Package org.apache.directory.fortress.core.ldap

Class LdapDataProvider

  • public abstract class LdapDataProvider
extends Object
    Abstract class contains methods to perform low-level entity to ldap persistence. These methods are called by the Fortress DAO's, i.e. UserDAO. RoleDAO, PermDAO, .... These are low-level data utilities, very little if any data validations are performed here.

    This class is thread safe.

    Author:
    Apache Directory Project

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void add​(org.apache.directory.ldap.client.api.LdapConnection connection, org.apache.directory.api.ldap.model.entry.Entry entry)
      Add a new ldap entry to the directory.
      protected void add​(org.apache.directory.ldap.client.api.LdapConnection connection, org.apache.directory.api.ldap.model.entry.Entry entry, FortEntity entity)
      Add a new ldap entry to the directory.
      protected void add​(org.apache.directory.ldap.client.api.LdapConnection connection, org.apache.directory.api.ldap.model.entry.Entry entry, FortEntity entity, boolean setRelaxControl)
      Add a new ldap entry to the directory.
      protected org.apache.directory.api.ldap.model.message.BindResponse bind​(org.apache.directory.ldap.client.api.LdapConnection connection, String szUserDn, String password)
      Calls the PoolMgr to perform an LDAP bind for a user/password combination.
      void closeAdminConnection​(org.apache.directory.ldap.client.api.LdapConnection connection)
      Calls the PoolMgr to close the Admin LDAP connection.
      static void closeAllConnectionPools()
      Closes all the ldap connection pools.
      protected void closeLogConnection​(org.apache.directory.ldap.client.api.LdapConnection connection)
      Calls the PoolMgr to close the Log LDAP connection.
      protected void closeUserConnection​(org.apache.directory.ldap.client.api.LdapConnection connection)
      Calls the PoolMgr to close the User LDAP connection.
      protected boolean compareNode​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn, String userDn, org.apache.directory.api.ldap.model.entry.Attribute attribute)
      This method uses the compare ldap func to assert audit record into the directory server's configured audit logger.
      protected org.apache.directory.api.ldap.model.entry.Attribute createAttributes​(String name, String[] values)
      Create multi-occurring ldap attribute given array of strings and attribute name.
      protected void delete​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn)
      Delete exiting ldap entry from the directory.
      protected void delete​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn, FortEntity entity)
      Delete exiting ldap entry from the directory.
      protected void delete​(org.apache.directory.ldap.client.api.LdapConnection connection, org.apache.directory.api.ldap.model.name.Dn dn, FortEntity entity)
      Delete exiting ldap entry from the directory.
      protected void deleteRecursive​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn)
      Delete exiting ldap entry and all descendants from the directory.
      protected void deleteRecursive​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn, FortEntity entity)
      Delete exiting ldap entry and all descendants from the directory.
      protected String encodeSafeText​(String value, int validLen)
      Encode some text so that it can be used in a LDAP filter.
      protected String escapeLDAPSearchFilter​(String filter)
      Perform encoding on supplied input string for certain unsafe ascii characters.
      org.apache.directory.ldap.client.api.LdapConnection getAdminConnection()
      Calls the PoolMgr to get an Admin connection to the LDAP server.
      protected String getAttribute​(org.apache.directory.api.ldap.model.entry.Entry entry, String attributeName)
      Method wraps ldap client to return attribute value by name within a given entry and returns as a string.
      protected List<String> getAttributes​(org.apache.directory.api.ldap.model.entry.Entry entry, String attributeName)
      Method wraps ldap client to return multivalued attribute by name within a given entry and returns as a list of strings.
      protected Set<String> getAttributeSet​(org.apache.directory.api.ldap.model.entry.Entry entry, String attributeName)
      Method wraps ldap client to return multivalued attribute by name within a given entry and returns as a set of strings.
      static LdapCounters getLdapCounters()
      Return to call reference to dao counter object with running totals for ldap operations add, mod, delete, search, etc.
      protected org.apache.directory.ldap.client.api.LdapConnection getLogConnection()
      Calls the PoolMgr to get an Log connection to the LDAP server.
      protected byte[] getPhoto​(org.apache.directory.api.ldap.model.entry.Entry entry, String attributeName)
      Return the image stored on the entry.
      protected org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponse getPwdRespCtrl​(org.apache.directory.api.ldap.model.message.BindResponse resp)
      Get Password Policy Response Control from LDAP client.
      protected String getRdn​(String dn)
      Method will retrieve the relative distinguished name from a distinguished name variable.
      protected String getRootDn​(String contextId)
      Given a contextId return the LDAP dn that includes the suffix.
      protected static String getRootDn​(String contextId, String root)
      Given a contextId and a fortress param name return the LDAP dn.
      protected org.apache.directory.ldap.client.api.LdapConnection getUserConnection()
      Calls the PoolMgr to get an User connection to the LDAP server.
