Ejemplos de DirectoryServer.getEntry en Java

Ejemplo n.º 1

Archivo: SubentryPasswordPolicyTestCase.java Proyecto: parthiban-manick/OpenDJ

  @BeforeClass()
  public void setUp() throws Exception {
    TestCaseUtils.startServer();
    TestCaseUtils.clearJEBackend(false, "userRoot", SUFFIX);

    InternalClientConnection connection = InternalClientConnection.getRootConnection();

    // Add suffix entry.
    DN suffixDN = DN.decode(SUFFIX);
    if (DirectoryServer.getEntry(suffixDN) == null) {
      Entry suffixEntry = StaticUtils.createEntry(suffixDN);
      AddOperation addOperation =
          connection.processAdd(
              suffixEntry.getDN(),
              suffixEntry.getObjectClasses(),
              suffixEntry.getUserAttributes(),
              suffixEntry.getOperationalAttributes());
      assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
      assertNotNull(DirectoryServer.getEntry(suffixEntry.getDN()));
    }

    // Add base entry.
    DN baseDN = DN.decode(BASE);
    if (DirectoryServer.getEntry(baseDN) == null) {
      Entry baseEntry = StaticUtils.createEntry(baseDN);
      AddOperation addOperation =
          connection.processAdd(
              baseEntry.getDN(),
              baseEntry.getObjectClasses(),
              baseEntry.getUserAttributes(),
              baseEntry.getOperationalAttributes());
      assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
      assertNotNull(DirectoryServer.getEntry(baseEntry.getDN()));
    }

    // Add test entry.
    Entry testEntry =
        TestCaseUtils.makeEntry(
            "dn: uid=rogasawara," + BASE,
            "objectclass: top",
            "objectclass: person",
            "objectclass: organizationalPerson",
            "objectclass: inetOrgPerson",
            "uid: rogasawara",
            "userpassword: password",
            "mail: [email protected]",
            "givenname: Rodney",
            "sn: Ogasawara",
            "cn: Rodney Ogasawara",
            "title: Sales, Director");
    AddOperation addOperation =
        connection.processAdd(
            testEntry.getDN(),
            testEntry.getObjectClasses(),
            testEntry.getUserAttributes(),
            testEntry.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    assertNotNull(DirectoryServer.getEntry(testEntry.getDN()));
  }

Ejemplo n.º 2

Archivo: SubentryPasswordPolicyTestCase.java Proyecto: parthiban-manick/OpenDJ

  /**
   * Ensures that password policy creation will fail when given an invalid configuration.
   *
   * @param e The entry containing an invalid password policy configuration.
   * @throws Exception If an unexpected problem occurs.
   */
  @Test(dataProvider = "invalidConfigs")
  public void testInvalidConfigurations(Entry e) throws Exception {
    InternalClientConnection connection = InternalClientConnection.getRootConnection();

    AddOperation addOperation =
        connection.processAdd(
            e.getDN(), e.getObjectClasses(), e.getUserAttributes(), e.getOperationalAttributes());
    assertTrue(addOperation.getResultCode() != ResultCode.SUCCESS);
    assertNull(DirectoryServer.getEntry(e.getDN()));
  }

Ejemplo n.º 3

Archivo: LocalBackendSearchOperation.java Proyecto: parthiban-manick/OpenDJ

  /**
   * Handles any controls contained in the request.
   *
   * @throws DirectoryException If there is a problem with any of the request controls.
   */
  private void handleRequestControls() throws DirectoryException {
    LocalBackendWorkflowElement.removeAllDisallowedControls(baseDN, this);

    List<Control> requestControls = getRequestControls();
    if (requestControls != null && !requestControls.isEmpty()) {
      for (Control c : requestControls) {
        String oid = c.getOID();

        if (OID_LDAP_ASSERTION.equals(oid)) {
          LDAPAssertionRequestControl assertControl =
              getRequestControl(LDAPAssertionRequestControl.DECODER);

          SearchFilter assertionFilter;
          try {
            assertionFilter = assertControl.getSearchFilter();
          } catch (DirectoryException de) {
            if (debugEnabled()) {
              TRACER.debugCaught(DebugLogLevel.ERROR, de);
            }

            throw new DirectoryException(
                de.getResultCode(),
                ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(de.getMessageObject()),
                de);
          }

          Entry entry;
          try {
            entry = DirectoryServer.getEntry(baseDN);
          } catch (DirectoryException de) {
            if (debugEnabled()) {
              TRACER.debugCaught(DebugLogLevel.ERROR, de);
            }

            throw new DirectoryException(
                de.getResultCode(),
                ERR_SEARCH_CANNOT_GET_ENTRY_FOR_ASSERTION.get(de.getMessageObject()));
          }

          if (entry == null) {
            throw new DirectoryException(
                ResultCode.NO_SUCH_OBJECT, ERR_SEARCH_NO_SUCH_ENTRY_FOR_ASSERTION.get());
          }

