public boolean isAdminDN(String dn) { if(dn == null) return false; try { return isAdminDN(new LdapName(dn)); } catch (InvalidNameException e) { return false; } }
public void setTempSearchBase(String tempSearchBase) { try { LdapName baseName = new LdapName(tempSearchBase); tempPrefixLength = baseName.size(); this.tempSearchBase = tempSearchBase; } catch (InvalidNameException e) { throw new IllegalArgumentException("Invalid base DN value " + tempSearchBase, e); } }
public void setQueueSearchBase(String queueSearchBase) { try { LdapName baseName = new LdapName(queueSearchBase); queuePrefixLength = baseName.size(); this.queueSearchBase = queueSearchBase; } catch (InvalidNameException e) { throw new IllegalArgumentException("Invalid base DN value " + queueSearchBase, e); } }
public void setTopicSearchBase(String topicSearchBase) { try { LdapName baseName = new LdapName(topicSearchBase); topicPrefixLength = baseName.size(); this.topicSearchBase = topicSearchBase; } catch (InvalidNameException e) { throw new IllegalArgumentException("Invalid base DN value " + topicSearchBase, e); } }
public static List<String> getX509CertificateCommonNames(String dn) throws Exception { List<String> names = new ArrayList<>(); if (!PlatformDependent.isAndroid()) { LdapName ldapDN = new LdapName(dn); for (Rdn rdn : ldapDN.getRdns()) { if (rdn.getType().equalsIgnoreCase("cn")) { String name = rdn.getValue().toString(); names.add(name); } } } else { String [] rdns = dn.trim().split("[,;]"); for(String rdn : rdns) { String [] nvp = rdn.trim().split("="); if(nvp.length == 2 && "cn".equalsIgnoreCase(nvp[0])) { names.add(nvp[1]); } } } return names; }
import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; String dn = x509cert.getSubjectX500Principal().getName(); LdapName ldapDN = new LdapName(dn); for(Rdn rdn: ldapDN.getRdns()) { System.out.println(rdn.getType() + " -> " + rdn.getValue()); }
private static String extractCN(final String subjectPrincipal) throws SSLException { if (subjectPrincipal == null) { return null; } try { final LdapName subjectDN = new LdapName(subjectPrincipal); final List<Rdn> rdns = subjectDN.getRdns(); for (int i = rdns.size() - 1; i >= 0; i--) { final Rdn rds = rdns.get(i); final Attributes attributes = rds.toAttributes(); final Attribute cn = attributes.get("cn"); if (cn != null) { try { final Object value = cn.get(); if (value != null) { return value.toString(); } } catch (final NoSuchElementException ignore) { // ignore exception } catch (final NamingException ignore) { // ignore exception } } } return null; } catch (final InvalidNameException e) { throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name"); } }
String dn = "CN=Jimmy Blooptoop,OU=Someplace,OU=Employees,DC=Bloopsoft-Inc"; LdapName ln = new LdapName(dn); for(Rdn rdn : ln.getRdns()) { if(rdn.getType().equalsIgnoreCase("CN")) { System.err.println("CN is: " + rdn.getValue()); break; } }
/** * A helper method to get the Relative Distinguished Name (RDN) from * Distinguished name (DN). According to Active Directory documentation, * a group object's RDN is a CN. * * @param distinguishedName A string representing a distinguished name. * @throws NamingException if the DN is malformed. * @return a string which represents the RDN */ private String getRelativeDistinguishedName(String distinguishedName) throws NamingException { LdapName ldn = new LdapName(distinguishedName); List<Rdn> rdns = ldn.getRdns(); if (rdns.isEmpty()) { throw new NamingException("DN is empty"); } Rdn rdn = rdns.get(rdns.size()-1); if (rdn.getType().equalsIgnoreCase(groupNameAttr)) { String groupName = (String)rdn.getValue(); return groupName; } throw new NamingException("Unable to find RDN: The DN " + distinguishedName + " is malformed."); }