      protected void loadAttrs​(List<String> list, List<org.apache.directory.api.ldap.model.entry.Modification> mods, String attrName)
      Given an ldap attribute name and a list of attribute values, construct an ldap modification set to be updated in directory.
      protected void loadAttrs​(List<String> list, org.apache.directory.api.ldap.model.entry.Entry entry, String attrName)
      Given an ldap attribute name and a list of attribute values, construct an ldap attribute set to be added to directory.
      protected void loadAttrs​(Set<String> values, List<org.apache.directory.api.ldap.model.entry.Modification> mods, String attrName)
      Given an ldap attribute name and a set of attribute values, construct an ldap modification set to be updated in directory.
      protected void loadAttrs​(Set<String> values, org.apache.directory.api.ldap.model.entry.Entry entry, String attrName)
      Given an ldap attribute name and a set of attribute values, construct an ldap attribute set to be added to directory.
      protected void loadProperties​(Properties props, List<org.apache.directory.api.ldap.model.entry.Modification> mods, String attrName, boolean replace)
      Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
      protected void loadProperties​(Properties props, List<org.apache.directory.api.ldap.model.entry.Modification> mods, String attrName, boolean replace, char separator)
      Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
      protected void loadProperties​(Properties props, org.apache.directory.api.ldap.model.entry.Entry entry, String attrName)
      Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap add.
      protected void loadProperties​(Properties props, org.apache.directory.api.ldap.model.entry.Entry entry, String attrName, char separator)
      Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap add.
      protected void loadRelationshipAttrs​(List<Relationship> list, List<org.apache.directory.api.ldap.model.entry.Modification> mods, String attrName, Hier.Op op)
      Given a collection of Relationships, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
      protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn, List<org.apache.directory.api.ldap.model.entry.Modification> mods)
      Update exiting ldap entry to the directory.
      protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn, List<org.apache.directory.api.ldap.model.entry.Modification> mods, FortEntity entity)
      Update exiting ldap entry to the directory.
      protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn, List<org.apache.directory.api.ldap.model.entry.Modification> mods, FortEntity entity, boolean setRelaxControl)
      Update exiting ldap entry to the directory.
      protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection, org.apache.directory.api.ldap.model.name.Dn dn, List<org.apache.directory.api.ldap.model.entry.Modification> mods)
      Update exiting ldap entry to the directory.
      protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection, org.apache.directory.api.ldap.model.name.Dn dn, List<org.apache.directory.api.ldap.model.entry.Modification> mods, FortEntity entity)
      Update exiting ldap entry to the directory.
      protected org.apache.directory.api.ldap.model.entry.Entry read​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn, String[] attrs)
      Read the ldap record from specified location.
      protected org.apache.directory.api.ldap.model.entry.Entry read​(org.apache.directory.ldap.client.api.LdapConnection connection, String dn, String[] attrs, String userDn)
      Read the ldap record from specified location with user assertion.
      protected org.apache.directory.api.ldap.model.entry.Entry read​(org.apache.directory.ldap.client.api.LdapConnection connection, org.apache.directory.api.ldap.model.name.Dn dn, String[] attrs)
      Read the ldap record from specified location.
      protected void removeProperties​(Properties props, List<org.apache.directory.api.ldap.model.entry.Modification> mods, String attrName)
      Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
      protected org.apache.directory.api.ldap.model.cursor.SearchCursor search​(org.apache.directory.ldap.client.api.LdapConnection connection, String baseDn, org.apache.directory.api.ldap.model.message.SearchScope scope, String filter, String[] attrs, boolean attrsOnly)
      Perform normal ldap search accepting default batch size.
      protected org.apache.directory.api.ldap.model.cursor.SearchCursor search​(org.apache.directory.ldap.client.api.LdapConnection connection, String baseDn, org.apache.directory.api.ldap.model.message.SearchScope scope, String filter, String[] attrs, boolean attrsOnly, int maxEntries)
      Perform normal ldap search specifying default batch size and max entries to return.
      protected org.apache.directory.api.ldap.model.entry.Entry searchNode​(org.apache.directory.ldap.client.api.LdapConnection connection, String baseDn, org.apache.directory.api.ldap.model.message.SearchScope scope, String filter, String[] attrs, boolean attrsOnly)
      This method will search the directory and return at most one record.
      protected org.apache.directory.api.ldap.model.entry.Entry searchNode​(org.apache.directory.ldap.client.api.LdapConnection connection, String baseDn, org.apache.directory.api.ldap.model.message.SearchScope scope, String filter, String[] attrs, boolean attrsOnly, String userDn)
      This search method uses OpenLDAP Proxy Authorization Control to assert arbitrary user identity onto connection.
      protected void unloadTemporal​(org.apache.directory.api.ldap.model.entry.Entry le, Constraint ftDateTime)
      Convert constraint from raw ldap format to application entity.

