org.identityconnectors.ldap

Class LdapConnector

java.lang.Object

org.identityconnectors.ldap.LdapConnector

All Implemented Interfaces:

Connector, AuthenticateOp, CreateOp, DeleteOp, ResolveUsernameOp, SchemaOp, SearchOp<LdapFilter>, SPIOperation, SyncOp, TestOp, UpdateAttributeValuesOp, UpdateOp, PoolableConnector

public class LdapConnector
extends Object
implements TestOp, PoolableConnector, SchemaOp, SearchOp<LdapFilter>, AuthenticateOp, ResolveUsernameOp, CreateOp, DeleteOp, UpdateAttributeValuesOp, SyncOp

Constructor Summary

Constructors

Constructor and Description
LdapConnector()

Method Summary

Modifier and Type	Method and Description
Uid	addAttributeValues(ObjectClass objectClass, Uid uid, Set<Attribute> valuesToAdd, OperationOptions options) Update the object specified by the ObjectClass and Uid, adding to the current values of each attribute the values provided.
Uid	authenticate(ObjectClass objectClass, String username, GuardedString password, OperationOptions options) Simple authentication with two parameters presumed to be user name and password.
void	checkAlive() Checks if the connector is still alive.
Uid	create(ObjectClass objectClass, Set<Attribute> attrs, OperationOptions options) The Connector developer is responsible for taking the attributes given (which always includes the ObjectClass) and create an object and its Uid.
FilterTranslator<LdapFilter>	createFilterTranslator(ObjectClass objectClass, OperationOptions options) Creates a filter translator that will translate a specified filter into one or more native queries.
void	delete(ObjectClass objectClass, Uid uid, OperationOptions options) The Connector developer is responsible for calling the native delete methods to remove the object specified by its unique id.
void	dispose() Dispose of any resources the Connector uses.
void	executeQuery(ObjectClass objectClass, LdapFilter query, ResultsHandler handler, OperationOptions options) ConnectorFacade calls this method once for each native query that the FilterTranslator produces in response to the Filter passed into SearchApiOp.
Configuration	getConfiguration() Return the configuration that was passed to Connector.init(Configuration).
SyncToken	getLatestSyncToken(ObjectClass objectClass) Returns the token corresponding to the most recent synchronization event.
void	init(Configuration cfg) Initialize the connector with its configuration.
Uid	removeAttributeValues(ObjectClass objectClass, Uid uid, Set<Attribute> valuesToRemove, OperationOptions options) Update the object specified by the ObjectClass and Uid, removing from the current values of each attribute the values provided.
Uid	resolveUsername(ObjectClass objectClass, String username, OperationOptions options) Resolve an object to its Uid based on its username.
Schema	schema() Describes the types of objects this Connector supports.
void	sync(ObjectClass objectClass, SyncToken token, SyncResultsHandler handler, OperationOptions options) Request synchronization events--i.e., native changes to target objects.
void	test() Tests the Configuration with the connector.
Uid	update(ObjectClass objectClass, Uid uid, Set<Attribute> replaceAttributes, OperationOptions options) Update the object specified by the ObjectClass and Uid, replacing the current values of each attribute with the values provided.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LdapConnector

public LdapConnector()

Method Detail

getConfiguration

public Configuration getConfiguration()

Description copied from interface: Connector

Return the configuration that was passed to Connector.init(Configuration).

Specified by:

getConfiguration in interface Connector

Returns:

The configuration that was passed to Connector.init(Configuration).

init

public void init(Configuration cfg)

Description copied from interface: Connector

Initialize the connector with its configuration. For instance in a JDBC Connector this would include the database URL, password, and user.

Specified by:

init in interface Connector

Parameters:

cfg - instance of the Configuration object implemented by the Connector developer and populated with information in order to initialize the Connector.

dispose

public void dispose()

Description copied from interface: Connector

Dispose of any resources the Connector uses.

Specified by:

dispose in interface Connector

test

public void test()

Description copied from interface: TestOp

Tests the Configuration with the connector.

