Newer
Older
Patrick Dowler
committed
//BindRequest bindRequest = new SimpleBindRequest(
// getUserDN(username, config.getUsersDN()), oldPassword);
//LDAPConnection conn = this.getUnboundReadConnection();
//conn.bind(bindRequest);
Patrick Dowler
committed
LDAPConnection conn = this.getReadWriteConnection();
Alinga Yeung
committed
PasswordModifyExtendedRequest passwordModifyRequest;
Alinga Yeung
committed
if (oldPassword == null)
Alinga Yeung
committed
{
passwordModifyRequest =
new PasswordModifyExtendedRequest(userDN.toNormalizedString(),
null, new String(newPassword));
Alinga Yeung
committed
}
else
{
passwordModifyRequest =
new PasswordModifyExtendedRequest(userDN.toNormalizedString(),
new String(oldPassword), new String(newPassword));
Alinga Yeung
committed
}
PasswordModifyExtendedResult passwordModifyResult = (PasswordModifyExtendedResult)
conn.processExtendedOperation(passwordModifyRequest);
LdapDAO.checkLdapResult(passwordModifyResult.getResultCode());
logger.debug("updatedPassword for " + userID.getName());
}
catch (LDAPException e)
{
logger.debug("setPassword Exception: " + e);
LdapDAO.checkLdapResult(e.getResultCode());
}
Alinga Yeung
committed
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
/**
* Update a user's password. The given user and authenticating user must match.
*
* @param userID
* @param oldPassword current password.
* @param newPassword new password.
* @throws UserNotFoundException If the given user does not exist.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public void setPassword(HttpPrincipal userID, String oldPassword, String newPassword)
throws UserNotFoundException, TransientException, AccessControlException
{
updatePassword(userID, oldPassword, newPassword);
}
/**
* Reset a user's password. The given user and authenticating user must match.
*
* @param userID
* @param newPassword new password.
* @throws UserNotFoundException If the given user does not exist.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public void resetPassword(HttpPrincipal userID, String newPassword)
throws UserNotFoundException, TransientException, AccessControlException
{
Alinga Yeung
committed
updatePassword(userID, null, newPassword);
Alinga Yeung
committed
}
Jeff Burke
committed
* Delete the user specified by userID from the active user tree.
*
* @param userID The userID.
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public void deleteUser(final Principal userID, boolean markDelete)
throws UserNotFoundException, TransientException,
AccessControlException
deleteUser(userID, config.getUsersDN(), markDelete);
Jeff Burke
committed
}
/**
* Delete the user specified by userID from the pending user tree.
*
* @param userID The userID.
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public void deleteUserRequest(final Principal userID)
Jeff Burke
committed
throws UserNotFoundException, TransientException,
AccessControlException
{
deleteUser(userID, config.getUserRequestsDN(), false);
Jeff Burke
committed
}
private void deleteUser(final Principal userID, final String usersDN, boolean markDelete)
Jeff Burke
committed
throws UserNotFoundException, AccessControlException, TransientException
{
User user2Delete = getUser(userID, usersDN);
Jeff Burke
committed
try
{
long uuid = uuid2long(user2Delete.getID().getUUID());
DN userDN = getUserDN(uuid, usersDN);
if (markDelete)
{
List<Modification> modifs = new ArrayList<Modification>();
modifs.add(new Modification(ModificationType.ADD, LDAP_NSACCOUNTLOCK, "true"));
Jeff Burke
committed
ModifyRequest modifyRequest = new ModifyRequest(userDN, modifs);
LDAPResult result = getReadWriteConnection().modify(modifyRequest);
LdapDAO.checkLdapResult(result.getResultCode());
}
else // real delete
{
DeleteRequest delRequest = new DeleteRequest(userDN);
LDAPResult result = getReadWriteConnection().delete(delRequest);
logger.info("delete result:" + delRequest);
LdapDAO.checkLdapResult(result.getResultCode());
}
logger.debug("deleted " + userID.getName() + " from " + usersDN);
Jeff Burke
committed
}
catch (LDAPException e1)
{
logger.debug("Delete Exception: " + e1, e1);
LdapDAO.checkLdapResult(e1.getResultCode());
}