    • Constructor Detail

      • LdapDataProvider

        public LdapDataProvider()

    • Method Detail

      • getRootDn

        protected static String getRootDn​(String contextId,
                                  String root)
        Given a contextId and a fortress param name return the LDAP dn.
        Parameters:
        contextId - is to determine what sub-tree to use.
        root - contains the fortress parameter name that corresponds with a particular LDAP container.
        Returns:
        String contains the dn to use for operation.

      • getRootDn

        protected String getRootDn​(String contextId)
        Given a contextId return the LDAP dn that includes the suffix.
        Parameters:
        contextId - is to determine what sub-tree to use.
        Returns:
        String contains the dn to use for operation.

      • read

        protected org.apache.directory.api.ldap.model.entry.Entry read​(org.apache.directory.ldap.client.api.LdapConnection connection,
                                                               String dn,
                                                               String[] attrs)
                                                        throws org.apache.directory.api.ldap.model.exception.LdapException
        Read the ldap record from specified location.
        Parameters:
        connection - handle to ldap connection.
        dn - contains ldap distinguished name.
        attrs - array contains array names to pull back.
        Returns:
        ldap entry.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • read

        protected org.apache.directory.api.ldap.model.entry.Entry read​(org.apache.directory.ldap.client.api.LdapConnection connection,
                                                               org.apache.directory.api.ldap.model.name.Dn dn,
                                                               String[] attrs)
                                                        throws org.apache.directory.api.ldap.model.exception.LdapException
        Read the ldap record from specified location.
        Parameters:
        connection - handle to ldap connection.
        dn - contains ldap distinguished name.
        attrs - array contains array names to pull back.
        Returns:
        ldap entry.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • read

        protected org.apache.directory.api.ldap.model.entry.Entry read​(org.apache.directory.ldap.client.api.LdapConnection connection,
                                                               String dn,
                                                               String[] attrs,
                                                               String userDn)
                                                        throws org.apache.directory.api.ldap.model.exception.LdapException
        Read the ldap record from specified location with user assertion.
        Parameters:
        connection - handle to ldap connection.
        dn - contains ldap distinguished name.
        attrs - array contains array names to pull back. , PoolMgr.ConnType.USER
        userDn - string value represents the identity of user on who's behalf the request was initiated. The value will be stored in openldap auditsearch record AuthZID's attribute.
        Returns:
        ldap entry.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.
        UnsupportedEncodingException - for search control errors.

      • add

        protected void add​(org.apache.directory.ldap.client.api.LdapConnection connection,
                   org.apache.directory.api.ldap.model.entry.Entry entry)
            throws org.apache.directory.api.ldap.model.exception.LdapException
        Add a new ldap entry to the directory. Do not add audit context.
        Parameters:
        connection - handle to ldap connection.
        entry - contains data to add..
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • add

        protected void add​(org.apache.directory.ldap.client.api.LdapConnection connection,
                   org.apache.directory.api.ldap.model.entry.Entry entry,
                   FortEntity entity)
            throws org.apache.directory.api.ldap.model.exception.LdapException
        Add a new ldap entry to the directory. Add audit context.
        Parameters:
        connection - handle to ldap connection.
        entry - contains data to add..
        entity - contains audit context.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • add