          // Check if the current user has permission to make
          // this determination.
          if (!AccessControlConfigManager.getInstance()
              .getAccessControlHandler()
              .isAllowed(this, entry, assertionFilter)) {
            throw new DirectoryException(
                ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
          }

          try {
            if (!assertionFilter.matchesEntry(entry)) {
              throw new DirectoryException(
                  ResultCode.ASSERTION_FAILED, ERR_SEARCH_ASSERTION_FAILED.get());
            }
          } catch (DirectoryException de) {
            if (de.getResultCode() == ResultCode.ASSERTION_FAILED) {
              throw de;
            }

            if (debugEnabled()) {
              TRACER.debugCaught(DebugLogLevel.ERROR, de);
            }

            throw new DirectoryException(
                de.getResultCode(),
                ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(de.getMessageObject()),
                de);
          }
        } else if (OID_PROXIED_AUTH_V1.equals(oid)) {
          // Log usage of legacy proxy authz V1 control.
          addAdditionalLogItem(
              AdditionalLogItem.keyOnly(getClass(), "obsoleteProxiedAuthzV1Control"));

          // The requester must have the PROXIED_AUTH privilege in order to be
          // able to use this control.
          if (!clientConnection.hasPrivilege(Privilege.PROXIED_AUTH, this)) {
            throw new DirectoryException(
                ResultCode.AUTHORIZATION_DENIED, ERR_PROXYAUTH_INSUFFICIENT_PRIVILEGES.get());
          }

          ProxiedAuthV1Control proxyControl = getRequestControl(ProxiedAuthV1Control.DECODER);

          Entry authorizationEntry = proxyControl.getAuthorizationEntry();
          setAuthorizationEntry(authorizationEntry);
          setProxiedAuthorizationDN(getDN(authorizationEntry));
        } else if (OID_PROXIED_AUTH_V2.equals(oid)) {
          // The requester must have the PROXIED_AUTH privilege in order to be
          // able to use this control.
          if (!clientConnection.hasPrivilege(Privilege.PROXIED_AUTH, this)) {
            throw new DirectoryException(
                ResultCode.AUTHORIZATION_DENIED, ERR_PROXYAUTH_INSUFFICIENT_PRIVILEGES.get());
          }

          ProxiedAuthV2Control proxyControl = getRequestControl(ProxiedAuthV2Control.DECODER);

          Entry authorizationEntry = proxyControl.getAuthorizationEntry();
          setAuthorizationEntry(authorizationEntry);
          setProxiedAuthorizationDN(getDN(authorizationEntry));
        } else if (OID_PERSISTENT_SEARCH.equals(oid)) {
          final PersistentSearchControl ctrl = getRequestControl(PersistentSearchControl.DECODER);

          persistentSearch =
              new PersistentSearch(
                  this, ctrl.getChangeTypes(), ctrl.getChangesOnly(), ctrl.getReturnECs());
        } else if (OID_LDAP_SUBENTRIES.equals(oid)) {
          SubentriesControl subentriesControl = getRequestControl(SubentriesControl.DECODER);
          setReturnSubentriesOnly(subentriesControl.getVisibility());
        } else if (OID_LDUP_SUBENTRIES.equals(oid)) {
          // Support for legacy draft-ietf-ldup-subentry.
          addAdditionalLogItem(AdditionalLogItem.keyOnly(getClass(), "obsoleteSubentryControl"));

          setReturnSubentriesOnly(true);
        } else if (OID_MATCHED_VALUES.equals(oid)) {
          MatchedValuesControl matchedValuesControl =
              getRequestControl(MatchedValuesControl.DECODER);
          setMatchedValuesControl(matchedValuesControl);
        } else if (OID_ACCOUNT_USABLE_CONTROL.equals(oid)) {
          setIncludeUsableControl(true);
        } else if (OID_REAL_ATTRS_ONLY.equals(oid)) {
          setRealAttributesOnly(true);
        } else if (OID_VIRTUAL_ATTRS_ONLY.equals(oid)) {
          setVirtualAttributesOnly(true);
        } else if (OID_GET_EFFECTIVE_RIGHTS.equals(oid)
            && DirectoryServer.isSupportedControl(OID_GET_EFFECTIVE_RIGHTS)) {
          // Do nothing here and let AciHandler deal with it.
        }
        // NYI -- Add support for additional controls.

        else if (c.isCritical() && !backendSupportsControl(oid)) {
          throw new DirectoryException(
              ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
              ERR_SEARCH_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
        }
      }
    }
  }

