Package com.netscape.cmscore.usrgrp
Class UGSubsystem
- java.lang.Object
-
- com.netscape.cmscore.usrgrp.UGSubsystem
-
public class UGSubsystem extends java.lang.Object
This class defines low-level LDAP usr/grp management usr/grp information is located remotely on another LDAP server.- Version:
- $Revision$, $Date$
- Author:
- thomask, cfu
-
-
Field Summary
Fields Modifier and Type Field Description protected static java.lang.String
GROUP_ATTR_VALUE
protected static java.lang.String
LDAP_ATTR_CERTDN
protected static java.lang.String
LDAP_ATTR_PROFILE_ID
protected static java.lang.String
LDAP_ATTR_USER_CERT
protected static java.lang.String
LDAP_ATTR_USER_CERT_STRING
static org.slf4j.Logger
logger
protected java.lang.String
mBaseDN
protected static java.lang.String
MEMBER_ATTR
protected LdapBoundConnFactory
mLdapConnFactory
protected static java.lang.String
OBJECTCLASS_ATTR
static java.lang.String
SUPER_CERT_ADMINS
-
Constructor Summary
Constructors Constructor Description UGSubsystem()
Constructs LDAP based usr/grp management
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addCertSubjectDN(IUser identity)
void
addGroup(IGroup group)
Adds a group of identities.void
addUser(IUser identity)
Adds identity.void
addUserCert(IUser identity)
adds a user certificate to uservoid
addUserToGroup(IGroup grp, java.lang.String userid)
protected IGroup
buildGroup(netscape.ldap.LDAPEntry entry)
builds an instance of a Group entryprotected java.util.Enumeration<IGroup>
buildGroups(netscape.ldap.LDAPSearchResults res)
protected IUser
buildUser(netscape.ldap.LDAPEntry entry)
builds a User instance.protected java.util.Enumeration<IUser>
buildUsers(netscape.ldap.LDAPSearchResults res)
protected java.lang.String
convertUIDtoDN(java.lang.String uid)
Converts an uid attribute to a DN.IGroup
createGroup(java.lang.String id)
IUser
createUser(java.lang.String id)
boolean
evaluate(java.lang.String type, IUser id, java.lang.String op, java.lang.String value)
Evalutes the given context with the attribute critieria.IGroup
findGroup(java.lang.String filter)
java.util.Enumeration<IGroup>
findGroups(java.lang.String filter)
Finds groups.java.util.Enumeration<IGroup>
findGroupsByUser(java.lang.String userDn, java.lang.String filter)
User
findUser(java.security.cert.X509Certificate cert)
Locates a user by certificate.java.util.Enumeration<IUser>
findUsers(java.lang.String filter)
Searchs for identities that matches the filter.IUser
findUsersByCert(java.lang.String filter)
Searchs for identities that matches the certificate locater generated filter.java.lang.String
getCertificateString(java.security.cert.X509Certificate cert)
protected java.lang.String
getCertificateStringWithoutVersion(java.security.cert.X509Certificate cert)
Converts certificate into string format.protected netscape.ldap.LDAPConnection
getConn()
IGroup
getGroup(java.lang.String groupDN)
Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.IGroup
getGroupFromName(java.lang.String name)
Retrieves a group from LDAP NOTE - this takes just the group name.IUser
getUser(java.lang.String userID)
Retrieves a user from LDAPjava.lang.String
getUserDN(java.lang.String userID)
void
init(PKISocketConfig socketConfig, UGSubsystemConfig config, IPasswordStore passwordStore)
boolean
isGroupPresent(java.lang.String name)
Checks if the given group existsprotected boolean
isMatched(java.lang.String dn1, java.lang.String dn2)
Checks if the given DNs are the same after normalization.boolean
isMemberOf(IUser id, java.lang.String name)
Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)boolean
isMemberOf(java.lang.String userid, java.lang.String groupname)
protected boolean
isMemberOfLdapGroup(java.lang.String userid, java.lang.String groupname)
checks if the given user DN is in the specified group by running an ldap search for the user in the groupprotected IUser
lbuildUser(netscape.ldap.LDAPEntry entry)
builds a User instance.protected java.util.Enumeration<IUser>
lbuildUsers(netscape.ldap.LDAPSearchResults res)
java.util.Enumeration<IGroup>
listGroups(java.lang.String filter)
List groups.java.util.Enumeration<IUser>
listUsers(java.lang.String filter)
Searchs for identities that matches the filter.void
modifyGroup(IGroup group)
Modifies an existing group in the database.void
modifyUser(IUser identity)
modifies user attributes.void
removeCertSubjectDN(IUser identity)
void
removeGroup(java.lang.String name)
Removes a group.void
removeUser(java.lang.String userid)
Removes identity.void
removeUserCert(IUser identity)
Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removedvoid
removeUserFromGroup(IGroup grp, java.lang.String userid)
protected void
returnConn(netscape.ldap.LDAPConnection conn)
void
shutdown()
Disconnects usr/grp manager from the LDAPvoid
startup()
Starts up this service.