        protected void add​(org.apache.directory.ldap.client.api.LdapConnection connection,
                   org.apache.directory.api.ldap.model.entry.Entry entry,
                   FortEntity entity,
                   boolean setRelaxControl)
            throws org.apache.directory.api.ldap.model.exception.LdapException
        Add a new ldap entry to the directory. Add audit context.
        Parameters:
        connection - handle to ldap connection.
        entry - contains data to add..
        entity - contains audit context.
        setRelaxControl - when true attaches relax control to request
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • modify

        protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection,
                      String dn,
                      List<org.apache.directory.api.ldap.model.entry.Modification> mods)
               throws org.apache.directory.api.ldap.model.exception.LdapException
        Update exiting ldap entry to the directory. Do not add audit context.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry.
        mods - contains data to modify.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • modify

        protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection,
                      org.apache.directory.api.ldap.model.name.Dn dn,
                      List<org.apache.directory.api.ldap.model.entry.Modification> mods)
               throws org.apache.directory.api.ldap.model.exception.LdapException
        Update exiting ldap entry to the directory. Do not add audit context.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry.
        mods - contains data to modify.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • modify

        protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection,
                      String dn,
                      List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                      FortEntity entity)
               throws org.apache.directory.api.ldap.model.exception.LdapException
        Update exiting ldap entry to the directory. Add audit context.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry.
        mods - contains data to modify.
        entity - contains audit context.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • modify

        protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection,
                      String dn,
                      List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                      FortEntity entity,
                      boolean setRelaxControl)
               throws org.apache.directory.api.ldap.model.exception.LdapException
        Update exiting ldap entry to the directory. Add audit context.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry.
        mods - contains data to modify.
        entity - contains audit context.
        setRelaxControl - when true attaches relax control to request
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • modify

        protected void modify​(org.apache.directory.ldap.client.api.LdapConnection connection,
                      org.apache.directory.api.ldap.model.name.Dn dn,
                      List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                      FortEntity entity)
               throws org.apache.directory.api.ldap.model.exception.LdapException
        Update exiting ldap entry to the directory. Add audit context.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry.
        mods - contains data to modify.
        entity - contains audit context.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • delete

        protected void delete​(org.apache.directory.ldap.client.api.LdapConnection connection,
                      String dn)
               throws org.apache.directory.api.ldap.model.exception.LdapException
        Delete exiting ldap entry from the directory. Do not add audit context.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry targeted for removal..
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • delete

        protected void delete​(org.apache.directory.ldap.client.api.LdapConnection connection,
                      String dn,
                      FortEntity entity)
               throws org.apache.directory.api.ldap.model.exception.LdapException
        Delete exiting ldap entry from the directory. Add audit context. This method will call modify prior to delete which will force corresponding audit record to be written to slapd access log.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry targeted for removal..
        entity - contains audit context.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • delete

        protected void delete​(org.apache.directory.ldap.client.api.LdapConnection connection,
                      org.apache.directory.api.ldap.model.name.Dn dn,
                      FortEntity entity)
               throws org.apache.directory.api.ldap.model.exception.LdapException
        Delete exiting ldap entry from the directory. Add audit context. This method will call modify prior to delete which will force corresponding audit record to be written to slapd access log.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry targeted for removal..
        entity - contains audit context.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.

      • deleteRecursive

        protected void deleteRecursive​(org.apache.directory.ldap.client.api.LdapConnection connection,
                               String dn)
                        throws org.apache.directory.api.ldap.model.exception.LdapException,
                               org.apache.directory.api.ldap.model.cursor.CursorException
        Delete exiting ldap entry and all descendants from the directory. Do not add audit context.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry targeted for removal..
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.
        IOException
        org.apache.directory.api.ldap.model.cursor.CursorException

      • deleteRecursive

        protected void deleteRecursive​(org.apache.directory.ldap.client.api.LdapConnection connection,
                               String dn,
                               FortEntity entity)
                        throws org.apache.directory.api.ldap.model.exception.LdapException,
                               org.apache.directory.api.ldap.model.cursor.CursorException
        Delete exiting ldap entry and all descendants from the directory. Add audit context. This method will call modify prior to delete which will force corresponding audit record to be written to slapd access log.
        Parameters:
        connection - handle to ldap connection.
        dn - contains distinguished node of entry targeted for removal..
        entity - contains audit context.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event system error occurs.
        org.apache.directory.api.ldap.model.cursor.CursorException

