Example #1
* Checks to see if an attribute is required by as determined from an entry's
* set of objectClass attribute values.
* @return true if the objectClass values require the attribute, false otherwise
* @throws Exception if the attribute is not recognized
private void assertAllAttributesAllowed( Dn dn, Entry entry, Set<String> allowed ) throws LdapException
// Never check the attributes if the extensibleObject objectClass is
// declared for this entry
Attribute objectClass = entry.get( OBJECT_CLASS_AT );
if ( objectClass.contains( SchemaConstants.EXTENSIBLE_OBJECT_OC ) )
for ( Attribute attribute : entry )
String attrOid = attribute.getAttributeType().getOid();
AttributeType attributeType = attribute.getAttributeType();
if ( !attributeType.isCollective() && ( attributeType.getUsage() == UsageEnum.USER_APPLICATIONS )
&& !allowed.contains( attrOid ) )
throw new LdapSchemaViolationException( ResultCodeEnum.OBJECT_CLASS_VIOLATION, I18n.err( I18n.ERR_277,
attribute.getUpId(), dn.getName() ) );
Example #2
* Method wraps ldap client to return multivalued attribute by name within a given entry and returns
* as a set of strings.
* @param entry contains the target ldap entry.
* @param attributeName name of ldap attribute to retrieve.
* @return List of type string containing attribute values.
protected Set<String> getAttributeSet( Entry entry, String attributeName )
// create Set with case insensitive comparator:
Set<String> attrValues = new TreeSet<>( String.CASE_INSENSITIVE_ORDER );
if ( entry != null && entry.containsAttribute( attributeName ) )
for ( Value<?> value : entry.get( attributeName ) )
attrValues.add( value.getString() );
return attrValues;
Example #3
* Test method for contains( EntryAttribute... )
public void testContainsEntryAttributeArray() throws LdapException
Entry entry = new DefaultEntry( exampleDn );
Attribute attrOC = new DefaultAttribute( "objectClass", "top", "person" );
Attribute attrCN = new DefaultAttribute( "cn", "test1", "test2" );
Attribute attrSN = new DefaultAttribute( "sn", "Test1", "Test2" );
Attribute attrPWD = new DefaultAttribute( "userPassword", BYTES1, BYTES2 );
assertFalse( entry.contains( attrOC, attrCN ) );
entry.add( attrOC, attrCN );
assertTrue( entry.contains( attrOC, attrCN ) );
assertFalse( entry.contains( attrOC, attrCN, attrSN ) );
entry.add( attrSN, attrPWD );
assertTrue( entry.contains( attrSN, attrPWD ) );
Example #4
* Test method for DefaultEntry()
public void testDefaultClientEntryLdif() throws Exception
Entry entry = new DefaultEntry(
"ou=example, dc=com",
"ObjectClass: top",
"ObjectClass: person",
"cn: test",
"sn: test" );
assertNotNull( entry );
assertEquals( "ou=example, dc=com", entry.getDn().toString() );
assertEquals( 3, entry.size() );
assertTrue( entry.contains( "objectClass", "top", "person" ) );
assertTrue( entry.contains( "cn", "test" ) );
assertTrue( entry.contains( "sn", "test" ) );
Example #5
* Process the FQCN attribute
* @param entry The entry to read
* @param objectType The type of schema object
* @return The schema object FQCN
* @throws LdapInvalidAttributeValueException If the attribute does not contain a valid value
private String getFqcn( Entry entry, String objectType ) throws LdapInvalidAttributeValueException
// The FQCN
Attribute mFqcn = entry.get( MetaSchemaConstants.M_FQCN_AT );
if ( mFqcn == null )
String msg = I18n.err( I18n.ERR_16034_ENTRY_WITHOUT_VALID_AT, objectType, MetaSchemaConstants.M_FQCN_AT );
if ( LOG.isWarnEnabled() )
LOG.warn( msg );
throw new IllegalArgumentException( msg );
return mFqcn.getString();
Example #6
* Test method for clear()
public void testClear() throws LdapException
Entry entry = new DefaultEntry( exampleDn );
assertEquals( 0, entry.size() );
assertNull( entry.get( "ObjectClass" ) );
assertEquals( 0, entry.size() );
assertNull( entry.get( "ObjectClass" ) );
entry.add( "ObjectClass", "top", "person" );
assertEquals( 1, entry.size() );
assertNotNull( entry.get( "ObjectClass" ) );
assertEquals( 0, entry.size() );
assertNull( entry.get( "ObjectClass" ) );
Example #7
private Mod getModEntityFromLdapEntry( Entry le, long sequence ) throws LdapInvalidAttributeValueException
Mod mod = new ObjectFactory().createMod();
