Example 11 with Options
use of org.forgerock.util.Options in project OpenAM by OpenRock.
the class DataLayer method changePassword.
/**
* Changes user password.
*
* @param guid globally unique identifier for the entry.
* @param attrName password attribute name
* @param oldPassword old password
* @param newPassword new password
* @exception AccessRightsException if insufficient access
* @exception EntryNotFoundException if the entry is not found.
* @exception UMSException if failure
*
* @supported.api
*/
public void changePassword(Guid guid, String attrName, String oldPassword, String newPassword) throws UMSException {
Modification modification = new Modification(ModificationType.REPLACE, Attributes.singletonAttribute(attrName, newPassword));
String id = guid.getDn();
try {
DSConfigMgr dsCfg = DSConfigMgr.getDSConfigMgr();
String hostAndPort = dsCfg.getHostName("default");
// All connections will use authentication
SimpleBindRequest bindRequest = LDAPRequests.newSimpleBindRequest(id, oldPassword.toCharArray());
Options options = Options.defaultOptions().set(AUTHN_BIND_REQUEST, bindRequest);
try (ConnectionFactory factory = new LDAPConnectionFactory(hostAndPort, 389, options)) {
Connection ldc = factory.getConnection();
ldc.modify(LDAPRequests.newModifyRequest(id).addModification(modification));
} catch (LdapException ldex) {
if (debug.warningEnabled()) {
debug.warning("DataLayer.changePassword:", ldex);
}
ResultCode errorCode = ldex.getResult().getResultCode();
if (ResultCode.NO_SUCH_OBJECT.equals(errorCode)) {
throw new EntryNotFoundException(id, ldex);
} else if (ResultCode.INSUFFICIENT_ACCESS_RIGHTS.equals(errorCode)) {
throw new AccessRightsException(id, ldex);
} else {
throw new UMSException(id, ldex);
}
}
} catch (LDAPServiceException ex) {
debug.error("DataLayer.changePassword:", ex);
throw new UMSException(id, ex);
}
}
Also used :
Modification(org.forgerock.opendj.ldap.Modification)
Options(org.forgerock.util.Options)
Connection(org.forgerock.opendj.ldap.Connection)
DSConfigMgr(com.iplanet.services.ldap.DSConfigMgr)
ByteString(org.forgerock.opendj.ldap.ByteString)
SimpleBindRequest(org.forgerock.opendj.ldap.requests.SimpleBindRequest)
ConnectionFactory(org.forgerock.opendj.ldap.ConnectionFactory)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
LDAPServiceException(com.iplanet.services.ldap.LDAPServiceException)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
LdapException(org.forgerock.opendj.ldap.LdapException)
ResultCode(org.forgerock.opendj.ldap.ResultCode)
Example 12 with Options
use of org.forgerock.util.Options in project OpenAM by OpenRock.
the class UserIdRepo method getLDAPConnection.
private Connection getLDAPConnection(Map userRepo) throws Exception {
String userSSLStore = (String) userRepo.get(SetupConstants.USER_STORE_SSL);
// All connections will use authentication.
SimpleBindRequest request = LDAPRequests.newSimpleBindRequest(getBindDN(userRepo), getBindPassword(userRepo).toCharArray());
Options options = Options.defaultOptions().set(REQUEST_TIMEOUT, new Duration((long) 3, TimeUnit.SECONDS)).set(AUTHN_BIND_REQUEST, request);
if (userSSLStore != null && userSSLStore.equals("SSL")) {
options = options.set(SSL_CONTEXT, SSLContext.getDefault());
}
return getConnectionFactory(getHost(userRepo), Integer.parseInt(getPort(userRepo)), options).getConnection();
}
Also used :
Options(org.forgerock.util.Options)
SimpleBindRequest(org.forgerock.opendj.ldap.requests.SimpleBindRequest)
Duration(org.forgerock.util.time.Duration)
Example 13 with Options
use of org.forgerock.util.Options in project OpenAM by OpenRock.
the class LDAPRoles method initialize.
/**
* Initialize the LDAPGroup object by using the configuration
* information passed by the Policy Framework.
