Package com.iplanet.am.sdk.ldap

Class DirectoryServicesImpl

    • Field Detail

      • EXTERNAL_ATTRIBUTES_FETCH_ENABLED_ATTR

        protected static final String EXTERNAL_ATTRIBUTES_FETCH_ENABLED_ATTR
        See Also:
        Constant Field Values

      • NSROLEDN_ATTR

        protected static String NSROLEDN_ATTR

      • NSROLE_ATTR

        protected static String NSROLE_ATTR

      • debug

        public static Debug debug

      • isUserPluginInitialized

        public static boolean isUserPluginInitialized

      • internalToken

        protected SSOToken internalToken

    • Constructor Detail

      • DirectoryServicesImpl

        public DirectoryServicesImpl()
        Ideally this constructor should be private, since we are extending this class, it needs to be public. This constructor should not be used to create an instance of this class.

        Use AMDirectoryWrapper.getInstance() to create an instance.

    • Method Detail

      • isExternalGetAttributesEnabled

        protected static boolean isExternalGetAttributesEnabled​(String orgDN)
        Method to check if the CallBack plugins are enabled for reading external attributes.

      • getUserPostPlugin

        public static AMUserEntryProcessed getUserPostPlugin()
        Gets the user post plugin instance. Returns a null if plugin not configured could not be loaded. TODO: REMOVE after few releases. Supported through AMCallBack

      • doesEntryExists

        public boolean doesEntryExists​(SSOToken token,
                               String entryDN)
        Checks if the entry exists in the directory.
        Specified by:
        doesEntryExists in interface IDirectoryServices
        Parameters:
        token - a valid SSOToken
        entryDN - The DN of the entry that needs to be checked
        Returns:
        true if the entryDN exists in the directory, false otherwise

      • getObjectType

        public int getObjectType​(SSOToken token,
                         String dn)
                  throws AMException,
                         SSOException
        Gets the type of the object given its DN.
        Specified by:
        getObjectType in interface IDirectoryServices
        Parameters:
        token - token a valid SSOToken
        dn - DN of the object whose type is to be known.
        Returns:
        Integer type of the entry.
        Throws:
        AMException - if the data store is unavailable or if the object type is unknown
        SSOException - if ssoToken is invalid or expired.

      • getObjectType

        public int getObjectType​(SSOToken token,
                         String dn,
                         Map cachedAttributes)
                  throws AMException,
                         SSOException
        Gets the type of the object given its DN.
        Specified by:
        getObjectType in interface IDirectoryServices
        Parameters:
        token - token a valid SSOToken
        dn - DN of the object whose type is to be known.
        cachedAttributes - cached attributes of the user
        Returns:
        Integer type of the entry.
        Throws:
        AMException - if the data store is unavailable or if the object type is unknown
        SSOException - if ssoToken is invalid or expired.

      • getDCTreeAttributes

        public Map getDCTreeAttributes​(SSOToken token,
                               String entryDN,
                               Set attrNames,
                               boolean byteValues,
                               int objectType)
                        throws AMException,
                               SSOException
        Gets the attributes for this entryDN from the corresponding DC Tree node. The attributes are fetched only for Organization entries in DC tree mode.
        Specified by:
        getDCTreeAttributes in interface IDirectoryServices
        Parameters:
        token - a valid SSOToken
        entryDN - the dn of the entry
        attrNames - attribute names
        byteValues - true if result in byte
        objectType - the object type.
        Returns:
        an AttrSet of values or null if not found
        Throws:
        AMException - if error encountered in fetching the DC node attributes.
        SSOException - If user's single sign on token is invalid.

      • getAttributes

        public Map getAttributes​(SSOToken token,
                         String entryDN,
                         int profileType)
                  throws AMException,
                         SSOException
        Description copied from interface: IDirectoryServices
        Returns a Map with attribute-values requested from the directory.
        Specified by:
        getAttributes in interface IDirectoryServices
        Parameters:
        token - User's single sign on token
        entryDN - DN of the entry.
        profileType - Integer representing type of the object.
        Returns:
        Map of attribute-values.
        Throws:
        AMException - If unable to access datastore
        SSOException - If user's single sign on token is invalid.

