Examples with UnknownSchemaElementException org.forgerock.opendj.ldap.schema.UnknownSchemaElementException used on opensource projects

Example 1 with UnknownSchemaElementException

use of org.forgerock.opendj.ldap.schema.UnknownSchemaElementException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method unassignService.

/**
     * Unassigns a service from the provided identity.
     * In case of a USER this will traverse through all the existing user attributes and will remove those that are
     * currently present in the entry. This will also remove the objectclass corresponding to the service.
     * In case of a REALM this will remove the service from the locally cached serviceMap, and will notify the
     * registered {@link IdRepoListener}.
     *
     * @param token Not used.
     * @param type The type of the identity, this should be always USER or REALM.
     * @param name The name of the identity. Only used when identity type is USER.
     * @param serviceName The name of the service to remove from the identity.
     * @param attrMap Holds the objectclasses relevant for this service removal.
     * @throws IdRepoException If the identity type was invalid or if there was an error while removing the service.
     */
@Override
@SuppressWarnings("rawtypes")
public void unassignService(SSOToken token, IdType type, String name, String serviceName, Map<String, Set<String>> attrMap) throws IdRepoException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("unassignService invoked");
    }
    if (type.equals(IdType.USER)) {
        Set<String> removeOCs = attrMap.get(OBJECT_CLASS_ATTR);
        if (removeOCs != null) {
            Schema dirSchema = getSchema();
            Map attrs = new CaseInsensitiveHashMap();
            for (String oc : removeOCs) {
                try {
                    ObjectClass oc2 = dirSchema.getObjectClass(oc);
                    for (AttributeType optional : oc2.getOptionalAttributes()) {
                        attrs.put(optional.getNameOrOID(), Collections.EMPTY_SET);
                    }
                    for (AttributeType required : oc2.getRequiredAttributes()) {
                        attrs.put(required.getNameOrOID(), Collections.EMPTY_SET);
                    }
                } catch (UnknownSchemaElementException usee) {
                    DEBUG.error("Unable to unassign " + serviceName + " service from identity: " + name, usee);
                    throw newIdRepoException(IdRepoErrorCode.UNABLE_GET_SERVICE_SCHEMA, serviceName);
                }
            }
            Set<String> requestedAttrs = new CaseInsensitiveHashSet(attrs.keySet());
            //if the service objectclass is auxiliary (which it should be), then the objectclass attribute may not
            //be present if top is not defined as superior class.
            requestedAttrs.add(OBJECT_CLASS_ATTR);
            Map<String, Set<String>> attributes = new CaseInsensitiveHashMap(getAttributes(token, type, name, requestedAttrs));
            Set<String> OCValues = new CaseInsensitiveHashSet(attributes.get(OBJECT_CLASS_ATTR));
            OCValues.removeAll(removeOCs);
            attrs.put(OBJECT_CLASS_ATTR, OCValues);
            //implementing retainAll here for CaseInsensitiveHashMap's keySet
            for (String string : (Set<String>) attrs.keySet()) {
                if (!attributes.containsKey(string)) {
                    attrs.remove(string);
                }
            }
            setAttributes(token, type, name, attrs, false, true, false);
        }
    } else if (type.equals(IdType.REALM)) {
        if (serviceName != null && !serviceName.isEmpty()) {
            serviceMap.remove(serviceName);
        }
        if (idRepoListener != null) {
            idRepoListener.setServiceAttributes(serviceName, serviceMap);
        }
    } else {
        throw new IdRepoUnsupportedOpException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.SERVICES_NOT_SUPPORTED_FOR_AGENTS_AND_GROUPS, new Object[] { CLASS_NAME });
    }
}

Example 2 with UnknownSchemaElementException

use of org.forgerock.opendj.ldap.schema.UnknownSchemaElementException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method setAttributes.

