Package com.netscape.cmscore.usrgrp
Class UGSubsystem
- java.lang.Object
-
- com.netscape.cmscore.usrgrp.UGSubsystem
-
public class UGSubsystem extends java.lang.ObjectThis class defines low-level LDAP usr/grp management usr/grp information is located remotely on another LDAP server.- Version:
- $Revision$, $Date$
- Author:
- thomask, cfu
-
-
Field Summary
Fields Modifier and Type Field Description protected static java.lang.StringGROUP_ATTR_VALUEprotected static java.lang.StringLDAP_ATTR_CERTDNprotected static java.lang.StringLDAP_ATTR_PROFILE_IDprotected static java.lang.StringLDAP_ATTR_USER_CERTprotected static java.lang.StringLDAP_ATTR_USER_CERT_STRINGstatic org.slf4j.Loggerloggerprotected java.lang.StringmBaseDNprotected static java.lang.StringMEMBER_ATTRprotected LdapBoundConnFactorymLdapConnFactoryprotected static java.lang.StringOBJECTCLASS_ATTRstatic java.lang.StringSUPER_CERT_ADMINS
-
Constructor Summary
Constructors Constructor Description UGSubsystem()Constructs LDAP based usr/grp management
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddGroup(Group group)Adds a group of identities.voidaddSeeAlso(java.lang.String userID, java.lang.String value)voidaddUser(User user)Adds identity.voidaddUserCert(java.lang.String userID, java.security.cert.X509Certificate cert)adds a user certificate to uservoidaddUserToGroup(Group grp, java.lang.String userid)protected GroupbuildGroup(netscape.ldap.LDAPEntry entry)builds an instance of a Group entryprotected java.util.Enumeration<Group>buildGroups(netscape.ldap.LDAPSearchResults res)protected UserbuildUser(netscape.ldap.LDAPEntry entry)builds a User instance.protected java.util.Enumeration<User>buildUsers(netscape.ldap.LDAPSearchResults res)protected java.lang.StringconvertUIDtoDN(java.lang.String uid)Converts an uid attribute to a DN.GroupcreateGroup(java.lang.String id)UsercreateUser(java.lang.String id)booleanevaluate(java.lang.String type, User id, java.lang.String op, java.lang.String value)Evalutes the given context with the attribute critieria.GroupfindGroup(java.lang.String filter)java.util.Enumeration<Group>findGroups(java.lang.String filter)Finds groups.java.util.Enumeration<Group>findGroupsByUser(java.lang.String userDn, java.lang.String filter)UserfindUser(java.security.cert.X509Certificate cert)Locates a user by certificate.java.util.Enumeration<User>findUsers(java.lang.String filter)UserfindUsersByCert(java.lang.String filter)Searchs for identities that matches the certificate locater generated filter.java.util.Enumeration<User>findUsersByKeyword(java.lang.String keyword)Searchs for identities that matches the filter.java.lang.StringgetCertificateString(java.security.cert.X509Certificate cert)protected java.lang.StringgetCertificateStringWithoutVersion(java.security.cert.X509Certificate cert)Converts certificate into string format.protected netscape.ldap.LDAPConnectiongetConn()GroupgetGroup(java.lang.String groupDN)Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.GroupgetGroupFromName(java.lang.String name)Retrieves a group from LDAP NOTE - this takes just the group name.UsergetUser(java.lang.String userID)Retrieves a user from LDAPjava.lang.StringgetUserDN(java.lang.String userID)voidinit(PKISocketConfig socketConfig, UGSubsystemConfig config, IPasswordStore passwordStore)booleanisGroupPresent(java.lang.String name)Checks if the given group existsprotected booleanisMatched(java.lang.String dn1, java.lang.String dn2)Checks if the given DNs are the same after normalization.booleanisMemberOf(User id, java.lang.String name)Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)booleanisMemberOf(java.lang.String userid, java.lang.String groupname)protected booleanisMemberOfLdapGroup(java.lang.String userid, java.lang.String groupname)checks if the given user DN is in the specified group by running an ldap search for the user in the groupprotected UserlbuildUser(netscape.ldap.LDAPEntry entry)builds a User instance.protected java.util.Enumeration<User>lbuildUsers(netscape.ldap.LDAPSearchResults res)java.util.Enumeration<Group>listGroups(java.lang.String filter)List groups.java.util.Enumeration<User>listUsers(java.lang.String filter)Searchs for identities that matches the filter.voidmodifyGroup(Group group)Modifies an existing group in the database.voidmodifyUser(User identity)modifies user attributes.voidremoveGroup(java.lang.String name)Removes a group.voidremoveSeeAlso(java.lang.String userID, java.lang.String value)voidremoveUser(java.lang.String userid)Removes identity.voidremoveUserCert(User identity)Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removedvoidremoveUserFromGroup(Group grp, java.lang.String userid)protected voidreturnConn(netscape.ldap.LDAPConnection conn)voidshutdown()Disconnects usr/grp manager from the LDAP
