public void printUsers(tcDataProvider dp) {
    try {

      tcUserOperationsIntf usrIntf =
          (tcUserOperationsIntf)
              tcUtilityFactory.getUtility(dp, "Thor.API.Operations.tcUserOperationsIntf");

      /*
               ConfigurationClient.ComplexSetting config =
                   ConfigurationClient.getComplexSettingByPath("Discovery.CoreServer");
               final Hashtable env = config.getAllSettings();
               tcSignatureMessage moSignature =
                   tcCryptoUtil.sign("xelsysadm", "PrivateKey");
               tcUtilityFactory m_utilFactory =
                   new tcUtilityFactory(env, moSignature);

               tcUserOperationsIntf userIntf =
                   (tcUserOperationsIntf)m_utilFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
      */

      tcResultSet rs =
          usrIntf.findUsersFiltered(
              new HashMap(), new String[] {"Users.User ID", "Users.First Name", "Users.Last Name"});

      for (int i = 0; i < rs.getRowCount(); i++) {
        rs.goToRow(i);
        System.out.println(
            rs.getStringValue("Users.User ID")
                + " "
                + rs.getStringValue("Users.First Name")
                + rs.getStringValue("Users.Last Name"));
      }

    } catch (Exception ex) {
      ex.printStackTrace();
    }
  }
Beispiel #2
0
  private void revokeMailbox(long userKey) {
    // revokeProvisioning(dataProvider, userKey, "COMMSDIR_CREATEMAILBOX");
    tcUserOperationsIntf rUserUtility = null;
    tcProvisioningOperationsIntf rProvUtility = null;
    TaskDefinitionOperationsIntf rTaskUtility = null;

    try {
      tcDataProvider dataProvider = this.getDataBase();
      rProvUtility =
          (tcProvisioningOperationsIntf)
              tcUtilityFactory.getUtility(
                  dataProvider, "Thor.API.Operations.tcProvisioningOperationsIntf");
      rUserUtility =
          (tcUserOperationsIntf)
              tcUtilityFactory.getUtility(dataProvider, "Thor.API.Operations.tcUserOperationsIntf");
      rTaskUtility =
          (TaskDefinitionOperationsIntf)
              tcUtilityFactory.getUtility(
                  dataProvider, "Thor.API.Operations.TaskDefinitionOperationsIntf");
    } catch (Exception e) {
      logger.error(
          connectorName
              + " Failed to get prov/task/user utility for revoking mailbox -- returning");
      return;
    }

    HashMap<String, Long> taskkeys = null;
    tcResultSet rResultSet = null;

    try {
      rResultSet = rUserUtility.getObjects(userKey);
    } catch (Exception e) {
      logger.warn(
          connectorName
              + " Exception getting objects for user during revocation process -- returning, but you may want to investigate the exception: "
              + e.getMessage());
    }
    try {
      long processInstanceKey = -1;
      for (int i = 0; i < rResultSet.getRowCount(); i++) {
        rResultSet.goToRow(i);
        String objectName = rResultSet.getStringValue("Objects.Name");
        String objectStatus = rResultSet.getStringValue("Objects.Object Status.Status");
        if (objectName != null
            && objectName.equals("COMMSDIR_CREATEMAILBOX")
            && objectStatus != null
            && objectStatus.equals("Provisioned")) {
          processInstanceKey = rResultSet.getLongValue("Process Instance.Key");
          break;
        }
      }
      if (processInstanceKey == -1) {
        logger.warn(
            connectorName
                + " Attempted to revoke mailbox provisioning for users key "
                + userKey
                + " but user is not provisioned -- returning");
        return;
      }

      long taskKey = getTaskKeys(rTaskUtility, processInstanceKey);