private void invokeCacheUpdateListener(NamingEvent evt) { Binding oldBinding = evt.getOldBinding(); LdapName ldapName; try { ldapName = new LdapName(oldBinding.getName()); } catch (InvalidNameException e) { throw log.ldapInvalidLdapName(oldBinding.getName(), e); } ldapName.getRdns().stream() .filter(rdn -> rdn.getType().equals(identityMapping.rdnIdentifier)) .map(rdn -> new NamePrincipal(rdn.getValue().toString())) .findFirst() .ifPresent(listener::accept); } }
private String extractRdn(AttributeMapping mapping, final String dn) { String valueRdn = mapping.getRdn(); try { for (Rdn rdn : new LdapName(dn).getRdns()) { if (rdn.getType().equalsIgnoreCase(valueRdn)) { return rdn.getValue().toString(); } } } catch (Exception cause) { throw log.ldapRealmInvalidRdnForAttribute(mapping.getName(), dn, valueRdn, cause); } return null; }
private User resolveTransportUsernameAttribute(User pkiUser) { //#547 if(transportUsernameAttribute != null && !transportUsernameAttribute.isEmpty()) { try { final LdapName sslPrincipalAsLdapName = new LdapName(pkiUser.getName()); for(final Rdn rdn: sslPrincipalAsLdapName.getRdns()) { if(rdn.getType().equals(transportUsernameAttribute)) { return new User((String) rdn.getValue()); } } } catch (InvalidNameException e) { //cannot happen } } return pkiUser; } }
/** * Handler for removed policy entries in the directory. * * @param namingEvent * the removed entry event that occurred * @param destinationType * the type of the destination to which the event applies * @param permissionType * the permission type to which the event applies */ public void objectRemoved(NamingEvent namingEvent, DestinationType destinationType, PermissionType permissionType) { LOG.debug("Removing object: {}", namingEvent.getOldBinding()); Binding result = namingEvent.getOldBinding(); try { DefaultAuthorizationMap map = this.map.get(); LdapName name = new LdapName(result.getName()); AuthorizationEntry entry = getEntry(map, name, destinationType); applyAcl(entry, permissionType, new HashSet<Object>()); } catch (InvalidNameException e) { LOG.error("Policy not applied! Error parsing DN for object removal for removal of {}", result.getName(), e); } catch (Exception e) { LOG.error("Policy not applied! Error processing object removal for removal of {}", result.getName(), e); } }
private NamingEnumeration<SearchResult> searchWithPagination() throws NamingException, IOException { Control[] controlsBackup = null; Object binaryAttributesBackup = null; // backup and set environment if (pageSize != 0 && context instanceof LdapContext) { controlsBackup = ((LdapContext)context).getRequestControls(); ((LdapContext)context).setRequestControls(new Control[]{ new PagedResultsControl(pageSize, cookie, Control.CRITICAL) }); } if (binaryAttributes != null && binaryAttributes.size() != 0) { // set attributes which should be returned in binary form binaryAttributesBackup = context.getEnvironment().get(ENV_BINARY_ATTRIBUTES); context.addToEnvironment(ENV_BINARY_ATTRIBUTES, String.join(" ", binaryAttributes)); } NamingEnumeration<SearchResult> results = context.search(new LdapName(searchDn), filter, filterArgs, createSearchControls()); // revert environment change if (binaryAttributes != null && binaryAttributes.size() != 0) { if (binaryAttributesBackup == null) { context.removeFromEnvironment(ENV_BINARY_ATTRIBUTES); } else { context.addToEnvironment(ENV_BINARY_ATTRIBUTES, binaryAttributesBackup); } } if (pageSize != 0 && context instanceof LdapContext) { ((LdapContext)context).setRequestControls(controlsBackup); } return results; }
