Package com.netscape.cmscore.usrgrp
Class UGSubsystem
- java.lang.Object
-
- com.netscape.cmscore.usrgrp.UGSubsystem
-
public class UGSubsystem extends java.lang.Object
This class defines low-level LDAP usr/grp management usr/grp information is located remotely on another LDAP server.- Version:
- $Revision$, $Date$
- Author:
- thomask, cfu
-
-
Field Summary
Fields Modifier and Type Field Description protected static java.lang.String
GROUP_ATTR_VALUE
protected static java.lang.String
LDAP_ATTR_CERTDN
protected static java.lang.String
LDAP_ATTR_PROFILE_ID
protected static java.lang.String
LDAP_ATTR_USER_CERT
protected static java.lang.String
LDAP_ATTR_USER_CERT_STRING
static org.slf4j.Logger
logger
protected java.lang.String
mBaseDN
protected static java.lang.String
MEMBER_ATTR
protected LdapBoundConnFactory
mLdapConnFactory
protected static java.lang.String
OBJECTCLASS_ATTR
static java.lang.String
SUPER_CERT_ADMINS
-
Constructor Summary
Constructors Constructor Description UGSubsystem()
Constructs LDAP based usr/grp management
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addGroup(Group group)
Adds a group of identities.void
addSeeAlso(java.lang.String userID, java.lang.String value)
void
addUser(User user)
Adds identity.void
addUserCert(java.lang.String userID, java.security.cert.X509Certificate cert)
adds a user certificate to uservoid
addUserToGroup(Group grp, java.lang.String userid)
protected Group
buildGroup(netscape.ldap.LDAPEntry entry)
builds an instance of a Group entryprotected java.util.Enumeration<Group>
buildGroups(netscape.ldap.LDAPSearchResults res)
protected User
buildUser(netscape.ldap.LDAPEntry entry)
builds a User instance.protected java.util.Enumeration<User>
buildUsers(netscape.ldap.LDAPSearchResults res)
protected java.lang.String
convertUIDtoDN(java.lang.String uid)
Converts an uid attribute to a DN.Group
createGroup(java.lang.String id)
User
createUser(java.lang.String id)
boolean
evaluate(java.lang.String type, User id, java.lang.String op, java.lang.String value)
Evalutes the given context with the attribute critieria.Group
findGroup(java.lang.String filter)
java.util.Enumeration<Group>
findGroups(java.lang.String filter)
Finds groups.java.util.Enumeration<Group>
findGroupsByUser(java.lang.String userDn, java.lang.String filter)
User
findUser(java.security.cert.X509Certificate cert)
Locates a user by certificate.java.util.Enumeration<User>
findUsers(java.lang.String filter)
User
findUsersByCert(java.lang.String filter)
Searchs for identities that matches the certificate locater generated filter.java.util.Enumeration<User>
findUsersByKeyword(java.lang.String keyword)
Searchs for identities that matches the filter.java.lang.String
getCertificateString(java.security.cert.X509Certificate cert)
protected java.lang.String
getCertificateStringWithoutVersion(java.security.cert.X509Certificate cert)
Converts certificate into string format.protected netscape.ldap.LDAPConnection
getConn()
Group
getGroup(java.lang.String groupDN)
Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.Group
getGroupFromName(java.lang.String name)
Retrieves a group from LDAP NOTE - this takes just the group name.User
getUser(java.lang.String userID)
Retrieves a user from LDAPjava.lang.String
getUserDN(java.lang.String userID)
void
init(PKISocketConfig socketConfig, UGSubsystemConfig config, IPasswordStore passwordStore)
boolean
isGroupPresent(java.lang.String name)
Checks if the given group existsprotected boolean
isMatched(java.lang.String dn1, java.lang.String dn2)
Checks if the given DNs are the same after normalization.boolean
isMemberOf(User id, java.lang.String name)
Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)boolean
isMemberOf(java.lang.String userid, java.lang.String groupname)
protected boolean
isMemberOfLdapGroup(java.lang.String userid, java.lang.String groupname)
checks if the given user DN is in the specified group by running an ldap search for the user in the groupprotected User
lbuildUser(netscape.ldap.LDAPEntry entry)
builds a User instance.protected java.util.Enumeration<User>
lbuildUsers(netscape.ldap.LDAPSearchResults res)
java.util.Enumeration<Group>
listGroups(java.lang.String filter)