      long taskInstanceKey = rProvUtility.addProcessTaskInstance(taskKey, processInstanceKey);
      logger.info(connectorName + " revoked mailbox for users key " + userKey);
    } catch (Exception e) {
      logger.warn(
          connectorName
              + " Was unable to revoke mailbox provisioning for user with users key "
              + userKey
              + ". Returning, but you need to investigate further");
      return;
    }
  }
Beispiel #3
0
  /**
   * Method to acquire the duACMailboxExists attributes for all users listed in the OIM database,
   * and return the result as a large HashMap. This map is from String to String, and indexed by
   * unique ID.
   *
   * <p>The map is used for the comparison process by which we determine whether to update
   * duACMailboxExists for a user (and whether to trigger the revocation process for provisioning
   * for the mailbox).
   */
  private HashMap<String, String> getOIMData() {
    Hashtable mhPeopleSearchCriteria = new Hashtable();
    Hashtable mhAccountsSearchCriteria = new Hashtable();
    Hashtable mhTestSearchCriteria = new Hashtable();
    mhPeopleSearchCriteria.put("USR_UDF_ENTRYTYPE", "people"); // get people
    mhAccountsSearchCriteria.put("USR_UDF_ENTRYTYPE", "accounts");
    mhTestSearchCriteria.put("USR_UDF_ENTRYTYPE", "test");
    mhPeopleSearchCriteria.put("Users.Status", "Active");
    mhAccountsSearchCriteria.put("Users.Status", "Active");
    mhTestSearchCriteria.put("Users.Status", "Active");

    tcResultSet moResultSet;
    HashMap retval = new HashMap();
    String[] attrsToGet = {"Users.User ID", "USR_UDF_ACMAILBOXEXISTS"};

    try {
      moUserUtility =
          (tcUserOperationsIntf) super.getUtility("Thor.API.Operations.tcUserOperationsIntf");

      // Do the work for people first, since they're the bulk of us
      try {
        moResultSet = moUserUtility.findUsersFiltered(mhPeopleSearchCriteria, attrsToGet);
      } catch (Exception e) {
        logger.error(
            connectorName
                + " Exception trying to find all people in the OIM database "
                + e.getMessage());
        return null; // null return to signal failure
      }
      if (moResultSet.getRowCount() < 1) {
        logger.error(
            connectorName + " Failed to find any people in OIM -- something must be wrong here");
        return null;
      }
      // Otherwise, we have at least one user
      // add to the hashmap
      for (int i = 0; i < moResultSet.getRowCount(); i++) {
        moResultSet.goToRow(i);
        retval.put(
            moResultSet.getStringValue("Users.User ID"),
            moResultSet.getStringValue("USR_UDF_ACMAILBOXEXISTS"));
      }
    } catch (Exception e) {
      // Exception whiel retrieving OIM user data
      logger.error(
          connectorName
              + " Unexpected exception while retrieving OIM user information set "
              + e.getMessage());
      throw new RuntimeException(
          connectorName
              + " Exception while retrieving OIM user (people) information set "
              + e.getMessage(),
          e);
    }
    try {
      moUserUtility =
          (tcUserOperationsIntf) super.getUtility("Thor.API.Operations.tcUserOperationsIntf");

      // Do the work for people first, since they're the bulk of us
      try {
        moResultSet = moUserUtility.findUsersFiltered(mhAccountsSearchCriteria, attrsToGet);
      } catch (Exception e) {
        logger.error(
            connectorName
                + " Exception trying to find all accounts in the OIM database "
                + e.getMessage());
        return null; // null return to signal failure
      }
      if (moResultSet.getRowCount() < 1) {
        logger.error(
            connectorName + " Failed to find any accounts in OIM -- something must be wrong here");
        return null;
      }
      // Otherwise, we have at least one user
      // add to the hashmap
      for (int i = 0; i < moResultSet.getRowCount(); i++) {
        moResultSet.goToRow(i);
        retval.put(
            moResultSet.getStringValue("Users.User ID"),
            moResultSet.getStringValue("USR_UDF_ACMAILBOXEXISTS"));
      }
    } catch (Exception e) {
      // Exception whiel retrieving OIM user data
      logger.error(
          connectorName
              + " Unexpected exception while retrieving OIM user information set "
              + e.getMessage());
      throw new RuntimeException(
          connectorName
              + " Exception while retrieving OIM user (accounts) information set "
              + e.getMessage(),
          e);
    }
    try {
      moUserUtility =
          (tcUserOperationsIntf) super.getUtility("Thor.API.Operations.tcUserOperationsIntf");

