List of usage examples for javax.naming.directory ModificationItem ModificationItem
public ModificationItem(int mod_op, Attribute attr)
From source file:org.sonar.plugins.activedirectory.server.ApacheDS.java
/** * This seems to be required for objectClass posixGroup. *///from ww w . j a va2 s . c o m private ApacheDS activateNis() throws Exception { Preconditions.checkState(ldapServer.isStarted()); Attribute disabled = new BasicAttribute("m-disabled", "TRUE"); Attribute disabled2 = new BasicAttribute("m-disabled", "FALSE"); ModificationItem[] mods = new ModificationItem[] { new ModificationItem(DirContext.REMOVE_ATTRIBUTE, disabled), new ModificationItem(DirContext.ADD_ATTRIBUTE, disabled2) }; Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, getUrl()); DirContext ctx = new InitialDirContext(env); ctx.modifyAttributes("cn=nis,ou=schema", mods); return this; }
From source file:org.springframework.ldap.core.DirContextAdapter.java
/** * Collect all modifications for the changed attribute. If no changes have * been made, return immediately. If modifications have been made, and the * original size as well as the updated size of the attribute is 1, replace * the attribute. If the size of the updated attribute is 0, remove the * attribute. Otherwise, the attribute is a multi-value attribute; if it's * an ordered one it should be replaced in its entirety to preserve the new * ordering, if not all modifications to the original value (removals and * additions) will be collected individually. * /* ww w. j a va 2 s . com*/ * @param changedAttr the value of the changed attribute. * @param modificationList the list in which to add the modifications. * @throws NamingException if thrown by called Attribute methods. */ private void collectModifications(Attribute changedAttr, List modificationList) throws NamingException { Attribute currentAttribute = originalAttrs.get(changedAttr.getID()); if (changedAttr.equals(currentAttribute)) { // No changes return; } else if (currentAttribute != null && currentAttribute.size() == 1 && changedAttr.size() == 1) { // Replace single-vale attribute. modificationList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, changedAttr)); } else if (changedAttr.size() == 0 && currentAttribute != null) { // Attribute has been removed. modificationList.add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, changedAttr)); } else if ((currentAttribute == null || currentAttribute.size() == 0) && changedAttr.size() > 0) { // Attribute has been added. modificationList.add(new ModificationItem(DirContext.ADD_ATTRIBUTE, changedAttr)); } else if (changedAttr.size() > 0 && changedAttr.isOrdered()) { // This is a multivalue attribute and it is ordered - the original // value should be replaced with the new values so that the ordering // is preserved. modificationList.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, changedAttr)); } else if (changedAttr.size() > 0) { // Change of multivalue Attribute. Collect additions and removals // individually. List myModifications = new LinkedList(); collectModifications(currentAttribute, changedAttr, myModifications); if (myModifications.isEmpty()) { // This means that the attributes are not equal, but the // actual values are the same - thus the order must have // changed. This should result in a REPLACE_ATTRIBUTE operation. myModifications.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, changedAttr)); } modificationList.addAll(myModifications); } }
From source file:org.springframework.ldap.core.DirContextAdapter.java
private void collectModifications(Attribute originalAttr, Attribute changedAttr, List modificationList) throws NamingException { Attribute originalClone = (Attribute) originalAttr.clone(); Attribute addedValuesAttribute = new BasicAttribute(originalAttr.getID()); for (int i = 0; i < changedAttr.size(); i++) { Object attributeValue = changedAttr.get(i); if (!originalClone.remove(attributeValue)) { addedValuesAttribute.add(attributeValue); }//from w ww .j a v a 2 s . c o m } // We have now traversed and removed all values from the original that // were also present in the new values. The remaining values in the // original must be the ones that were removed. if (originalClone.size() > 0) { modificationList.add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, originalClone)); } if (addedValuesAttribute.size() > 0) { modificationList.add(new ModificationItem(DirContext.ADD_ATTRIBUTE, addedValuesAttribute)); } }
