/** * Get the connection parameters for the IT Resource GROUPER_RECONCILIATION. * Then returns a connection based on those parameters. * @return database connection * @throws Exception */ private Connection getGrouperConnection() throws Exception { Map<String, String> parameters = new HashMap<String, String>(); if (!DEBUG) { tcITResourceInstanceOperationsIntf moITResourceUtility = (tcITResourceInstanceOperationsIntf) super.getUtility("Thor.API.Operations.tcITResourceInstanceOperationsIntf"); Map<String, String> resourceMap = new HashMap<String, String>(); resourceMap.put("IT Resources.Name", "GROUPER_RECONCILIATION"); // We use the Grouper Recon's connection tcResultSet moResultSet = moITResourceUtility.findITResourceInstances(resourceMap); long resourceKey = moResultSet.getLongValue("IT Resources.Key"); moResultSet = null; moResultSet = moITResourceUtility.getITResourceInstanceParameters(resourceKey); for (int i = 0; i < moResultSet.getRowCount(); i++) { moResultSet.goToRow(i); String name = moResultSet.getStringValue("IT Resources Type Parameter.Name"); String value = moResultSet .getStringValue("IT Resources Type Parameter Value.Value"); parameters.put(name, value); } } else { parameters.put("username","SUPPRESSED"); parameters.put("password", SUPPRESSED"); parameters.put("connectionProperties", "oracle.net.encryption_client=required,oracle.net.encryption_types_client=(RC4_256),oracle.net.crypto_checksum_client=required,oracle.net.crypto_checksum_types_client=(MD5)"); parameters.put("url", "jdbc:oracle:thin:@SUPPRESSED:SUPPRESSED:SUPPRESSED"); parameters.put("driver", "oracle.jdbc.driver.OracleDriver"); } Class.forName((String) parameters.get("driver")); userName = (String) parameters.get("username"); Properties props = new Properties(); props.put("user", parameters.get("username")); props.put("password", parameters.get("password")); if (parameters.get("connectionProperties") != null && !parameters.get("connectionProperties").equals("")) { String[] additionalPropsArray = ((String) parameters.get("connectionProperties")).split(","); for (int i = 0; i < additionalPropsArray.length; i++) { String[] keyValue = additionalPropsArray[i].split("="); props.setProperty(keyValue[0], keyValue[1]); } } Connection conn = DriverManager.getConnection((String) parameters.get("url"), props); return conn; }
/** * Method to retrieve connection information from the OIM IT resource and use it to establish * connection to the comms directories, then mine the comms directories for mailUserStatus * attributes for all the users in the directory and return the results in a HashMap. * * <p>This HashMap is then later used to perform the comparison against OIM. * * <p>We need to retrieve duDukeID (for purposes of comparing against OIM, where that's the user's * Users.User ID value), and mailUserStatus (for purposes of setting the state of the user for the * comparison). * * <p>Return HashMap contains one hash for each user, indexed by duDukeID, with a Boolean value * that's FALSE if the user has no mailbox (the mailUserStatus value doesn't exist or is * "removed") and TRUE otherwise. */ private HashMap<String, Boolean> getLDAPData() { AttributeData attributeData = AttributeData.getInstance(); Attributes attributes = null; SearchResult ldapResult = null; LdapContext context = null; NamingEnumeration results = null; NamingEnumeration<SearchResult> iresults = null; Boolean hasmailbox = false; HashMap returnValue = new HashMap(); tcITResourceInstanceOperationsIntf moITResourceUtility = null; tcResultSet moResultSet = null; long resourceKey; SearchResult resval = null; Attributes ra = null; String uniqueID = null; String status = null; // Get handle for retrieving configuration from OIM // For the IT Resource try { moITResourceUtility = (tcITResourceInstanceOperationsIntf) super.getUtility("Thor.API.Operations.tcITResourceInstanceOperationsIntf"); } catch (Exception e) { throw new RuntimeException( connectorName + " Failed to retrieve LDAP configuration from OIM - check OIM IT Resource " + e.getMessage(), e); } // Get the parameters for the LDAP connection from OIM Map resourceMap = new HashMap(); resourceMap.put("IT Resources.Name", "COMMS_RECONCILIATION"); try { moResultSet = moITResourceUtility.findITResourceInstances(resourceMap); resourceKey = moResultSet.getLongValue("IT Resources.Key"); } catch (Exception