      // Do the work for people first, since they're the bulk of us
      try {
        moResultSet = moUserUtility.findUsersFiltered(mhTestSearchCriteria, attrsToGet);
      } catch (Exception e) {
        logger.error(
            connectorName
                + " Exception trying to find all tests in the OIM database "
                + e.getMessage());
        return null; // null return to signal failure
      }
      if (moResultSet.getRowCount() < 1) {
        logger.error(
            connectorName + " Failed to find any tests in OIM -- something must be wrong here");
        return null;
      }
      // Otherwise, we have at least one user
      // add to the hashmap
      for (int i = 0; i < moResultSet.getRowCount(); i++) {
        moResultSet.goToRow(i);
        retval.put(
            moResultSet.getStringValue("Users.User ID"),
            moResultSet.getStringValue("USR_UDF_ACMAILBOXEXISTS"));
      }
    } catch (Exception e) {
      // Exception whiel retrieving OIM user data
      logger.error(
          connectorName
              + " Unexpected exception while retrieving OIM user information set "
              + e.getMessage());
      throw new RuntimeException(
          connectorName
              + " Exception while retrieving OIM user (test) information set "
              + e.getMessage(),
          e);
    }
    return (retval);
  }
Beispiel #4
0
  /**
   * This is where it all happens
   *
   * <p>Logic here is as follows (1) Get all user information out of the comms directories (2) Get
   * all user information out of the OIM (3) For each user in the comms directories (4) If the user
   * exists in OIM (5) If status in comms is true and duacmailboxexists = 1 (6) continue, removing
   * user from OIM list (7) If status in comms is false and duacmailboxexists = 0 (8) continue,
   * removing user from OIM list (9) If status in comms is true and duacmailboxexists = 0 (10) set
   * duacmailboxexists = 1, remove user from OIM list (11) if status in comms is false and
   * duacmailboxexists = 1 (12) set duacmailboxexists = 0, remove user from OIM list, and call
   * revokeMailbox (14) For each user left in the OIM list (15) if user does not apear in the comms
   * directories (16) if duacmailboxexists = 1 (17) set duacmailboxexists = 0, remove user from OIM
   * list, call revokeMailbox
   *
   * <p>Really not as complex as it looks.
   */
  public void execute() {

    // Get the LDAP user data first
    ldapMap = getLDAPData();

    // Check whether the response was null and die if it was
    if (ldapMap == null) {
      logger.error(connectorName + " getLDAPData failed to return data -- bailing out");
      return;
    }

    // Get OIM user data next
    OIMMap = getOIMData();

    // Check whether the response was null and die if it was
    if (OIMMap == null) {
      logger.error(connectorName + " getOIMData failed to return user data -- bailing out");
      return;
    }

    // Now run logic from 3-12
    Set ldapKeys = ldapMap.keySet();
    Iterator iter = ldapKeys.iterator();
    while (iter.hasNext()) {
      // for each key in the ldapMap hash
      String lk = (String) iter.next();

