Search in sources :

Example 6 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class SMSRepositoryMig method migrate.

private static void migrate(ConnectionFactory factory, String host, int port, String binddn, String pw, String basedn, String flatfiledir) throws Exception {
    // check args
    if (port < 0 || binddn == null || binddn.length() == 0 || pw == null || pw.length() == 0 || basedn == null || basedn.length() == 0 || flatfiledir == null || flatfiledir.length() == 0) {
        throw new IllegalArgumentException("SMSRepositoryMig: One or more invalid " + "arguments in constructor");
    }
    // Create the SMSFlatFileObject
    SMSFlatFileObject smsFlatFileObject = new SMSFlatFileObject();
    try (Connection conn = factory.getConnection()) {
        // Loop through LDAP attributes, create SMS object for each.
        ConnectionEntryReader res = conn.search(LDAPRequests.newSearchRequest("ou=services," + basedn, SearchScope.BASE_OBJECT, "(objectclass=*)", "*"));
        while (res.hasNext()) {
            if (res.isReference()) {
                //ignore
                res.readReference();
                System.out.println("ERROR: LDAP Referral not supported.");
                System.out.println("LDAPReferralException received");
            } else {
                SearchResultEntry entry;
                try {
                    entry = res.readEntry();
                    createSMSEntry(smsFlatFileObject, entry.getName().toString(), entry.getAllAttributes());
                } catch (LdapException e) {
                    System.out.println("ERROR: LDAP Exception encountered: " + e.toString());
                    e.printStackTrace();
                }
            }
        }
    }
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Connection(org.forgerock.opendj.ldap.Connection) LdapException(org.forgerock.opendj.ldap.LdapException) SMSFlatFileObject(com.sun.identity.sm.flatfile.SMSFlatFileObject) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 7 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class LDAPUsers method getUserDN.

/**
     * Gets the DN for a user identified 
     * by the token. If the Directory server is locally installed to speed
     * up the search, no directoty search is performed and the DN obtained
     * from the token is returned. If the directory is remote
     * a LDAP search is performed to get the user DN.
     */
private DN getUserDN(SSOToken token) throws SSOException, PolicyException {
    Set<String> qualifiedUserDNs = new HashSet<>();
    String userLocalDN = token.getPrincipal().getName();
    DN userDN = null;
    if (localDS && !PolicyUtils.principalNameEqualsUuid(token)) {
        userDN = DN.valueOf(userLocalDN);
    } else {
        // try to figure out the user name from the local user DN
        int beginIndex = userLocalDN.indexOf("=");
        int endIndex = userLocalDN.indexOf(",");
        if ((beginIndex <= 0) || (endIndex <= 0) || (beginIndex >= endIndex)) {
            throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_invalid_local_user_dn", null, null));
        }
        String userName = userLocalDN.substring(beginIndex + 1, endIndex);
        String searchFilter = null;
        if ((userSearchFilter != null) && !(userSearchFilter.length() == 0)) {
            searchFilter = "(&" + userSearchFilter + PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled) + ")";
        } else {
            searchFilter = PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled);
        }
        if (debug.messageEnabled()) {
            debug.message("LDAPUsers.getUserDN(): search filter is: " + searchFilter);
        }
        String[] attrs = { userRDNAttrName };
        // search the remote ldap and find out the user DN
        try (Connection ld = connPool.getConnection()) {
            ConnectionEntryReader res = search(searchFilter, ld, attrs);
            while (res.hasNext()) {
                try {
                    SearchResultEntry entry = res.readEntry();
                    qualifiedUserDNs.add(entry.getName().toString());
                } catch (SearchResultReferenceIOException e) {
                    // ignore referrals
                    continue;
                } catch (LdapException e) {
                    String[] objs = { orgName };
                    ResultCode resultCode = e.getResult().getResultCode();
                    if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
                        debug.warning("LDAPUsers.getUserDN(): exceeded the size limit");
                        throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
                    } else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
                        debug.warning("LDAPUsers.getUserDN(): exceeded the time limit");
                        throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
                    } else {
                        throw new PolicyException(e);
                    }
                }
            }
        } catch (LdapException e) {
            throw handleResultException(e);
        } catch (Exception e) {
            throw new PolicyException(e);
        }
        // check if the user belongs to any of the selected users
        if (qualifiedUserDNs.size() > 0) {
            debug.message("LDAPUsers.getUserDN(): qualified users={}", qualifiedUserDNs);
            Iterator<String> iter = qualifiedUserDNs.iterator();
            // we only take the first qualified DN
            userDN = DN.valueOf(iter.next());
        }
    }
    return userDN;
}
Also used : Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 8 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class LDAPUsers method getValidEntries.

