List of usage examples for javax.naming.directory DirContext lookup
public Object lookup(Name name) throws NamingException;
From source file:org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.java
@Override public void doDeleteUserClaimValues(String userName, String[] claims, String profileName) throws UserStoreException { // get the LDAP Directory context DirContext dirContext = this.connectionSource.getContext(); DirContext subDirContext = null; // search the relevant user entry by user name String userSearchBase = realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE); String userSearchFilter = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_SEARCH_FILTER); userSearchFilter = userSearchFilter.replace("?", escapeSpecialCharactersForFilter(userName)); SearchControls searchControls = new SearchControls(); searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); searchControls.setReturningAttributes(null); NamingEnumeration<SearchResult> returnedResultList = null; String returnedUserEntry = null; try {/*from w ww .j a v a 2s.co m*/ returnedResultList = dirContext.search(escapeDNForSearch(userSearchBase), userSearchFilter, searchControls); // assume only one user is returned from the search // TODO:what if more than one user is returned if (returnedResultList.hasMore()) { returnedUserEntry = returnedResultList.next().getName(); } } catch (NamingException e) { String errorMessage = "Results could not be retrieved from the directory context for user : " + userName; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } finally { JNDIUtil.closeNamingEnumeration(returnedResultList); } try { Attributes updatedAttributes = new BasicAttributes(true); // if there is no attribute for profile configuration in LDAP, skip // updating it. // get the claimMapping related to this claimURI for (String claimURI : claims) { String attributeName = getClaimAtrribute(claimURI, userName, null); Attribute currentUpdatedAttribute = new BasicAttribute(attributeName); updatedAttributes.put(currentUpdatedAttribute); } subDirContext = (DirContext) dirContext.lookup(userSearchBase); subDirContext.modifyAttributes(returnedUserEntry, DirContext.REMOVE_ATTRIBUTE, updatedAttributes); } catch (Exception e) { handleException(e, userName); } finally { JNDIUtil.closeContext(subDirContext); JNDIUtil.closeContext(dirContext); } }
From source file:org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.java
protected void addLDAPRole(RoleContext context) throws UserStoreException { String roleName = context.getRoleName(); String[] userList = context.getMembers(); String groupEntryObjectClass = ((LDAPRoleContext) context).getGroupEntryObjectClass(); String groupNameAttribute = ((LDAPRoleContext) context).getRoleNameProperty(); String searchBase = ((LDAPRoleContext) context).getSearchBase(); if ((userList == null || userList.length == 0) && !emptyRolesAllowed) { String errorMessage = "Can not create empty role. There should be at least " + "one user for the role."; throw new UserStoreException(errorMessage); } else if (userList == null && emptyRolesAllowed || userList != null && userList.length > 0 && !emptyRolesAllowed || emptyRolesAllowed) { // if (userList.length > 0) { DirContext mainDirContext = this.connectionSource.getContext(); DirContext groupContext = null; NamingEnumeration<SearchResult> results = null; try {// w w w.j ava 2s . c o m // create the attribute set for group entry Attributes groupAttributes = new BasicAttributes(true); // create group entry's object class attribute Attribute objectClassAttribute = new BasicAttribute(LDAPConstants.OBJECT_CLASS_NAME); objectClassAttribute.add(groupEntryObjectClass); groupAttributes.put(objectClassAttribute); // create cn attribute Attribute cnAttribute = new BasicAttribute(groupNameAttribute); cnAttribute.add(roleName); groupAttributes.put(cnAttribute); // following check is for if emptyRolesAllowed made this // code executed. if (userList != null && userList.length > 0) { String memberAttributeName = realmConfig .getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE); Attribute memberAttribute = new BasicAttribute(memberAttributeName); for (String userName : userList) { if (userName == null || userName.trim().length() == 0) { continue; } // search the user in user search base String searchFilter = realmConfig .getUserStoreProperty(LDAPConstants.USER_NAME_SEARCH_FILTER); searchFilter = searchFilter.replace("?", escapeSpecialCharactersForFilter(userName)); results = searchInUserBase(searchFilter, new String[] {}, SearchControls.SUBTREE_SCOPE, mainDirContext); // we assume only one user with the given user // name under user search base. SearchResult userResult = null; if (results.hasMore()) { userResult = results.next(); } else { String errorMsg = "There is no user with the user name: " + userName + " to be added to this role."; logger.error(errorMsg); throw new UserStoreException(errorMsg); } // get his DN String userEntryDN = userResult.getNameInNamespace(); // put it as member-attribute value memberAttribute.add(userEntryDN); } groupAttributes.put(memberAttribute); } groupContext = (DirContext) mainDirContext.lookup(searchBase); NameParser ldapParser = groupContext.getNameParser(""); /* * Name compoundGroupName = ldapParser.parse(groupNameAttributeName + "=" + * roleName); */ Name compoundGroupName = ldapParser.parse("cn=" + roleName); groupContext.bind(compoundGroupName, null, groupAttributes); } catch (NamingException e) { String errorMsg = "Role: " + roleName + " could not be added."; if (log.isDebugEnabled()) { log.debug(errorMsg, e); } throw new UserStoreException(errorMsg, e); } catch (Exception e) { String errorMsg = "Role: " + roleName + " could not be added."; if (log.isDebugEnabled()) { log.debug(errorMsg, e); } throw new UserStoreException(errorMsg, e); } finally { JNDIUtil.closeNamingEnumeration(results); JNDIUtil.closeContext(groupContext); JNDIUtil.closeContext(mainDirContext); } } }
From source file:org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.java
/** * Either delete or add user from/to group. * * @param userNameDN : distinguish name of user entry. * @param groupRDN : relative distinguish name of group entry * @param modifyType : modify attribute type in DirCOntext. * @throws UserStoreException/*from w ww . ja va 2 s . c o m*/ */ protected void modifyUserInRole(String userNameDN, String groupRDN, int modifyType, String searchBase) throws UserStoreException { if (log.isDebugEnabled()) { logger.debug("Modifying role: " + groupRDN + " with type: " + modifyType + " user: " + userNameDN + " in search base: " + searchBase); } DirContext mainDirContext = null; DirContext groupContext = null; try { mainDirContext = this.connectionSource.getContext(); groupContext = (DirContext) mainDirContext.lookup(searchBase); String memberAttributeName = realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE); Attributes modifyingAttributes = new BasicAttributes(true); Attribute memberAttribute = new BasicAttribute(memberAttributeName); memberAttribute.add(userNameDN); modifyingAttributes.put(memberAttribute); groupContext.modifyAttributes(groupRDN, modifyType, modifyingAttributes); if (log.isDebugEnabled()) { logger.debug("User: " + userNameDN + " was successfully " + "modified in LDAP group: " + groupRDN); } } catch (NamingException e) { String errorMessage = "Error occurred while modifying user entry: " + userNameDN + " in LDAP role: " + groupRDN; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage); } finally { JNDIUtil.closeContext(groupContext); JNDIUtil.closeContext(mainDirContext); } }
From source file:org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.java
protected void updateLDAPRoleName(RoleContext context, String newRoleName) throws UserStoreException { String roleName = context.getRoleName(); String groupSearchFilter = ((LDAPRoleContext) context).getSearchFilter(); String roleNameAttributeName = ((LDAPRoleContext) context).getRoleNameProperty(); String searchBase = ((LDAPRoleContext) context).getSearchBase(); DirContext mainContext = this.connectionSource.getContext(); DirContext groupContext = null; NamingEnumeration<SearchResult> groupSearchResults = null; try {/* w w w. j a v a2 s . com*/ groupSearchFilter = groupSearchFilter.replace("?", escapeSpecialCharactersForFilter(roleName)); String[] returningAttributes = { roleNameAttributeName }; groupSearchResults = searchInGroupBase(groupSearchFilter, returningAttributes, SearchControls.SUBTREE_SCOPE, mainContext, searchBase); SearchResult resultedGroup = null; while (groupSearchResults.hasMoreElements()) { resultedGroup = groupSearchResults.next(); } if (resultedGroup == null) { throw new UserStoreException("Could not find user role " + roleName + " in LDAP server."); } String groupNameRDN = resultedGroup.getName(); String newGroupNameRDN = roleNameAttributeName + "=" + newRoleName; groupContext = (DirContext) mainContext.lookup(groupSearchBase); groupContext.rename(groupNameRDN, newGroupNameRDN); String roleNameWithDomain = UserCoreUtil.addDomainToName(roleName, getMyDomainName()); String newRoleNameWithDomain = UserCoreUtil.addDomainToName(newRoleName, getMyDomainName()); this.userRealm.getAuthorizationManager().resetPermissionOnUpdateRole(roleNameWithDomain, newRoleNameWithDomain); } catch (NamingException e) { String errorMessage = "Error occurred while modifying the name of role: " + roleName; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } finally { JNDIUtil.closeNamingEnumeration(groupSearchResults); JNDIUtil.closeContext(groupContext); JNDIUtil.closeContext(mainContext); } }
From source file:org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.java
protected void deleteLDAPRole(RoleContext context) throws UserStoreException { String roleName = context.getRoleName(); String groupSearchFilter = ((LDAPRoleContext) context).getSearchFilter(); groupSearchFilter = groupSearchFilter.replace("?", escapeSpecialCharactersForFilter(context.getRoleName())); String[] returningAttributes = { ((LDAPRoleContext) context).getRoleNameProperty() }; String searchBase = ((LDAPRoleContext) context).getSearchBase(); DirContext mainDirContext = null; DirContext groupContext = null; NamingEnumeration<SearchResult> groupSearchResults = null; try {// w w w.j a v a 2 s. co m mainDirContext = this.connectionSource.getContext(); groupSearchResults = searchInGroupBase(groupSearchFilter, returningAttributes, SearchControls.SUBTREE_SCOPE, mainDirContext, searchBase); SearchResult resultedGroup = null; while (groupSearchResults.hasMoreElements()) { resultedGroup = groupSearchResults.next(); } if (resultedGroup == null) { throw new UserStoreException("Could not find specified group/role - " + roleName); } String groupName = resultedGroup.getName(); groupContext = (DirContext) mainDirContext.lookup(groupSearchBase); String groupNameAttributeValue = (String) resultedGroup.getAttributes() .get(realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE)).get(); if (groupNameAttributeValue.equals(roleName)) { groupContext.destroySubcontext(groupName); } } catch (NamingException e) { String errorMessage = "Error occurred while deleting the role: " + roleName; if (log.isDebugEnabled()) { log.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } finally { JNDIUtil.closeNamingEnumeration(groupSearchResults); JNDIUtil.closeContext(groupContext); JNDIUtil.closeContext(mainDirContext); } }
From source file:org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager.java
/** * Create main context corresponding to tenant. * * @param rootDN Root domain name. * @param orgName Organization name * @param initialDirContext The directory connection. * @throws UserStoreException If an error occurred while creating context. *//* ww w . j av a 2 s . c o m*/ protected void createOrganizationalContext(String rootDN, String orgName, DirContext initialDirContext) throws UserStoreException { DirContext subContext = null; DirContext organizationalContext = null; try { //get the connection context for rootDN subContext = (DirContext) initialDirContext.lookup(rootDN); Attributes contextAttributes = new BasicAttributes(true); //create organizational object class attribute Attribute objectClass = new BasicAttribute(LDAPConstants.OBJECT_CLASS_NAME); objectClass.add(tenantMgtConfig.getTenantStoreProperties() .get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORGANIZATIONAL_OBJECT_CLASS)); contextAttributes.put(objectClass); //create organizational name attribute String organizationalNameAttribute = tenantMgtConfig.getTenantStoreProperties() .get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORGANIZATIONAL_ATTRIBUTE); Attribute organization = new BasicAttribute(organizationalNameAttribute); organization.add(orgName); contextAttributes.put(organization); //construct organization rdn. String rdnOfOrganizationalContext = organizationalNameAttribute + "=" + orgName; if (logger.isDebugEnabled()) { logger.debug("Adding sub context: " + rdnOfOrganizationalContext + " under " + rootDN + " ..."); } //create organization sub context organizationalContext = subContext.createSubcontext(rdnOfOrganizationalContext, contextAttributes); if (logger.isDebugEnabled()) { logger.debug("Sub context: " + rdnOfOrganizationalContext + " was added under " + rootDN + " successfully."); } } catch (NamingException e) { String errorMsg = "Error occurred while adding the organizational unit " + "sub context."; if (logger.isDebugEnabled()) { logger.debug(errorMsg, e); } throw new UserStoreException(errorMsg, e); } finally { closeContext(organizationalContext); closeContext(subContext); } }