      // Check whether OIM has this user somewhere
      if (OIMMap.containsKey(lk)) {
        // OIM has this user, so proceed
        Boolean lb = (Boolean) ldapMap.get(lk);
        if (lb.booleanValue() && OIMMap.get(lk) != null && OIMMap.get(lk).equals("1")) {
          // has mailbox and exists is 1 -- leave it alone
          OIMMap.remove(lk);
          continue;
        }
        if ((lb.booleanValue() && OIMMap.get(lk) != null && OIMMap.get(lk).equals("0"))
            || (lb.booleanValue() && OIMMap.get(lk) != null && OIMMap.get(lk).equals(""))) {
          // has mailbox and exists is 0 -- set exists
          // this should be very unlikely, but...
          HashMap<String, String> doSearchCriteria = new HashMap<String, String>();
          doSearchCriteria.put("Users.User ID", lk);
          doSearchCriteria.put("Users.Status", "Active");
          String[] doattrs = {"Users.User ID"};

          try {
            tcResultSet doResultSet = moUserUtility.findUsersFiltered(doSearchCriteria, doattrs);

            if (doResultSet.getRowCount() != 1) {
              logger.error(
                  connectorName
                      + " Search in OIM for user "
                      + lk
                      + " returned "
                      + doResultSet.getRowCount()
                      + " results - something is wrong");
              OIMMap.remove(lk);
              continue;
            } else {
              HashMap<String, String> attrsForOIM = new HashMap<String, String>();
              attrsForOIM.put("USR_UDF_ACMAILBOXEXISTS", "1");
              try {
                moUserUtility.updateUser(doResultSet, attrsForOIM);
                logger.info(connectorName + " Added duacmailboxexists to user " + lk);
              } catch (Exception e) {
                // Failed the update
                logger.error(
                    connectorName
                        + " Failed add of duacmailboxexists for user "
                        + lk
                        + " due to exception: "
                        + e.getMessage()
                        + " but moving on");
              }
              OIMMap.remove(lk);
              continue;
            }
          } catch (Exception e) {
            // we failed to get the user from OIM, so nothing to do here -- go back to our homes
            // except we log it, since we appear to have failed finding a user who is there
            logger.error(
                connectorName
                    + " User in OIMMap not present in OIM or setting duACMailboxExists failed -- very odd, but nothing to do here -- might want to investigate "
                    + lk
                    + " though");
            OIMMap.remove(lk); // remove it anyway
            continue;
          }
        }
        if (!lb.booleanValue() && OIMMap.get(lk) != null && OIMMap.get(lk).equals("1")) {
          // mailbox no longer exists in LDAP, but is on in OIM
          // turn it off in OIM now
          HashMap<String, String> doSearchCriteria = new HashMap<String, String>();
          doSearchCriteria.put("Users.User ID", lk);
          doSearchCriteria.put("Users.Status", "Active");
          String[] doattrs = {"Users.User ID", "Users.Key"};