/**
     * Returns a set of possible values that satisfy the <code>pattern</code>.
     * The returned <code>ValidValues</code> object contains a set of
     * map of user DN to a map of user's attribute name to a string array of
     * attribute values.
     *
     * @param token Single Sign On token for fetching the possible values.
     * @param pattern Search pattern of which possible values are matched to.
     * @param attributeNames Array of attribute names to be to returned.
     * @return a set of possible values that satify the <code>pattern</code>.
     * @throws SSOException if <code>SSOToken</code> is invalid.
     * @throws PolicyException if there are problems getting these values.
     */
public ValidValues getValidEntries(SSOToken token, String pattern, String[] attributeNames) throws SSOException, PolicyException {
    if (!initialized) {
        throw (new PolicyException(ResBundleUtils.rbName, "ldapusers_subject_not_yet_initialized", null, null));
    }
    Set<Map<String, Map<String, String[]>>> results = new HashSet<>();
    String searchFilter = getSearchFilter(pattern);
    int status = ValidValues.SUCCESS;
    try (Connection ld = connPool.getConnection()) {
        ConnectionEntryReader res = search(searchFilter, ld, attributeNames);
        Map<String, Map<String, String[]>> map = new HashMap<>();
        results.add(map);
        while (res.hasNext()) {
            try {
                SearchResultEntry entry = res.readEntry();
                if (entry != null) {
                    String userDN = entry.getName().toString();
                    map.put(userDN, getUserAttributeValues(entry, attributeNames));
                }
            } catch (SearchResultReferenceIOException lre) {
                // ignore referrals
                continue;
            } catch (LdapException e) {
                ResultCode resultCode = e.getResult().getResultCode();
                if (resultCode.equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidEntries(): exceeded the size limit");
                    status = ValidValues.SIZE_LIMIT_EXCEEDED;
                } else if (resultCode.equals(ResultCode.TIME_LIMIT_EXCEEDED)) {
                    debug.warning("LDAPUsers.getValidEntries(): exceeded the time limit");
                    status = ValidValues.TIME_LIMIT_EXCEEDED;
                } else {
                    throw new PolicyException(e);
                }
            }
        }
    } catch (LdapException e) {
        throw handleResultException(e);
    } catch (Exception e) {
        throw new PolicyException(e);
    }
    return new ValidValues(status, results);
}
Also used : HashMap(java.util.HashMap) ValidValues(com.sun.identity.policy.ValidValues) Connection(org.forgerock.opendj.ldap.Connection) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) HashMap(java.util.HashMap) Map(java.util.Map) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 9 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class Organization method getValidValues.