      • search

        protected org.apache.directory.api.ldap.model.cursor.SearchCursor search​(org.apache.directory.ldap.client.api.LdapConnection connection,
                                                                         String baseDn,
                                                                         org.apache.directory.api.ldap.model.message.SearchScope scope,
                                                                         String filter,
                                                                         String[] attrs,
                                                                         boolean attrsOnly)
                                                                  throws org.apache.directory.api.ldap.model.exception.LdapException
        Perform normal ldap search accepting default batch size.
        Parameters:
        connection - is LdapConnection object used for all communication with host.
        baseDn - contains address of distinguished name to begin ldap search
        scope - indicates depth of search starting at basedn. 0 (base dn), 1 (one level down) or 2 (infinite) are valid values.
        filter - contains the search criteria
        attrs - is the requested list of attritubutes to return from directory search.
        attrsOnly - if true pull back attribute names only.
        Returns:
        result set containing ldap entries returned from directory.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - thrown in the event of error in ldap client or server code.

      • search

        protected org.apache.directory.api.ldap.model.cursor.SearchCursor search​(org.apache.directory.ldap.client.api.LdapConnection connection,
                                                                         String baseDn,
                                                                         org.apache.directory.api.ldap.model.message.SearchScope scope,
                                                                         String filter,
                                                                         String[] attrs,
                                                                         boolean attrsOnly,
                                                                         int maxEntries)
                                                                  throws org.apache.directory.api.ldap.model.exception.LdapException
        Perform normal ldap search specifying default batch size and max entries to return.
        Parameters:
        connection - is LdapConnection object used for all communication with host.
        baseDn - contains address of distinguished name to begin ldap search
        scope - indicates depth of search starting at basedn. 0 (base dn), 1 (one level down) or 2 (infinite) are valid values.
        filter - contains the search criteria
        attrs - is the requested list of attritubutes to return from directory search.
        attrsOnly - if true pull back attribute names only.
        maxEntries - specifies the maximum number of entries to return in this search query.
        Returns:
        result set containing ldap entries returned from directory.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - thrown in the event of error in ldap client or server code.

      • searchNode

        protected org.apache.directory.api.ldap.model.entry.Entry searchNode​(org.apache.directory.ldap.client.api.LdapConnection connection,
                                                                     String baseDn,
                                                                     org.apache.directory.api.ldap.model.message.SearchScope scope,
                                                                     String filter,
                                                                     String[] attrs,
                                                                     boolean attrsOnly)
                                                              throws org.apache.directory.api.ldap.model.exception.LdapException,
                                                                     org.apache.directory.api.ldap.model.cursor.CursorException
        This method will search the directory and return at most one record. If more than one record is found an ldap exception will be thrown.
        Parameters:
        connection - is LdapConnection object used for all communication with host.
        baseDn - contains address of distinguished name to begin ldap search
        scope - indicates depth of search starting at basedn. 0 (base dn), 1 (one level down) or 2 (infinite) are valid values.
        filter - contains the search criteria
        attrs - is the requested list of attritubutes to return from directory search.
        attrsOnly - if true pull back attribute names only.
        Returns:
        entry containing target ldap node.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - thrown in the event of error in ldap client or server code.
        org.apache.directory.api.ldap.model.cursor.CursorException - If we weren't able to fetch an element from the search result

      • searchNode

        protected org.apache.directory.api.ldap.model.entry.Entry searchNode​(org.apache.directory.ldap.client.api.LdapConnection connection,
                                                                     String baseDn,
                                                                     org.apache.directory.api.ldap.model.message.SearchScope scope,
                                                                     String filter,
                                                                     String[] attrs,
                                                                     boolean attrsOnly,
                                                                     String userDn)
                                                              throws org.apache.directory.api.ldap.model.exception.LdapException,
                                                                     org.apache.directory.api.ldap.model.cursor.CursorException
        This search method uses OpenLDAP Proxy Authorization Control to assert arbitrary user identity onto connection.
        Parameters:
        connection - is LdapConnection object used for all communication with host.
        baseDn - contains address of distinguished name to begin ldap search
        scope - indicates depth of search starting at basedn. 0 (base dn), 1 (one level down) or 2 (infinite) are valid values.
        filter - contains the search criteria
        attrs - is the requested list of attritubutes to return from directory search.
        attrsOnly - if true pull back attribute names only.
        userDn - string value represents the identity of user on who's behalf the request was initiated. The value will be stored in openldap auditsearch record AuthZID's attribute.
        Returns:
        entry containing target ldap node.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - thrown in the event of error in ldap client or server code.
        org.apache.directory.api.ldap.model.cursor.CursorException - If we weren't able to fetch an element from the search result