Ejemplo n.º 4

Archivo: SubentryPasswordPolicyTestCase.java Proyecto: parthiban-manick/OpenDJ

  /**
   * Ensures that password policy pwdPolicySubentry operational attribute reflects active password
   * policy for a given user entry.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testPasswordPolicySubentryAttribute() throws Exception {
    PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
    assertNotNull(defaultPolicy);

    Entry testEntry = DirectoryServer.getEntry(DN.decode("uid=rogasawara," + BASE));
    assertNotNull(testEntry);

    AttributeType attrType = DirectoryServer.getAttributeType("pwdpolicysubentry");

    // Make sure that default policy is in effect
    // for the user entry.
    assertTrue(testEntry.hasAttribute(attrType));
    assertTrue(
        testEntry.hasValue(
            attrType, null, AttributeValues.create(attrType, defaultPolicy.getDN().toString())));

    // Add new subentry policy with the
    // scope to apply to the user entry.
    Entry policyEntry =
        TestCaseUtils.makeEntry(
            "dn: cn=Temp Policy," + SUFFIX,
            "objectClass: top",
            "objectClass: pwdPolicy",
            "objectClass: subentry",
            "cn: Temp Policy",
            "subtreeSpecification: { base \"ou=people\" }",
            "pwdLockoutDuration: 300",
            "pwdMaxFailure: 3",
            "pwdMustChange: true",
            "pwdAttribute: userPassword");

    InternalClientConnection connection = InternalClientConnection.getRootConnection();

    AddOperation addOperation =
        connection.processAdd(
            policyEntry.getDN(),
            policyEntry.getObjectClasses(),
            policyEntry.getUserAttributes(),
            policyEntry.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    assertNotNull(DirectoryServer.getEntry(policyEntry.getDN()));

    // Make sure just added policy is in effect.
    testEntry = DirectoryServer.getEntry(DN.decode("uid=rogasawara," + BASE));
    assertNotNull(testEntry);

    assertTrue(testEntry.hasAttribute(attrType));
    assertTrue(
        testEntry.hasValue(
            attrType, null, AttributeValues.create(attrType, "cn=Temp Policy," + SUFFIX)));

    // Remove subentry policy and make sure
    // default policy is in effect again.
    TestCaseUtils.deleteEntry(policyEntry.getDN());

    testEntry = DirectoryServer.getEntry(DN.decode("uid=rogasawara," + BASE));
    assertNotNull(testEntry);

    assertTrue(testEntry.hasAttribute(attrType));
    assertTrue(
        testEntry.hasValue(
            attrType, null, AttributeValues.create(attrType, defaultPolicy.getDN().toString())));
  }

Ejemplo n.º 5

Archivo: SubentryPasswordPolicyTestCase.java Proyecto: parthiban-manick/OpenDJ

  /**
   * Ensures that password policy constructed from subentry, containing a password validator
   * reference, is active and has a valid configuration.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testValidConfigurationWithValidator() throws Exception {
    PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
    assertNotNull(defaultPolicy);

    // The values are selected on a basis that they
    // should differ from default password policy.
    Entry policyEntry =
        TestCaseUtils.makeEntry(
            "dn: cn=Temp Validator Policy," + SUFFIX,
            "objectClass: top",
            "objectClass: pwdPolicy",
            "objectClass: pwdValidatorPolicy",
            "objectClass: subentry",
            "cn: Temp Policy",
            "subtreeSpecification: { base \"ou=people\" }",
            "pwdLockoutDuration: 300",
            "pwdMaxFailure: 3",
            "pwdMustChange: TRUE",
            "pwdAttribute: authPassword",
            "pwdMinAge: 600",
            "pwdMaxAge: 2147483647",
            "pwdInHistory: 5",
            "pwdExpireWarning: 864000",
            "pwdGraceAuthNLimit: 3",
            "pwdFailureCountInterval: 3600",
            "pwdAllowUserChange: FALSE",
            "pwdSafeModify: TRUE",
            "ds-cfg-password-validator: cn=Unique Characters,cn=Password Validators,cn=config",
            "ds-cfg-password-validator: cn=Length-Based Password Validator,cn=Password Validators,cn=config");

    InternalClientConnection connection = InternalClientConnection.getRootConnection();

    AddOperation addOperation =
        connection.processAdd(
            policyEntry.getDN(),
            policyEntry.getObjectClasses(),
            policyEntry.getUserAttributes(),
            policyEntry.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    assertNotNull(DirectoryServer.getEntry(policyEntry.getDN()));

    PasswordPolicy policy =
        (PasswordPolicy)
            DirectoryServer.getAuthenticationPolicy(
                DN.decode("cn=Temp Validator Policy," + SUFFIX));
    assertNotNull(policy);

    // Check the password validator attributes for correct values.
    Collection<PasswordValidator<?>> validators = policy.getPasswordValidators();
    assertFalse(validators.isEmpty());
    assertEquals(validators.size(), 2);