/**
     * Returns a list of possible values for the <code>Organization
     * </code> that satisfy the given <code>pattern</code>.
     *
     * @param token the <code>SSOToken</code> that will be used
     * to determine the possible values
     * @param pattern search pattern that will be used to narrow
     * the list of valid names.
     *
     * @return <code>ValidValues</code>
     *
     * @exception SSOException if <code>SSOToken</code> is not valid
     * @exception PolicyException if unable to get the list of valid
     * names.
     */
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
    if (!initialized) {
        throw (new PolicyException(ResBundleUtils.rbName, "org_subject_not_yet_initialized", null, null));
    }
    String searchFilter = null;
    if ((pattern != null) && !(pattern.trim().length() == 0)) {
        searchFilter = "(&" + orgSearchFilter + "(" + orgRDNAttrName + "=" + pattern + "))";
    } else {
        searchFilter = orgSearchFilter;
    }
    if (debug.messageEnabled()) {
        debug.message("Organization.getValidValues(): organization search filter is: " + searchFilter);
    }
    String[] attrs = { orgRDNAttrName };
    Set<String> validOrgDNs = new HashSet<>();
    int status = ValidValues.SUCCESS;
    try {
        SearchRequest request = LDAPRequests.newSearchRequest(baseDN, orgSearchScope, searchFilter, attrs);
        try (Connection conn = connPool.getConnection()) {
            // connect to the server to authenticate
            ConnectionEntryReader reader = conn.search(request);
            while (reader.hasNext()) {
                if (reader.isReference()) {
                    //ignore
                    reader.readReference();
                } else {
                    SearchResultEntry entry = reader.readEntry();
                    validOrgDNs.add(entry.getName().toString());
                    debug.message("Organization.getValidValues(): found org name = {}", entry.getName().toString());
                }
            }
        }
    } catch (LdapException le) {
        ResultCode resultCode = le.getResult().getResultCode();
        if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("Organization.getValidValues(): exceeded the size limit");
            status = ValidValues.SIZE_LIMIT_EXCEEDED;
        } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
            debug.warning("Organization.getValidValues(): exceeded the time limit");
            status = ValidValues.TIME_LIMIT_EXCEEDED;
        } else {
            if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
                throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
            } else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
                String[] objs = { baseDN };
                throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_base_dn", objs, null);
            }
            String errorMsg = le.getMessage();
            String additionalMsg = le.getResult().getDiagnosticMessage();
            if (additionalMsg != null) {
                throw new PolicyException(errorMsg + ": " + additionalMsg);
            } else {
                throw new PolicyException(errorMsg);
            }
        }
    } catch (Exception e) {
        throw new PolicyException(e);
    }
    if (debug.messageEnabled()) {
        debug.message("Organization.getValidValues(): return set= {}", validOrgDNs.toString());
    }
    return new ValidValues(status, validOrgDNs);
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ValidValues(com.sun.identity.policy.ValidValues) Connection(org.forgerock.opendj.ldap.Connection) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 10 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class Organization method getUserDN.