private LdapSearch createLdapSearchByDn() { if ( ! name.regionMatches(true, 0, identityMapping.rdnIdentifier, 0, identityMapping.rdnIdentifier.length())) { return null; } // equal sign not checked here as whitespaces can be between yet try { LdapName ldapName = new LdapName(name); int rdnPosition = ldapName.size() - 1; Rdn rdnIdentifier = ldapName.getRdn(rdnPosition); if ( ! rdnIdentifier.getType().equalsIgnoreCase(identityMapping.rdnIdentifier)) { // uid=... log.tracef("Getting identity [%s] by DN skipped - RDN does not match [%s]", name, identityMapping.rdnIdentifier); return null; } if (identityMapping.searchDn != null) { List<Rdn> expectedStart = new LdapName(identityMapping.searchDn).getRdns(); if ( ! ldapName.startsWith(expectedStart)) { // ...,search-dn log.tracef("Getting identity [%s] by DN skipped - DN not in search-dn [%s]", name, identityMapping.searchDn); return null; } if ( ! identityMapping.searchRecursive && ldapName.size() != expectedStart.size() + 1) { log.tracef("Getting identity [%s] by DN skipped - DN not directly in search-dn and recursive search not enabled [%s]", name, identityMapping.searchDn); return null; } } return new LdapSearch(ldapName.toString(), SearchControls.OBJECT_SCOPE, 0, identityMapping.filterName, rdnIdentifier.getValue().toString()); } catch (InvalidNameException e) { log.tracef(e, "Getting identity [%s] by DN failed - will continue by name", name); } return null; }
@Test public void testGivenNameAttributeNameMapping() throws Exception { attrs.put("givenName", "Marissa"); adapter = new DirContextAdapter(attrs, new LdapName("cn=marissa,ou=Users,dc=test,dc=com")); mapper.setGivenNameAttributeName("givenName"); ExtendedLdapUserImpl ldapUserDetails = getExtendedLdapUser(); Assert.assertThat(ldapUserDetails.getGivenName(), is("Marissa")); }
@Test public void testPhoneNumberAttributeNameMapping() throws Exception { attrs.put("phoneNumber", "8675309"); adapter = new DirContextAdapter(attrs, new LdapName("cn=marissa,ou=Users,dc=test,dc=com")); mapper.setPhoneNumberAttributeName("phoneNumber"); ExtendedLdapUserImpl ldapUserDetails = getExtendedLdapUser(); Assert.assertThat(ldapUserDetails.getPhoneNumber(), is("8675309")); }
@Test public void testFamilyNameAttributeNameMapping() throws Exception { attrs.put("lastName", "Lastnamerton"); adapter = new DirContextAdapter(attrs, new LdapName("cn=marissa,ou=Users,dc=test,dc=com")); mapper.setFamilyNameAttributeName("lastName"); ExtendedLdapUserImpl ldapUserDetails = getExtendedLdapUser(); Assert.assertThat(ldapUserDetails.getFamilyName(), is("Lastnamerton")); }
@Override public void delete() throws RealmUnavailableException { DirContext context = obtainContext(); try { LdapIdentity identity = getIdentity(context); if (identity == null) { throw log.noSuchIdentity(); } log.debugf("Removing identity [%s] with DN [%s] from LDAP", name, identity.getDistinguishedName()); identity.getDirContext().destroySubcontext(new LdapName(identity.getDistinguishedName())); } catch (NamingException e) { throw log.ldapRealmFailedDeleteIdentityFromServer(e); } finally { closeContext(context); } }
private void storeAttributes(String alias, List<ModificationItem> items) throws KeyStoreException { DirContext context = obtainDirContext(); try { SearchResult result = searchAlias(context, alias, null, new String[]{}); LdapName distinguishName; if (result == null) { // alias not exists yet - create if (createPath == null || createAttributes == null || createRdn == null) throw log.creationNotConfigured(alias); distinguishName = (LdapName) createPath.clone(); distinguishName.add(new Rdn(createRdn, alias)); log.debugf("Creating keystore alias [%s] with DN [%s] in LDAP", alias, distinguishName.toString()); context.createSubcontext(distinguishName, createAttributes); items.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(aliasAttribute, alias))); } else { distinguishName = new LdapName(result.getNameInNamespace()); } context.modifyAttributes(distinguishName, items.toArray(new ModificationItem[items.size()])); } catch (NamingException e) { throw log.ldapKeyStoreFailedToStore(alias, e); } finally { returnDirContext(context); } }