Specified by:

test in interface TestOp

checkAlive

public void checkAlive()

Description copied from interface: PoolableConnector

Checks if the connector is still alive.

A connector can spend a large amount of time in the pool before being used. This method is intended to check if the connector is alive and operations can be invoked on it (for instance, an implementation would check that the connector's physical connection to the resource has not timed out).

The major difference between this method and TestOp.test() is that this method must do only the minimum that is necessary to check that the connector is still alive. TestOp.test() does a more thorough check of the environment specified in the Configuration, and can therefore be much slower.

This method can be called often. Implementations should do their best to keep this method fast.

Specified by:

checkAlive in interface PoolableConnector

schema

public Schema schema()

Description copied from interface: SchemaOp

Describes the types of objects this Connector supports. This method is considered an operation since determining supported objects may require configuration information and allows this determination to be dynamic.

The special Uid attribute should never appear in the schema, as it is not a true attribute of an object, rather a reference to it. If your resource object-class has a writable unique id attribute that is different than its Name, then your schema should contain a resource-specific attribute that represents this unique id. For example, a Unix account object might contain unix_uid.

Specified by:

schema in interface SchemaOp

Returns:

basic schema supported by this Connector.

authenticate

public Uid authenticate(ObjectClass objectClass,
                        String username,
                        GuardedString password,
                        OperationOptions options)

Description copied from interface: AuthenticateOp

Simple authentication with two parameters presumed to be user name and password. The Connector developer is expected to attempt to authenticate these credentials natively. If the authentication fails the developer should throw a type of RuntimeException either IllegalArgumentException or if a native exception is available and if its of type RuntimeException simple throw it. If the native exception is not a RuntimeException wrap it in one and throw it. This will provide the most detail for logging problem and failed attempts.

The developer is of course encourage to try and throw the most informative exception as possible. In that regards there are several exceptions provided in the exceptions package. For instance one of the most common is InvalidPasswordException.

Specified by:

authenticate in interface AuthenticateOp

Parameters:

objectClass - The object class to use for authenticate. Will typically be an account. Must not be null.

username - the name based credential for authentication.

password - the password based credential for authentication.

options - additional options that impact the way this operation is run. If the caller passes null, the framework will convert this into an empty set of options, so SPI need not worry about this ever being null.

Returns:

Uid The uid of the account that was used to authenticate

resolveUsername

public Uid resolveUsername(ObjectClass objectClass,
                           String username,
                           OperationOptions options)

Description copied from interface: ResolveUsernameOp

Resolve an object to its Uid based on its username. This is a companion to the simple authentication. The difference is that this method does not have a password parameter and does not try to authenticate the credentials; instead, it returns the Uid corresponding to the username. Implementations method must, however, validate the username (i.e., they must throw and exception if the username does not correspond to an existing object).

If the username validation fails, the developer should throw a type of RuntimeException either IllegalArgumentException or if a native exception is available and if its of type RuntimeException simple throw it. If the native exception is not a RuntimeException wrap it in one and throw it. This will provide the most detail for logging problem and failed attempts.

The developer is of course encourage to try and throw the most informative exception as possible. In that regards there are several exceptions provided in the exceptions package. For instance one of the most common is UnknownUidException.

Specified by:

resolveUsername in interface ResolveUsernameOp

Parameters:

objectClass - The object class to resolve the username for. Will typically be an account. Will not be null.

username - the username to resolve. Will not be null.

options - additional options that impact the way this operation is run. If the caller passes null, the framework will convert this into an empty set of options, so SPI need not worry about this ever being null.

Returns:

Uid The uid of the object corresponding to the username.

createFilterTranslator

public FilterTranslator<LdapFilter> createFilterTranslator(ObjectClass objectClass,
                                                           OperationOptions options)

Description copied from interface: SearchOp

Creates a filter translator that will translate a specified filter into one or more native queries. Each of these native queries will be passed subsequently into executeQuery().

Specified by:

createFilterTranslator in interface SearchOp<LdapFilter>

Parameters:

objectClass - The object class for the search. Will never be null.

options - additional options that impact the way this operation is run. If the caller passes null, the framework will convert this into an empty set of options, so SPI need not worry about this ever being null.