List groups.java.util.Enumeration<User>
listUsers(java.lang.String filter)
Searchs for identities that matches the filter.void
modifyGroup(Group group)
Modifies an existing group in the database.void
modifyUser(User identity)
modifies user attributes.void
removeGroup(java.lang.String name)
Removes a group.void
removeSeeAlso(java.lang.String userID, java.lang.String value)
void
removeUser(java.lang.String userid)
Removes identity.void
removeUserCert(User identity)
Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removedvoid
removeUserFromGroup(Group grp, java.lang.String userid)
protected void
returnConn(netscape.ldap.LDAPConnection conn)
void
shutdown()
Disconnects usr/grp manager from the LDAP
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
SUPER_CERT_ADMINS
public static final java.lang.String SUPER_CERT_ADMINS
- See Also:
- Constant Field Values
-
OBJECTCLASS_ATTR
protected static final java.lang.String OBJECTCLASS_ATTR
- See Also:
- Constant Field Values
-
MEMBER_ATTR
protected static final java.lang.String MEMBER_ATTR
- See Also:
- Constant Field Values
-
GROUP_ATTR_VALUE
protected static final java.lang.String GROUP_ATTR_VALUE
- See Also:
- Constant Field Values
-
LDAP_ATTR_USER_CERT_STRING
protected static final java.lang.String LDAP_ATTR_USER_CERT_STRING
- See Also:
- Constant Field Values
-
LDAP_ATTR_CERTDN
protected static final java.lang.String LDAP_ATTR_CERTDN
- See Also:
- Constant Field Values
-
LDAP_ATTR_USER_CERT
protected static final java.lang.String LDAP_ATTR_USER_CERT
- See Also:
- Constant Field Values
-
LDAP_ATTR_PROFILE_ID
protected static final java.lang.String LDAP_ATTR_PROFILE_ID
- See Also:
- Constant Field Values
-
mLdapConnFactory
protected transient LdapBoundConnFactory mLdapConnFactory
-
mBaseDN
protected java.lang.String mBaseDN
-
-
Method Detail
-
init
public void init(PKISocketConfig socketConfig, UGSubsystemConfig config, IPasswordStore passwordStore) throws java.lang.Exception
- Throws:
java.lang.Exception
-
shutdown
public void shutdown()
Disconnects usr/grp manager from the LDAP
-
createUser
public User createUser(java.lang.String id)
-
createGroup
public Group createGroup(java.lang.String id)
-
getUser
public User getUser(java.lang.String userID) throws EUsrGrpException
Retrieves a user from LDAP- Throws:
EUsrGrpException
-
findUser
public User findUser(java.security.cert.X509Certificate cert) throws EUsrGrpException
Locates a user by certificate.- Throws:
EUsrGrpException
-
findUsersByCert
public User findUsersByCert(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the certificate locater generated filter.- Throws:
EUsrGrpException
-
findUsersByKeyword
public java.util.Enumeration<User> findUsersByKeyword(java.lang.String keyword) throws EUsrGrpException
Searchs for identities that matches the filter.- Throws:
EUsrGrpException
-
findUsers
public java.util.Enumeration<User> findUsers(java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
listUsers
public java.util.Enumeration<User> listUsers(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the filter. retrieves uid only, for efficiency of user listing- Throws:
EUsrGrpException
-
lbuildUsers
protected java.util.Enumeration<User> lbuildUsers(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
buildUsers
protected java.util.Enumeration<User> buildUsers(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
lbuildUser
protected User lbuildUser(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds a User instance. Sets only uid for user entry retrieved from LDAP server. for listing efficiency only.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
buildUser
protected User buildUser(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds a User instance. Set all attributes retrieved from LDAP server and set them on User.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
addUser
public void addUser(User user) throws EUsrGrpException
Adds identity. Certificates handled by a separate call to addUserCert()- Throws:
EUsrGrpException
-
addUserCert
public void addUserCert(java.lang.String userID, java.security.cert.X509Certificate cert) throws EUsrGrpException
adds a user certificate to user- Throws:
EUsrGrpException
-
addSeeAlso
