Class tcUtilLDAPController

java.lang.Object
com.thortech.xl.util.adapters.tcUtilLDAPController

public class tcUtilLDAPController extends Object
Class that provides the JNDI Interface to LDAP Director.
Requires that jndi.jar be in the classpath.
  • Field Details

    • UAC_SCRIPT

      public static int UAC_SCRIPT
      The logon script is executed.
    • UAC_ORGANIZATIONDISABLE

      public static int UAC_ORGANIZATIONDISABLE
      Organization is disabled
    • UAC_HOMEDIR_REQD

      public static int UAC_HOMEDIR_REQD
      The home directory is required.
    • UAC_LOCKEDOUT

      public static int UAC_LOCKEDOUT
      The account is currently locked out.
    • UAC_PWD_NOTREQD

      public static int UAC_PWD_NOTREQD
      No password is required.
    • UAC_PWD_CANTCHANGE

      public static int UAC_PWD_CANTCHANGE
      The user cannot change the password.
    • UAC_PWD_ENCRYPTED

      public static int UAC_PWD_ENCRYPTED
      The user can send an encrypted password.
    • UAC_PWD_NOEXPIRE

      public static int UAC_PWD_NOEXPIRE
      The password for this account will never expire.
    • UAC_SMARTCARD

      public static int UAC_SMARTCARD
      The user must log on using a smart card.
  • Constructor Details

    • tcUtilLDAPController

      public tcUtilLDAPController(String server, String rootcon, String princ, String p_password)
      Contructor that sets the primary connection parameters
      Parameters:
      server - The domain or the IP address of the LDAP Server, e.g. w2kaddcd02, thor60.thortech.com
      rootcon - The domain root for the LDAP structure, e.g. DC=THORTECH,DC=com
      princ - The Distinguished Name of the Admin User the program will log in as, e.g. CN=Admin,CN=Users,DC=THORDEV,DC=com
      p_password - The password of the Admin User
    • tcUtilLDAPController

      public tcUtilLDAPController(String server, String rootcon, String princ, String p_password, boolean pSecure) throws Exception
      Contructor that sets the primary connection parameters, and also provides a method to set the security constraint
      Parameters:
      server - The domain or the IP address of the LDAP Server, e.g. w2kaddcd02, thor60.thortech.com
      rootcon - The domain root for the LDAP structure, e.g. DC=THORTECH,DC=com
      princ - The Distinguished Name of the Admin User the program will log in as, e.g. CN=Admin,CN=Users,DC=THORDEV,DC=com
      p_password - The password of the Admin User
      pSecure - boolean telling whether to use secure connection (SSL) or not
      Throws:
      Exception
    • tcUtilLDAPController

      public tcUtilLDAPController(String server, String rootcon, String princ, String p_password, Boolean pSecure) throws Exception
      Creates a new tcUtilLDAPController object.
      Parameters:
      server - The domain or the IP address of the LDAP Server, e.g. w2kaddcd02, thor60.thortech.com
      rootcon - The domain root for the LDAP structure, e.g. DC=THORTECH,DC=com
      princ - The Distinguished Name of the Admin User the program will log in as, e.g. CN=Admin,CN=Users,DC=THORDEV,DC=com
      p_password - The password of the Admin User
      pSecure - boolean telling whether to use secure connection (SSL) or not
      Throws:
      Exception
  • Method Details

    • moveObject

      public boolean moveObject(String source, String destination, String name) throws Exception
      Moves an LDAP object
      Parameters:
      source - Parent heirarchy of the Objects current location, e.g OU=Devel,OU=Engineering
      destination - Parent heirarchy of the Objects destination location, e.g OU=Devel,OU=Engineering
      name - The name of the object, including the object type, e.g. "cn=Consultant" uses the rename method to specify that the member attributes distinguished name is to be changed. Since this includes the full path, it changes the location also
      Returns:
      boolean True if renaming has been successful, else false
      Throws:
      Exception
      See Also:
    • rename