mod.setSequenceId( sequence );
mod.setObjectClass( getAttribute( le, OBJECTCLASS ) );
mod.setReqAuthzID( getAttribute( le, REQUAUTHZID ) );
mod.setReqDN( getAttribute( le, REQDN ) );
mod.setReqEnd( getAttribute( le, REQEND ) );
mod.setReqResult( getAttribute( le, REQRESULT ) );
mod.setReqSession( getAttribute( le, REQSESSION ) );
mod.setReqStart( getAttribute( le, REQSTART ) );
mod.setReqType( getAttribute( le, REQTYPE ) );
mod.setReqMod( getAttributes( le, REQMOD ) );
return mod;
Example #8
* {@inheritDoc}
public void modify( ModifyOperationContext modifyContext ) throws LdapException
// Special case : if we don't have any modification to apply, just return
if ( modifyContext.getModItems().size() == 0 )
Partition partition = getPartition( modifyContext.getDn() );
partition.modify( modifyContext );
if ( modifyContext.isPushToEvtInterceptor() )
directoryService.getInterceptor( InterceptorEnum.EVENT_INTERCEPTOR.getName() ).modify( modifyContext );
Entry alteredEntry = modifyContext.getAlteredEntry();
if ( alteredEntry != null )
// MyVD doesn't care about csn
// directoryService.setContextCsn( alteredEntry.get( ENTRY_CSN_AT ).getString() );
Example #9
public String readStringAttribute( final String entryDN, final String attribute )
throws ChaiOperationException, ChaiUnavailableException, IllegalStateException
getInputValidator().readStringAttribute( entryDN, attribute );
final EntryCursor entries =
final Entry entry = entries.iterator().next();
final Attribute attr = entry.get( attribute );
return attr == null ? null : attr.getString();
catch ( LdapException e )
throw ChaiOperationException.forErrorMessage( e.getMessage() );
Example #10
* {@inheritDoc}
public AddFuture addAsync( Entry entry ) throws LdapException
if ( entry == null )
String msg = I18n.err( I18n.ERR_04125_CANNOT_ADD_NULL_ENTRY );
if ( LOG.isDebugEnabled() )
LOG.debug( msg );
throw new IllegalArgumentException( msg );
AddRequest addRequest = new AddRequestImpl();
addRequest.setEntry( entry );
return addAsync( addRequest );
Example #11
* Given a collection of ARBAC roles, {@link UserAdminRole}, convert to raw data format and load into ldap
* attribute set in preparation for ldap add.
* @param list contains List of type {@link UserAdminRole} targeted for adding to ldap.
* @param entry collection of ldap attributes containing ARBAC role assignments in raw ldap format.
* @throws LdapException
private void loadUserAdminRoles( List<UserAdminRole> list, Entry entry ) throws LdapException
if ( list != null )
Attribute userAdminRoleData = new DefaultAttribute( GlobalIds.USER_ADMINROLE_DATA );
Attribute userAdminRoleAssign = new DefaultAttribute( GlobalIds.USER_ADMINROLE_ASSIGN );
for ( UserAdminRole userRole : list )
userAdminRoleData.add( userRole.getRawData() );
userAdminRoleAssign.add( userRole.getName() );
if ( userAdminRoleData.size() != 0 )
entry.add( userAdminRoleData );
entry.add( userAdminRoleAssign );
Example #12
* Test method for userCertificate;binary AT
public void testUserCertificateBinary() throws LdapException
Entry entry = new DefaultEntry( schemaManager );
entry.add( "objectClass", "top", "person", "inetorgPerson" );
entry.add( "cn", "test1", "test2" );
entry.add( "sn", "Test1", "Test2" );
entry.add( "userPassword", BYTES1, BYTES2 );
entry.add( "userCertificate;binary", Strings.getBytesUtf8( "secret" ) );
assertTrue( entry.containsAttribute( "userCertificate;binary" ) );
assertTrue( entry.containsAttribute( "userCertificate" ) );
entry.removeAttributes( "userCertificate;binary" );
assertFalse( entry.containsAttribute( "userCertificate;binary" ) );
assertFalse( entry.containsAttribute( "userCertificate" ) );
entry.add( "userCertificate", Strings.getBytesUtf8( "secret" ) );
assertTrue( entry.containsAttribute( "userCertificate;binary" ) );
assertTrue( entry.containsAttribute( "userCertificate" ) );
Example #13
Source File: From directory-ldap-api with Apache License 2.0 | 6 votes |
