(groupNameAttribute);
    when(groupNameReader.hasNext()).thenReturn(true, false);
    when(groupNameReader.readEntry()).thenReturn(groupNameSearchResult);
    when(connection.bind(anyObject())).thenReturn(bindResult);
    when(connection.search(anyObject(), anyObject(), eq("(&(objectClass=groupOfNames)(member=uid=tstark,))"), anyVararg())).thenReturn(groupNameReader);
    when(connection.search(anyString(), anyObject(), anyString(), matches("uid"))).thenReturn(membershipReader);
    when(connectionFactory.getConnection()).thenReturn(connection);
    claimsHandler = new RoleClaimsHandler();
    claimsHandler.setLdapConnectionFactory(connectionFactory);
    claimsHandler.setBindMethod("Simple");
    claimsHandler.setBindUserCredentials("foo");
    claimsHandler.setBindUserDN("bar");
    claimsParameters = new ClaimsParameters();
    claimsParameters.setPrincipal(new UserPrincipal(USER_CN));
    ClaimCollection claimCollection = new ClaimCollection();
    processedClaims = claimsHandler.retrieveClaimValues(claimCollection, claimsParameters);
    assertThat(processedClaims, hasSize(1));
    ProcessedClaim claim = processedClaims.get(0);
    assertThat(claim.getPrincipal(), equalTo(new UserPrincipal(USER_CN)));
    assertThat(claim.getValues(), hasSize(1));
    assertThat(claim.getValues().get(0), equalTo(groupName));
}
Also used : ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) Connection(org.forgerock.opendj.ldap.Connection) Matchers.anyString(org.mockito.Matchers.anyString) UserPrincipal(org.apache.karaf.jaas.boot.principal.UserPrincipal) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) BindResult(org.forgerock.opendj.ldap.responses.BindResult) LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Aggregations

SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)55 LdapException (org.forgerock.opendj.ldap.LdapException)43 Connection (org.forgerock.opendj.ldap.Connection)39 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)38 ByteString (org.forgerock.opendj.ldap.ByteString)36 Attribute (org.forgerock.opendj.ldap.Attribute)28 HashSet (java.util.HashSet)22 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)20 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)19 IOException (java.io.IOException)16 PolicyException (com.sun.identity.policy.PolicyException)15 ResultCode (org.forgerock.opendj.ldap.ResultCode)15 SSOException (com.iplanet.sso.SSOException)14 InvalidNameException (com.sun.identity.policy.InvalidNameException)10 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)10 LinkedAttribute (org.forgerock.opendj.ldap.LinkedAttribute)8 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)7 FileNotFoundException (java.io.FileNotFoundException)7 ArrayList (java.util.ArrayList)7 LinkedHashSet (java.util.LinkedHashSet)7