1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
package com.c2kernel.lookup.ldap;
import java.util.ArrayList;
import java.util.Enumeration;
import com.c2kernel.common.ObjectAlreadyExistsException;
import com.c2kernel.common.ObjectCannotBeUpdated;
import com.c2kernel.common.ObjectNotFoundException;
import com.c2kernel.lookup.AgentPath;
import com.c2kernel.lookup.InvalidEntityPathException;
import com.c2kernel.lookup.Path;
import com.c2kernel.lookup.RoleManager;
import com.c2kernel.lookup.RolePath;
import com.c2kernel.utils.Logger;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPSearchConstraints;
/**************************************************************************
*
* $Revision: 1.1 $
* $Date: 2005/04/26 06:48:12 $
*
* Copyright (C) 2003 CERN - European Organization for Nuclear Research
* All rights reserved.
**************************************************************************/
// public static final String codeRevision = "$Revision: 1.1 $ $Date: 2005/04/26 06:48:12 $ $Author: abranson $";
public class LDAPRoleManager implements RoleManager {
/**
*
*/
LDAPLookup mLdap;
private final String mRolePath;
private final String mEntityPath;
public LDAPRoleManager(LDAPLookup ldap, String rolePath, String entityPath) {
super();
this.mLdap = ldap;
this.mRolePath = rolePath;
this.mEntityPath = entityPath;
}
//NOTE: A role must have at LEAST 1 userDN, cannot be empty...
//Creates a cristalRole
//CristalRole is-a specialized CristalContext which contains multi-valued uniqueMember attribute pointing to cristalagents
@Override
public RolePath createRole(String roleName, boolean jobList)
throws ObjectAlreadyExistsException, ObjectCannotBeUpdated
{
// create the role
RolePath rolePath = new RolePath(roleName, jobList);
String roleDN = rolePath.getFullDN();
LDAPEntry roleNode;
try
{
roleNode = LDAPLookupUtils.getEntry(mLdap.getConnection(), rolePath.getFullDN());
throw new ObjectAlreadyExistsException();
} catch (ObjectNotFoundException ex) { }
//create CristalRole if it does not exist
roleNode = new LDAPEntry(roleDN, rolePath.createAttributeSet());
try {
LDAPLookupUtils.addEntry(mLdap.getConnection(),roleNode);
} catch (LDAPException e) {
throw new ObjectCannotBeUpdated(e.getLDAPErrorMessage(), "");
}
return rolePath;
}
public void deleteRole(RolePath role) throws ObjectNotFoundException, ObjectCannotBeUpdated {
try {
LDAPLookupUtils.delete(mLdap.getConnection(), role.getFullDN());
} catch (LDAPException ex) {
throw new ObjectCannotBeUpdated("Could not remove role");
}
}
@Override
public void addRole(AgentPath agent, RolePath role)
throws ObjectCannotBeUpdated, ObjectNotFoundException
{
LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
//add memberDN to uniqueMember if it is not yet a member
if (!LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
LDAPLookupUtils.addAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
else
throw new ObjectCannotBeUpdated("Agent " + agent.getAgentName() + " already has role " + role.getName());
}
public void removeRole(AgentPath agent, RolePath role)
throws ObjectCannotBeUpdated, ObjectNotFoundException
{
LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
if (LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
LDAPLookupUtils.removeAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
else
throw new ObjectCannotBeUpdated("Agent did not have that role");
}
public boolean hasRole(AgentPath agent, RolePath role) {
String filter = "(&(objectclass=cristalrole)(uniqueMember="+agent.getFullDN()+")(cn="+role.getName()+"))";
LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
searchCons.setBatchSize(0);
searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
return mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons).hasMoreElements();
}
@Override
public AgentPath[] getAgents(RolePath role)
throws ObjectNotFoundException
{
//get the roleDN entry, and its uniqueMember entry pointing to
LDAPEntry roleEntry;
try {
roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
} catch (ObjectNotFoundException e) {
throw new ObjectNotFoundException("Role does not exist", "");
}
String[] res = LDAPLookupUtils.getAllAttributeValues(roleEntry,"uniqueMember");
ArrayList<AgentPath> agents = new ArrayList<AgentPath>();
for (String userDN : res) {
try {
LDAPEntry userEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), userDN);
AgentPath path = (AgentPath)mLdap.nodeToPath(userEntry);
agents.add(path);
} catch (ObjectNotFoundException ex) {
Logger.error("Agent "+userDN+" does not exist");
} catch (InvalidEntityPathException ex) {
Logger.error("Agent "+userDN+" is not a valid entity");
}
}
AgentPath[] usersList = new AgentPath[0];
usersList = agents.toArray(usersList);
return usersList;
}
//returns the role/s of a user
@Override
public RolePath[] getRoles(AgentPath agentPath)
{
//search the mDomainPath tree uniqueMember=userDN
//filter = objectclass=cristalrole AND uniqueMember=userDN
String filter = "(&(objectclass=cristalrole)(uniqueMember="+agentPath.getFullDN()+"))";
LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
searchCons.setBatchSize(0);
searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
Enumeration<?> roles = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
ArrayList<RolePath> roleList = new ArrayList<RolePath>();
while(roles.hasMoreElements())
{
RolePath path = (RolePath) roles.nextElement();
roleList.add(path);
}
RolePath[] roleArr = new RolePath[roleList.size()];
roleArr = roleList.toArray(roleArr);
return roleArr;
}
/**
* Utility for looking up a login name
*
* @param ld
* @param agentName
* @param baseDN
* @return
* @throws ObjectNotFoundException
*/
@Override
public AgentPath getAgentPath(String agentName) throws ObjectNotFoundException
{
//search to get the userDN equivalent of the userID
LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
searchCons.setBatchSize(0);
searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
String filter = "(&(objectclass=cristalagent)(uid="+agentName+"))";
Enumeration<Path> res = mLdap.search(mEntityPath,LDAPConnection.SCOPE_SUB,filter,searchCons);
if (!res.hasMoreElements())
throw new ObjectNotFoundException("Agent not found");
Path result = res.nextElement();
if (result instanceof AgentPath)
return (AgentPath)result;
else
throw new ObjectNotFoundException("Entry was not an Agent");
}
@Override
public RolePath getRolePath(String roleName) throws ObjectNotFoundException
{
LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
searchCons.setBatchSize(0);
searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
String filter = "(&(objectclass=cristalrole)(cn="+roleName+"))";
Enumeration<Path> res = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
if (!res.hasMoreElements())
throw new ObjectNotFoundException("Role not found");
Path result = res.nextElement();
if (result instanceof RolePath)
return (RolePath)result;
else
throw new ObjectNotFoundException("Entry was not a Role");
}
}
|
