use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class IdRepoUtils method getADAMInstanceGUID.
private static String getADAMInstanceGUID(Map attrValues) throws Exception {
try (ConnectionFactory factory = getLDAPConnection(attrValues);
Connection ld = factory.getConnection()) {
String attrName = "schemaNamingContext";
String[] attrs = { attrName };
ConnectionEntryReader res = ld.search(LDAPRequests.newSearchRequest("", SearchScope.BASE_OBJECT, "(objectclass=*)"));
if (res.hasNext()) {
SearchResultEntry entry = res.readEntry();
Attribute ldapAttr = entry.getAttribute(attrName);
if (ldapAttr != null) {
String value = ldapAttr.firstValueAsString();
int index = value.lastIndexOf("=");
if (index != -1) {
return value.substring(index + 1).trim();
}
}
}
}
return null;
}
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class UmaLabelsStore method query.
private Set<ResourceSetLabel> query(String realm, String username, Filter filter, boolean includeResourceSets) throws ResourceException {
try (Connection connection = getConnection()) {
Set<ResourceSetLabel> result = new HashSet<>();
String[] attrs;
if (includeResourceSets) {
attrs = new String[] { ID_ATTR, NAME_ATTR, TYPE_ATTR, RESOURCE_SET_ATTR };
} else {
attrs = new String[] { ID_ATTR, NAME_ATTR, TYPE_ATTR };
}
ConnectionEntryReader searchResult = connection.search(LDAPRequests.newSearchRequest(getUserDn(realm, username), SearchScope.SUBORDINATES, filter, attrs));
while (searchResult.hasNext()) {
if (searchResult.isReference()) {
debug.warning("Encountered reference {} searching for resource set labels for user {} in realm {}", searchResult.readReference(), username, realm);
} else {
final SearchResultEntry entry = searchResult.readEntry();
result.add(getResourceSetLabel(entry, getResourceSetIds(entry)));
}
}
return result;
} catch (LdapException e) {
if (e.getResult().getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
return Collections.emptySet();
}
throw new InternalServerErrorException("Could not complete search", e);
} catch (SearchResultReferenceIOException e) {
throw new InternalServerErrorException("Shouldn't get a reference as these have been handled", e);
}
}
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class DJLDAPv3Repo method getRoleMembers.
/**
* Returns the DNs of the members of this role. To do that this will execute an LDAP search with a filter looking
* for nsRoleDN=roleDN.
*
* @param dn The DN of the role to query.
* @return The DNs of the members.
* @throws IdRepoException If there is an error while trying to retrieve the role members.
*/
private Set<String> getRoleMembers(String dn) throws IdRepoException {
Set<String> results = new HashSet<String>();
DN roleBase = getBaseDN(IdType.ROLE);
Filter filter = Filter.equality(roleDNAttr, dn);
SearchRequest searchRequest = LDAPRequests.newSearchRequest(roleBase, roleScope, filter, DN_ATTR);
searchRequest.setTimeLimit(defaultTimeLimit);
searchRequest.setSizeLimit(defaultSizeLimit);
Connection conn = null;
try {
conn = connectionFactory.getConnection();
ConnectionEntryReader reader = conn.search(searchRequest);
while (reader.hasNext()) {
if (reader.isEntry()) {
results.add(reader.readEntry().getName().toString());
} else {
//ignore search result references
reader.readReference();
}
}
} catch (LdapException ere) {
DEBUG.error("An error occurred while trying to retrieve filtered role members for " + dn, ere);
handleErrorResult(ere);
} catch (SearchResultReferenceIOException srrioe) {
//should never ever happen...