// getUser does not yet support nsaccountlock
if (!markDelete)
Jeff Burke
committed
{
try
{
getUser(userID, usersDN);
throw new RuntimeException(
"BUG: " + userID.getName() + " not deleted in " + usersDN);
}
catch (UserNotFoundException ignore) {}
Jeff Burke
committed
}
private Principal getPreferredPrincipal(User user)
{
Principal ret = null;
Principal next = null;
Iterator<Principal> i = user.getIdentities().iterator();
while (i.hasNext())
{
next = i.next();
if (next instanceof NumericPrincipal)
{
return next;
}
ret = next;
}
return ret;
}
throws UserNotFoundException, TransientException, LDAPException
Principal p = getPreferredPrincipal(user);
if (p == null)
{
throw new UserNotFoundException("No identities");
}
// DN can be formulated if it is the numeric id
if (p instanceof NumericPrincipal)
return this.getUserDN(uuid2long(UUID.fromString(p.getName())), config.getUsersDN());
// Otherwise we need to search for the numeric id
String searchField = userLdapAttrib.get(p.getClass());
"Unsupported principal type " + p.getClass());
// change the DN to be in the 'java' format
// if (userID instanceof X500Principal)
// {
// X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm(
// (X500Principal) userID);
// filter = Filter.createEqualityFilter(searchField, orderedPrincipal.toString());
// }
Filter filter = Filter.createEqualityFilter(searchField, p.getName());
Jeff Burke
committed
logger.debug("search filter: " + filter);
SearchResultEntry searchResult = null;
try
{
Jeff Burke
committed
SearchRequest searchRequest = new SearchRequest(
config.getUsersDN(), SearchScope.ONE, filter, LDAP_ENTRYDN);
searchResult = getReadOnlyConnection().searchForEntry(searchRequest);
logger.debug("getUserDN: got " + p.getName() + " from " + config.getUsersDN());
LdapDAO.checkLdapResult(e.getResultCode());
String msg = "User not found " + p.getName() + " in " + config.getUsersDN();
logger.debug(msg);
throw new UserNotFoundException(msg);
}
return searchResult.getAttributeValueAsDN(LDAP_ENTRYDN);
}
protected DN getUserDN(long numericID, String usersDN)
throws LDAPException, TransientException
return new DN(LDAP_UID + "=" + numericID + "," + usersDN);
private void addAttribute(List<Attribute> attributes, final String name, final String value)
{
if (value != null && !value.isEmpty())
{
attributes.add(new Attribute(name, value));
}
private void addModification(List<Modification> mods, final String name, final String value)
{
if (value != null && !value.isEmpty())
{
mods.add(new Modification(ModificationType.REPLACE, name, value));
}
else
{
mods.add(new Modification(ModificationType.REPLACE, name));
}
}
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
/**
* Checks the Ldap result code, and if the result is not SUCCESS,
* throws an appropriate exception. This is the place to decide on
* mapping between ldap errors and exception types
*
* @param code The code returned from an LDAP request.
* @throws TransientException
* @throws UserAlreadyExistsException
*/
protected static void checkUserLDAPResult(final ResultCode code)
throws TransientException, UserAlreadyExistsException
{
if (code == ResultCode.ENTRY_ALREADY_EXISTS)
{
throw new UserAlreadyExistsException("User already exists.");
}
else
{
LdapDAO.checkLdapResult(code);
}
}
* Method to return a randomly generated user numeric ID. The default
* implementation returns a value between 10000 and Integer.MAX_VALUE.
* Services that support a different mechanism for generating numeric
* IDs override this method.
* @return
*/
protected int genNextNumericId()
{
Random rand = new Random();
return rand.nextInt(Integer.MAX_VALUE - 10000) + 10000;
}
protected long uuid2long(UUID uuid)
return uuid.getLeastSignificantBits();
protected InternalID getInternalID(String numericID)
{
UUID uuid = new UUID(0L, Long.parseLong(numericID));
LocalAuthority localAuthority = new LocalAuthority();
Alinga Yeung
committed
URI umsServiceURI = localAuthority.getServiceURI(Standards.UMS_REQS_01.toString());
String uriString = umsServiceURI.toString() + "?" + uuid.toString();
}
catch (URISyntaxException e)
{
throw new RuntimeException("Invalid InternalID URI " + uriString);
}
return new InternalID(uri);
}