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
SUPER_CERT_ADMINS
public static final java.lang.String SUPER_CERT_ADMINS
- See Also:
- Constant Field Values
-
OBJECTCLASS_ATTR
protected static final java.lang.String OBJECTCLASS_ATTR
- See Also:
- Constant Field Values
-
MEMBER_ATTR
protected static final java.lang.String MEMBER_ATTR
- See Also:
- Constant Field Values
-
GROUP_ATTR_VALUE
protected static final java.lang.String GROUP_ATTR_VALUE
- See Also:
- Constant Field Values
-
LDAP_ATTR_USER_CERT_STRING
protected static final java.lang.String LDAP_ATTR_USER_CERT_STRING
- See Also:
- Constant Field Values
-
LDAP_ATTR_CERTDN
protected static final java.lang.String LDAP_ATTR_CERTDN
- See Also:
- Constant Field Values
-
LDAP_ATTR_USER_CERT
protected static final java.lang.String LDAP_ATTR_USER_CERT
- See Also:
- Constant Field Values
-
LDAP_ATTR_PROFILE_ID
protected static final java.lang.String LDAP_ATTR_PROFILE_ID
- See Also:
- Constant Field Values
-
mLdapConnFactory
protected transient LdapBoundConnFactory mLdapConnFactory
-
mBaseDN
protected java.lang.String mBaseDN
-
-
Method Detail
-
init
public void init(PKISocketConfig socketConfig, UGSubsystemConfig config, IPasswordStore passwordStore) throws java.lang.Exception
- Throws:
java.lang.Exception
-
shutdown
public void shutdown()
Disconnects usr/grp manager from the LDAP
-
createUser
public User createUser(java.lang.String id)
-
createGroup
public Group createGroup(java.lang.String id)
-
getUser
public User getUser(java.lang.String userID) throws EUsrGrpException
Retrieves a user from LDAP- Throws:
EUsrGrpException
-
findUser
public User findUser(java.security.cert.X509Certificate cert) throws EUsrGrpException
Locates a user by certificate.- Throws:
EUsrGrpException
-
findUsersByCert
public User findUsersByCert(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the certificate locater generated filter.- Throws:
EUsrGrpException
-
findUsersByKeyword
public java.util.Enumeration<User> findUsersByKeyword(java.lang.String keyword) throws EUsrGrpException
Searchs for identities that matches the filter.- Throws:
EUsrGrpException
-
findUsers
public java.util.Enumeration<User> findUsers(java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
listUsers
public java.util.Enumeration<User> listUsers(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the filter. retrieves uid only, for efficiency of user listing- Throws:
EUsrGrpException
-
lbuildUsers
protected java.util.Enumeration<User> lbuildUsers(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
buildUsers
protected java.util.Enumeration<User> buildUsers(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
lbuildUser
protected User lbuildUser(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds a User instance. Sets only uid for user entry retrieved from LDAP server. for listing efficiency only.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
buildUser
protected User buildUser(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds a User instance. Set all attributes retrieved from LDAP server and set them on User.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
addUser
public void addUser(User user) throws EUsrGrpException
Adds identity. Certificates handled by a separate call to addUserCert()- Throws:
EUsrGrpException
-
addUserCert
public void addUserCert(java.lang.String userID, java.security.cert.X509Certificate cert) throws EUsrGrpExceptionadds a user certificate to user- Throws:
EUsrGrpException
-
addSeeAlso
public void addSeeAlso(java.lang.String userID, java.lang.String value) throws EUsrGrpException- Throws:
EUsrGrpException
-
removeSeeAlso
public void removeSeeAlso(java.lang.String userID, java.lang.String value) throws EUsrGrpException- Throws:
EUsrGrpException
-
removeUserCert
public void removeUserCert(User identity) throws EUsrGrpException
Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed- Throws:
EUsrGrpException
-
addUserToGroup
public void addUserToGroup(Group grp, java.lang.String userid) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUserFromGroup
public void removeUserFromGroup(Group grp, java.lang.String userid) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUser
public void removeUser(java.lang.String userid) throws EUsrGrpExceptionRemoves identity.- Throws:
EUsrGrpException
-
modifyUser
public void modifyUser(User identity) throws EUsrGrpException
modifies user attributes. Certs are handled separately- Throws:
EUsrGrpException
-
buildGroups
protected java.util.Enumeration<Group> buildGroups(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
findGroups
public java.util.Enumeration<Group> findGroups(java.lang.String filter) throws EUsrGrpException
Finds groups.- Throws:
EUsrGrpException
-
findGroup
public Group findGroup(java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
listGroups
public java.util.Enumeration<Group> listGroups(java.lang.String filter) throws EUsrGrpException
List groups. more efficient than find Groups. only retrieves group names and description.- Throws:
EUsrGrpException
-
findGroupsByUser
public java.util.Enumeration<Group> findGroupsByUser(java.lang.String userDn, java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
buildGroup
protected Group buildGroup(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds an instance of a Group entry- Throws:
EUsrGrpException
-
getGroupFromName
public Group getGroupFromName(java.lang.String name)
Retrieves a group from LDAP NOTE - this takes just the group name.
-
getGroup
public Group getGroup(java.lang.String groupDN)
Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
-
isGroupPresent
public boolean isGroupPresent(java.lang.String name)
Checks if the given group exists
-
isMemberOf
public boolean isMemberOf(java.lang.String userid, java.lang.String groupname)
-
isMemberOf
public boolean isMemberOf(User id, java.lang.String name)
Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
-
isMemberOfLdapGroup
protected boolean isMemberOfLdapGroup(java.lang.String userid, java.lang.String groupname)checks if the given user DN is in the specified group by running an ldap search for the user in the group
-
addGroup
public void addGroup(Group group) throws EUsrGrpException
Adds a group of identities.- Throws:
EUsrGrpException
-
removeGroup
public void removeGroup(java.lang.String name) throws EUsrGrpExceptionRemoves a group. Can't remove SUPER_CERT_ADMINS- Throws:
EUsrGrpException
-
modifyGroup
public void modifyGroup(Group group) throws EUsrGrpException
Modifies an existing group in the database.- Parameters:
group- an existing group that has been modified in memory- Throws:
EUsrGrpException
-
evaluate
public boolean evaluate(java.lang.String type, User id, java.lang.String op, java.lang.String value)Evalutes the given context with the attribute critieria.
-
convertUIDtoDN
protected java.lang.String convertUIDtoDN(java.lang.String uid) throws netscape.ldap.LDAPExceptionConverts an uid attribute to a DN.- Throws:
netscape.ldap.LDAPException
-
isMatched
protected boolean isMatched(java.lang.String dn1, java.lang.String dn2)Checks if the given DNs are the same after normalization.
-
getCertificateStringWithoutVersion
protected java.lang.String getCertificateStringWithoutVersion(java.security.cert.X509Certificate cert)
Converts certificate into string format. should eventually go into the locator itself
-
getCertificateString
public java.lang.String getCertificateString(java.security.cert.X509Certificate cert)
-
getUserDN
public java.lang.String getUserDN(java.lang.String userID)
-
getConn
protected netscape.ldap.LDAPConnection getConn() throws ELdapException- Throws:
ELdapException
-
returnConn
protected void returnConn(netscape.ldap.LDAPConnection conn)
-
-