-
-
-
Field Detail
-
logger
public static org.slf4j.Logger logger
-
SUPER_CERT_ADMINS
public static final java.lang.String SUPER_CERT_ADMINS
- See Also:
- Constant Field Values
-
OBJECTCLASS_ATTR
protected static final java.lang.String OBJECTCLASS_ATTR
- See Also:
- Constant Field Values
-
MEMBER_ATTR
protected static final java.lang.String MEMBER_ATTR
- See Also:
- Constant Field Values
-
GROUP_ATTR_VALUE
protected static final java.lang.String GROUP_ATTR_VALUE
- See Also:
- Constant Field Values
-
LDAP_ATTR_USER_CERT_STRING
protected static final java.lang.String LDAP_ATTR_USER_CERT_STRING
- See Also:
- Constant Field Values
-
LDAP_ATTR_CERTDN
protected static final java.lang.String LDAP_ATTR_CERTDN
- See Also:
- Constant Field Values
-
LDAP_ATTR_USER_CERT
protected static final java.lang.String LDAP_ATTR_USER_CERT
- See Also:
- Constant Field Values
-
LDAP_ATTR_PROFILE_ID
protected static final java.lang.String LDAP_ATTR_PROFILE_ID
- See Also:
- Constant Field Values
-
mLdapConnFactory
protected transient LdapBoundConnFactory mLdapConnFactory
-
mBaseDN
protected java.lang.String mBaseDN
-
-
Method Detail
-
init
public void init(PKISocketConfig socketConfig, UGSubsystemConfig config, IPasswordStore passwordStore) throws java.lang.Exception
- Throws:
java.lang.Exception
-
startup
public void startup() throws EBaseException
Starts up this service.- Throws:
EBaseException
-
shutdown
public void shutdown()
Disconnects usr/grp manager from the LDAP
-
createUser
public IUser createUser(java.lang.String id)
-
createGroup
public IGroup createGroup(java.lang.String id)
-
getUser
public IUser getUser(java.lang.String userID) throws EUsrGrpException
Retrieves a user from LDAP- Throws:
EUsrGrpException
-
findUser
public User findUser(java.security.cert.X509Certificate cert) throws EUsrGrpException
Locates a user by certificate.- Throws:
EUsrGrpException
-
findUsersByCert
public IUser findUsersByCert(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the certificate locater generated filter.- Throws:
EUsrGrpException
-
findUsers
public java.util.Enumeration<IUser> findUsers(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the filter.- Throws:
EUsrGrpException
-
listUsers
public java.util.Enumeration<IUser> listUsers(java.lang.String filter) throws EUsrGrpException
Searchs for identities that matches the filter. retrieves uid only, for efficiency of user listing- Throws:
EUsrGrpException
-
lbuildUsers
protected java.util.Enumeration<IUser> lbuildUsers(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
buildUsers
protected java.util.Enumeration<IUser> buildUsers(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
lbuildUser
protected IUser lbuildUser(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds a User instance. Sets only uid for user entry retrieved from LDAP server. for listing efficiency only.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
buildUser
protected IUser buildUser(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds a User instance. Set all attributes retrieved from LDAP server and set them on User.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
addUser
public void addUser(IUser identity) throws EUsrGrpException
Adds identity. Certificates handled by a separate call to addUserCert()- Throws:
EUsrGrpException
-
addUserCert
public void addUserCert(IUser identity) throws EUsrGrpException
adds a user certificate to user- Throws:
EUsrGrpException
-
addCertSubjectDN
public void addCertSubjectDN(IUser identity) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeCertSubjectDN
public void removeCertSubjectDN(IUser identity) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUserCert
public void removeUserCert(IUser identity) throws EUsrGrpException
Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed- Throws:
EUsrGrpException
-
addUserToGroup