From source file:org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager.java
/** * Create sub contexts under the tenant's main context. * * @param dnOfParentContext domain name of the parent context. * @param nameOfCurrentContext name of the current context. * @param initialDirContext The directory connection. * @throws UserStoreException if an error occurs while creating context. *//*from www .ja v a 2 s. co m*/ protected void createOrganizationalSubContext(String dnOfParentContext, String nameOfCurrentContext, DirContext initialDirContext) throws UserStoreException { DirContext subContext = null; DirContext organizationalContext = null; try { //get the connection for tenant's main context subContext = (DirContext) initialDirContext.lookup(dnOfParentContext); Attributes contextAttributes = new BasicAttributes(true); //create sub unit object class attribute Attribute objectClass = new BasicAttribute(LDAPConstants.OBJECT_CLASS_NAME); objectClass.add(tenantMgtConfig.getTenantStoreProperties() .get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORG_SUB_CONTEXT_OBJ_CLASS)); contextAttributes.put(objectClass); //create org sub unit name attribute String orgSubUnitAttributeName = tenantMgtConfig.getTenantStoreProperties() .get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORG_SUB_CONTEXT_ATTRIBUTE); Attribute organizationSubUnit = new BasicAttribute(orgSubUnitAttributeName); organizationSubUnit.add(nameOfCurrentContext); contextAttributes.put(organizationSubUnit); //construct the rdn of org sub context String rdnOfOrganizationalContext = orgSubUnitAttributeName + "=" + nameOfCurrentContext; if (logger.isDebugEnabled()) { logger.debug("Adding sub context: " + rdnOfOrganizationalContext + " under " + dnOfParentContext + " ..."); } //create sub context organizationalContext = subContext.createSubcontext(rdnOfOrganizationalContext, contextAttributes); if (logger.isDebugEnabled()) { logger.debug("Sub context: " + rdnOfOrganizationalContext + " was added under " + dnOfParentContext + " successfully."); } } catch (NamingException e) { String errorMsg = "Error occurred while adding the organizational unit " + "sub context."; if (logger.isDebugEnabled()) { logger.debug(errorMsg, e); } throw new UserStoreException(errorMsg, e); } finally { closeContext(organizationalContext); closeContext(subContext); } }
From source file:org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager.java
@Deprecated protected String createAdminEntry(String dnOfUserContext, Tenant tenant, DirContext initialDirContext) throws UserStoreException { String userDN = null;/*from ww w . j av a 2 s . c o m*/ DirContext organizationalUsersContext = null; try { //get connection to tenant's user context organizationalUsersContext = (DirContext) initialDirContext.lookup(dnOfUserContext); Attributes userAttributes = new BasicAttributes(true); //create person object class attribute Attribute objClass = new BasicAttribute(LDAPConstants.OBJECT_CLASS_NAME); objClass.add(realmConfig.getUserStoreProperty(LDAPConstants.USER_ENTRY_OBJECT_CLASS)); if (UserCoreUtil.isKdcEnabled(realmConfig)) { // Add Kerberos specific object classes objClass.add("krb5principal"); objClass.add("krb5kdcentry"); objClass.add("subschema"); String principal = tenant.getAdminName() + UserCoreConstants.PRINCIPAL_USERNAME_SEPARATOR + tenant.getDomain() + UserCoreConstants.TENANT_DOMAIN_COMBINER + getRealmName(); Attribute kerberosPrincipalName = new BasicAttribute("krb5PrincipalName"); kerberosPrincipalName.add(principal); Attribute keyVersionNumber = new BasicAttribute("krb5KeyVersionNumber"); keyVersionNumber.add("0"); userAttributes.put(kerberosPrincipalName); userAttributes.put(keyVersionNumber); } userAttributes.put(objClass); //create user password attribute Attribute password = new BasicAttribute(USER_PASSWORD_ATTRIBUTE_NAME); String passwordHashMethod = realmConfig.getUserStoreProperty(LDAPConstants.PASSWORD_HASH_METHOD); String passwordToStore = UserCoreUtil.getPasswordToStore(tenant.getAdminPassword(), passwordHashMethod, isKDCEnabled()); password.add(passwordToStore); userAttributes.put(password); //create mail attribute Attribute adminEmail = new BasicAttribute(EMAIL_ATTRIBUTE_NAME); adminEmail.add(tenant.getEmail()); userAttributes.put(adminEmail); //create compulsory attribute: sn-last name Attribute lastName = new BasicAttribute(SN_ATTRIBUTE_NAME); lastName.add(tenant.getAdminLastName()); userAttributes.put(lastName); //read user name attribute in user-mgt.xml String userNameAttribute = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE); //if user name attribute is not cn, add it to attribute list if (!