/** * Helper method which creates an entry with 4 attributes. */ private Entry createEntry() { try { Entry entry = new DefaultEntry( exampleDn ); Attribute attrOC = new DefaultAttribute( "objectClass", "top", "person" ); Attribute attrCN = new DefaultAttribute( "cn", "test1", "test2" ); Attribute attrSN = new DefaultAttribute( "sn", "Test1", "Test2" ); Attribute attrPWD = new DefaultAttribute( "userPassword", BYTES1, BYTES2 ); entry.put( attrOC, attrCN, attrSN, attrPWD ); return entry; } catch ( LdapException ne ) { // Do nothing return null; } }
Example #14
private void updateAvatarImage(LDAPResource ldap, Entry entry, User user) {
try {
byte[] jpegBytes = getAvatarImage(ldap, entry);
if (jpegBytes != null) {
String fileName = user.getEmail() + ".jpg";
DefaultUploadedFile avatar = new DefaultUploadedFile(new ByteArrayInputStream(jpegBytes), fileName, "image/jpeg", jpegBytes.length);
Attachment attachment = imageStore.processAndStore(avatar, user, clientIp);
Attachment old = user.getAvatar();
if (old != null) {
} catch (LdapException | IOException e) {
// problems with avatar processing are non-fatal
logger.warn("Error updating user avatar from LDAP: " + user.getName(), e);
Example #15
* Return the extensions formated as Ldif lines
* @param id The attributeId : can be m-objectClassExtension or
* m-attributeTypeExtension
* @return The extensions formated as ldif lines
* @throws If the conversion goes wrong
protected String extensionsToLdif( String id ) throws LdapException
StringBuilder sb = new StringBuilder();
Entry entry = new DefaultEntry();
Attribute attribute = new DefaultAttribute( id );
for ( String extension : extensions.keySet() )
attribute.add( extension );
sb.append( LdifUtils.convertAttributesToLdif( entry ) );
return sb.toString();
Example #16
* @param le
* @return
* @throws LdapInvalidAttributeValueException
* @throws LdapException
private AdminRole unloadLdapEntry( Entry le, long sequence, String contextId )
throws LdapInvalidAttributeValueException
AdminRole entity = new ObjectFactory().createAdminRole();
entity.setSequenceId( sequence );
entity.setId( getAttribute( le, GlobalIds.FT_IID ) );
entity.setDescription( getAttribute( le, SchemaConstants.DESCRIPTION_AT ) );
entity.setOccupants( getAttributes( le, ROLE_OCCUPANT ) );
entity.setOsPSet( getAttributeSet( le, ROLE_OSP ) );
entity.setOsUSet( getAttributeSet( le, ROLE_OSU ) );
entity.setName( getAttribute( le, SchemaConstants.CN_AT ) );
unloadTemporal( le, entity );
entity.setRoleRangeRaw( getAttribute( le, ROLE_RANGE ) );
entity.setParents( getAttributeSet( le, GlobalIds.PARENT_NODES ) );
entity.setChildren( AdminRoleUtil.getChildren( entity.getName().toUpperCase(), contextId ) );
return entity;
Example #17
* Transform a schema name to a Dn pointing to the correct position in the DIT
* @param schemaName The schema name
* @return the Dn associated with this schema in the DIT
public String dnToLdif( String schemaName ) throws LdapException
StringBuilder sb = new StringBuilder();
String dn = "m-oid=" + oid + ", " + SchemaConstants.OBJECT_CLASSES_PATH + ", cn="
+ Rdn.escapeValue( schemaName ) + ", ou=schema";
// First dump the Dn only
Entry entry = new DefaultEntry( dn );
sb.append( LdifUtils.convertToLdif( entry ) );
return sb.toString();
Example #18
* {@inheritDoc}
public List<Entry> loadSyntaxCheckers( String... schemaNames ) throws LdapException, IOException
if ( schemaNames == null )
return new ArrayList<>();
return loadSyntaxCheckers( buildSchemaArray( schemaNames ) );
Example #19
public void testLdifParser() throws LdapLdifException, LdapInvalidAttributeValueException, IOException
String ldif =
"cn: app1\n"
+ "objectClass: top\n"
+ "objectClass: apApplication\n"
+ "displayName: app1 \n"
+ "dependencies:\n"
+ "envVars:";
LdifAttributesReader reader = new LdifAttributesReader();
Entry entry = reader.parseEntry( ldif );
assertNotNull( entry );
Attribute attr = entry.get( "cn" );
assertTrue( attr.contains( "app1" ) );
attr = entry.get( "objectclass" );
assertTrue( attr.contains( "top" ) );
assertTrue( attr.contains( "apApplication" ) );
attr = entry.get( "displayname" );
assertTrue( attr.contains( "app1" ) );
attr = entry.get( "dependencies" );
assertEquals( "", attr.get().getString() );
attr = entry.get( "envvars" );
assertEquals( "", attr.get().getString() );
Example #20
* Returns all Guacamole users accessible to the user currently bound under
* the given LDAP connection.
