Newer
Older
logger.debug("setPassword Exception: " + e);
LdapDAO.checkLdapResult(e.getResultCode());
}
Alinga Yeung
committed
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
/**
* Update a user's password. The given user and authenticating user must match.
*
* @param userID
* @param oldPassword current password.
* @param newPassword new password.
* @throws UserNotFoundException If the given user does not exist.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public void setPassword(HttpPrincipal userID, String oldPassword, String newPassword)
throws UserNotFoundException, TransientException, AccessControlException
{
updatePassword(userID, oldPassword, newPassword);
}
/**
* Reset a user's password. The given user and authenticating user must match.
*
* @param userID
* @param newPassword new password.
* @throws UserNotFoundException If the given user does not exist.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public void resetPassword(HttpPrincipal userID, String newPassword)
throws UserNotFoundException, TransientException, AccessControlException
{
Alinga Yeung
committed
updatePassword(userID, null, newPassword);
Alinga Yeung
committed
}
Jeff Burke
committed
* Delete the user specified by userID from the active user tree.
*
* @param userID The userID.
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public void deleteUser(final T userID)
throws UserNotFoundException, TransientException,
AccessControlException
deleteUser(userID, config.getUsersDN(), true);
Jeff Burke
committed
}
/**
* Delete the user specified by userID from the pending user tree.
*
* @param userID The userID.
* @throws UserNotFoundException when the user is not found.
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public void deletePendingUser(final T userID)
throws UserNotFoundException, TransientException,
AccessControlException
{
deleteUser(userID, config.getUserRequestsDN(), false);
Jeff Burke
committed
}
private void deleteUser(final T userID, final String usersDN, boolean markDelete)
Jeff Burke
committed
throws UserNotFoundException, AccessControlException, TransientException
{
getUser(userID, usersDN);
try
{
DN userDN = getUserDN(userID.getName(), usersDN);
if (markDelete)
{
List<Modification> modifs = new ArrayList<Modification>();
modifs.add(new Modification(ModificationType.ADD, LDAP_NSACCOUNTLOCK, "true"));
Jeff Burke
committed
ModifyRequest modifyRequest = new ModifyRequest(userDN, modifs);
//modifyRequest.addControl(
// new ProxiedAuthorizationV2RequestControl(
// "dn:" + getSubjectDN().toNormalizedString()));
LDAPResult result = getReadWriteConnection().modify(modifyRequest);
LdapDAO.checkLdapResult(result.getResultCode());
}
else // real delete
{
DeleteRequest delRequest = new DeleteRequest(userDN);
//delRequest.addControl(
// new ProxiedAuthorizationV2RequestControl(
// "dn:" + getSubjectDN().toNormalizedString()));
LDAPResult result = getReadWriteConnection().delete(delRequest);
LdapDAO.checkLdapResult(result.getResultCode());
}
Jeff Burke
committed
}
catch (LDAPException e1)
{
logger.debug("Delete Exception: " + e1, e1);
LdapDAO.checkLdapResult(e1.getResultCode());
}
// getUser does not yet support nsaccountlock
if (!markDelete)
Jeff Burke
committed
{
try
{
getUser(userID, usersDN);
throw new RuntimeException(
"BUG: " + userID.getName() + " not deleted in " + usersDN);
}
catch (UserNotFoundException ignore) {}
Jeff Burke
committed
}
* Returns a member user identified by the X500Principal only. The
* returned object has the fields required by the LdapGroupDAO.