* @param configParams the configuration information
* @exception PolicyException if an error occured during
* initialization of the instance
*/
public void initialize(Map configParams) throws PolicyException {
if (configParams == null) {
throw (new PolicyException(ResBundleUtils.rbName, "ldaproles_initialization_failed", null, null));
}
String configuredLdapServer = (String) configParams.get(PolicyConfig.LDAP_SERVER);
if (configuredLdapServer == null) {
debug.error("LDAPRoles.initialize(): failed to get LDAP " + "server name. If you enter more than one server name " + "in the policy config service's Primary LDAP Server " + "field, please make sure the ldap server name is preceded " + "with the local server name.");
throw (new PolicyException(ResBundleUtils.rbName, "invalid_ldap_server_host", null, null));
}
ldapServer = configuredLdapServer.toLowerCase();
localDS = PolicyUtils.isLocalDS(ldapServer);
aliasEnabled = Boolean.valueOf((String) configParams.get(PolicyConfig.USER_ALIAS_ENABLED)).booleanValue();
authid = (String) configParams.get(PolicyConfig.LDAP_BIND_DN);
authpw = (String) configParams.get(PolicyConfig.LDAP_BIND_PASSWORD);
if (authpw != null) {
authpw = PolicyUtils.decrypt(authpw);
}
baseDN = (String) configParams.get(PolicyConfig.LDAP_BASE_DN);
roleSearchFilter = (String) configParams.get(PolicyConfig.LDAP_ROLES_SEARCH_FILTER);
String scope = (String) configParams.get(PolicyConfig.LDAP_ROLES_SEARCH_SCOPE);
if (scope.equalsIgnoreCase(LDAP_SCOPE_BASE)) {
roleSearchScope = SearchScope.BASE_OBJECT;
} else if (scope.equalsIgnoreCase(LDAP_SCOPE_ONE)) {
roleSearchScope = SearchScope.SINGLE_LEVEL;
} else {
roleSearchScope = SearchScope.WHOLE_SUBTREE;
}
roleRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_ROLES_SEARCH_ATTRIBUTE);
userSearchFilter = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_FILTER);
scope = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_SCOPE);
userSearchScope = LDAPUtils.getSearchScope(scope, SearchScope.WHOLE_SUBTREE);
userRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_USER_SEARCH_ATTRIBUTE);
try {
timeLimit = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_TIME_OUT));
maxResults = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_LIMIT));
minPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MIN_SIZE));
maxPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MAX_SIZE));
} catch (NumberFormatException nfe) {
throw (new PolicyException(nfe));
}
String ssl = (String) configParams.get(PolicyConfig.LDAP_SSL_ENABLED);
if (ssl.equalsIgnoreCase("true")) {
sslEnabled = true;
} else {
sslEnabled = false;
}
// get the organization name
Set orgNameSet = (Set) configParams.get(PolicyManager.ORGANIZATION_NAME);
if ((orgNameSet != null) && (!orgNameSet.isEmpty())) {
Iterator items = orgNameSet.iterator();
orgName = (String) items.next();
}
if (debug.messageEnabled()) {
debug.message("LDAPRoles.initialize(): getting params" + "\nldapServer: " + ldapServer + "\nauthid: " + authid + "\nbaseDN: " + baseDN + "\nroleSearchFilter: " + roleSearchFilter + "\nroleRDNAttrName: " + roleRDNAttrName + "\nuserSearchFilter: " + userSearchFilter + "\nuserRDNAttrName: " + userRDNAttrName + "\ntimeLimit: " + timeLimit + "\nmaxResults: " + maxResults + "\nminPoolSize: " + minPoolSize + "\nmaxPoolSize: " + maxPoolSize + "\nSSLEnabled: " + sslEnabled + "\nOrgName: " + orgName);
}
// initialize the connection pool for the ldap server
Options options = Options.defaultOptions().set(REQUEST_TIMEOUT, new Duration((long) timeLimit, TimeUnit.MILLISECONDS));
LDAPConnectionPools.initConnectionPool(ldapServer, authid, authpw, sslEnabled, minPoolSize, maxPoolSize, options);
connPool = LDAPConnectionPools.getConnectionPool(ldapServer);
initialized = true;
}
Also used :
Options(org.forgerock.util.Options)
HashSet(java.util.HashSet)
Set(java.util.Set)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
Duration(org.forgerock.util.time.Duration)
ByteString(org.forgerock.opendj.ldap.ByteString)
Example 14 with Options
use of org.forgerock.util.Options in project OpenAM by OpenRock.
the class LDAPGroups method initialize.
/**
* Initialize the LDAPGroup object by using the configuration
* information passed by the Policy Framework.