      • compareNode

        protected boolean compareNode​(org.apache.directory.ldap.client.api.LdapConnection connection,
                              String dn,
                              String userDn,
                              org.apache.directory.api.ldap.model.entry.Attribute attribute)
                       throws org.apache.directory.api.ldap.model.exception.LdapException,
                              UnsupportedEncodingException
        This method uses the compare ldap func to assert audit record into the directory server's configured audit logger. This is for one reason - to force the ldap server to maintain an audit trail on checkAccess api. Use proxy authz control (RFC4370) to assert the caller's id onto the record.
        Parameters:
        connection - is LdapConnection object used for all communication with host.
        dn - contains address of distinguished name to begin ldap search
        userDn - dn for user node
        attribute - attribute used for compare
        Returns:
        true if compare operation succeeds
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - thrown in the event of error in ldap client or server code.
        UnsupportedEncodingException - in the event the server cannot perform the operation.

      • getAttributes

        protected List<String> getAttributes​(org.apache.directory.api.ldap.model.entry.Entry entry,
                                     String attributeName)
        Method wraps ldap client to return multivalued attribute by name within a given entry and returns as a list of strings.
        Parameters:
        entry - contains the target ldap entry.
        attributeName - name of ldap attribute to retrieve.
        Returns:
        List of type string containing attribute values.

      • getPhoto

        protected byte[] getPhoto​(org.apache.directory.api.ldap.model.entry.Entry entry,
                          String attributeName)
                   throws org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException
        Return the image stored on the entry.
        Parameters:
        entry - contains the image target.
        attributeName - to be retrieved.
        Returns:
        byte array containing image.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException - contains the system error.

      • getAttributeSet

        protected Set<String> getAttributeSet​(org.apache.directory.api.ldap.model.entry.Entry entry,
                                      String attributeName)
        Method wraps ldap client to return multivalued attribute by name within a given entry and returns as a set of strings.
        Parameters:
        entry - contains the target ldap entry.
        attributeName - name of ldap attribute to retrieve.
        Returns:
        List of type string containing attribute values.

      • getAttribute

        protected String getAttribute​(org.apache.directory.api.ldap.model.entry.Entry entry,
                              String attributeName)
                       throws org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException
        Method wraps ldap client to return attribute value by name within a given entry and returns as a string.
        Parameters:
        entry - contains the target ldap entry.
        attributeName - name of ldap attribute to retrieve.
        Returns:
        value contained in a string variable.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException - When we weren't able to get the attribute from the entry

      • getRdn

        protected String getRdn​(String dn)
        Method will retrieve the relative distinguished name from a distinguished name variable.
        Parameters:
        dn - contains ldap distinguished name.
        Returns:
        rDn as string.

      • createAttributes

        protected org.apache.directory.api.ldap.model.entry.Attribute createAttributes​(String name,
                                                                               String[] values)
                                                                        throws org.apache.directory.api.ldap.model.exception.LdapException
        Create multi-occurring ldap attribute given array of strings and attribute name.
        Parameters:
        name - contains attribute name to create.
        values - array of string that contains attribute values.
        Returns:
        Attribute containing multivalued attribute set.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event of ldap client error.

