Search in sources :

Example 16 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class IdRepoUtils method getADAMInstanceGUID.

private static String getADAMInstanceGUID(Map attrValues) throws Exception {
    try (ConnectionFactory factory = getLDAPConnection(attrValues);
        Connection ld = factory.getConnection()) {
        String attrName = "schemaNamingContext";
        String[] attrs = { attrName };
        ConnectionEntryReader res = ld.search(LDAPRequests.newSearchRequest("", SearchScope.BASE_OBJECT, "(objectclass=*)"));
        if (res.hasNext()) {
            SearchResultEntry entry = res.readEntry();
            Attribute ldapAttr = entry.getAttribute(attrName);
            if (ldapAttr != null) {
                String value = ldapAttr.firstValueAsString();
                int index = value.lastIndexOf("=");
                if (index != -1) {
                    return value.substring(index + 1).trim();
                }
            }
        }
    }
    return null;
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory) LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory) Attribute(org.forgerock.opendj.ldap.Attribute) Connection(org.forgerock.opendj.ldap.Connection) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 17 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class UmaLabelsStore method query.

private Set<ResourceSetLabel> query(String realm, String username, Filter filter, boolean includeResourceSets) throws ResourceException {
    try (Connection connection = getConnection()) {
        Set<ResourceSetLabel> result = new HashSet<>();
        String[] attrs;
        if (includeResourceSets) {
            attrs = new String[] { ID_ATTR, NAME_ATTR, TYPE_ATTR, RESOURCE_SET_ATTR };
        } else {
            attrs = new String[] { ID_ATTR, NAME_ATTR, TYPE_ATTR };
        }
        ConnectionEntryReader searchResult = connection.search(LDAPRequests.newSearchRequest(getUserDn(realm, username), SearchScope.SUBORDINATES, filter, attrs));
        while (searchResult.hasNext()) {
            if (searchResult.isReference()) {
                debug.warning("Encountered reference {} searching for resource set labels for user {} in realm {}", searchResult.readReference(), username, realm);
            } else {
                final SearchResultEntry entry = searchResult.readEntry();
                result.add(getResourceSetLabel(entry, getResourceSetIds(entry)));
            }
        }
        return result;
    } catch (LdapException e) {
        if (e.getResult().getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
            return Collections.emptySet();
        }
        throw new InternalServerErrorException("Could not complete search", e);
    } catch (SearchResultReferenceIOException e) {
        throw new InternalServerErrorException("Shouldn't get a reference as these have been handled", e);
    }
}
Also used : ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Connection(org.forgerock.opendj.ldap.Connection) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) HashSet(java.util.HashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 18 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class DJLDAPv3Repo method getRoleMembers.

/**
     * Returns the DNs of the members of this role. To do that this will execute an LDAP search with a filter looking
     * for nsRoleDN=roleDN.
     *
     * @param dn The DN of the role to query.
     * @return The DNs of the members.
     * @throws IdRepoException If there is an error while trying to retrieve the role members.
     */
private Set<String> getRoleMembers(String dn) throws IdRepoException {
    Set<String> results = new HashSet<String>();
    DN roleBase = getBaseDN(IdType.ROLE);
    Filter filter = Filter.equality(roleDNAttr, dn);
    SearchRequest searchRequest = LDAPRequests.newSearchRequest(roleBase, roleScope, filter, DN_ATTR);
    searchRequest.setTimeLimit(defaultTimeLimit);
    searchRequest.setSizeLimit(defaultSizeLimit);
    Connection conn = null;
    try {
        conn = connectionFactory.getConnection();
        ConnectionEntryReader reader = conn.search(searchRequest);
        while (reader.hasNext()) {
            if (reader.isEntry()) {
                results.add(reader.readEntry().getName().toString());
            } else {
                //ignore search result references
                reader.readReference();
            }
        }
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while trying to retrieve filtered role members for " + dn, ere);
        handleErrorResult(ere);
    } catch (SearchResultReferenceIOException srrioe) {
        //should never ever happen...
        DEBUG.error("Got reference instead of entry", srrioe);
        throw newIdRepoException(IdRepoErrorCode.SEARCH_FAILED, CLASS_NAME);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
    return results;
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Filter(org.forgerock.opendj.ldap.Filter) Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 19 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class DJLDAPv3Repo method getDN.