      • getAttributes

        public Map getAttributes​(SSOToken token,
                         String entryDN,
                         Set attrNames,
                         int profileType)
                  throws AMException,
                         SSOException
        Description copied from interface: IDirectoryServices
        Returns a Map with attribute-values requested from the directory.
        Specified by:
        getAttributes in interface IDirectoryServices
        Parameters:
        token - User's single sign on token
        entryDN - DN of the entry.
        attrNames - Set of attributes to be read.
        profileType - Integer representing type of the object.
        Returns:
        Map of attribute-values.
        Throws:
        AMException - If unable to access datastore
        SSOException - If user's single sign on token is invalid.

      • getAttributesFromDS

        public Map getAttributesFromDS​(SSOToken token,
                               String entryDN,
                               Set attrNames,
                               int profileType)
                        throws AMException,
                               SSOException
        Description copied from interface: IDirectoryServices
        Returns a Map with attribute-values fetched directly from the Directory. This API will avoid caching the attributes.
        Specified by:
        getAttributesFromDS in interface IDirectoryServices
        Parameters:
        token - User's single sign on token
        entryDN - DN of the entry.
        attrNames - Set of attributes to be read.
        profileType - Integer representing type of the object.
        Returns:
        Map of attribute-values.
        Throws:
        AMException - If unable to access datastore
        SSOException - If user's single sign on token is invalid.

      • getAttributesByteValues

        public Map getAttributesByteValues​(SSOToken token,
                                   String entryDN,
                                   Set attrNames,
                                   int profileType)
                            throws AMException,
                                   SSOException
        Description copied from interface: IDirectoryServices
        Returns a map of attribute-values for binary attributes.
        Specified by:
        getAttributesByteValues in interface IDirectoryServices
        Parameters:
        token - User's single sign on token
        entryDN - DN of the entry.
        attrNames - Names of the attributes to be read.
        profileType - Integer representing type of the object.
        Returns:
        Map of attribute-values.
        Throws:
        AMException - If unable to access datastore
        SSOException - If user's single sign on token is invalid.

      • getAttributes

        public Map getAttributes​(SSOToken token,
                         String entryDN,
                         boolean ignoreCompliance,
                         boolean byteValues,
                         int profileType)
                  throws AMException,
                         SSOException
        Gets all attributes corresponding to the entryDN. This method obtains the DC Tree node attributes and also performs compliance related verification checks in compliance mode. Note: In compliance mode you can skip the compliance checks by setting ignoreCompliance to "false".
        Specified by:
        getAttributes in interface IDirectoryServices
        Parameters:
        token - a valid SSOToken
        entryDN - the DN of the entry whose attributes need to retrieved
        ignoreCompliance - a boolean value specificying if compliance related entries need to ignored or not. Ignored if true.
        byteValues - Return binary attributes, if true.
        profileType - Integer representing type of the object.
        Returns:
        a Map containing attribute names as keys and Set of values corresponding to each key.
        Throws:
        AMException - if an error is encountered in fetching the attributes
        SSOException - If user's single sign on token is invalid.

      • getAttributes

        public Map getAttributes​(SSOToken token,
                         String entryDN,
                         Set attrNames,
                         boolean ignoreCompliance,
                         boolean byteValues,
                         int profileType)
                  throws AMException,
                         SSOException
        Description copied from interface: IDirectoryServices
        Returns a map of attribute-values for requested attributes.
        Specified by:
        getAttributes in interface IDirectoryServices
        Parameters:
        token - User's single sign on token
        entryDN - DN of the entry.
        attrNames - Set of attribute names to be read.
        ignoreCompliance - Ignore compliance mode when constructing search filters.
        byteValues - Return binary attributes, if true.
        profileType - Integer representing type of the object.
        Returns:
        Map of attribute-values.
        Throws:
        AMException - If unable to access datastore
        SSOException - If user's single sign on token is invalid.