      public boolean rename(String hierarchy, String oldname, String newname) throws Exception
      Internal method that executes the JNDI rename method. It is used by moveObject
      Parameters:
      hierarchy - The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=Engineering
      oldname - The old name of the object, including the object type, e.g. "cn=Consultant"
      newname - The new name of the object, including the object type, e.g. "cn=Consultant"
      Returns:
      boolean True if renaming has been successful, else false
      Throws:
      Exception
      See Also:
    • search

      public Vector search(String hierarchy, String filter) throws Exception
      Searches LDAP for the objects fulfilling the criteria specified by the search filter. It scans the whole tree below the specified OU.
      Parameters:
      hierarchy - The hierarchical structure to the OU to search below, e.g OU=Devel,OU=Engineering
      filter - Specifies the conditions to search for in the form of a search filter. A search filter is a search query expresed in the form of a logical expression in prefix notation (i.e., the logical operator appears before its arguments). Some examples are:
      1) Search for an Object where sn = "Geisel" and mail has a value (any value)
      (&(sn=Geisel) (mail=))
      2) Search for Objects where either sn is "Geisel" and mail is any value, or sn begins with "L"
      (| (& (sn=Geisel) (mail=)) (sn=L))
      For further information, look at RFC 2254
      Commonly Used Search Filters Are:
      1)Search for group policies: (objectClass=groupPolicyContainer)
      2)Search for the Group "groupname": (&(objectClass=group)(cn=groupname))
      Returns:
      Returns a Vector of Strings containing the DN of the object (relative to parameter v). Returns null vector if not found
      Throws:
      Exception
    • searchResult

      public Vector searchResult(String orgRDN, String filter) throws Exception
      Searches LDAP for the objects fulfilling the criteria specified by the search filter.
      Parameters:
      orgRDN - the name of the context to search
      filter - filter criteria
      Returns:
      Vector containg the searched results
      Throws:
      Exception
    • searchResult

      public Vector searchResult(String orgRDN, String filter, String[] returnAttributes) throws Exception
      Searches LDAP for the objects fulfilling the criteria specified by the search filter. Returns a set of attributes specified as an input parameter
      Parameters:
      orgRDN - the name of the context to search
      filter - Filter Criterion
      returnAttributes - List of attributes to be returned
      Returns:
      Vector containing the searched results
      Throws:
      Exception
    • getRootDSEProperty

      public String getRootDSEProperty(String attrName) throws Exception
      Searches LDAP for the RootDSE object and get the value of a particular property from it
      Parameters:
      attrName - The attribute name to get
      Returns:
      Returns a String containing the value of that attribute if found Returns "" if not found
      Throws:
      Exception
    • listEnvironment

      public void listEnvironment(String hierarchy, String filter) throws Exception
      Returns a List of Environments
      Parameters:
      hierarchy - The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=Engineering
      filter - filter criteria
      Throws:
      Exception
    • getAttributes

      public Hashtable getAttributes(String hierarchy, String name) throws Exception
      Returns a hash of the objects attributes and their values. The key is the attribute name, while the value is a vector containing the list of values for that object.
      Parameters:
      hierarchy - The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=Engineering
      name - The path of the object relative to the connected hierarchy, usually it is just the objects name
      Returns:
      A Hastable of the form {attribute name, Vector of attribute values}
      Throws:
      Exception
    • getAttributeValues

      public Vector getAttributeValues(String hierarchy, String name, String attrname) throws Exception
      Lists the value(s) of a particular object attribute. Returns it as a vector to accommodate properties that have a list of values.
      Parameters:
      hierarchy - The hierarchy of the object to connect to (to get permissions) e.g OU=Devel,OU=Engineering
      name - The path of the object relative to the connected hierarchy, usually it is just the objects name
      attrname - The name of the attribute (property) whose value(s) needs to be retrieved.
      Returns:
      A Vector of Strings, consisting of all the values this attribute was set to.
      Throws:
      Exception
    • getAttributeValueBasedOnSearch