* Note that this method binds as a proxy user and not as the
* @param userDN
* @return
* @throws UserNotFoundException
* @throws LDAPException
*/
User<X500Principal> getX500User(DN userDN)
throws UserNotFoundException, LDAPException, TransientException
Filter.createEqualityFilter(LDAP_ENTRYDN,
Jeff Burke
committed
userDN.toNormalizedString());
Jeff Burke
committed
new SearchRequest(config.getUsersDN(), SearchScope.ONE,
filter, firstLastAttribs);
getReadOnlyConnection().searchForEntry(searchRequest);
Jeff Burke
committed
String msg = "User not found " + userDN;
logger.debug(msg);
throw new UserNotFoundException(msg);
}
User<X500Principal> user = new User<X500Principal>(
new X500Principal(searchResult.getAttributeValue(
String princ = searchResult.getAttributeValue(
if (princ != null)
{
user.getIdentities().add(new HttpPrincipal(princ));
}
String fname = searchResult.getAttributeValue(LDAP_FIRST_NAME);
String lname = searchResult.getAttributeValue(LDAP_LAST_NAME);
user.details.add(new PersonalDetails(fname, lname));
DN getUserDN(User<? extends Principal> user)
throws UserNotFoundException, TransientException
Jeff Burke
committed
String searchField = userLdapAttrib.get(user.getUserID().getClass());
Jeff Burke
committed
"Unsupported principal type " + user.getUserID().getClass());
// change the DN to be in the 'java' format
Jeff Burke
committed
Filter filter;
if (user.getUserID() instanceof X500Principal)
{
X500Principal orderedPrincipal = AuthenticationUtil.getOrderedForm(
Jeff Burke
committed
(X500Principal) user.getUserID());
filter = Filter.createEqualityFilter(searchField, orderedPrincipal.toString());
Jeff Burke
committed
filter = Filter.createEqualityFilter(searchField, user.getUserID().getName());
Jeff Burke
committed
logger.debug("search filter: " + filter);
SearchResultEntry searchResult = null;
try
{
Jeff Burke
committed
SearchRequest searchRequest = new SearchRequest(
config.getUsersDN(), SearchScope.ONE, filter, LDAP_ENTRYDN);
searchResult = getReadOnlyConnection().searchForEntry(searchRequest);
LdapDAO.checkLdapResult(e.getResultCode());
String msg = "User not found " + user.getUserID().getName();
logger.debug(msg);
throw new UserNotFoundException(msg);
}
return searchResult.getAttributeValueAsDN(LDAP_ENTRYDN);
}
Jeff Burke
committed
protected DN getUserDN(final String userID, final String usersDN)
throws LDAPException, TransientException
Jeff Burke
committed
return new DN(LDAP_UID + "=" + userID + "," + usersDN);
}
catch (LDAPException e)
{
logger.debug("getUserDN Exception: " + e, e);
LdapDAO.checkLdapResult(e.getResultCode());
}
throw new IllegalArgumentException(userID + " not a valid user ID");
}
private void addAttribute(List<Attribute> attributes, final String name, final String value)
{
if (value != null && !value.isEmpty())
{
attributes.add(new Attribute(name, value));
}
private void addModification(List<Modification> mods, final String name, final String value)
{
if (value != null && !value.isEmpty())
{
mods.add(new Modification(ModificationType.REPLACE, name, value));
}
else
{
mods.add(new Modification(ModificationType.REPLACE, name));
}
}
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
/**
* Checks the Ldap result code, and if the result is not SUCCESS,
* throws an appropriate exception. This is the place to decide on
* mapping between ldap errors and exception types
*
* @param code The code returned from an LDAP request.
* @throws TransientException
* @throws UserAlreadyExistsException
*/
protected static void checkUserLDAPResult(final ResultCode code)
throws TransientException, UserAlreadyExistsException
{
if (code == ResultCode.ENTRY_ALREADY_EXISTS)
{
throw new UserAlreadyExistsException("User already exists.");
}
else
{
LdapDAO.checkLdapResult(code);
}
}
* Method to return a randomly generated user numeric ID. The default
* implementation returns a value between 10000 and Integer.MAX_VALUE.
* Services that support a different mechanism for generating numeric
* IDs override this method.
* @return
*/
protected int genNextNumericId()
{
Random rand = new Random();
return rand.nextInt(Integer.MAX_VALUE - 10000) + 10000;
}