* @param configParams the configuration information
* @exception PolicyException if an error occured during
* initialization of the instance
*/
public void initialize(Map configParams) throws PolicyException {
if (configParams == null) {
throw (new PolicyException(ResBundleUtils.rbName, "ldapgroups_initialization_failed", null, null));
}
String configuredLdapServer = (String) configParams.get(PolicyConfig.LDAP_SERVER);
if (configuredLdapServer == null) {
debug.error("LDAPGroups.initialize(): failed to get LDAP " + "server name. If you enter more than one server name " + "in the policy config service's Primary LDAP Server " + "field, please make sure the ldap server name is preceded " + "with the local server name.");
throw (new PolicyException(ResBundleUtils.rbName, "invalid_ldap_server_host", null, null));
}
ldapServer = configuredLdapServer.toLowerCase();
localDS = PolicyUtils.isLocalDS(ldapServer);
aliasEnabled = Boolean.valueOf((String) configParams.get(PolicyConfig.USER_ALIAS_ENABLED)).booleanValue();
authid = (String) configParams.get(PolicyConfig.LDAP_BIND_DN);
authpw = (String) configParams.get(PolicyConfig.LDAP_BIND_PASSWORD);
if (authpw != null) {
authpw = PolicyUtils.decrypt(authpw);
}
baseDN = (String) configParams.get(PolicyConfig.LDAP_BASE_DN);
groupSearchFilter = (String) configParams.get(PolicyConfig.LDAP_GROUP_SEARCH_FILTER);
String scope = (String) configParams.get(PolicyConfig.LDAP_GROUP_SEARCH_SCOPE);
if (scope.equalsIgnoreCase(LDAP_SCOPE_BASE)) {
groupSearchScope = SearchScope.BASE_OBJECT;
} else if (scope.equalsIgnoreCase(LDAP_SCOPE_ONE)) {
groupSearchScope = SearchScope.SINGLE_LEVEL;
} else {
groupSearchScope = SearchScope.WHOLE_SUBTREE;
}
groupRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_GROUP_SEARCH_ATTRIBUTE);
userSearchFilter = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_FILTER);
scope = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_SCOPE);
userSearchScope = LDAPUtils.getSearchScope(scope, SearchScope.WHOLE_SUBTREE);
userRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_USER_SEARCH_ATTRIBUTE);
try {
timeLimit = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_TIME_OUT));
maxResults = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_LIMIT));
minPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MIN_SIZE));
maxPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MAX_SIZE));
} catch (NumberFormatException nfe) {
throw (new PolicyException(nfe));
}
String ssl = (String) configParams.get(PolicyConfig.LDAP_SSL_ENABLED);
if (ssl.equalsIgnoreCase("true")) {
sslEnabled = true;
} else {
sslEnabled = false;
}
// get the organization name
Set orgNameSet = (Set) configParams.get(PolicyManager.ORGANIZATION_NAME);
if ((orgNameSet != null) && (!orgNameSet.isEmpty())) {
Iterator items = orgNameSet.iterator();
orgName = (String) items.next();
}
if (debug.messageEnabled()) {
debug.message("LDAPGroups.initialize(): getting params" + "\nldapServer: " + ldapServer + "\nauthid: " + authid + "\nbaseDN: " + baseDN + "\ngroupSearchFilter: " + groupSearchFilter + "\ngroupRDNAttrName: " + groupRDNAttrName + "\nuserSearchFilter: " + userSearchFilter + "\nuserRDNAttrName: " + userRDNAttrName + "\ntimeLimit: " + timeLimit + "\nmaxResults: " + maxResults + "\nminPoolSize: " + minPoolSize + "\nmaxPoolSize: " + maxPoolSize + "\nSSLEnabled: " + sslEnabled + "\nOrgName: " + orgName);
}
// initialize the connection pool for the ldap server
Options options = Options.defaultOptions().set(REQUEST_TIMEOUT, new Duration((long) timeLimit, TimeUnit.SECONDS));
LDAPConnectionPools.initConnectionPool(ldapServer, authid, authpw, sslEnabled, minPoolSize, maxPoolSize, options);
connPool = LDAPConnectionPools.getConnectionPool(ldapServer);
initialized = true;
}
Also used :
Options(org.forgerock.util.Options)
HashSet(java.util.HashSet)
Set(java.util.Set)
PolicyException(com.sun.identity.policy.PolicyException)
Iterator(java.util.Iterator)
Duration(org.forgerock.util.time.Duration)
ByteString(org.forgerock.opendj.ldap.ByteString)
Example 15 with Options
use of org.forgerock.util.Options in project OpenAM by OpenRock.
the class LDAPFilterCondition method setPolicyConfig.
/**
* Sets the policy configuration parameters used by this condition.