          try {
            tcResultSet doResultSet = moUserUtility.findUsersFiltered(doSearchCriteria, doattrs);
            if (doResultSet.getRowCount() != 1) {
              logger.error(
                  connectorName
                      + " Search in OIM for user "
                      + lk
                      + " returned "
                      + doResultSet.getRowCount()
                      + " results - something is wrong");
              OIMMap.remove(lk);
              continue;
            } else {
              HashMap<String, String> attrsForOIM = new HashMap<String, String>();
              attrsForOIM.put("USR_UDF_ACMAILBOXEXISTS", "");
              // need to call revokeMailbox() here, once it's written
              revokeMailbox(doResultSet.getLongValue("Users.Key"));
              try {
                moUserUtility.updateUser(doResultSet, attrsForOIM);
                logger.info(connectorName + " Removed duacmailboxexists from user " + lk);
              } catch (Exception e) {
                logger.error(
                    connectorName
                        + " Failed removing duacmailboxexists for "
                        + lk
                        + " please investigate -- moving on past "
                        + e.getMessage());
              }
              OIMMap.remove(lk);
              continue;
            }
          } catch (Exception e) {
            // We missed on the findUsersFiltered in some fashion, so log an error and move on
            logger.error(
                connectorName
                    + " User in OIMap does not exist or failed removing duacmailboxexists for "
                    + lk
                    + " very odd, but nothing to do here -- please investigate");
            OIMMap.remove(lk); // remove anyway again
            continue;
          }
        }
        // Fallthru case, then, is mailbox doesn't exist and the user doesn't have duacmailboxexists
        // so we leave the fallthru alone, but remove the OIM entry anyway
        OIMMap.remove(lk); // remove anyway
        continue;
      } else {
        // this user exists in LDAP but not in OIM
        // we should note that and move on
        logger.warn(
            connectorName
                + " User "
                + lk
                + " present in comms directory but missing in OIM.  Nothing to do, but be aware this is strange");
        // no need to remove, since we're not present in the OIMMap
        OIMMap.remove(lk); // but remove anyway
      }
    }
    // Now do the same thing with what's left in the OIMMap, but in reverse
    Set OIMKeys = OIMMap.keySet();
    iter = OIMKeys.iterator();
    while (iter.hasNext()) {
      // for each key in the ldapMap hash
      String ok = (String) iter.next();
      // At this point, no one left in the OIM list should be in
      // the comms list, but we need to be certain, so...
      if (!ldapMap.containsKey(ok)) {
        // This is correct -- we're here because the LDAP doesn't contain this user anymore
        if (OIMMap.get(ok) != null && OIMMap.get(ok).equals("1")) {
          // We need to undo a duacmailboxexists setting here
          HashMap<String, String> doSearchCriteria = new HashMap<String, String>();
          doSearchCriteria.put("Users.User ID", ok);
          doSearchCriteria.put("Users.Status", "Active");
          String[] doattrs = {"Users.User ID", "Users.Key"};

          try {
            tcResultSet doResultSet = moUserUtility.findUsersFiltered(doSearchCriteria, doattrs);
            if (doResultSet.getRowCount() != 1) {
              logger.error(
                  connectorName
                      + " Search in OIM for user "
                      + ok
                      + " returned "
                      + doResultSet.getRowCount()
                      + " results - something is wrong");
              continue;
            } else {
              HashMap<String, String> attrsForOIM = new HashMap<String, String>();
              attrsForOIM.put("USR_UDF_ACMAILBOXEXISTS", "");
              // need to call revokeMailbox() here, once it's written
              revokeMailbox(doResultSet.getLongValue("Users.Key"));
              try {
                moUserUtility.updateUser(doResultSet, attrsForOIM);
                logger.info(connectorName + " Removed duacmailboxexists from user " + ok);
              } catch (Exception e) {
                // same as above
                logger.error(
                    connectorName
                        + " caught eception when trying to remove duacmailboxexists from "
                        + ok
                        + " moving on, but you probably need to investigate "
                        + e.getMessage());
              }
            }
          } catch (Exception e) {
            // same story as above
            logger.error(
                connectorName
                    + " Failed to find OIM user "
                    + ok
                    + " or otherwise lost on the OIM search -- continuing, but you should investigate");
          }
        }
        // otherwise, nothing to do -- we're empty in OIM and there is no mailbox
        // so we're all set.
      } else {
        // Something is awry -- we have the user in the LDAP but we got to this branch of the code
        // indicating that we fell through some sort of wormhole.
        logger.error(
            connectorName
                + " Impossible situation -- comms dir entry cannot exist, yet it does for user "
                + ok
                + " -- doing nothing with this case -- please investigate");
      }
    }
  }
Beispiel #5
0
  protected void execute() {
    logger.info(connectorName + ": Starting task.");

//    //Get the tcGroupOperationsIntf object
//    try {
//      moGroupUtility = (tcGroupOperationsIntf)super.getUtility("Thor.API.Operations.tcGroupOperationsIntf");
//    } catch (tcAPIException e) {
//      logger.error(connectorName + ": Unable to get an instance of tcGroupOperationsIntf");
//      return;
//    }
//
//    //Get the tcUserOperationsIntf object
//    try {
//      moUserUtility = (tcUserOperationsIntf)super.getUtility("Thor.API.Operations.tcUserOperationsIntf");
//    } catch (tcAPIException e) {
//      logger.error(connectorName + ": Unable to get an instance of tcUserOperationsIntf");
//      return;
//    }