Returns:

A filter translator. This must not be null. A null return value will cause the API ( SearchApiOp) to throw NullPointerException.

executeQuery

public void executeQuery(ObjectClass objectClass,
                         LdapFilter query,
                         ResultsHandler handler,
                         OperationOptions options)

Description copied from interface: SearchOp

ConnectorFacade calls this method once for each native query that the FilterTranslator produces in response to the Filter passed into SearchApiOp. If the FilterTranslator produces more than one native query, then ConnectorFacade will automatically merge the results from each query and eliminate any duplicates. NOTE that this implies an in-memory data structure that holds a set of Uid values, so memory usage in the event of multiple queries will be O(N) where N is the number of results. This is why it is important that the FilterTranslator for each Connector implement OR if possible.

Specified by:

executeQuery in interface SearchOp<LdapFilter>

Parameters:

objectClass - The object class for the search. Will never be null.

query - The native query to run. A value of null means "return every instance of the given object class".

handler - Results should be returned to this handler

options - Additional options that impact the way this operation is run. If the caller passes null, the framework will convert this into an empty set of options, so SPI need not guard against options being null.

create

public Uid create(ObjectClass objectClass,
                  Set<Attribute> attrs,
                  OperationOptions options)

Description copied from interface: CreateOp

The Connector developer is responsible for taking the attributes given (which always includes the ObjectClass) and create an object and its Uid. The Connector developer must return the Uid so that the caller can refer to the created object.

*Note: There will never be a Uid passed in with the attribute set for this method. If the resource supports some sort of mutable Uid, you should create your own resource-specific attribute for it, such as unix_uid.

Specified by:

create in interface CreateOp

Parameters:

objectClass - the type of object to create. Will never be null.

attrs - includes all the attributes necessary to create the resource object including the ObjectClass attribute and Name attribute.

options - additional options that impact the way this operation is run. If the caller passes null, the framework will convert this into an empty set of options, so SPI need not worry about this ever being null.

Returns:

the unique id for the object that is created. For instance in LDAP this would be the 'dn', for a database this would be the primary key, and for 'ActiveDirectory' this would be the GUID.

delete

public void delete(ObjectClass objectClass,
                   Uid uid,
                   OperationOptions options)

Description copied from interface: DeleteOp

The Connector developer is responsible for calling the native delete methods to remove the object specified by its unique id.

Specified by:

delete in interface DeleteOp

Parameters:

objectClass - type of object to delete.

uid - The unique id that specifies the object to delete.

options - additional options that impact the way this operation is run. If the caller passes null, the framework will convert this into an empty set of options, so SPI need not worry about this ever being null.

update

public Uid update(ObjectClass objectClass,
                  Uid uid,
                  Set<Attribute> replaceAttributes,
                  OperationOptions options)

Description copied from interface: UpdateOp

Update the object specified by the ObjectClass and Uid, replacing the current values of each attribute with the values provided.

For each input attribute, replace all of the current values of that attribute in the target object with the values of that attribute.

If the target object does not currently contain an attribute that the input set contains, then add this attribute (along with the provided values) to the target object.

If the value of an attribute in the input set is null, then do one of the following, depending on which is most appropriate for the target:

• If possible, remove that attribute from the target object entirely.
• Otherwise, replace all of the current values of that attribute in the target object with a single value of null.

Specified by:

update in interface UpdateOp

Parameters:

objectClass - the type of object to modify. Will never be null.

uid - the uid of the object to modify. Will never be null.

replaceAttributes - set of new Attribute. the values in this set represent the new, merged values to be applied to the object. This set may also include operational attributes. Will never be null.

options - additional options that impact the way this operation is run. Will never be null.

Returns:

the Uid of the updated object in case the update changes the formation of the unique identifier.

addAttributeValues

public Uid addAttributeValues(ObjectClass objectClass,
                              Uid uid,
                              Set<Attribute> valuesToAdd,
                              OperationOptions options)

Description copied from interface: UpdateAttributeValuesOp

Update the object specified by the ObjectClass and Uid, adding to the current values of each attribute the values provided.

