Package com.netscape.cmscore.usrgrp
Class UGSubsystem
java.lang.Object
com.netscape.cmscore.usrgrp.UGSubsystem
This class defines low-level LDAP usr/grp management
usr/grp information is located remotely on another
LDAP server.
- Version:
- $Revision$, $Date$
- Author:
- thomask, cfu
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final String
protected static final String
protected static final String
protected static final String
protected static final String
static org.slf4j.Logger
protected String
protected static final String
protected LdapBoundConnFactory
protected static final String
static final String
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
Adds a group of identities.void
addSeeAlso
(String userID, String value) void
Adds identity.void
addUserCert
(String userID, X509Certificate cert) adds a user certificate to uservoid
addUserToGroup
(Group grp, String userid) protected Group
buildGroup
(netscape.ldap.LDAPEntry entry) builds an instance of a Group entryprotected Enumeration<Group>
buildGroups
(netscape.ldap.LDAPSearchResults res) protected User
buildUser
(netscape.ldap.LDAPEntry entry) builds a User instance.protected Enumeration<User>
buildUsers
(netscape.ldap.LDAPSearchResults res) protected String
convertUIDtoDN
(String uid) Converts an uid attribute to a DN.createGroup
(String id) createUser
(String id) boolean
Evalutes the given context with the attribute critieria.findGroups
(String filter) Finds groups.findGroupsByUser
(String userDn, String filter) findUser
(X509Certificate cert) Locates a user by certificate.findUsersByCert
(String filter) Searchs for identities that matches the certificate locater generated filter.findUsersByKeyword
(String keyword) Searchs for identities that matches the filter.protected String
Converts certificate into string format.protected netscape.ldap.LDAPConnection
getConn()
Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.getGroupFromName
(String name) Retrieves a group from LDAP NOTE - this takes just the group name.Retrieves a user from LDAPvoid
init
(LDAPConfig ldapConfig, PKISocketConfig socketConfig, IPasswordStore passwordStore) boolean
isGroupPresent
(String name) Checks if the given group existsprotected boolean
Checks if the given DNs are the same after normalization.boolean
isMemberOf
(User id, String name) Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry)boolean
isMemberOf
(String userid, String groupname) protected boolean
isMemberOfLdapGroup
(String userid, String groupname) checks if the given user DN is in the specified group by running an ldap search for the user in the groupprotected User
lbuildUser
(netscape.ldap.LDAPEntry entry) builds a User instance.protected Enumeration<User>
lbuildUsers
(netscape.ldap.LDAPSearchResults res) listGroups
(String filter) List groups.Searchs for identities that matches the filter.void
modifyGroup
(Group group) Modifies an existing group in the database.void
modifyUser
(User identity) modifies user attributes.void
removeGroup
(String name) Removes a group.void
removeSeeAlso
(String userID, String value) void
removeUser
(String userid) Removes identity.void
removeUserCert
(User identity) Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removedvoid
removeUserFromGroup
(Group grp, String userid) protected void
returnConn
(netscape.ldap.LDAPConnection conn) void
shutdown()
Disconnects usr/grp manager from the LDAP
-
Field Details
-
logger
public static org.slf4j.Logger logger -
SUPER_CERT_ADMINS
- See Also:
-
OBJECTCLASS_ATTR
- See Also:
-
MEMBER_ATTR
- See Also:
-
GROUP_ATTR_VALUE
- See Also:
-
LDAP_ATTR_USER_CERT_STRING
- See Also:
-
LDAP_ATTR_CERTDN
- See Also:
-
LDAP_ATTR_USER_CERT
- See Also:
-
LDAP_ATTR_PROFILE_ID
- See Also:
-
mLdapConnFactory
-
mBaseDN
-
-
Constructor Details
-
UGSubsystem
public UGSubsystem()Constructs LDAP based usr/grp management