    // Make sure this policy applies to the test entry
    // its supposed to target and that its the same
    // policy object as previously tested.
    Entry testEntry = DirectoryServer.getEntry(DN.decode("uid=rogasawara," + BASE));
    assertNotNull(testEntry);

    AuthenticationPolicy statePolicy = AuthenticationPolicy.forUser(testEntry, false);
    assertNotNull(statePolicy);
    assertEquals(policy, statePolicy);

    // Make sure this policy is gone and default
    // policy is in effect instead.
    TestCaseUtils.deleteEntry(policyEntry.getDN());
    statePolicy = AuthenticationPolicy.forUser(testEntry, false);
    assertNotNull(statePolicy);
    assertEquals(defaultPolicy, statePolicy);
  }

Ejemplo n.º 6

Archivo: SubentryPasswordPolicyTestCase.java Proyecto: parthiban-manick/OpenDJ

  /**
   * Ensures that password policy constructed from subentry is active and has a valid configuration.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testValidConfiguration() throws Exception {
    PasswordPolicy defaultPolicy = DirectoryServer.getDefaultPasswordPolicy();
    assertNotNull(defaultPolicy);

    // The values are selected on a basis that they
    // should differ from default password policy.
    Entry policyEntry =
        TestCaseUtils.makeEntry(
            "dn: cn=Temp Policy," + SUFFIX,
            "objectClass: top",
            "objectClass: pwdPolicy",
            "objectClass: subentry",
            "cn: Temp Policy",
            "subtreeSpecification: { base \"ou=people\" }",
            "pwdLockoutDuration: 300",
            "pwdMaxFailure: 3",
            "pwdMustChange: TRUE",
            "pwdAttribute: authPassword",
            "pwdMinAge: 600",
            "pwdMaxAge: 2147483647",
            "pwdInHistory: 5",
            "pwdExpireWarning: 864000",
            "pwdGraceAuthNLimit: 3",
            "pwdFailureCountInterval: 3600",
            "pwdAllowUserChange: FALSE",
            "pwdSafeModify: TRUE");

    InternalClientConnection connection = InternalClientConnection.getRootConnection();

    AddOperation addOperation =
        connection.processAdd(
            policyEntry.getDN(),
            policyEntry.getObjectClasses(),
            policyEntry.getUserAttributes(),
            policyEntry.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
    assertNotNull(DirectoryServer.getEntry(policyEntry.getDN()));

    PasswordPolicy policy =
        (PasswordPolicy)
            DirectoryServer.getAuthenticationPolicy(DN.decode("cn=Temp Policy," + SUFFIX));
    assertNotNull(policy);

    // Check all pwp attributes for correct values.
    assertEquals(policy.getLockoutDuration(), 300);
    assertEquals(policy.getLockoutFailureCount(), 3);
    assertEquals(policy.isForceChangeOnReset(), true);
    assertTrue(policy.getPasswordAttribute().getPrimaryName().equalsIgnoreCase("authPassword"));
    assertEquals(policy.getMinPasswordAge(), 600);
    assertEquals(policy.getMaxPasswordAge(), 2147483647);
    assertEquals(policy.getPasswordHistoryCount(), 5);
    assertEquals(policy.getPasswordExpirationWarningInterval(), 864000);
    assertEquals(policy.getGraceLoginCount(), 3);
    assertEquals(policy.getLockoutFailureExpirationInterval(), 3600);
    assertEquals(policy.isAllowUserPasswordChanges(), false);
    assertEquals(policy.isPasswordChangeRequiresCurrentPassword(), true);

    /* Check the password validator attributes for correct values.
     * The default unit-test config has a single Password validator which is
     * enabled for the default password policy.
     */
    Collection<PasswordValidator<?>> validators = policy.getPasswordValidators();
    assertEquals(validators.size(), 1);
    for (PasswordValidator<?> validator : validators) {
      assertTrue(
          validator.toString().startsWith("org.opends.server.extensions.TestPasswordValidator"));
    }

    // Make sure this policy applies to the test entry
    // its supposed to target and that its the same
    // policy object as previously tested.
    Entry testEntry = DirectoryServer.getEntry(DN.decode("uid=rogasawara," + BASE));
    assertNotNull(testEntry);

    AuthenticationPolicy statePolicy = AuthenticationPolicy.forUser(testEntry, false);
    assertNotNull(statePolicy);
    assertEquals(policy, statePolicy);

    // Make sure this policy is gone and default
    // policy is in effect instead.
    TestCaseUtils.deleteEntry(policyEntry.getDN());
    statePolicy = AuthenticationPolicy.forUser(testEntry, false);
    assertNotNull(statePolicy);
    assertEquals(defaultPolicy, statePolicy);
  }