* @param ldapConnection
* The current connection to the LDAP server, associated with the
* current user.
* @return
* All users accessible to the user currently bound under the given
* LDAP connection, as a map of connection identifier to corresponding
* user object.
* @throws GuacamoleException
* If an error occurs preventing retrieval of users.
public Map<String, User> getUsers(LdapNetworkConnection ldapConnection)
throws GuacamoleException {
// Retrieve all visible user objects
Collection<String> attributes = confService.getUsernameAttributes();
List<Entry> results =,
// Convert retrieved users to map of identifier to Guacamole user object
return queryService.asMap(results, entry -> {
// Get username from record
try {
String username = queryService.getIdentifier(entry, attributes);
if (username == null) {
logger.warn("User \"{}\" is missing a username attribute "
+ "and will be ignored.", entry.getDn().toString());
return null;
return new SimpleUser(username);
catch (LdapInvalidAttributeValueException e) {
return null;
Example #21
* {@inheritDoc}
public boolean accept( SearchOperationContext operationContext, Entry entry ) throws LdapException
ServerEntryUtils.filterContents( schemaManager, operationContext, entry );
return true;
Example #22
* {@inheritDoc}
public void add( Entry entry, boolean ignoreReferral, LogChange log ) throws LdapException
AddOperationContext addContext = new AddOperationContext( this, entry );
addContext.setLogChange( log );
setReferralHandling( addContext, ignoreReferral );
OperationManager operationManager = directoryService.getOperationManager();
operationManager.add( addContext );
Example #23
* Test parsing of a request with an Attr elements with value
public void testRequestWith1AttrWithBase64Value()
Dsmlv2Parser parser = null;
parser = newParser();
parser.setInput( AddRequestTest.class.getResource( "request_with_1_attr_with_base64_value.xml" )
.openStream(), "UTF-8" );
catch ( Exception e )
fail( e.getMessage() );
AddRequest addRequest = ( AddRequest ) parser.getBatchRequest().getCurrentRequest();
Entry entry = addRequest.getEntry();
assertEquals( 1, entry.size() );
// Getting the Attribute
Iterator<Attribute> attributeIterator = entry.iterator();
Attribute attribute =;
assertEquals( "objectclass", attribute.getUpId() );
// Getting the Value
Iterator<Value> valueIterator = attribute.iterator();
assertTrue( valueIterator.hasNext() );
Value value =;
assertFalse( value.isHumanReadable() );
assertEquals( "DSMLv2.0 rocks!!", value.getString() );
Example #24
public void testLdifEmpty() throws LdapLdifException, IOException
String ldif = "";
LdifAttributesReader reader = new LdifAttributesReader();
Entry entry = reader.parseEntry( ldif );
assertEquals( 0, entry.size() );
Example #25
/** * {@inheritDoc} */ public Entry lookup( Dn dn, String... attrIds ) throws LdapException { OperationManager operationManager = directoryService.getOperationManager(); LookupOperationContext lookupContext = new LookupOperationContext( this, dn, attrIds ); Entry entry = operationManager.lookup( lookupContext ); return entry; }
Example #26
private LdapReferralException buildReferralException( Entry parentEntry, Dn childDn ) throws LdapException
// Get the Ref attributeType
Attribute refs = parentEntry.get( SchemaConstants.REF_AT );
List<String> urls = new ArrayList<String>();
// manage each Referral, building the correct URL for each of them
for ( Value<?> url : refs )
// we have to replace the parent by the referral
LdapUrl ldapUrl = new LdapUrl( url.getString() );
// We have a problem with the Dn : we can't use the UpName,
// as we may have some spaces around the ',' and '+'.