-
-
Method Details
-
init
public void init(LDAPConfig ldapConfig, PKISocketConfig socketConfig, IPasswordStore passwordStore) throws Exception - Throws:
Exception
-
shutdown
public void shutdown()Disconnects usr/grp manager from the LDAP -
createUser
-
createGroup
-
getUser
Retrieves a user from LDAP- Throws:
EUsrGrpException
-
findUser
Locates a user by certificate.- Throws:
EUsrGrpException
-
findUsersByCert
Searchs for identities that matches the certificate locater generated filter.- Throws:
EUsrGrpException
-
findUsersByKeyword
Searchs for identities that matches the filter.- Throws:
EUsrGrpException
-
findUsers
- Throws:
EUsrGrpException
-
listUsers
Searchs for identities that matches the filter. retrieves uid only, for efficiency of user listing- Throws:
EUsrGrpException
-
lbuildUsers
protected Enumeration<User> lbuildUsers(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException - Throws:
EUsrGrpException
-
buildUsers
- Throws:
EUsrGrpException
-
lbuildUser
builds a User instance. Sets only uid for user entry retrieved from LDAP server. for listing efficiency only.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
buildUser
builds a User instance. Set all attributes retrieved from LDAP server and set them on User.- Returns:
- the User entity.
- Throws:
EUsrGrpException
-
addUser
Adds identity. Certificates handled by a separate call to addUserCert()- Throws:
EUsrGrpException
-
addUserCert
adds a user certificate to user- Throws:
EUsrGrpException
-
addSeeAlso
- Throws:
EUsrGrpException
-
removeSeeAlso
- Throws:
EUsrGrpException
-
removeUserCert
Removes a user certificate for a user entry given a user certificate DN (actually, a combination of version, serialNumber, issuerDN, and SubjectDN), and it gets removed- Throws:
EUsrGrpException
-
addUserToGroup
- Throws:
EUsrGrpException
-
removeUserFromGroup
- Throws:
EUsrGrpException
-
removeUser
Removes identity.- Throws:
EUsrGrpException
-
modifyUser
modifies user attributes. Certs are handled separately- Throws:
EUsrGrpException
-
buildGroups
protected Enumeration<Group> buildGroups(netscape.ldap.LDAPSearchResults res) throws EUsrGrpException - Throws:
EUsrGrpException
-
findGroups
Finds groups.- Throws:
EUsrGrpException
-
findGroup
- Throws:
EUsrGrpException
-
listGroups
List groups. more efficient than find Groups. only retrieves group names and description.- Throws:
EUsrGrpException
-
findGroupsByUser
- Throws:
EUsrGrpException
-
buildGroup
builds an instance of a Group entry- Throws:
EUsrGrpException
-
getGroupFromName
Retrieves a group from LDAP NOTE - this takes just the group name. -
getGroup
Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN. -
isGroupPresent
Checks if the given group exists -
isMemberOf
-
isMemberOf
Checks if the given user is a member of the given group (now runs an ldap search to find the user, instead of fetching the entire group entry) -
isMemberOfLdapGroup
checks if the given user DN is in the specified group by running an ldap search for the user in the group -
addGroup
Adds a group of identities.- Throws:
EUsrGrpException
-
removeGroup
Removes a group. Can't remove SUPER_CERT_ADMINS- Throws:
EUsrGrpException
-
modifyGroup
Modifies an existing group in the database.- Parameters:
group
- an existing group that has been modified in memory- Throws:
EUsrGrpException
-
evaluate
Evalutes the given context with the attribute critieria. -
convertUIDtoDN
Converts an uid attribute to a DN.- Throws:
netscape.ldap.LDAPException
-
isMatched
Checks if the given DNs are the same after normalization. -
getCertificateStringWithoutVersion
Converts certificate into string format. should eventually go into the locator itself -
getCertificateString
-
getUserDN
-
getConn
- Throws:
ELdapException
-
returnConn
protected void returnConn(netscape.ldap.LDAPConnection conn)
-