      • unloadTemporal

        protected void unloadTemporal​(org.apache.directory.api.ldap.model.entry.Entry le,
                              Constraint ftDateTime)
                       throws org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException
        Convert constraint from raw ldap format to application entity.
        Parameters:
        le - ldap entry containing constraint.
        ftDateTime - reference to Constraint containing formatted data.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException
        org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException - when we weren't able to retrieve the attribute from the entry

      • loadAttrs

        protected void loadAttrs​(List<String> list,
                         org.apache.directory.api.ldap.model.entry.Entry entry,
                         String attrName)
                  throws org.apache.directory.api.ldap.model.exception.LdapException
        Given an ldap attribute name and a list of attribute values, construct an ldap attribute set to be added to directory.
        Parameters:
        list - list of type string containing attribute values to load into attribute set.
        entry - contains ldap attribute set targeted for adding.
        attrName - name of ldap attribute being added.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - If we weren't able to add the attributes into the entry

      • loadAttrs

        protected void loadAttrs​(List<String> list,
                         List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                         String attrName)
        Given an ldap attribute name and a list of attribute values, construct an ldap modification set to be updated in directory.
        Parameters:
        list - list of type string containing attribute values to load into modification set.
        mods - contains ldap modification set targeted for updating.
        attrName - name of ldap attribute being modified.

      • loadRelationshipAttrs

        protected void loadRelationshipAttrs​(List<Relationship> list,
                                     List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                                     String attrName,
                                     Hier.Op op)
        Given a collection of Relationships, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
        Parameters:
        list - contains List of type Relationship targeted for updating in ldap.
        mods - ldap modification set containing parent-child relationships in raw ldap format.
        attrName - contains the name of the ldap attribute to be updated.
        op - specifies type of mod: Hier.Op.ADD, Hier.Op.MOD, Hier.Op.REM.

      • loadAttrs

        protected void loadAttrs​(Set<String> values,
                         List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                         String attrName)
        Given an ldap attribute name and a set of attribute values, construct an ldap modification set to be updated in directory.
        Parameters:
        values - set of type string containing attribute values to load into modification set.
        mods - contains ldap modification set targeted for updating.
        attrName - name of ldap attribute being updated.

      • loadAttrs

        protected void loadAttrs​(Set<String> values,
                         org.apache.directory.api.ldap.model.entry.Entry entry,
                         String attrName)
                  throws org.apache.directory.api.ldap.model.exception.LdapException
        Given an ldap attribute name and a set of attribute values, construct an ldap attribute set to be added to directory.
        Parameters:
        values - set of type string containing attribute values to load into attribute set.
        entry - contains ldap entry to pull attrs from.
        attrName - name of ldap attribute being added.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - If we weren't able to add the values into the entry

      • loadProperties

        protected void loadProperties​(Properties props,
                              List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                              String attrName,
                              boolean replace)
        Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
        Parameters:
        props - contains Properties targeted for updating in ldap.
        mods - ldap modification set containing name-value pairs in raw ldap format.
        attrName - contains the name of the ldap attribute to be updated.
        replace - boolean variable, if set to true use ModificationOperation.REPLACE_ATTRIBUTE else ModificationOperation.ADD_ATTRIBUTE.

      • loadProperties

        protected void loadProperties​(Properties props,
                              List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                              String attrName,
                              boolean replace,
                              char separator)
        Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
        Parameters:
        props - contains Properties targeted for updating in ldap.
        mods - ldap modification set containing name-value pairs in raw ldap format.
        attrName - contains the name of the ldap attribute to be updated.
        replace - boolean variable, if set to true use ModificationOperation.REPLACE_ATTRIBUTE else ModificationOperation.ADD_ATTRIBUTE.
        separator - contains the char value used to separate name and value in ldap raw format.

      • removeProperties

        protected void removeProperties​(Properties props,
                                List<org.apache.directory.api.ldap.model.entry.Modification> mods,
                                String attrName)
        Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap modify.
        Parameters:
        props - contains Properties targeted for removal from ldap.
        mods - ldap modification set containing name-value pairs in raw ldap format to be removed.
        attrName - contains the name of the ldap attribute to be removed.

      • loadProperties

        protected void loadProperties​(Properties props,
                              org.apache.directory.api.ldap.model.entry.Entry entry,
                              String attrName)
                       throws org.apache.directory.api.ldap.model.exception.LdapException
        Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap add.
        Parameters:
        props - contains Properties targeted for adding to ldap.
        entry - contains ldap entry to pull attrs from.
        attrName - contains the name of the ldap attribute to be added.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - If we weren't able to add the properies into the entry

