com.iplanet.am.sdk.ldap

Class ComplianceServicesImpl

java.lang.Object

com.iplanet.am.sdk.ldap.ComplianceServicesImpl

All Implemented Interfaces:

AMConstants, IComplianceServices

public class ComplianceServicesImpl
extends Object
implements AMConstants, IComplianceServices

This class Compliance contains the functionality to support iPlanet Compliant DIT. The methods of this class will be used by other classes in com.iplanet.am.sdk package.

In order to determine if iPlanet Compliance mode is required or not, the parameter com.iplanet.am.compliance will be verified. A value of true for this parameter, means iPlanet Compliance mode.

NOTE: An explicit check must be performed using Compliance. isIplanetCompliant() method before calling any other methods in this class.

Field Summary

Fields

Modifier and Type	Field and Description
protected static ServiceSchema	gsc

Fields inherited from interface com.iplanet.am.sdk.AMConstants

ADD_MEMBER, ADMIN_GROUPS_ENABLED_ATTR, ADMIN_ROLE_ATTR, ADMINISTRATION_SERVICE, CACHE_ENABLED_DISABLED_KEY, CACHE_MAX_SIZE_KEY, COMPLIANCE_SPECIAL_FILTER_ATTR, COMPLIANCE_USER_DELETION_ATTR, CONTAINER_DEFAULT_TEMPLATE_ROLE, CONTAINER_SUPPORTED_TYPES_ATTRIBUTE, DCT_ATTRIBUTE_LIST_ATTR, DCT_ENABLED_ATTR, DOMAIN_ADMINISTRATORS, DOMAIN_HELP_DESK_ADMINISTRATORS, EMAIL_ATTRIBUTE, FILTER_ATTR_NAME, INET_ADMIN_OBJECT_CLASS, INET_DOMAIN_STATUS_ATTR, INET_DOMAIN_STATUS_ATTRIBUTE, INVALID_USERID_CHARACTERS, OTHER_COSATTR_TYPE, POLICY_COSATTR_TYPE, POLICY_SUFFIX, PRE_POST_PROCESSING_MODULES_ATTR, REMOVE_ATTRIBUTE, REMOVE_MEMBER, REQUIRED_SERVICES_ATTR, ROLE_MANAGED_CONTAINER_DN_ATTRIBUTE, SCOPE_BASE, SCOPE_ONE, SCOPE_SUB, SERVICE_STATUS_ATTRIBUTE, STATIC_GROUP_DN_ATTRIBUTE, SUBSCRIBABLE_ATTRIBUTE, UNIQUE_ATTRIBUTE_LIST_ATTRIBUTE, UNIQUE_MEMBER_ATTRIBUTE, USER_CREATE_NOTIFICATION_LIST, USER_DELETE_NOTIFICATION_LIST, USER_ENCRYPTED_PASSWORD_ATTRIBUTE, USER_ENTRY_PROCESSING_IMPL, USER_MODIFY_NOTIFICATION_LIST, USER_PASSWORD_ATTRIBUTE, USER_SEARCH_RETURN_ATTR, USERID_PASSWORD_VALIDATION_CLASS

Constructor Summary

Constructors

Constructor and Description
ComplianceServicesImpl()