      • getAttributesFromDS

        public Map getAttributesFromDS​(SSOToken token,
                               String entryDN,
                               Set attrNames,
                               boolean ignoreCompliance,
                               boolean byteValues,
                               int profileType)
                        throws AMException,
                               SSOException
        Gets the specific attributes corresponding to the entryDN. This method obtains the DC Tree node attributes and also performs compliance related verification checks in compliance mode. Note: In compliance mode you can skip the compliance checks by setting ignoreCompliance to "false".
        Parameters:
        token - a valid SSOToken
        entryDN - the DN of the entry whose attributes need to retrieved
        attrNames - a Set of names of the attributes that need to be retrieved. The attrNames should not be null.
        ignoreCompliance - a boolean value specificying if compliance related entries need to ignored or not. Ignored if true.
        Returns:
        a Map containing attribute names as keys and Set of values corresponding to each key.
        Throws:
        AMException - if an error is encountered in fetching the attributes
        SSOException

      • getOrganizationDN

        public String getOrganizationDN​(SSOToken token,
                                String entryDN)
                         throws AMException
        Gets the Organization DN for the specified entryDN. If the entry itself is an org, then same DN is returned.

        NOTE: This method will involve serveral directory searches, hence be cautious of Performance hit

        Specified by:
        getOrganizationDN in interface IDirectoryServices
        Parameters:
        token - a valid SSOToken
        entryDN - the entry whose parent Organization is to be obtained
        Returns:
        the DN String of the parent Organization
        Throws:
        AMException - if an error occured while obtaining the parent Organization

      • getExternalAttributes

        public Map getExternalAttributes​(SSOToken token,
                                 String entryDN,
                                 Set attrNames,
                                 int profileType)
                          throws AMException
        Returns attributes from an external data store.
        Specified by:
        getExternalAttributes in interface IDirectoryServices
        Parameters:
        token - Single sign on token of user
        entryDN - DN of the entry user is trying to read
        attrNames - Set of attributes to be read
        profileType - Integer determining the type of profile being read
        Returns:
        A Map of attribute-value pairs
        Throws:
        AMException - if an error occurs when trying to read external datastore

      • updateUserAttribute

        public void updateUserAttribute​(SSOToken token,
                                Set members,
                                String staticGroupDN,
                                boolean toAdd)
                         throws AMException
        Adds or remove static group DN to or from member attribute 'iplanet-am-static-group-dn'
        Specified by:
        updateUserAttribute in interface IDirectoryServices
        Parameters:
        token - SSOToken
        members - set of user DN's
        staticGroupDN - DN of the static group
        toAdd - true to add, false to remove
        Throws:
        AMException - if there is an internal problem with AM Store.

      • removeEntry

        public void removeEntry​(SSOToken token,
                        String entryDN,
                        int objectType,
                        boolean recursive,
                        boolean softDelete)
                 throws AMException,
                        SSOException
        Remove an entry from the directory.
        Specified by:
        removeEntry in interface IDirectoryServices
        Parameters:
        token - SSOToken
        entryDN - dn of the profile to be removed
        objectType - profile type
        recursive - if true, remove all sub entries & the object
        softDelete - Used to let pre/post callback plugins know that this delete is either a soft delete (marked for deletion) or a purge/hard delete itself, otherwise, remove the object only
        Throws:
        AMException
        SSOException

      • search

        public Set search​(SSOToken token,
                  String entryDN,
                  String searchFilter,
                  int searchScope)
           throws AMException
        Searches the Directory
        Specified by:
        search in interface IDirectoryServices
        Parameters:
        token - SSOToken
        entryDN - DN of the entry to start the search with
        searchFilter - search filter
        searchScope - search scope, BASE, ONELEVEL or SUBTREE
        Returns:
        Set set of matching DNs
        Throws:
        AMException