DEBUG.error("Got reference instead of entry", srrioe);
throw newIdRepoException(IdRepoErrorCode.SEARCH_FAILED, CLASS_NAME);
} finally {
IOUtils.closeIfNotNull(conn);
}
return results;
}
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class DJLDAPv3Repo method getDN.
private String getDN(IdType type, String name, boolean shouldGenerate, String searchAttr) throws IdRepoException {
Object cachedDn = null;
if (dnCacheEnabled) {
cachedDn = dnCache.get(generateDNCacheKey(name, type));
}
if (cachedDn != null) {
return cachedDn.toString();
}
String dn = null;
DN searchBase = getBaseDN(type);
if (shouldGenerate) {
return searchBase.child(getSearchAttribute(type), name).toString();
}
if (searchAttr == null) {
searchAttr = getSearchAttribute(type);
}
Filter filter = Filter.and(Filter.equality(searchAttr, name), getObjectClassFilter(type));
SearchRequest searchRequest = LDAPRequests.newSearchRequest(searchBase, defaultScope, filter, DN_ATTR);
Connection conn = null;
try {
conn = connectionFactory.getConnection();
ConnectionEntryReader reader = conn.search(searchRequest);
SearchResultEntry entry = null;
while (reader.hasNext()) {
if (reader.isEntry()) {
if (entry != null) {
throw newIdRepoException(ResultCode.CLIENT_SIDE_UNEXPECTED_RESULTS_RETURNED, IdRepoErrorCode.LDAP_EXCEPTION_OCCURRED, CLASS_NAME, ResultCode.CLIENT_SIDE_UNEXPECTED_RESULTS_RETURNED.intValue());
}
entry = reader.readEntry();
} else {
//ignore references
reader.readReference();
}
}
if (entry == null) {
DEBUG.message("Unable to find entry with name: " + name + " under searchbase: " + searchBase + " with scope: " + defaultScope);
throw new IdentityNotFoundException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.TYPE_NOT_FOUND, ResultCode.CLIENT_SIDE_NO_RESULTS_RETURNED, new Object[] { name, type.getName() });
}
dn = entry.getName().toString();
} catch (LdapException ere) {
DEBUG.error("An error occurred while querying entry DN", ere);
handleErrorResult(ere);
} catch (SearchResultReferenceIOException srrioe) {
//should never ever happen...
DEBUG.error("Got reference instead of entry", srrioe);
throw newIdRepoException(IdRepoErrorCode.SEARCH_FAILED, CLASS_NAME);
} finally {
IOUtils.closeIfNotNull(conn);
}
if (dnCacheEnabled && !shouldGenerate) {
dnCache.put(generateDNCacheKey(name, type), dn);
}
return dn;
}
use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.
the class DJLDAPv3Repo method getFilteredRoleMembers.
/**
* Returns the DNs of the members of this filtered role. To do that this will execute a read on the filtered role
* entry to get the values of the nsRoleFilter attribute, and then it will perform searches using the retrieved
* filters.
*
* @param dn The DN of the filtered role to query.
* @return The DNs of the members.
* @throws IdRepoException If there is an error while trying to retrieve the filtered role members.
*/
private Set<String> getFilteredRoleMembers(String dn) throws IdRepoException {
Set<String> results = new HashSet<String>();
Connection conn = null;
try {
conn = connectionFactory.getConnection();
SearchResultEntry entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(dn, roleFilterAttr));
Attribute filterAttr = entry.getAttribute(roleFilterAttr);
if (filterAttr != null) {
for (ByteString byteString : filterAttr) {
Filter filter = Filter.valueOf(byteString.toString());
//TODO: would it make sense to OR these filters and run a single search?
SearchRequest searchRequest = LDAPRequests.newSearchRequest(rootSuffix, defaultScope, filter.toString(), DN_ATTR);
searchRequest.setTimeLimit(defaultTimeLimit);
searchRequest.setSizeLimit(defaultSizeLimit);
ConnectionEntryReader reader = conn.search(searchRequest);
while (reader.hasNext()) {
if (reader.isEntry()) {
results.add(reader.readEntry().getName().toString());
} else {
//ignore search result references
reader.readReference();
}
}
}
}
} catch (LdapException ere) {
DEBUG.error("An error occurred while trying to retrieve filtered role members for " + dn, ere);
handleErrorResult(ere);
} catch (SearchResultReferenceIOException srrioe) {
//should never ever happen...
DEBUG.error("Got reference instead of entry", srrioe);
throw newIdRepoException(IdRepoErrorCode.SEARCH_FAILED, CLASS_NAME);
} finally {
IOUtils.closeIfNotNull(conn);
}
return results;
}
Aggregations