private String getDN(IdType type, String name, boolean shouldGenerate, String searchAttr) throws IdRepoException {
    Object cachedDn = null;
    if (dnCacheEnabled) {
        cachedDn = dnCache.get(generateDNCacheKey(name, type));
    }
    if (cachedDn != null) {
        return cachedDn.toString();
    }
    String dn = null;
    DN searchBase = getBaseDN(type);
    if (shouldGenerate) {
        return searchBase.child(getSearchAttribute(type), name).toString();
    }
    if (searchAttr == null) {
        searchAttr = getSearchAttribute(type);
    }
    Filter filter = Filter.and(Filter.equality(searchAttr, name), getObjectClassFilter(type));
    SearchRequest searchRequest = LDAPRequests.newSearchRequest(searchBase, defaultScope, filter, DN_ATTR);
    Connection conn = null;
    try {
        conn = connectionFactory.getConnection();
        ConnectionEntryReader reader = conn.search(searchRequest);
        SearchResultEntry entry = null;
        while (reader.hasNext()) {
            if (reader.isEntry()) {
                if (entry != null) {
                    throw newIdRepoException(ResultCode.CLIENT_SIDE_UNEXPECTED_RESULTS_RETURNED, IdRepoErrorCode.LDAP_EXCEPTION_OCCURRED, CLASS_NAME, ResultCode.CLIENT_SIDE_UNEXPECTED_RESULTS_RETURNED.intValue());
                }
                entry = reader.readEntry();
            } else {
                //ignore references
                reader.readReference();
            }
        }
        if (entry == null) {
            DEBUG.message("Unable to find entry with name: " + name + " under searchbase: " + searchBase + " with scope: " + defaultScope);
            throw new IdentityNotFoundException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.TYPE_NOT_FOUND, ResultCode.CLIENT_SIDE_NO_RESULTS_RETURNED, new Object[] { name, type.getName() });
        }
        dn = entry.getName().toString();
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while querying entry DN", ere);
        handleErrorResult(ere);
    } catch (SearchResultReferenceIOException srrioe) {
        //should never ever happen...
        DEBUG.error("Got reference instead of entry", srrioe);
        throw newIdRepoException(IdRepoErrorCode.SEARCH_FAILED, CLASS_NAME);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
    if (dnCacheEnabled && !shouldGenerate) {
        dnCache.put(generateDNCacheKey(name, type), dn);
    }
    return dn;
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Filter(org.forgerock.opendj.ldap.Filter) Connection(org.forgerock.opendj.ldap.Connection) DN(org.forgerock.opendj.ldap.DN) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Example 20 with ConnectionEntryReader

use of org.forgerock.opendj.ldif.ConnectionEntryReader in project OpenAM by OpenRock.

the class DJLDAPv3Repo method getFilteredRoleMembers.

/**
     * Returns the DNs of the members of this filtered role. To do that this will execute a read on the filtered role
     * entry to get the values of the nsRoleFilter attribute, and then it will perform searches using the retrieved
     * filters.
     *
     * @param dn The DN of the filtered role to query.
     * @return The DNs of the members.
     * @throws IdRepoException If there is an error while trying to retrieve the filtered role members.
     */
private Set<String> getFilteredRoleMembers(String dn) throws IdRepoException {
    Set<String> results = new HashSet<String>();
    Connection conn = null;
    try {
        conn = connectionFactory.getConnection();
        SearchResultEntry entry = conn.searchSingleEntry(LDAPRequests.newSingleEntrySearchRequest(dn, roleFilterAttr));
        Attribute filterAttr = entry.getAttribute(roleFilterAttr);
        if (filterAttr != null) {
            for (ByteString byteString : filterAttr) {
                Filter filter = Filter.valueOf(byteString.toString());
                //TODO: would it make sense to OR these filters and run a single search?
                SearchRequest searchRequest = LDAPRequests.newSearchRequest(rootSuffix, defaultScope, filter.toString(), DN_ATTR);
                searchRequest.setTimeLimit(defaultTimeLimit);
                searchRequest.setSizeLimit(defaultSizeLimit);
                ConnectionEntryReader reader = conn.search(searchRequest);
                while (reader.hasNext()) {
                    if (reader.isEntry()) {
                        results.add(reader.readEntry().getName().toString());
                    } else {
                        //ignore search result references
                        reader.readReference();
                    }
                }
            }
        }
    } catch (LdapException ere) {
        DEBUG.error("An error occurred while trying to retrieve filtered role members for " + dn, ere);
        handleErrorResult(ere);
    } catch (SearchResultReferenceIOException srrioe) {
        //should never ever happen...
        DEBUG.error("Got reference instead of entry", srrioe);
        throw newIdRepoException(IdRepoErrorCode.SEARCH_FAILED, CLASS_NAME);
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
    return results;
}
Also used : SearchRequest(org.forgerock.opendj.ldap.requests.SearchRequest) ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader) Attribute(org.forgerock.opendj.ldap.Attribute) LinkedAttribute(org.forgerock.opendj.ldap.LinkedAttribute) Filter(org.forgerock.opendj.ldap.Filter) ByteString(org.forgerock.opendj.ldap.ByteString) Connection(org.forgerock.opendj.ldap.Connection) ByteString(org.forgerock.opendj.ldap.ByteString) SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException) LdapException(org.forgerock.opendj.ldap.LdapException) CaseInsensitiveHashSet(com.sun.identity.common.CaseInsensitiveHashSet) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)

Aggregations

ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)48 LdapException (org.forgerock.opendj.ldap.LdapException)38 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)38 Connection (org.forgerock.opendj.ldap.Connection)35 ByteString (org.forgerock.opendj.ldap.ByteString)26 SearchRequest (org.forgerock.opendj.ldap.requests.SearchRequest)26 SearchResultReferenceIOException (org.forgerock.opendj.ldap.SearchResultReferenceIOException)19 ResultCode (org.forgerock.opendj.ldap.ResultCode)18 HashSet (java.util.HashSet)17 Attribute (org.forgerock.opendj.ldap.Attribute)16 PolicyException (com.sun.identity.policy.PolicyException)12 SSOException (com.iplanet.sso.SSOException)11 IOException (java.io.IOException)10 InvalidNameException (com.sun.identity.policy.InvalidNameException)9 NameNotFoundException (com.sun.identity.policy.NameNotFoundException)9 SMSException (com.sun.identity.sm.SMSException)7 ArrayList (java.util.ArrayList)7 LinkedHashSet (java.util.LinkedHashSet)7 DN (org.forgerock.opendj.ldap.DN)7 CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)5