From source file:org.springframework.security.ldap.userdetails.LdapUserDetailsManager.java
private void changePasswordUsingAttributeModification(DistinguishedName userDn, String oldPassword, String newPassword) {// www. j a va2s . com final ModificationItem[] passwordChange = new ModificationItem[] { new ModificationItem( DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(passwordAttributeName, newPassword)) }; if (oldPassword == null) { template.modifyAttributes(userDn, passwordChange); return; } template.executeReadWrite(dirCtx -> { LdapContext ctx = (LdapContext) dirCtx; ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool"); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(userDn, ctx).toString()); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword); // TODO: reconnect doesn't appear to actually change the credentials try { ctx.reconnect(null); } catch (javax.naming.AuthenticationException e) { throw new BadCredentialsException("Authentication for password change failed."); } ctx.modifyAttributes(userDn, passwordChange); return null; }); }
From source file:org.swordess.ldap.util.ModUtils.java
public static ModificationItem remove(String id) { return new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute(id)); }
From source file:org.swordess.ldap.util.ModUtils.java
public static <T> ModificationItem create(int operationMod, String id, Object value, Evaluator<T> evaluator) { if (null == value) { return null; }//from www .j a v a 2 s .com if (null == evaluator) { return new ModificationItem(operationMod, new BasicAttribute(id, value)); } else { T evaled = evaluator.eval(value); return null != evaled ? new ModificationItem(operationMod, new BasicAttribute(id, evaled)) : null; } }
From source file:org.swordess.ldap.util.ModUtils.java
public static <T> ModificationItem create(int operationMod, String id, Object[] values, Evaluator<T> evaluator) {//from ww w. j av a2 s. c o m if (ArrayUtils.isEmpty(values)) { return null; } boolean hasOneNotNullAtLeast = false; Attribute attr = new BasicAttribute(id); if (null == evaluator) { for (Object value : values) { if (null != value) { hasOneNotNullAtLeast = true; attr.add(value); } } } else { for (Object value : values) { if (null == value) { continue; } T evaled = evaluator.eval(value); if (null != evaled) { hasOneNotNullAtLeast = true; attr.add(evaled); } } } return hasOneNotNullAtLeast ? new ModificationItem(operationMod, attr) : null; }
From source file:org.swordess.ldap.util.ModUtils.java
public static <T> ModificationItem create(int operationMod, String id, Collection<?> values, Evaluator<T> evaluator) {/*from ww w . j a va 2 s.c o m*/ if (CollectionUtils.isEmpty(values)) { return null; } boolean hasOneNotNullAtLeast = false; Attribute attr = new BasicAttribute(id); if (null == evaluator) { for (Object value : values) { if (null != value) { hasOneNotNullAtLeast = true; attr.add(value); } } } else { for (Object value : values) { if (null == value) { continue; } T evaled = evaluator.eval(value); if (null != evaled) { hasOneNotNullAtLeast = true; attr.add(evaled); } } } return hasOneNotNullAtLeast ? new ModificationItem(operationMod, attr) : null; }
From source file:org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager.java
/** * *///from www. j a v a2 s .co m public void doAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims, String profileName, boolean requirePasswordChange) throws UserStoreException { boolean isUserBinded = false; /* getting search base directory context */ DirContext dirContext = getSearchBaseDirectoryContext(); /* getting add user basic attributes */ BasicAttributes basicAttributes = getAddUserBasicAttributes(userName); if (!isADLDSRole) { // creating a disabled user account in AD DS BasicAttribute userAccountControl = new BasicAttribute( LDAPConstants.ACTIVE_DIRECTORY_USER_ACCOUNT_CONTROL); userAccountControl.add(LDAPConstants.ACTIVE_DIRECTORY_DISABLED_NORMAL_ACCOUNT); basicAttributes.put(userAccountControl); } /* setting claims */ setUserClaims(claims, basicAttributes, userName); Name compoundName = null; try { NameParser ldapParser = dirContext.getNameParser(""); compoundName = ldapParser.parse("cn=" + escapeSpecialCharactersForDN(userName)); /* bind the user. A disabled