      • search

        public AMSearchResults search​(SSOToken token,
                              String entryDN,
                              String searchFilter,
                              SearchControl searchControl,
                              String[] attrNames)
                       throws AMException
        Search the Directory
        Specified by:
        search in interface IDirectoryServices
        Parameters:
        token - SSOToken
        entryDN - DN of the entry to start the search with
        searchFilter - search filter
        searchControl - search control defining the VLV indexes and search scope
        attrNames - name of attributes
        Returns:
        Set set of matching DNs
        Throws:
        AMException

      • getMembers

        public Set getMembers​(SSOToken token,
                      String entryDN,
                      int objectType)
               throws AMException
        Get members for roles, dynamic group or static group
        Specified by:
        getMembers in interface IDirectoryServices
        Parameters:
        token - SSOToken
        entryDN - DN of the role or group
        objectType - objectType of the target object, AMObject.ROLE or AMObject.GROUP
        Returns:
        Set Member DNs
        Throws:
        AMException

      • renameEntry

        public String renameEntry​(SSOToken token,
                          int objectType,
                          String entryDN,
                          String newName,
                          boolean deleteOldName)
                   throws AMException
        Renames an entry. Currently used for only user renaming
        Specified by:
        renameEntry in interface IDirectoryServices
        Parameters:
        token - the sso token
        objectType - the type of entry
        entryDN - the entry DN
        newName - the new name (i.e., if RDN is cn=John, the value passed should be "John"
        deleteOldName - if true the old name is deleted otherwise it is retained.
        Returns:
        new DN of the renamed entry
        Throws:
        AMException - if the operation was not successful

      • setAttributes

        public void setAttributes​(SSOToken token,
                          String entryDN,
                          int objectType,
                          Map stringAttributes,
                          Map byteAttributes,
                          boolean isAdd)
                   throws AMException,
                          SSOException
        Method Set the attributes of an entry.
        Specified by:
        setAttributes in interface IDirectoryServices
        Parameters:
        token - SSOToken
        entryDN - DN of the profile whose template is to be set
        objectType - profile type
        stringAttributes - attributes to be set
        byteAttributes - attributes to be set
        isAdd - true if add to existing value; otherwise replace the existing value.
        Throws:
        AMException
        SSOException

      • changePassword

        public void changePassword​(SSOToken token,
                           String entryDN,
                           String attrName,
                           String oldPassword,
                           String newPassword)
                    throws AMException,
                           SSOException
        Changes user password.
        Specified by:
        changePassword in interface IDirectoryServices
        Parameters:
        token - Single sign on token
        entryDN - DN of the profile whose template is to be set
        attrName - password attribute name
        oldPassword - old password
        newPassword - new password
        Throws:
        AMException - if an error occurs when changing user password
        SSOException - If user's single sign on token is invalid.

      • modifyMemberShip

        public void modifyMemberShip​(SSOToken token,
                             Set members,
                             String target,
                             int type,
                             int operation)
                      throws AMException
        Modify member ship for role or static group
        Specified by:
        modifyMemberShip in interface IDirectoryServices
        Parameters:
        token - SSOToken
        members - Set of member DN to be operated
        target - DN of the target object to add the member
        type - type of the target object, AMObject.ROLE or AMObject.GROUP
        operation - type of operation, ADD_MEMBER or REMOVE_MEMBER
        Throws:
        AMException

      • unRegisterService

        public void unRegisterService​(SSOToken token,
                              String entryDN,
                              int objectType,
                              String serviceName,
                              int type)
                       throws AMException
        Un register service for a AMro profile.
        Specified by:
        unRegisterService in interface IDirectoryServices
        Parameters:
        token - SSOToken
        entryDN - DN of the profile whose service is to be removed
        objectType - profile type
        serviceName - Service Name
        type - Template type
        Throws:
        AMException

