Java Code Examples for org.apache.directory.api.ldap.model.constants.SchemaConstants#ALL_OPERATIONAL_ATTRIBUTES
The following examples show how to use
org.apache.directory.api.ldap.model.constants.SchemaConstants#ALL_OPERATIONAL_ATTRIBUTES .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LDAPIAMPoller.java From aws-iam-ldap-bridge with Apache License 2.0 | 6 votes |
private void clearDN(String dnStr) throws LdapException, ParseException, IOException, CursorException { Dn dn = directory.getDnFactory().create(dnStr); dn.apply(directory.getSchemaManager()); ExprNode filter = FilterParser.parse(directory.getSchemaManager(), "(ObjectClass=*)"); NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( directory.getSchemaManager() ); FilterNormalizingVisitor visitor = new FilterNormalizingVisitor( ncn, directory.getSchemaManager() ); filter.accept(visitor); SearchOperationContext context = new SearchOperationContext(directory.getAdminSession(), dn, SearchScope.SUBTREE, filter, SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES); EntryFilteringCursor cursor = directory.getPartitionNexus().search(context); cursor.beforeFirst(); Collection<Dn> dns = new ArrayList<Dn>(); while (cursor.next()) { Entry ent = cursor.get(); if (ent.getDn().equals(dn)) continue; dns.add(ent.getDn()); } cursor.close(); LOG.debug("Deleting " + dns.size() + " items from under " + dnStr); for (Dn deleteDn: dns) { directory.getAdminSession().delete(deleteDn); } }
Example 2
Source File: LDAPIAMPoller.java From aws-iam-ldap-bridge with Apache License 2.0 | 6 votes |
private Collection<Entry> getAllEntries(String rootDN, String className) { try { Dn dn = directory.getDnFactory().create(rootDN); dn.apply(directory.getSchemaManager()); ExprNode filter = FilterParser.parse(directory.getSchemaManager(), String.format("(ObjectClass=%s)", className)); NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( directory.getSchemaManager() ); FilterNormalizingVisitor visitor = new FilterNormalizingVisitor( ncn, directory.getSchemaManager() ); filter.accept(visitor); SearchOperationContext context = new SearchOperationContext(directory.getAdminSession(), dn, SearchScope.SUBTREE, filter, SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES); EntryFilteringCursor cursor = directory.getPartitionNexus().search(context); cursor.beforeFirst(); Collection<Entry> entries = new ArrayList<Entry>(); while (cursor.next()) { Entry ent = cursor.get(); if (ent.getDn().equals(dn)) continue; entries.add(ent); } cursor.close(); return entries; } catch (Throwable e) { return Collections.emptyList(); } }
Example 3
Source File: LDAPIAMPoller.java From aws-iam-ldap-bridge with Apache License 2.0 | 6 votes |
private Entry getExistingGroup(Group iamGroup) throws Exception { Dn dn = directory.getDnFactory().create(String.format(GROUP_FMT, iamGroup.getGroupName())); LookupOperationContext lookupContext = new LookupOperationContext( directory.getAdminSession(), dn, SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES); try { Entry groupEntry = directory.getPartitionNexus().lookup( lookupContext ); if (groupEntry != null && groupEntry.hasObjectClass("iamgroup")) { return groupEntry; } } catch (LdapNoSuchObjectException e) { // Fallthrough } return null; }
Example 4
Source File: AWSIAMAuthenticator.java From aws-iam-ldap-bridge with Apache License 2.0 | 5 votes |
private boolean isAWSAccount(BindOperationContext bindContext) throws LdapException { LookupOperationContext lookupContext = new LookupOperationContext( getDirectoryService().getAdminSession(), bindContext.getDn(), SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES); Entry userEntry = getDirectoryService().getPartitionNexus().lookup( lookupContext ); return userEntry.hasObjectClass("iamaccount"); }
Example 5
Source File: LDAPIAMPoller.java From aws-iam-ldap-bridge with Apache License 2.0 | 5 votes |