user account with no password */ dirContext.bind(compoundName, null, basicAttributes); isUserBinded = true; /* update the user roles */ doUpdateRoleListOfUser(userName, null, roleList); /* reset the password and enable the account */ if (!isSSLConnection) { logger.warn("Unsecured connection is being used. Enabling user account operation will fail"); } ModificationItem[] mods = new ModificationItem[2]; mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, createUnicodePassword((String) credential))); if (isADLDSRole) { mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_MSDS_USER_ACCOUNT_DISSABLED, "FALSE")); } else { mods[1] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute( LDAPConstants.ACTIVE_DIRECTORY_USER_ACCOUNT_CONTROL, userAccountControl)); } dirContext.modifyAttributes(compoundName, mods); } catch (NamingException e) { String errorMessage = "Error while adding the user to the Active Directory for user : " + userName; if (isUserBinded) { try { dirContext.unbind(compoundName); } catch (NamingException e1) { errorMessage = "Error while accessing the Active Directory for user : " + userName; throw new UserStoreException(errorMessage, e); } errorMessage = "Error while enabling the user account. Please check password policy at DC for user : " + userName; } throw new UserStoreException(errorMessage, e); } finally { JNDIUtil.closeContext(dirContext); } }
From source file:org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager.java
/** * *//*w w w . ja va 2s . c om*/ public void doUpdateCredential(String userName, Object newCredential, Object oldCredential) throws UserStoreException { if (!isSSLConnection) { logger.warn("Unsecured connection is being used. Password operations will fail"); } DirContext dirContext = this.connectionSource.getContext(); String searchBase = realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE); String userListFilter = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_LIST_FILTER); String userNameAttribute = realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE); // String searchFilter = // realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_SEARCH_FILTER); String searchFilter = "(&" + userListFilter + "(" + userNameAttribute + "=" + escapeSpecialCharactersForFilter(userName) + "))"; SearchControls searchControl = new SearchControls(); String[] returningAttributes = { "CN" }; searchControl.setReturningAttributes(returningAttributes); searchControl.setSearchScope(SearchControls.SUBTREE_SCOPE); DirContext subDirContext = null; NamingEnumeration<SearchResult> searchResults = null; try { // search the user with UserNameAttribute and obtain its CN attribute searchResults = dirContext.search(escapeDNForSearch(searchBase), searchFilter, searchControl); SearchResult user = null; int count = 0; while (searchResults.hasMore()) { if (count > 0) { throw new UserStoreException( "There are more than one result in the user store " + "for user: " + userName); } user = searchResults.next(); count++; } String userCNValue = null; if (user.getAttributes() != null) { Attribute cnAttribute = user.getAttributes().get("CN"); if (cnAttribute != null) { userCNValue = (String) cnAttribute.get(); } else { throw new UserStoreException("Can not update credential: CN attribute is null"); } } ModificationItem[] mods = null; // The user tries to change his own password if (oldCredential != null && newCredential != null) { mods = new ModificationItem[1]; /* * byte[] oldUnicodePassword = createUnicodePassword((String) oldCredential); byte[] * newUnicodePassword = createUnicodePassword((String) newCredential); */ mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, createUnicodePassword((String) newCredential))); /* * mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute( * LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, newUnicodePassword)); */ } subDirContext = (DirContext) dirContext.lookup(searchBase); subDirContext.modifyAttributes("CN" + "=" + escapeSpecialCharactersForDN(userCNValue), mods); } catch (NamingException e) { String error = "Can not access the directory service for user : " + userName; if (logger.isDebugEnabled()) { logger.debug(error, e); } throw new UserStoreException(error, e); } finally { JNDIUtil.closeNamingEnumeration(searchResults); JNDIUtil.closeContext(subDirContext); JNDIUtil.closeContext(dirContext); } }