Method Summary

Modifier and Type	Method and Description
protected void	checkIfDeletedOrg(SSOToken token, String orgDN) Method which checks if the entry corresponding to orgDN represents a deleted organization entry (entry with inetdomainstatus:deleted).
protected void	checkIfDeletedUser(SSOToken token, String userDN) Method which checks if the entry corresponding to userDN represents a deleted user entry (entry with inetuserstatus:deleted)
void	cleanDeletedOrgCache(String orgDN) Method to clean up the deletedOrg cache, when an event notification occurs from the directory
protected void	createAdminGroups(SSOToken token, PersistentObject org) Method which creates Admin Groups for an organization.
String	getDeletedObjectFilter(int objectType) Protected method to get the search filter to be used for searching for deleted objects.
static boolean	isAdminGroupsEnabled(String orgDN) Method which checks if Admin Groups need to be created for an organization.
boolean	isAncestorOrgDeleted(SSOToken token, String dn, int profileType) Method which checks all the parent organizations of this entry till the base DN, and returns true if any one of them is deleted.
static boolean	isComplianceUserDeletionEnabled() Method which checks if Compliance User Deletion is enabled
protected static boolean	isUnderRootSuffix(String objDN) Method which checks if the object is directly under root suffix
void	verifyAndDeleteObject(SSOToken token, String profileDN) Method which checks if the entry corresponding to DN represents a user entry.
protected AttrSet	verifyAndGetAttributes(PersistentObject po, String[] attributeNames) Method which adds additional compliance required attributes to the existing list of attribute names and then fetches the attribute set from LDAP.
protected void	verifyAndLinkGroupToRole(SSOToken token, Guid[] membersGuid, String groupDN) Method which verifies if the groupDN corresponds to an administrative role.
protected void	verifyAndLinkRoleToGroup(SSOToken token, Guid[] membersGuid, String roleDN) Method which verifies if the roleDN corresponds to an admin role.
protected void	verifyAndUnLinkGroupToRole(SSOToken token, Set members, String groupDN) Method which verifies if the groupDN corresponds to an admin role.
protected void	verifyAndUnLinkRoleToGroup(SSOToken token, Set members, String roleDN) Verifies if the roleDN corresponds to an admin role.
protected void	verifyAttributes(AttrSet attrSet) Method which checks the attribute set for the presence of "inetuserstatus" attribute.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

gsc

protected static ServiceSchema gsc

Constructor Detail

ComplianceServicesImpl

public ComplianceServicesImpl()

Method Detail

verifyAndLinkRoleToGroup

protected void verifyAndLinkRoleToGroup(SSOToken token,
                                        Guid[] membersGuid,
                                        String roleDN)
                                 throws AMException

Method which verifies if the roleDN corresponds to an admin role. If true the memberOf and adminRole attributes of each member/user are set to the corresponding administration groupDN and administration groupRDN respectively. Each of the members/users are also added to the corresponding admin group.

Parameters:

token - single sign on token.

membersGuid - Guid array of members to be operated on.

roleDN - distinguished name of the role.

Throws:

AMException - if unsuccessful in adding the members to the corresponding admin group. As a result of which the memberOf and adminRole attributes are also not updated.

verifyAndUnLinkRoleToGroup

protected void verifyAndUnLinkRoleToGroup(SSOToken token,
                                          Set members,
                                          String roleDN)
                                   throws AMException

Verifies if the roleDN corresponds to an admin role. If true the memberOf and adminRole attributes of each member/user are set to null. Each of the members/users are also removed to the corresponding admin group.

Parameters:

token - single sign on token.

members - Set of member distinguished name to be operated.

roleDN - distinguished name of the role.

Throws:

AMException - if unsuccessful in removing the members from the corresponding administrative groups and updating the memberOf and adminRole attribute values to null.

verifyAndLinkGroupToRole

protected void verifyAndLinkGroupToRole(SSOToken token,
                                        Guid[] membersGuid,
                                        String groupDN)
                                 throws AMException

Method which verifies if the groupDN corresponds to an administrative role. If true then the members listed in membersGuid are added to the admin role.

Parameters:

token - SSO Token

membersGuid - Guid array of members to be operated on

groupDN - DN of the role

Throws:

AMException - if unsuccessful in adding the members to the corresponding admin group. As a result of which the memberOf and adminRole attributes are also not updated.

verifyAndUnLinkGroupToRole

protected void verifyAndUnLinkGroupToRole(SSOToken token,
                                          Set members,
                                          String groupDN)
                                   throws AMException

Method which verifies if the groupDN corresponds to an admin role. If true then the members are removed from the admin role.

Parameters:

token - Single Sign On Token.

members - Set of member DNs to be operated.

groupDN - Distinguished Name of the group.

Throws:

AMException - if unsuccessful in removing the members from the corresponding admin groups and updating the memberOf and adminRole attribute values to null.

verifyAttributes

protected void verifyAttributes(AttrSet attrSet)
                         throws AMException

Method which checks the attribute set for the presence of "inetuserstatus" attribute. If the attribute exists and has a value of "deleted", the method returns true, if not it returns false.