// So we have to take the Rdn one by one, and create a
// new Dn with the type and value UP form
Dn urlDn = ldapUrl.getDn().add( childDn );
ldapUrl.setDn( urlDn );
urls.add( ldapUrl.toString() );
catch ( LdapURLEncodingException luee )
throw new LdapOperationErrorException( luee.getMessage(), luee );
// Return with an exception
LdapReferralException lre = new LdapReferralException( urls );
lre.setRemainingDn( childDn );
lre.setResolvedDn( parentEntry.getDn() );
lre.setResolvedObject( parentEntry );
return lre;
Example #27
* Partition initialization - loads schema entries from the files on classpath.
* @see
protected void doInit() throws InvalidNameException, Exception {
if (initialized) {
LOG.debug("Initializing schema partition " + getId());
// load schema
final Map<String, Boolean> resMap = ResourceMap.getResources(Pattern.compile("schema[/\\Q\\\\E]ou=schema.*"));
for (String resourcePath : new TreeSet<>(resMap.keySet())) {
if (resourcePath.endsWith(".ldif")) {
URL resource = DefaultSchemaLdifExtractor.getUniqueResource(resourcePath, "Schema LDIF file");
LdifEntry ldifEntry;
try (LdifReader reader = new LdifReader(resource.openStream())) {
ldifEntry =;
Entry entry = new DefaultEntry(schemaManager, ldifEntry.getEntry());
// add mandatory attributes
if (entry.get(SchemaConstants.ENTRY_CSN_AT) == null) {
entry.add(SchemaConstants.ENTRY_CSN_AT, defaultCSNFactory.newInstance().toString());
if (entry.get(SchemaConstants.ENTRY_UUID_AT) == null) {
entry.add(SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString());
AddOperationContext addContext = new AddOperationContext(null, entry);
Example #28
/** * Converts a given list of LDAP entries to a {@link Map} of Guacamole * objects stored by their identifiers. * * @param <ObjectType> * The type of object to store within the {@link Map}. * * @param entries * A list of LDAP entries to convert to Guacamole objects. * * @param mapper * A mapping function which converts a given LDAP entry to its * corresponding Guacamole object. If the LDAP entry cannot be * converted, null should be returned. * * @return * A new {@link Map} containing Guacamole object versions of each of * the given LDAP entries, where each object is stored within the * {@link Map} under its corresponding identifier. */ public <ObjectType extends Identifiable> Map<String, ObjectType> asMap(List<Entry> entries, Function<Entry, ObjectType> mapper) { // Convert each entry to the corresponding Guacamole API object Map<String, ObjectType> objects = new HashMap<>(entries.size()); for (Entry entry : entries) { ObjectType object = mapper.apply(entry); if (object == null) { logger.debug("Ignoring object \"{}\".", entry.getDn().toString()); continue; } // Attempt to add object to map, warning if the object appears // to be a duplicate String identifier = object.getIdentifier(); if (objects.putIfAbsent(identifier, object) != null) logger.warn("Multiple objects ambiguously map to the " + "same identifier (\"{}\"). Ignoring \"{}\" as " + "a duplicate.", identifier, entry.getDn().toString()); } return objects; }
Example #29
public void testLdifNull() throws LdapLdifException, IOException
String ldif = null;
LdifAttributesReader reader = new LdifAttributesReader();
Entry entry = reader.parseEntry( ldif );
assertEquals( 0, entry.size() );
Example #30
Source File: From directory-ldap-api with Apache License 2.0 | 5 votes |
public void testRequestWith2AttrWithValue()
Dsmlv2Parser parser = null;
parser = newParser();
parser.setInput( AddRequestTest.class.getResource( "request_with_2_attr_with_value.xml" ).openStream(),
"UTF-8" );
catch ( Exception e )
fail( e.getMessage() );
AddRequest addRequest = ( AddRequest ) parser.getBatchRequest().getCurrentRequest();
Entry entry = addRequest.getEntry();
assertEquals( 1, entry.size() );
// Getting the Attribute
Iterator<Attribute> attributeIterator = entry.iterator();
Attribute attribute =;
assertEquals( "objectclass", attribute.getUpId() );
// Getting the Value
Iterator<Value> valueIterator = attribute.iterator();
assertTrue( valueIterator.hasNext() );
Value value =;
assertEquals( "top", value.getString() );
assertTrue( valueIterator.hasNext() );
value =;
assertEquals( "person", value.getString() );
assertFalse( valueIterator.hasNext() );