For each attribute that the input set contains, add to the current values of that attribute in the target object all of the values of that attribute in the input set.

NOTE that this does not specify how to handle duplicate values. The general assumption for an attribute of a ConnectorObject is that the values for an attribute may contain duplicates. Therefore, in general simply append the provided values to the current value for each attribute.

Specified by:

addAttributeValues in interface UpdateAttributeValuesOp

Parameters:

objectClass - the type of object to modify. Will never be null.

uid - the uid of the object to modify. Will never be null.

valuesToAdd - set of Attribute deltas. The values for the attributes in this set represent the values to add to attributes in the object. merged. This set will never include operational attributes. Will never be null.

options - additional options that impact the way this operation is run. Will never be null.

Returns:

the Uid of the updated object in case the update changes the formation of the unique identifier.

removeAttributeValues

public Uid removeAttributeValues(ObjectClass objectClass,
                                 Uid uid,
                                 Set<Attribute> valuesToRemove,
                                 OperationOptions options)

Description copied from interface: UpdateAttributeValuesOp

Update the object specified by the ObjectClass and Uid, removing from the current values of each attribute the values provided.

For each attribute that the input set contains, remove from the current values of that attribute in the target object any value that matches one of the values of the attribute from the input set.

NOTE that this does not specify how to handle unmatched values. The general assumption for an attribute of a ConnectorObject is that the values for an attribute are merely representational state. Therefore, the implementer should simply ignore any provided value that does not match a current value of that attribute in the target object. Deleting an unmatched value should always succeed.

Specified by:

removeAttributeValues in interface UpdateAttributeValuesOp

Parameters:

objectClass - the type of object to modify. Will never be null.

uid - the uid of the object to modify. Will never be null.

valuesToRemove - set of Attribute deltas. The values for the attributes in this set represent the values to remove from attributes in the object. merged. This set will never include operational attributes. Will never be null.

options - additional options that impact the way this operation is run. Will never be null..

Returns:

the Uid of the updated object in case the update changes the formation of the unique identifier.

getLatestSyncToken

public SyncToken getLatestSyncToken(ObjectClass objectClass)

Description copied from interface: SyncOp

Returns the token corresponding to the most recent synchronization event.

An application that wants to receive synchronization events "starting now" --i.e., wants to receive only native changes that occur after this method is called-- should call this method and then pass the resulting token into the sync() method.

Specified by:

getLatestSyncToken in interface SyncOp

Parameters:

objectClass - the class of object for which to find the most recent synchronization event (if any). Must not be null.

Returns:

A token if synchronization events exist; otherwise null.

sync

public void sync(ObjectClass objectClass,
                 SyncToken token,
                 SyncResultsHandler handler,
                 OperationOptions options)

Description copied from interface: SyncOp

Request synchronization events--i.e., native changes to target objects.

This method will call the specified handler once to pass back each matching synchronization event. Once this method returns, this method will no longer invoke the specified handler.

Each synchronization event contains a token that can be used to resume reading events starting from that point in the event stream. In typical usage, a client will save the token from the final synchronization event that was received from one invocation of this sync() method and then pass that token into that client's next call to this sync() method. This allows a client to "pick up where he left off" in receiving synchronization events. However, a client can pass the token from any synchronization event into a subsequent invocation of this sync() method. This will return synchronization events (that represent native changes that occurred) immediately subsequent to the event from which the client obtained the token.

A client that wants to read synchronization events "starting now" can call SyncOp.getLatestSyncToken(org.identityconnectors.framework.common.objects.ObjectClass) and then pass that token into this sync() method.

Specified by:

sync in interface SyncOp

Parameters:

objectClass - The class of object for which to return synchronization events. Must not be null.

token - The token representing the last token from the previous sync. The SyncResultsHandler will return any number of SyncDelta objects, each of which contains a token. Should be null if this is the client's first call to the sync() method for this connector.

handler - The result handler. Must not be null.

options - Options that affect the way this operation is run. If the caller passes null, the framework will convert this into an empty set of options, so an implementation need not guard against this being null.