Package com.iplanet.am.sdk.ldap

Class ComplianceServicesImpl

  • All Implemented Interfaces:
    AMConstants, IComplianceServices
    public class ComplianceServicesImpl
extends Object
implements AMConstants, IComplianceServices
    This class Compliance contains the functionality to support iPlanet Compliant DIT. The methods of this class will be used by other classes in com.iplanet.am.sdk package.

    In order to determine if iPlanet Compliance mode is required or not, the parameter com.iplanet.am.compliance will be verified. A value of true for this parameter, means iPlanet Compliance mode.

    NOTE: An explicit check must be performed using Compliance. isIplanetCompliant() method before calling any other methods in this class.

    • Constructor Detail

      • ComplianceServicesImpl

        public ComplianceServicesImpl()

    • Method Detail

      • verifyAndLinkRoleToGroup

        protected void verifyAndLinkRoleToGroup​(SSOToken token,
                                        Guid[] membersGuid,
                                        String roleDN)
                                 throws AMException
        Method which verifies if the roleDN corresponds to an admin role. If true the memberOf and adminRole attributes of each member/user are set to the corresponding administration groupDN and administration groupRDN respectively. Each of the members/users are also added to the corresponding admin group.
        Parameters:
        token - single sign on token.
        membersGuid - Guid array of members to be operated on.
        roleDN - distinguished name of the role.
        Throws:
        AMException - if unsuccessful in adding the members to the corresponding admin group. As a result of which the memberOf and adminRole attributes are also not updated.

      • verifyAndUnLinkRoleToGroup

        protected void verifyAndUnLinkRoleToGroup​(SSOToken token,
                                          Set members,
                                          String roleDN)
                                   throws AMException
        Verifies if the roleDN corresponds to an admin role. If true the memberOf and adminRole attributes of each member/user are set to null. Each of the members/users are also removed to the corresponding admin group.
        Parameters:
        token - single sign on token.
        members - Set of member distinguished name to be operated.
        roleDN - distinguished name of the role.
        Throws:
        AMException - if unsuccessful in removing the members from the corresponding administrative groups and updating the memberOf and adminRole attribute values to null.

      • verifyAndLinkGroupToRole

        protected void verifyAndLinkGroupToRole​(SSOToken token,
                                        Guid[] membersGuid,
                                        String groupDN)
                                 throws AMException
        Method which verifies if the groupDN corresponds to an administrative role. If true then the members listed in membersGuid are added to the admin role.
        Parameters:
        token - SSO Token
        membersGuid - Guid array of members to be operated on
        groupDN - DN of the role
        Throws:
        AMException - if unsuccessful in adding the members to the corresponding admin group. As a result of which the memberOf and adminRole attributes are also not updated.

      • verifyAndUnLinkGroupToRole

        protected void verifyAndUnLinkGroupToRole​(SSOToken token,
                                          Set members,
                                          String groupDN)
                                   throws AMException
        Method which verifies if the groupDN corresponds to an admin role. If true then the members are removed from the admin role.
        Parameters:
        token - Single Sign On Token.
        members - Set of member DNs to be operated.
        groupDN - Distinguished Name of the group.
        Throws:
        AMException - if unsuccessful in removing the members from the corresponding admin groups and updating the memberOf and adminRole attribute values to null.

      • verifyAttributes

        protected void verifyAttributes​(AttrSet attrSet)
                         throws AMException
        Method which checks the attribute set for the presence of "inetuserstatus" attribute. If the attribute exists and has a value of "deleted", the method returns true, if not it returns false.

        Parameters:
        attrSet - The attrSet to be verified
        Throws:
        AMException - the attrSet has inetuserstatus attribute and the value of which is "deleted"

      • verifyAndGetAttributes

        protected AttrSet verifyAndGetAttributes​(PersistentObject po,
                                         String[] attributeNames)
                                  throws AMException
        Method which adds additional compliance required attributes to the existing list of attribute names and then fetches the attribute set from LDAP. The compliance attributes are verified for "inetuserstatus" attribute.