public void addUserToGroup(IGroup grp, java.lang.String userid) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUserFromGroup
public void removeUserFromGroup(IGroup grp, java.lang.String userid) throws EUsrGrpException
- Throws:
EUsrGrpException
-
removeUser
public void removeUser(java.lang.String userid) throws EUsrGrpException
Removes identity.- Throws:
EUsrGrpException
-
modifyUser
public void modifyUser(IUser identity) throws EUsrGrpException
modifies user attributes. Certs are handled separately- Throws:
EUsrGrpException
-
buildGroups
protected java.util.Enumeration<IGroup> buildGroups(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException
- Throws:
EUsrGrpException
-
findGroups
public java.util.Enumeration<IGroup> findGroups(java.lang.String filter) throws EUsrGrpException
Finds groups.- Throws:
EUsrGrpException
-
findGroup
public IGroup findGroup(java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
listGroups
public java.util.Enumeration<IGroup> listGroups(java.lang.String filter) throws EUsrGrpException
List groups. more efficient than find Groups. only retrieves group names and description.- Throws:
EUsrGrpException
-
findGroupsByUser
public java.util.Enumeration<IGroup> findGroupsByUser(java.lang.String userDn, java.lang.String filter) throws EUsrGrpException
- Throws:
EUsrGrpException
-
buildGroup
protected IGroup buildGroup(netscape.ldap.LDAPEntry entry) throws EUsrGrpException
builds an instance of a Group entry- Throws:
EUsrGrpException
-
getGroupFromName
public IGroup getGroupFromName(java.lang.String name)
Retrieves a group from LDAP NOTE - this takes just the group name.
-
getGroup
public IGroup getGroup(java.lang.String groupDN)
Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
-
isGroupPresent
public boolean isGroupPresent(java.lang.String name)
Checks if the given group exists
-
isMemberOf
public boolean isMemberOf(java.lang.String userid, java.lang.String groupname)
-
isMemberOf
public boolean isMemberOf(IUser id, java.lang.String name)
Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)
-
isMemberOfLdapGroup
protected boolean isMemberOfLdapGroup(java.lang.String userid, java.lang.String groupname)
checks if the given user DN is in the specified group by running an ldap search for the user in the group
-
addGroup
public void addGroup(IGroup group) throws EUsrGrpException
Adds a group of identities.- Throws:
EUsrGrpException
-
removeGroup
public void removeGroup(java.lang.String name) throws EUsrGrpException
Removes a group. Can't remove SUPER_CERT_ADMINS- Throws:
EUsrGrpException
-
modifyGroup
public void modifyGroup(IGroup group) throws EUsrGrpException
Modifies an existing group in the database.- Parameters:
group
- an existing group that has been modified in memory- Throws:
EUsrGrpException
-
evaluate
public boolean evaluate(java.lang.String type, IUser id, java.lang.String op, java.lang.String value)
Evalutes the given context with the attribute critieria.
-
convertUIDtoDN
protected java.lang.String convertUIDtoDN(java.lang.String uid) throws netscape.ldap.LDAPException
Converts an uid attribute to a DN.- Throws:
netscape.ldap.LDAPException
-
isMatched
protected boolean isMatched(java.lang.String dn1, java.lang.String dn2)
Checks if the given DNs are the same after normalization.
-
getCertificateStringWithoutVersion
protected java.lang.String getCertificateStringWithoutVersion(java.security.cert.X509Certificate cert)
Converts certificate into string format. should eventually go into the locator itself
-
getCertificateString
public java.lang.String getCertificateString(java.security.cert.X509Certificate cert)
-
getUserDN
public java.lang.String getUserDN(java.lang.String userID)
-
getConn
protected netscape.ldap.LDAPConnection getConn() throws com.netscape.certsrv.ldap.ELdapException
- Throws:
com.netscape.certsrv.ldap.ELdapException
-
returnConn
protected void returnConn(netscape.ldap.LDAPConnection conn)
-
-