(CN_ATTRIBUTE_NAME.equals(userNameAttribute))) { Attribute firstName = new BasicAttribute(CN_ATTRIBUTE_NAME); firstName.add(tenant.getAdminFirstName()); userAttributes.put(firstName); } String userRDN = userNameAttribute + "=" + tenant.getAdminName(); organizationalUsersContext.bind(userRDN, null, userAttributes); userDN = userRDN + "," + dnOfUserContext; //return (userRDN + dnOfUserContext); } catch (NamingException e) { String errorMsg = "Error occurred while creating Admin entry"; if (logger.isDebugEnabled()) { logger.debug(errorMsg, e); } throw new UserStoreException(errorMsg, e); } finally { closeContext(organizationalUsersContext); } return userDN; }
From source file:org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager.java
@Deprecated protected void createAdminGroup(String dnOfGroupContext, String adminUserDN, DirContext initialDirContext) throws UserStoreException { //create set of attributes required to create admin group Attributes adminGroupAttributes = new BasicAttributes(true); //admin entry object class Attribute objectClassAttribute = new BasicAttribute(LDAPConstants.OBJECT_CLASS_NAME); objectClassAttribute.add(realmConfig.getUserStoreProperty(LDAPConstants.GROUP_ENTRY_OBJECT_CLASS)); adminGroupAttributes.put(objectClassAttribute); //group name attribute String groupNameAttributeName = realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE); Attribute groupNameAttribute = new BasicAttribute(groupNameAttributeName); String adminRoleName = realmConfig.getAdminRoleName(); groupNameAttribute.add(UserCoreUtil.removeDomainFromName(adminRoleName)); adminGroupAttributes.put(groupNameAttribute); //membership attribute Attribute membershipAttribute = new BasicAttribute( realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE)); membershipAttribute.add(adminUserDN); adminGroupAttributes.put(membershipAttribute); DirContext groupContext = null; try {/*from w w w . ja v a2 s . c om*/ groupContext = (DirContext) initialDirContext.lookup(dnOfGroupContext); String rdnOfAdminGroup = groupNameAttributeName + "=" + UserCoreUtil.removeDomainFromName(adminRoleName); groupContext.bind(rdnOfAdminGroup, null, adminGroupAttributes); } catch (NamingException e) { String errorMessage = "Error occurred while creating the admin group."; if (logger.isDebugEnabled()) { logger.debug(errorMessage, e); } throw new UserStoreException(errorMessage, e); } finally { closeContext(groupContext); } }
From source file:org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager.java
public void addSharedGroupForTenant(Tenant tenant, DirContext mainDirContext) throws UserStoreException { if (!isSharedGroupEnabled()) { return;/*from w w w. j a v a2 s . co m*/ } Attributes groupAttributes = new BasicAttributes(true); String domainName = tenant.getDomain(); // create ou attribute String groupNameAttributeName = realmConfig .getUserStoreProperty(LDAPConstants.SHARED_TENANT_NAME_ATTRIBUTE); // create group entry's object class attribute Attribute objectClassAttribute = new BasicAttribute(LDAPConstants.OBJECT_CLASS_NAME); objectClassAttribute.add(realmConfig.getUserStoreProperty(LDAPConstants.SHARED_TENANT_OBJECT_CLASS)); groupAttributes.put(objectClassAttribute); DirContext groupContext = null; String searchBase = realmConfig.getUserStoreProperties().get(LDAPConstants.SHARED_GROUP_SEARCH_BASE); try { groupContext = (DirContext) mainDirContext.lookup(searchBase); NameParser ldapParser = groupContext.getNameParser(""); Name compoundGroupName = ldapParser.parse(groupNameAttributeName + "=" + domainName); groupContext.bind(compoundGroupName, null, groupAttributes); } catch (Exception e) { String errorMsg = "Shared tenant: " + domainName + "could not be added."; if (logger.isDebugEnabled()) { logger.debug(errorMsg, e); } throw new UserStoreException(errorMsg, e); } finally { JNDIUtil.closeContext(groupContext); } }