/**
     * Sets the provided attributes (string or binary) for the given identity. The following steps will be performed
     * prior to modification:
     * <ul>
     *  <li>The password will be encoded in case we are dealing with AD.</li>
     *  <li>Anything related to undefined attributes will be ignored.</li>
     *  <li>If the attribute map contains the default status attribute, then it will be converted to the status value
     *      specified in the configuration.</li>
     *  <li>In case changeOCs is set to <code>true</code>, the method will traverse through all the defined
     *      objectclasses to see if there is any attribute in the attributes map that is defined by that objectclass.
     *      These objectclasses will be collected and will be part of the modificationset with the other changes.</li>
     * </ul>
     * The attributes will be translated to modifications based on the followings:
     * <ul>
     *  <li>If the attribute has no values in the map, it will be considered as an attribute DELETE.</li>
     *  <li>In any other case based on the value of isAdd parameter, it will be either ADD, or REPLACE.</li>
     * </ul>
     *
     * @param token Not used.
     * @param type The type of the identity.
     * @param name The name of the identity.
     * @param attributes The attributes that needs to be set for the entry.
     * @param isAdd <code>true</code> if the attributes should be ADDed, <code>false</code> if the attributes should be
     * REPLACEd instead.
     * @param isString Whether the provided attributes are in string or binary format.
     * @param changeOCs Whether the module should adjust the objectclasses for the entry or not.
     * @throws IdRepoException Can be thrown in the following cases:
     * <ul>
     *  <li>the identity cannot be found,</li>
     *  <li>there was a problem while retrieving the current user status from the directory (AD),</li>
     *  <li>there are no modifications to actually perform,</li>
     *  <li>there was an error while retrieving the objectClass attribute,</li>
     *  <li>there was an error while trying to read the directory schema,</li>
     *  <li>there was an error while trying to perform the modifications.</li>
     * </ul>
     */
private void setAttributes(SSOToken token, IdType type, String name, Map attributes, boolean isAdd, boolean isString, boolean changeOCs) throws IdRepoException {
    ModifyRequest modifyRequest = LDAPRequests.newModifyRequest(getDN(type, name));
    attributes = removeUndefinedAttributes(type, attributes);
    if (type.equals(IdType.USER)) {
        Object status = attributes.get(DEFAULT_USER_STATUS_ATTR);
        if (status != null && !attributes.containsKey(userStatusAttr)) {
            String value = null;
            if (status instanceof Set) {
                value = ((Set<String>) status).iterator().next();
            } else if (status instanceof byte[][]) {
                value = new String(((byte[][]) status)[0], Charset.forName("UTF-8"));
            }
            value = helper.getStatus(this, name, !STATUS_INACTIVE.equals(value), userStatusAttr, activeValue, inactiveValue);
            attributes.remove(DEFAULT_USER_STATUS_ATTR);
            if (isString) {
                attributes.put(userStatusAttr, asSet(value));
            } else {
                byte[][] binValue = new byte[1][];
                binValue[0] = value.getBytes(Charset.forName("UTF-8"));
                attributes.put(userStatusAttr, binValue);
            }
        }
    }
    for (Map.Entry<String, Object> entry : (Set<Map.Entry<String, Object>>) attributes.entrySet()) {
        Object values = entry.getValue();
        String attrName = entry.getKey();
        Attribute attr = new LinkedAttribute(attrName);
        if (AD_UNICODE_PWD_ATTR.equalsIgnoreCase(attrName)) {
            if (values instanceof byte[][]) {
                attr.add(ByteString.valueOfBytes(helper.encodePassword(IdType.USER, (byte[][]) values)));
            } else {
                attr.add(ByteString.valueOfBytes(helper.encodePassword(IdType.USER, (Set) values)));
            }
        } else if (values instanceof byte[][]) {
            for (byte[] bytes : (byte[][]) values) {
                attr.add(ByteString.valueOfBytes(bytes));
            }
        } else if (values instanceof Set) {
            for (String value : (Set<String>) values) {
                attr.add(value);
            }
        }
        if (attr.isEmpty()) {
            modifyRequest.addModification(new Modification(ModificationType.REPLACE, attr));
        } else {
            modifyRequest.addModification(new Modification(isAdd ? ModificationType.ADD : ModificationType.REPLACE, attr));
        }
    }
    if (modifyRequest.getModifications().isEmpty()) {
        if (DEBUG.messageEnabled()) {
            DEBUG.message("setAttributes: there are no modifications to perform");
        }
        throw newIdRepoException(IdRepoErrorCode.ILLEGAL_ARGUMENTS);
    }
    if (type.equals(IdType.USER) && changeOCs) {
        Set<String> missingOCs = new CaseInsensitiveHashSet();
        Map<String, Set<String>> attrs = getAttributes(token, type, name, asSet(OBJECT_CLASS_ATTR));
        Set<String> ocs = attrs.get(OBJECT_CLASS_ATTR);
        //to missingOCs
        if (ocs != null) {
            missingOCs.addAll(getObjectClasses(type));
            missingOCs.removeAll(ocs);
        }
        //if the missingOCs is not empty (i.e. there are objectclasses that are not present in the entry yet)
        if (!missingOCs.isEmpty()) {
            Object obj = attributes.get(OBJECT_CLASS_ATTR);
            //if the API user has also added some of his objectclasses, then let's remove those from missingOCs
            if (obj != null && obj instanceof Set) {
                missingOCs.removeAll((Set<String>) obj);
            }
            //for every single objectclass that needs to be added, let's check if they contain an attribute that we
            //wanted to add to the entry.
            Set<String> newOCs = new HashSet<String>(2);
            Schema dirSchema = getSchema();
            for (String objectClass : missingOCs) {
                try {
                    ObjectClass oc = dirSchema.getObjectClass(objectClass);
                    //we should never add new structural objectclasses, see RFC 4512
                    if (!oc.getObjectClassType().equals(ObjectClassType.STRUCTURAL)) {
                        for (String attrName : (Set<String>) attributes.keySet()) {
                            //before we start to add too many objectclasses here...
                            if (!attrName.equalsIgnoreCase(OBJECT_CLASS_ATTR) && oc.isRequiredOrOptional(dirSchema.getAttributeType(attrName))) {
                                newOCs.add(objectClass);
                                break;
                            }
                        }
                    }
                } catch (UnknownSchemaElementException usee) {
                    if (DEBUG.warningEnabled()) {
                        DEBUG.warning("Unable to find a schema element: " + usee.getMessage());
                    }
                }
            }
            missingOCs = newOCs;
            //it is possible that none of the missing objectclasses are actually covering any new attributes
            if (!missingOCs.isEmpty()) {
                //based on these let's add the extra objectclasses to the modificationset
                modifyRequest.addModification(new Modification(ModificationType.ADD, new LinkedAttribute(OBJECT_CLASS_ATTR, missingOCs)));
            }
        }
    }
    Connection conn = null;
    try {
        conn = connectionFactory.getConnection();
        conn.modify(modifyRequest);
    } catch (LdapException ere) {
        DEBUG.error("An error occured while setting attributes for identity: " + name, ere);
        handleErrorResult(ere);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
}