*/
private synchronized void setPolicyConfig(Map configParams, String realmDn) throws PolicyException {
if (System.currentTimeMillis() < policyConfigExpiresAt) {
return;
}
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.setPolicyConfig():policy config expired, resetting");
}
if (configParams == null) {
debug.error("LDAPFilterCondition.setPolicyConfig():configParams is null");
throw new PolicyException(ResBundleUtils.rbName, "ldapfiltercondition_setpolicyconfig_null_policy_config", null, null);
}
String configuredLdapServer = (String) configParams.get(PolicyConfig.LDAP_SERVER);
if (configuredLdapServer == null) {
debug.error("LDAPFilterCondition.initialize(): failed to get LDAP " + "server name. If you enter more than one server name " + "in the policy config service's Primary LDAP Server " + "field, please make sure the ldap server name is preceded " + "with the local server name.");
throw new PolicyException(ResBundleUtils.rbName, "invalid_ldap_server_host", null, null);
}
ldapServer = configuredLdapServer.toLowerCase();
aliasEnabled = Boolean.valueOf((String) configParams.get(PolicyConfig.USER_ALIAS_ENABLED));
authid = (String) configParams.get(PolicyConfig.LDAP_BIND_DN);
authpw = (String) configParams.get(PolicyConfig.LDAP_BIND_PASSWORD);
if (authpw != null) {
authpw = PolicyUtils.decrypt(authpw);
}
baseDN = (String) configParams.get(PolicyConfig.LDAP_USERS_BASE_DN);
userSearchFilter = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_FILTER);
String scope = (String) configParams.get(PolicyConfig.LDAP_USERS_SEARCH_SCOPE);
userSearchScope = LDAPUtils.getSearchScope(scope, SearchScope.WHOLE_SUBTREE);
userRDNAttrName = (String) configParams.get(PolicyConfig.LDAP_USER_SEARCH_ATTRIBUTE);
try {
timeLimit = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_TIME_OUT));
maxResults = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_SEARCH_LIMIT));
minPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MIN_SIZE));
maxPoolSize = Integer.parseInt((String) configParams.get(PolicyConfig.LDAP_CONNECTION_POOL_MAX_SIZE));
} catch (NumberFormatException nfe) {
throw new PolicyException(nfe);
}
String ssl = (String) configParams.get(PolicyConfig.LDAP_SSL_ENABLED);
if (ssl.equalsIgnoreCase("true")) {
sslEnabled = true;
} else {
sslEnabled = false;
}
// get the organization name
if (realmDn != null) {
orgName = realmDn;
}
if (debug.messageEnabled()) {
debug.message("LDAPFilterCondition.setPolicyConfig(): " + "getting params" + "\nldapServer: " + ldapServer + "\nauthid: " + authid + "\nbaseDN: " + baseDN + "\nuserSearchFilter: " + userSearchFilter + "\nuserRDNAttrName: " + userRDNAttrName + "\ntimeLimit: " + timeLimit + "\nmaxResults: " + maxResults + "\nminPoolSize: " + minPoolSize + "\nmaxPoolSize: " + maxPoolSize + "\nSSLEnabled: " + sslEnabled + "\nOrgName: " + orgName);
}
// initialize the connection pool for the ldap server
Options options = Options.defaultOptions().set(CONNECT_TIMEOUT, new Duration((long) timeLimit, TimeUnit.MILLISECONDS));
LDAPConnectionPools.initConnectionPool(ldapServer, authid, authpw, sslEnabled, minPoolSize, maxPoolSize, options);
connPool = LDAPConnectionPools.getConnectionPool(ldapServer);
ShutdownManager shutdownMan = com.sun.identity.common.ShutdownManager.getInstance();
shutdownMan.addShutdownListener(new ShutdownListener() {
public void shutdown() {
if (connPool != null) {
connPool.close();
}
}
});
policyConfigExpiresAt = System.currentTimeMillis() + PolicyConfig.getSubjectsResultTtl(configParams);
}
Also used :
ShutdownListener(org.forgerock.util.thread.listener.ShutdownListener)
Options(org.forgerock.util.Options)
PolicyException(com.sun.identity.policy.PolicyException)
ShutdownManager(com.sun.identity.common.ShutdownManager)
Duration(org.forgerock.util.time.Duration)
Aggregations
Options (org.forgerock.util.Options)18
Duration (org.forgerock.util.time.Duration)13
LDAPConnectionFactory (org.forgerock.opendj.ldap.LDAPConnectionFactory)12
SSLContextBuilder (org.forgerock.opendj.ldap.SSLContextBuilder)8
ByteString (org.forgerock.opendj.ldap.ByteString)7
LdapException (org.forgerock.opendj.ldap.LdapException)6
GeneralSecurityException (java.security.GeneralSecurityException)5
ConnectionFactory (org.forgerock.opendj.ldap.ConnectionFactory)5
SimpleBindRequest (org.forgerock.opendj.ldap.requests.SimpleBindRequest)4
ShutdownListener (org.forgerock.util.thread.listener.ShutdownListener)4
PolicyException (com.sun.identity.policy.PolicyException)3
IOException (java.io.IOException)3
DSConfigMgr (com.iplanet.services.ldap.DSConfigMgr)2
LDAPServiceException (com.iplanet.services.ldap.LDAPServiceException)2
ShutdownManager (com.sun.identity.common.ShutdownManager)2
HashSet (java.util.HashSet)2
Iterator (java.util.Iterator)2
Set (java.util.Set)2
Connection (org.forgerock.opendj.ldap.Connection)2
ServerInstance (com.iplanet.services.ldap.ServerInstance)1