/**
     * Gets the DN for a user identified 
     * by the token. If the Directory server is locally installed to speed
     * up the search, no directoty search is performed and the DN obtained
     * from the token is returned. If the directory is remote
     * a LDAP search is performed to get the user DN.
     */
private DN getUserDN(SSOToken token) throws SSOException, PolicyException {
    DN userDN = null;
    Set<String> qualifiedUserDNs = new HashSet<>();
    String userLocalDN = token.getPrincipal().getName();
    if (localDS && !PolicyUtils.principalNameEqualsUuid(token)) {
        userDN = DN.valueOf(userLocalDN);
    } else {
        // try to figure out the user name from the local user DN
        int beginIndex = userLocalDN.indexOf("=");
        int endIndex = userLocalDN.indexOf(",");
        if ((beginIndex <= 0) || (endIndex <= 0) || (beginIndex >= endIndex)) {
            throw (new PolicyException(ResBundleUtils.rbName, "org_subject_invalid_local_user_dn", null, null));
        }
        String userName = userLocalDN.substring(beginIndex + 1, endIndex);
        String searchFilter = null;
        if ((userSearchFilter != null) && !(userSearchFilter.length() == 0)) {
            searchFilter = "(&" + userSearchFilter + PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled) + ")";
        } else {
            searchFilter = PolicyUtils.constructUserFilter(token, userRDNAttrName, userName, aliasEnabled);
        }
        if (debug.messageEnabled()) {
            debug.message("Organization.getUserDN(): search filter is: " + searchFilter);
        }
        String[] attrs = { userRDNAttrName };
        // search the remote ldap and find out the user DN          
        try (Connection conn = connPool.getConnection()) {
            SearchRequest request = LDAPRequests.newSearchRequest(baseDN, userSearchScope, searchFilter, attrs);
            ConnectionEntryReader reader = conn.search(request);
            while (reader.hasNext()) {
                if (reader.isReference()) {
                    //ignore
                    reader.readReference();
                } else {
                    SearchResultEntry entry = reader.readEntry();
                    if (entry != null) {
                        qualifiedUserDNs.add(entry.getName().toString());
                    }
                }
            }
        } catch (LdapException le) {
            String[] objs = { orgName };
            ResultCode resultCode = le.getResult().getResultCode();
            if (ResultCode.SIZE_LIMIT_EXCEEDED.equals(resultCode)) {
                debug.warning("Organization.getUserDN(): exceeded the size limit");
                throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_size_limit", objs, null);
            } else if (ResultCode.TIME_LIMIT_EXCEEDED.equals(resultCode)) {
                debug.warning("Organization.getUserDN(): exceeded the time limit");
                throw new PolicyException(ResBundleUtils.rbName, "ldap_search_exceed_time_limit", objs, null);
            } else {
                if (ResultCode.INVALID_CREDENTIALS.equals(resultCode)) {
                    throw new PolicyException(ResBundleUtils.rbName, "ldap_invalid_password", null, null);
                } else if (ResultCode.NO_SUCH_OBJECT.equals(resultCode)) {
                    objs = new String[] { baseDN };
                    throw new PolicyException(ResBundleUtils.rbName, "no_such_ldap_base_dn", objs, null);
                }
                String errorMsg = le.getMessage();
                String additionalMsg = le.getResult().getDiagnosticMessage();
                if (additionalMsg != null) {
                    throw new PolicyException(errorMsg + ": " + additionalMsg);
                } else {
                    throw new PolicyException(errorMsg);
                }
            }
        } catch (Exception e) {
            throw new PolicyException(e);
        }
        if (qualifiedUserDNs.size() > 0) {
            if (debug.messageEnabled()) {
                debug.message("Organization.getUserDN(): qualified users=" + qualifiedUserDNs);
            }
            Iterator iter = qualifiedUserDNs.iterator();
            // we only take the first qualified DN
            userDN = DN.valueOf((String) iter.next());
        }
    }
    return userDN;
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) LdapException(org.forgerock.opendj.ldap.LdapException) NameNotFoundException(com.sun.identity.policy.NameNotFoundException) PolicyException(com.sun.identity.policy.PolicyException) InvalidNameException(com.sun.identity.policy.InvalidNameException) SSOException(com.iplanet.sso.SSOException) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) PolicyException(com.sun.identity.policy.PolicyException) Iterator(java.util.Iterator) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Aggregations

ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)48 LdapException (org.forgerock.opendj.ldap.LdapException)38 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)38 Connection (org.forgerock.opendj.ldap.Connection)35 ByteString (org.forgerock.opendj.ldap.ByteString)26 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)26 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)19 ResultCode (org.forgerock.opendj.ldap.ResultCode)18 HashSet (java.util.HashSet)17 Attribute (org.forgerock.opendj.ldap.Attribute)16 PolicyException (com.sun.identity.policy.PolicyException)12 SSOException (com.iplanet.sso.SSOException)11 IOException (java.io.IOException)10 InvalidNameException (com.sun.identity.policy.InvalidNameException)9 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)9 SMSException (com.sun.identity.sm.SMSException)7 ArrayList (java.util.ArrayList)7 LinkedHashSet (java.util.LinkedHashSet)7 DN (org.forgerock.opendj.ldap.DN)7 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)5