      • getAMTemplateDN

        public String getAMTemplateDN​(SSOToken token,
                              String entryDN,
                              int objectType,
                              String serviceName,
                              int type)
                       throws AMException
        Get the AMTemplate DN (COSTemplateDN)
        Specified by:
        getAMTemplateDN in interface IDirectoryServices
        Parameters:
        token - SSOToken
        entryDN - DN of the profile whose template is to be set
        serviceName - Service Name
        type - the template type, AMTemplate.DYNAMIC_TEMPLATE
        Returns:
        String DN of the AMTemplate
        Throws:
        AMException

      • createAMTemplate

        public String createAMTemplate​(SSOToken token,
                               String entryDN,
                               int objectType,
                               String serviceName,
                               Map attributes,
                               int priority)
                        throws AMException
        Create an AMTemplate (COSTemplate)
        Specified by:
        createAMTemplate in interface IDirectoryServices
        Parameters:
        token - token
        entryDN - DN of the profile whose template is to be set
        objectType - the entry type
        serviceName - Service Name
        attributes - attributes to be set
        priority - template priority
        Returns:
        String DN of the newly created template
        Throws:
        AMException

      • getNamingAttribute

        protected String getNamingAttribute​(int objectType)

      • getNamingAttribute

        public String getNamingAttribute​(int objectType,
                                 String orgDN)
        Gets the naming attribute after reading it from the corresponding creation template. If not found, a default value will be used
        Specified by:
        getNamingAttribute in interface IDirectoryServices
        Parameters:
        objectType - the type of object of interest.
        orgDN - the organization dn the object belongs to.
        Returns:
        the naming attribute for the object.

      • getCreationTemplateName

        public String getCreationTemplateName​(int objectType)
        Get the name of the creation template to use for specified object type.
        Specified by:
        getCreationTemplateName in interface IDirectoryServices
        Parameters:
        objectType - Integere representing object type
        Returns:
        Name of creation template

      • getObjectClassFromDS

        public String getObjectClassFromDS​(int objectType)

      • getObjectClass

        public String getObjectClass​(int objectType)
        Description copied from interface: IDirectoryServices
        Returns the objectclass representing an object type.
        Specified by:
        getObjectClass in interface IDirectoryServices
        Parameters:
        objectType - the type of object of interest.
        Returns:
        the objectclass for the representing the object type.

      • getObjectType

        public int getObjectType​(String objectClass)

      • getSearchFilterFromTemplate

        public String getSearchFilterFromTemplate​(int objectType,
                                          String orgDN,
                                          String searchTemplateName)
        Description copied from interface: IDirectoryServices
        Returns the search filter of a given search template.
        Specified by:
        getSearchFilterFromTemplate in interface IDirectoryServices
        Parameters:
        objectType - Integere represenintg object type.
        orgDN - Organization
        searchTemplateName - Name of search template
        Returns:
        Search filter

      • getAttributesForSchema

        public Set getAttributesForSchema​(String objectclass)
        Returns the set of attributes (both optional and required) needed for an objectclass based on the LDAP schema
        Specified by:
        getAttributesForSchema in interface IDirectoryServices
        Parameters:
        objectclass -
        Returns:
        the attributes for the objectclass

      • verifyAndGetOrgDN

        public String verifyAndGetOrgDN​(SSOToken token,
                                String entryDN,
                                String childDN)
                         throws AMException
        Gets the Organization DN for the specified entryDN. If the entry itself is an org, then same DN is returned.
        Specified by:
        verifyAndGetOrgDN in interface IDirectoryServices
        Parameters:
        token - a valid SSOToken
        entryDN - the entry whose parent Organization is to be obtained
        childDN - the immediate entry whose parent Organization is to be obtained
        Returns:
        the DN String of the parent Organization
        Throws:
        AMException - if an error occured while obtaining the parent Organization