e) { throw new RuntimeException( connectorName + " Unable to get IT Resource from factory - check OIM IT Resource" + e.getMessage(), e); } moResultSet = null; try { moResultSet = moITResourceUtility.getITResourceInstanceParameters(resourceKey); for (int i = 0; i < moResultSet.getRowCount(); i++) { moResultSet.goToRow(i); String name = moResultSet.getStringValue("IT Resources Type Parameter.Name"); String value = moResultSet.getStringValue("IT Resources Type Parameter Value.Value"); parameters.put(name, value); } } catch (Exception e) { throw new RuntimeException( connectorName + "Unable to get attributes from OIM IT resource - check IT Resource in OIM " + e.getMessage(), e); } // Start by getting a connection to the LDAP Hashtable<String, String> environment = new Hashtable<String, String>(); environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); environment.put(Context.PROVIDER_URL, (String) parameters.get("ldapURL")); environment.put(Context.SECURITY_AUTHENTICATION, "simple"); environment.put(Context.SECURITY_PRINCIPAL, (String) parameters.get("ldapDN")); environment.put(Context.SECURITY_CREDENTIALS, (String) parameters.get("ldapPW")); environment.put(Context.SECURITY_PROTOCOL, "ssl"); try { context = new InitialLdapContext(environment, null); // If connection fails, retry one time before failing if (context == null) { // Retry connection one more time after 20 seconds Thread.sleep(20000); context = new InitialLdapContext(environment, null); // and fail if the context is still null -- return null // hash and log an error to generate email notification if (context == null) { logger.error( connectorName + " Failed to make LDAP connection to commsdirs during comms reconciliation - reconciliation cannot continue"); return (null); } } } catch (javax.naming.NamingException e) { // in this case, we excepted on something in LDAP logger.error( connectorName + " Caught exception from JNDI during LDAP connection -- returning NULL " + e.getMessage()); e.printStackTrace(); return (null); } catch (java.lang.InterruptedException e) { logger.warn( connectorName + " Interrupt caught before timeout for retry of LDAP connection -- returning NULL"); return (null); } // At this point, we should have a connection in the context // List of attributes to be retrieved from LDAP String[] attrs = {"duDukeID", "mailUserStatus"}; // SearchControls to build the query SearchControls cons = new SearchControls(SearchControls.SUBTREE_SCOPE, 0, 0, attrs, false, false); // And execute the query in a try to catch throwables try { iresults = context.newInstance(null).search("o=Comms,dc=duke,dc=edu", "(duDukeID=*)", cons); } catch (NamingException e) { throw new RuntimeException( connectorName + " Failed LDAP search on bad connection: " + e.getMessage(), e); } while (iresults.hasMoreElements()) { try { resval = iresults.next(); } catch (javax.naming.NamingException e) { // Somehow, we had more elements, but when we went to get the next one, it wasn't there // Assume this is a sign that the LDAP response was corrupt logger.error(connectorName + " Corrupt LDAP search results -- throwing exception "); throw new RuntimeException( connectorName + " Failed to find next result in LDAP search result set, even though hasMore was true " + e.getMessage(), e); } ra = resval.getAttributes(); try { uniqueID = (String) ra.get("duDukeID").get(); } catch (javax.naming.NamingException e) { // this one is fatal logger.error( connectorName + " DukeID was missing from user found by Unique ID -- very strange "); throw new RuntimeException( connectorName + " User found by unique ID does not have a unique ID " + e.getMessage(), e); } try { if (ra.get("mailUserStatus") != null) { status = (String) ra.get("mailUserStatus").get(); if (status != null && !status.equals("") && !status.equals("removed")) { hasmailbox = true; } else { hasmailbox = false; } } else { hasmailbox = false; } } catch (Exception e) { // In this case, we somehow failed to figure out whether the mailbox exists or not // Since existence has less permanent effect on the world than non, // we treat this as an existent case but log the anomaly logger.warn( connectorName + " Exception reading mailUserStatus for user " + uniqueID + " so returning with hasmailbox = true for failsafe"); hasmailbox = true; } returnValue.put(uniqueID, hasmailbox); } return (returnValue); }