    // Process changes in Grouper sequentially
    ResultSet rs = null;
    PreparedStatement psSelect = null;
    PreparedStatement psDelete = null;
    PreparedStatement psUpdateToFailure = null;

    try {
      ldapConnectionWrapper = new LDAPConnectionWrapper(DEBUG);

      grouperConn = getGrouperConnection();
      psDelete = grouperConn.prepareStatement("DELETE FROM "+userName+".grp_event_log_for_oim WHERE consumer = 'grouper_ldap' AND record_id=?");
      psSelect = grouperConn.prepareStatement("SELECT record_id, group_name, action, field_1, status FROM "+userName+".grp_event_log_for_oim WHERE consumer = 'grouper_ldap' ORDER BY record_id");
      psUpdateToFailure = grouperConn.prepareStatement("UPDATE "+userName+".grp_event_log_for_oim SET status='FAILED' where consumer = 'grouper_ldap' AND record_id=?");

      rs = psSelect.executeQuery();
      while (rs.next()) {
        long recordId = rs.getLong(1);
        String groupName = rs.getString(2);
        String action = rs.getString(3);
        String field1 = rs.getString(4);
        String status = rs.getString(5);

        if (status.equals("FAILED")) {
          updateFailures(action, groupName, field1);
          continue;
        }
        
        groupName = urnizeGroupName(groupName);

        // If an add_member or delete_member fails, we won't process anymore events for that user.
        // If a create, delete, or rename fails, we won't process anymore events for that group.
        if (mustSkipUserOrGroup(action, groupName, field1)) {
          logger.warn(connectorName + ": Skipping record " + recordId + " due to a previous failure with another record with the same user or group.");
          continue;
        }

        // this part is going to be in a separate try-catch block because
        // if an individual update fails, we don't want to stop processing
        boolean isSuccess = false;
        try {
          if (action.equals("create")) {
            processCreate(groupName);
          } else if (action.equals("delete")) {
            processDelete(groupName);
          } else if (action.equals("rename")) {
            processRename(groupName, field1);
          } else if (action.equals("add_member")) {
            processAddMember(groupName, field1);
          } else if (action.equals("delete_member")) {
            processDeleteMember(groupName, field1);
          } else {
            throw new Exception("Unknown action for record id " + recordId);
          }

          // If we get here, then the OIM update succeeded.
          isSuccess = true;
        } catch (Exception e2) {
          logger.error(connectorName + ": Error while processing record " + recordId + ".", e2);
        }

        if (isSuccess) {
          // remove the event from the grouper db
          psDelete.setLong(1, recordId);
          psDelete.executeUpdate();
        } else {
          // mark the event as failed
          psUpdateToFailure.setLong(1, recordId);
          psUpdateToFailure.executeUpdate();
          updateFailures(action, groupName, field1);
        }
      }
    } catch (Exception e) {
      logger.error(connectorName + ": Error while running connector.", e);
    } finally {
      if (rs != null) {
        try {
          rs.close();
        } catch (SQLException e) {
          // this is okay
        }
      }

      if (psSelect != null) {
        try {
          psSelect.close();
        } catch (SQLException e) {
          // this is okay
        }
      }

      if (psDelete != null) {
        try {
          psDelete.close();
        } catch (SQLException e) {
          // this is okay
        }
      }

      if (psUpdateToFailure != null) {
        try {
          psUpdateToFailure.close();
        } catch (SQLException e) {
          // this is okay
        }
      }

      if (grouperConn != null) {
        try {
          grouperConn.close();
        } catch (SQLException e) {
          // this is okay
        }
      }

      if (moGroupUtility != null) {
        moGroupUtility.close();
      }

      if (moUserUtility != null) {
        moUserUtility.close();
      }
    }

    logger.info(connectorName + ": Ending task.");
  }