private void readConfig() { try { Dn configDn = directory.getDnFactory().create("cn=config,ads-authenticatorid=awsiamauthenticator,ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config"); if (!utils.exists(configDn)) { configEntry = directory.newEntry(configDn); configEntry.put("objectClass", "iamauthenticatorconfig", "top"); configEntry.put(SchemaConstants.ENTRY_CSN_AT, directory.getCSN().toString()); configEntry.put(SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString()); configEntry.put("cn", "config"); configEntry.put(ID_GENERATOR, "1000"); directory.getAdminSession().add(configEntry); } else { LookupOperationContext lookupContext = new LookupOperationContext( directory.getAdminSession(), configDn, SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES); configEntry = directory.getPartitionNexus().lookup(lookupContext); } AWSIAMAuthenticator.Config config = AWSIAMAuthenticator.getConfig(); rootDN = config.rootDN; pollPeriod = config.pollPeriod; groupsDN = "ou=groups," + rootDN; usersDN = "ou=users," + rootDN; rolesDN = "ou=roles," + rootDN; GROUP_FMT = "cn=%s," + groupsDN; USER_FMT = "uid=%s," + usersDN; ROLE_FMT = "uid=%s,ou=roles," + rootDN; ensureDNs(); } catch (Throwable e) { LOG.error("Exception reading config for LDAPIAMPoller", e); } }
Example 6
Source File: LDAPIAMPoller.java From aws-iam-ldap-bridge with Apache License 2.0 | 5 votes |
private Entry getExistingRole(Role role) throws LdapException { LookupOperationContext lookupContext = new LookupOperationContext( directory.getAdminSession(), directory.getDnFactory().create(String.format(ROLE_FMT, role.getRoleName())), SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES); try { Entry roleEntry = directory.getPartitionNexus().lookup( lookupContext ); if (roleEntry != null && roleEntry.hasObjectClass("iamaccount")) { return roleEntry; } } catch (LdapNoSuchObjectException e) { // Fallthrough } return null; }
Example 7
Source File: LDAPIAMPoller.java From aws-iam-ldap-bridge with Apache License 2.0 | 5 votes |
private Entry getExistingUser(User user) throws LdapException { LookupOperationContext lookupContext = new LookupOperationContext( directory.getAdminSession(), directory.getDnFactory().create(String.format(USER_FMT, user.getUserName())), SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES); try { Entry userEntry = directory.getPartitionNexus().lookup( lookupContext ); if (userEntry != null && userEntry.hasObjectClass("iamaccount")) { return userEntry; } } catch (LdapNoSuchObjectException e) { // Fallthrough } return null; }
Example 8
Source File: AWSIAMAuthenticator.java From aws-iam-ldap-bridge with Apache License 2.0 | 4 votes |
@Override public LdapPrincipal authenticate(BindOperationContext bindContext) throws Exception { if (!isAWSAccount(bindContext) || disabled) { LOG.debug("Skipping " + bindContext.getDn() + " - not an AWS account"); if (delegatedAuth == null) { LOG.error("Delegated auth is null"); return null; } return delegatedAuth.authenticate(bindContext); } LOG.debug("Authenticating " + bindContext.getDn()); byte[] password = bindContext.getCredentials(); LookupOperationContext lookupContext = new LookupOperationContext( getDirectoryService().getAdminSession(), bindContext.getDn(), SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES); Entry userEntry = getDirectoryService().getPartitionNexus().lookup( lookupContext ); if (validator.verifyIAMPassword(userEntry, new String(password))) { LdapPrincipal principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindContext.getDn(), AuthenticationLevel.SIMPLE, password); IoSession session = bindContext.getIoSession(); if ( session != null ) { SocketAddress clientAddress = session.getRemoteAddress(); principal.setClientAddress( clientAddress ); SocketAddress serverAddress = session.getServiceAddress(); principal.setServerAddress( serverAddress ); } bindContext.setEntry( new ClonedServerEntry( userEntry ) ); return principal; } else { // Bad password ... String message = I18n.err( I18n.ERR_230, bindContext.getDn().getName() ); LOG.info( message ); throw new LdapAuthenticationException( message ); } }