Parameters:

attrSet - The attrSet to be verified

Throws:

AMException - the attrSet has inetuserstatus attribute and the value of which is "deleted"

verifyAndGetAttributes

protected AttrSet verifyAndGetAttributes(PersistentObject po,
                                         String[] attributeNames)
                                  throws AMException

Method which adds additional compliance required attributes to the existing list of attribute names and then fetches the attribute set from LDAP. The compliance attributes are verified for "inetuserstatus" attribute.

Parameters:

po - a PersistentObject of the entry.

attributeNames - Array of attribute names.

Throws:

AMException - if the fetched attribute names has inetuserstatus attribute and the value of which is "deleted" or if unable to fetch the attribute set.

checkIfDeletedUser

protected void checkIfDeletedUser(SSOToken token,
                                  String userDN)
                           throws AMEntryExistsException

Method which checks if the entry corresponding to userDN represents a deleted user entry (entry with inetuserstatus:deleted)

Parameters:

token - a SSOToken object

userDN - a String representing a user DN

Throws:

AMEntryExistsException - if the userDN corresponds to a deleted user

checkIfDeletedOrg

protected void checkIfDeletedOrg(SSOToken token,
                                 String orgDN)
                          throws AMEntryExistsException

Method which checks if the entry corresponding to orgDN represents a deleted organization entry (entry with inetdomainstatus:deleted).

Parameters:

token - a SSOToken object.

orgDN - a String representing an organization DN.

Throws:

AMEntryExistsException - if the orgDN corresponds to a deleted organization.

isAncestorOrgDeleted

public boolean isAncestorOrgDeleted(SSOToken token,
                                    String dn,
                                    int profileType)
                             throws AMException

Method which checks all the parent organizations of this entry till the base DN, and returns true if any one of them is deleted.

Specified by:

isAncestorOrgDeleted in interface IComplianceServices

Parameters:

token - Single Sign On token of user.

dn - Distinguished name of the object.

profileType - the profile type of the object whose ancestor is being checked.

Returns:

True or false

Throws:

AMException - if there are errors from data layer.

cleanDeletedOrgCache

public void cleanDeletedOrgCache(String orgDN)

Method to clean up the deletedOrg cache, when an event notification occurs from the directory

Parameters:

orgDN - DN of organization that has been modified

verifyAndDeleteObject

public void verifyAndDeleteObject(SSOToken token,
                                  String profileDN)
                           throws AMException

Method which checks if the entry corresponding to DN represents a user entry. If so, it sets the inetuserstatus attribute of the user to deleted. Otherwise, it simply deletes the entry corresponding to the DN

Specified by:

verifyAndDeleteObject in interface IComplianceServices

Parameters:

token - a SSOToken object

profileDN - a String representing a DN

Throws:

AMException - if an error is encountered while setting the intetuserstatus attribute or if an error was encountered while performing a delete.

isAdminGroupsEnabled

public static boolean isAdminGroupsEnabled(String orgDN)
                                    throws AMException

Method which checks if Admin Groups need to be created for an organization.

Parameters:

orgDN - organization dn

Returns:

true if Admin Groups need to be created

Throws:

AMException - if an error is encountered

isUnderRootSuffix

protected static boolean isUnderRootSuffix(String objDN)

Method which checks if the object is directly under root suffix

Parameters:

objDN - object dn

Returns:

true if the object is directly under root suffix

createAdminGroups

protected void createAdminGroups(SSOToken token,
                                 PersistentObject org)
                          throws AMException,
                                 SSOException

Method which creates Admin Groups for an organization.

Parameters:

token - a SSOToken object

org - an organization object

Throws:

AMException - if an error is encountered

SSOException

isComplianceUserDeletionEnabled

public static boolean isComplianceUserDeletionEnabled()
                                               throws AMException

Method which checks if Compliance User Deletion is enabled

Returns:

true if Compliance User Deletion is enabled

Throws:

AMException - if an error is encountered

getDeletedObjectFilter

public String getDeletedObjectFilter(int objectType)
                              throws AMException,
                                     SSOException

Protected method to get the search filter to be used for searching for deleted objects.

Specified by:

getDeletedObjectFilter in interface IComplianceServices

Parameters:

objectType - Integer representing the object type

Returns:

Search filter @ throws AMException if an error occurs while trying to perform the operation.

Throws:

SSOException - if the user's single sign on token is invalid

AMException