      • loadProperties

        protected void loadProperties​(Properties props,
                              org.apache.directory.api.ldap.model.entry.Entry entry,
                              String attrName,
                              char separator)
                       throws org.apache.directory.api.ldap.model.exception.LdapException
        Given a collection of Properties, convert to raw data name-value format and load into ldap modification set in preparation for ldap add.
        Parameters:
        props - contains Properties targeted for adding to ldap.
        entry - contains ldap entry to push attrs into.
        attrName - contains the name of the ldap attribute to be added.
        separator - contains the char value used to separate name and value in ldap raw format.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - If we weren't able to add the properies into the entry

      • encodeSafeText

        protected String encodeSafeText​(String value,
                                int validLen)
                         throws org.apache.directory.api.ldap.model.exception.LdapException
        Encode some text so that it can be used in a LDAP filter.
        Parameters:
        value - The value to encode
        validLen - The maximum accepted length of the value.
        Returns:
        String containing encoded data.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - If the value is longer than the maximum value

      • getPwdRespCtrl

        protected org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyResponse getPwdRespCtrl​(org.apache.directory.api.ldap.model.message.BindResponse resp)
        Get Password Policy Response Control from LDAP client.
        Parameters:
        resp - contains reference to LDAP pw policy response.
        Returns:
        PasswordPolicyResponse control.

      • bind

        protected org.apache.directory.api.ldap.model.message.BindResponse bind​(org.apache.directory.ldap.client.api.LdapConnection connection,
                                                                        String szUserDn,
                                                                        String password)
                                                                 throws org.apache.directory.api.ldap.model.exception.LdapException
        Calls the PoolMgr to perform an LDAP bind for a user/password combination. This function is valid if and only if the user entity is a member of the USERS data set.
        Parameters:
        connection - connection to ldap server.
        szUserDn - contains the LDAP dn to the user entry in String format.
        password - contains the password in clear text.
        Returns:
        bindResponse contains the result of the operation.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - in the event of LDAP error.

      • closeAdminConnection

        public void closeAdminConnection​(org.apache.directory.ldap.client.api.LdapConnection connection)
        Calls the PoolMgr to close the Admin LDAP connection.
        Parameters:
        connection - handle to ldap connection object.

      • closeLogConnection

        protected void closeLogConnection​(org.apache.directory.ldap.client.api.LdapConnection connection)
        Calls the PoolMgr to close the Log LDAP connection.
        Parameters:
        connection - handle to ldap connection object.

      • closeUserConnection

        protected void closeUserConnection​(org.apache.directory.ldap.client.api.LdapConnection connection)
        Calls the PoolMgr to close the User LDAP connection.
        Parameters:
        connection - handle to ldap connection object.

      • getAdminConnection

        public org.apache.directory.ldap.client.api.LdapConnection getAdminConnection()
                                                                       throws org.apache.directory.api.ldap.model.exception.LdapException
        Calls the PoolMgr to get an Admin connection to the LDAP server.
        Returns:
        ldap connection.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - If we had an issue getting an LDAP connection

      • getLogConnection

        protected org.apache.directory.ldap.client.api.LdapConnection getLogConnection()
                                                                        throws org.apache.directory.api.ldap.model.exception.LdapException
        Calls the PoolMgr to get an Log connection to the LDAP server.
        Returns:
        ldap connection.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - If we had an issue getting an LDAP connection

      • getUserConnection

        protected org.apache.directory.ldap.client.api.LdapConnection getUserConnection()
                                                                         throws org.apache.directory.api.ldap.model.exception.LdapException
        Calls the PoolMgr to get an User connection to the LDAP server.
        Returns:
        ldap connection.
        Throws:
        org.apache.directory.api.ldap.model.exception.LdapException - If we had an issue getting an LDAP connection

      • getLdapCounters

        public static LdapCounters getLdapCounters()
        Return to call reference to dao counter object with running totals for ldap operations add, mod, delete, search, etc.
        Returns:
        LdapCounters contains long values of atomic ldap operations for current running process.

      • escapeLDAPSearchFilter

        protected String escapeLDAPSearchFilter​(String filter)
        Perform encoding on supplied input string for certain unsafe ascii characters. These chars may be unsafe because ldap reserves some characters as operands. Safe encoding safeguards from malicious scripting input errors that are possible if data filtering did not get performed before being passed into dao layer.
        Parameters:
        filter - contains the data to filter.
        Returns:
        possibly modified input string for matched characters.

      • closeAllConnectionPools

        public static void closeAllConnectionPools()
        Closes all the ldap connection pools.