        Parameters:
        po - a PersistentObject of the entry.
        attributeNames - Array of attribute names.
        Throws:
        AMException - if the fetched attribute names has inetuserstatus attribute and the value of which is "deleted" or if unable to fetch the attribute set.

      • checkIfDeletedUser

        protected void checkIfDeletedUser​(SSOToken token,
                                  String userDN)
                           throws AMEntryExistsException
        Method which checks if the entry corresponding to userDN represents a deleted user entry (entry with inetuserstatus:deleted)
        Parameters:
        token - a SSOToken object
        userDN - a String representing a user DN
        Throws:
        AMEntryExistsException - if the userDN corresponds to a deleted user

      • checkIfDeletedOrg

        protected void checkIfDeletedOrg​(SSOToken token,
                                 String orgDN)
                          throws AMEntryExistsException
        Method which checks if the entry corresponding to orgDN represents a deleted organization entry (entry with inetdomainstatus:deleted).
        Parameters:
        token - a SSOToken object.
        orgDN - a String representing an organization DN.
        Throws:
        AMEntryExistsException - if the orgDN corresponds to a deleted organization.

      • isAncestorOrgDeleted

        public boolean isAncestorOrgDeleted​(SSOToken token,
                                    String dn,
                                    int profileType)
                             throws AMException
        Method which checks all the parent organizations of this entry till the base DN, and returns true if any one of them is deleted.
        Specified by:
        isAncestorOrgDeleted in interface IComplianceServices
        Parameters:
        token - Single Sign On token of user.
        dn - Distinguished name of the object.
        profileType - the profile type of the object whose ancestor is being checked.
        Returns:
        True or false
        Throws:
        AMException - if there are errors from data layer.

      • cleanDeletedOrgCache

        public void cleanDeletedOrgCache​(String orgDN)
        Method to clean up the deletedOrg cache, when an event notification occurs from the directory
        Parameters:
        orgDN - DN of organization that has been modified

      • verifyAndDeleteObject

        public void verifyAndDeleteObject​(SSOToken token,
                                  String profileDN)
                           throws AMException
        Method which checks if the entry corresponding to DN represents a user entry. If so, it sets the inetuserstatus attribute of the user to deleted. Otherwise, it simply deletes the entry corresponding to the DN
        Specified by:
        verifyAndDeleteObject in interface IComplianceServices
        Parameters:
        token - a SSOToken object
        profileDN - a String representing a DN
        Throws:
        AMException - if an error is encountered while setting the intetuserstatus attribute or if an error was encountered while performing a delete.

      • isAdminGroupsEnabled

        public static boolean isAdminGroupsEnabled​(String orgDN)
                                    throws AMException
        Method which checks if Admin Groups need to be created for an organization.
        Parameters:
        orgDN - organization dn
        Returns:
        true if Admin Groups need to be created
        Throws:
        AMException - if an error is encountered

      • isUnderRootSuffix

        protected static boolean isUnderRootSuffix​(String objDN)
        Method which checks if the object is directly under root suffix
        Parameters:
        objDN - object dn
        Returns:
        true if the object is directly under root suffix

      • isComplianceUserDeletionEnabled

        public static boolean isComplianceUserDeletionEnabled()
                                               throws AMException
        Method which checks if Compliance User Deletion is enabled
        Returns:
        true if Compliance User Deletion is enabled
        Throws:
        AMException - if an error is encountered

      • getDeletedObjectFilter

        public String getDeletedObjectFilter​(int objectType)
                              throws AMException,
                                     SSOException
        Protected method to get the search filter to be used for searching for deleted objects.
        Specified by:
        getDeletedObjectFilter in interface IComplianceServices
        Parameters:
        objectType - Integer representing the object type
        Returns:
        Search filter @ throws AMException if an error occurs while trying to perform the operation.
        Throws:
        SSOException - if the user's single sign on token is invalid
        AMException