1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
package com.c2kernel.lookup;
import java.util.ArrayList;
import java.util.Enumeration;
import com.c2kernel.common.ObjectAlreadyExistsException;
import com.c2kernel.common.ObjectCannotBeUpdated;
import com.c2kernel.common.ObjectNotFoundException;
import com.c2kernel.utils.Logger;
import com.novell.ldap.*;
/**************************************************************************
*
* $Revision: 1.1 $
* $Date: 2005/04/26 06:48:12 $
*
* Copyright (C) 2003 CERN - European Organization for Nuclear Research
* All rights reserved.
**************************************************************************/
// public static final String codeRevision = "$Revision: 1.1 $ $Date: 2005/04/26 06:48:12 $ $Author: abranson $";
public class LDAPRoleManager {
/**
*
*/
LDAPLookup mLdap;
private String mRolePath;
private String mEntityPath;
public LDAPRoleManager(LDAPLookup ldap, String rolePath, String entityPath) {
super();
this.mLdap = ldap;
this.mRolePath = rolePath;
this.mEntityPath = entityPath;
}
//NOTE: A role must have at LEAST 1 userDN, cannot be empty...
//Creates a cristalRole
//CristalRole is-a specialized CristalContext which contains multi-valued uniqueMember attribute pointing to cristalagents
public RolePath createRole(String roleName, boolean jobList)
throws ObjectAlreadyExistsException, ObjectCannotBeUpdated
{
// create the role
RolePath rolePath = new RolePath(roleName, jobList);
String roleDN = rolePath.getFullDN();
LDAPEntry roleNode;
try
{
roleNode = LDAPLookupUtils.getEntry(mLdap.getConnection(), rolePath.getFullDN());
throw new ObjectAlreadyExistsException();
} catch (ObjectNotFoundException ex) { }
//create CristalRole if it does not exist
roleNode = new LDAPEntry(roleDN, rolePath.createAttributeSet());
try {
LDAPLookupUtils.addEntry(mLdap.getConnection(),roleNode);
} catch (LDAPException e) {
throw new ObjectCannotBeUpdated(e.getLDAPErrorMessage(), "");
}
return rolePath;
}
public void deleteRole(RolePath role) throws ObjectNotFoundException, ObjectCannotBeUpdated {
try {
LDAPLookupUtils.delete(mLdap.getConnection(), role.getFullDN());
} catch (LDAPException ex) {
throw new ObjectCannotBeUpdated("Could not remove role");
}
}
protected void addRole(AgentPath agent, RolePath role)
throws ObjectCannotBeUpdated, ObjectNotFoundException
{
LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
//add memberDN to uniqueMember if it is not yet a member
if (!LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
LDAPLookupUtils.addAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
else
throw new ObjectCannotBeUpdated("Agent " + agent.getAgentName() + " already has role " + role.getName());
}
protected void removeRole(AgentPath agent, RolePath role)
throws ObjectCannotBeUpdated, ObjectNotFoundException
{
LDAPEntry roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
if (LDAPLookupUtils.existsAttributeValue(roleEntry, "uniqueMember", agent.getFullDN()))
LDAPLookupUtils.removeAttributeValue(mLdap.getConnection(), roleEntry, "uniqueMember", agent.getFullDN());
else
throw new ObjectCannotBeUpdated("Agent did not have that role");
}
protected boolean hasRole(AgentPath agent, RolePath role) {
String filter = "(&(objectclass=cristalrole)(uniqueMember="+agent.getFullDN()+")(cn="+role.getName()+"))";
LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
searchCons.setBatchSize(0);
searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
Enumeration roles = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
return roles.hasMoreElements();
}
protected AgentPath[] getAgents(RolePath role)
throws ObjectNotFoundException
{
//get the roleDN entry, and its uniqueMember entry pointing to
LDAPEntry roleEntry;
try {
roleEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), role.getFullDN());
} catch (ObjectNotFoundException e) {
throw new ObjectNotFoundException("Role does not exist", "");
}
String[] res = LDAPLookupUtils.getAllAttributeValues(roleEntry,"uniqueMember");
ArrayList agents = new ArrayList();
for (int i=0; i<res.length; i++)
{
String userDN = res[i];
try {
LDAPEntry userEntry = LDAPLookupUtils.getEntry(mLdap.getConnection(), userDN);
AgentPath path = (AgentPath)mLdap.nodeToPath(userEntry);
agents.add(path);
} catch (ObjectNotFoundException ex) {
Logger.error("Agent "+res[i]+" does not exist");
} catch (InvalidEntityPathException ex) {
Logger.error("Agent "+res[i]+" is not a valid entity");
}
}
AgentPath[] usersList = new AgentPath[0];
usersList = (AgentPath[])agents.toArray(usersList);
return usersList;
}
//returns the role/s of a user
protected RolePath[] getRoles(AgentPath agentPath)
{
//search the mDomainPath tree uniqueMember=userDN
//filter = objectclass=cristalrole AND uniqueMember=userDN
String filter = "(&(objectclass=cristalrole)(uniqueMember="+agentPath.getFullDN()+"))";
LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
searchCons.setBatchSize(0);
searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
Enumeration roles = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
ArrayList roleList = new ArrayList();
while(roles.hasMoreElements())
{
RolePath path = (RolePath) roles.nextElement();
roleList.add(path);
}
RolePath[] roleArr = new RolePath[roleList.size()];
roleArr = (RolePath[])roleList.toArray(roleArr);
return roleArr;
}
/**
* Utility for looking up a login name
*
* @param ld
* @param agentName
* @param baseDN
* @return
* @throws ObjectNotFoundException
*/
public AgentPath getAgentPath(String agentName) throws ObjectNotFoundException
{
//search to get the userDN equivalent of the userID
LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
searchCons.setBatchSize(0);
searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
String filter = "(&(objectclass=cristalagent)(uid="+agentName+"))";
Enumeration res = mLdap.search(mEntityPath,LDAPConnection.SCOPE_SUB,filter,searchCons);
if (!res.hasMoreElements())
throw new ObjectNotFoundException("Agent not found");
Path result = (Path)res.nextElement();
if (result instanceof AgentPath)
return (AgentPath)result;
else
throw new ObjectNotFoundException("Entry was not an Agent");
}
public RolePath getRolePath(String roleName) throws ObjectNotFoundException
{
LDAPSearchConstraints searchCons = new LDAPSearchConstraints();
searchCons.setBatchSize(0);
searchCons.setDereference(LDAPSearchConstraints.DEREF_NEVER );
String filter = "(&(objectclass=cristalrole)(cn="+roleName+"))";
Enumeration res = mLdap.search(mRolePath,LDAPConnection.SCOPE_SUB,filter,searchCons);
if (!res.hasMoreElements())
throw new ObjectNotFoundException("Role not found");
Path result = (Path)res.nextElement();
if (result instanceof RolePath)
return (RolePath)result;
else
throw new ObjectNotFoundException("Entry was not a Role");
}
}
|