public void addSeeAlso(java.lang.String userID, java.lang.String value) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeSeeAlso
public void removeSeeAlso(java.lang.String userID, java.lang.String value) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUserCert
public void removeUserCert(User identity) throws EUsrGrpException
Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed- Throws:
EUsrGrpException
-
addUserToGroup
public void addUserToGroup(Group grp, java.lang.String userid) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUserFromGroup
public void removeUserFromGroup(Group grp, java.lang.String userid) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUser
public void removeUser(java.lang.String userid) throws EUsrGrpException
Removes identity.- Throws:
EUsrGrpException
-
modifyUser
public void modifyUser(User identity) throws EUsrGrpException
modifies user attributes. Certs are handled separately- Throws:
EUsrGrpException
-
buildGroups
protected java.util.Enumeration<Group> buildGroups(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
findGroups
public java.util.Enumeration<Group> findGroups(java.lang.String filter) throws EUsrGrpException
Finds groups.- Throws:
EUsrGrpException
-
findGroup
public Group findGroup(java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
listGroups
public java.util.Enumeration<Group> listGroups(java.lang.String filter) throws EUsrGrpException
List groups. more efficient than find Groups. only retrieves group names and description.- Throws:
EUsrGrpException
-
findGroupsByUser
public java.util.Enumeration<Group> findGroupsByUser(java.lang.String userDn, java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
buildGroup
protected Group buildGroup(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds an instance of a Group entry- Throws:
EUsrGrpException
-
getGroupFromName
public Group getGroupFromName(java.lang.String name)
Retrieves a group from LDAP NOTE - this takes just the group name.
-
getGroup
public Group getGroup(java.lang.String groupDN)
Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
-
isGroupPresent
public boolean isGroupPresent(java.lang.String name)
Checks if the given group exists
-
isMemberOf
public boolean isMemberOf(java.lang.String userid, java.lang.String groupname)
-
isMemberOf
public boolean isMemberOf(User id, java.lang.String name)
Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
-
isMemberOfLdapGroup
protected boolean isMemberOfLdapGroup(java.lang.String userid, java.lang.String groupname)
checks if the given user DN is in the specified group by running an ldap search for the user in the group
-
addGroup
public void addGroup(Group group) throws EUsrGrpException
Adds a group of identities.- Throws:
EUsrGrpException
-
removeGroup
public void removeGroup(java.lang.String name) throws EUsrGrpException
Removes a group. Can't remove SUPER_CERT_ADMINS- Throws:
EUsrGrpException
-
modifyGroup
public void modifyGroup(Group group) throws EUsrGrpException
Modifies an existing group in the database.- Parameters:
group
- an existing group that has been modified in memory- Throws:
EUsrGrpException
-
evaluate
public boolean evaluate(java.lang.String type, User id, java.lang.String op, java.lang.String value)
Evalutes the given context with the attribute critieria.
-
convertUIDtoDN
protected java.lang.String convertUIDtoDN(java.lang.String uid) throws netscape.ldap.LDAPException
Converts an uid attribute to a DN.- Throws:
netscape.ldap.LDAPException
-
isMatched
protected boolean isMatched(java.lang.String dn1, java.lang.String dn2)
Checks if the given DNs are the same after normalization.
-
getCertificateStringWithoutVersion
protected java.lang.String getCertificateStringWithoutVersion(java.security.cert.X509Certificate cert)
Converts certificate into string format. should eventually go into the locator itself
-
getCertificateString
public java.lang.String getCertificateString(java.security.cert.X509Certificate cert)
-
getUserDN
public java.lang.String getUserDN(java.lang.String userID)
-
getConn
protected netscape.ldap.LDAPConnection getConn() throws ELdapException
- Throws:
ELdapException
-
returnConn
protected void returnConn(netscape.ldap.LDAPConnection conn)
-
-