      public String getAttributeValueBasedOnSearch(String hierarchy, String distinguishName, String ObjectClass, String attrname) throws Exception
      This method will search in the specified hierarchy using the specified distinguished name and objectclass. From the search result, it will return the value of the specified attribute. A possible call to this method can look like: String attrVal = getAttributeValueBasedOnSearch( "ou=people,dc=oracle,dc=com", "cn=adharmad, ou=idmgmt, ou=stit", "inetOrgPerson", "givenName") This call should search for an LDAP object having DN: "cn=adharmad,ou=idmgmt, ou=stit", in the hierarchy: "ou=people,dc=oracle,dc=com", having objectClass "inetOrgPerson" and return the "givenName" attribute if this object is found.
      Parameters:
      hierarchy - The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=Engineering
      distinguishName - Distinguishing name
      ObjectClass - Object Class
      attrname - attribute name
      Returns:
      String value of the specified attribute
      Throws:
      Exception
    • removePlus

      public String removePlus(String parent, String accept)
      This function replace all the occurences of "+" in the "parent" string with the "accept" string
      Parameters:
      parent - The string in whicjh "+" is to be replaced
      accept - The String with which "+" is to be replaced
      Returns:
      String Updated String
    • connect

      public void connect(String hierarchy) throws Exception
      Connects to a directory object. Usually it is the parent of the object you want to modify. This method uses the class variables dirserver, rootcontext, principal and principal_password
      Parameters:
      hierarchy - Object path from object to root context (excluding root context). It must be a String of format "Class Type=Object CN,Class Type=Object CN" where:
      - Class Type is the objects class type ("CN", "OU", ...)
      - Object CN is the LDAP objects common name (" nkaushik", "finance group", ... ). Basically whatever is assigned to the mandatory property "cn" or "ou".
      So to get to the LDAP object with the distinguished name:
           CN=Dumbo,OU=Leaders,OU=Elephants,DC=thordev,DC=com
      and with the constructor parameter rootcon = "DC=thordev,DC=com",
      the string would be
      CN=Dumbo,OU=Leaders,OU=Elephants
      Throws:
      Exception
    • disconnect

      public void disconnect()
      Closes connection to directory server
    • getPath

      public String getPath(String hierarchy)
      Forms the basis of building the hierarchical tree to the LDAP object. Used by connect to build the correct connection.
      Parameters:
      hierarchy - Contains the elements in the tree, deepest one first. The String must be of format "Class Type=Object CN,Class Type=Object CN" where:
      - Class Type is the objects class type ("CN", "OU", ...)
      - Object CN is the LDAP objects common name (" nkaushik", "finance group", ... ). Basically whatever is assigned to the mandatory property "cn" or "ou".
      e.g. CN=Dumbo,OU=Leaders,OU=Elephants
      Returns:
      String of the canonical path (including the root context), e.g. OU=Users,OU=abc,OU=Companies,DC=thordev,DC=com
    • getPathFromVector

      public String getPathFromVector(Vector hierarchy)
      This method will return a string representation of the LDAP hierarchy path which is encapsulated in the Vector. The Vector contains objects of type String array (String[]). Each element of the vector will be a string array of size 2. The first element of the string array will be the node type, and the second element will be the node value. eg - Consider this call to the method: Vector v = new Vector(); v.add(new String[] {"ou", "servertech"}); v.add(new String[] {"dc", "oracle"}); v.add(new String[] {"dc", "com"}); String dirPath = getPathFromVector(v); This call will return the string "ou=servertech,dc=oracle,dc=com".
      Parameters:
      hierarchy - The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=Engineering
      Returns:
      String string representation of the LDAP hierarchy path
    • createObject

      public boolean createObject(String name, Attributes pattrs)
      Method used internally to create any type of object. Please Note: the attributes must contain the following attributes: "objectclass" and "cn"
      Parameters:
      name - The name of the object to be created, e.g. the username
      pattrs - The various attributes that need to be set, as an Attributes object
      Returns:
      boolean True if the creation is successful, else false
    • modifyAttributesReplace

      public boolean modifyAttributesReplace(String name, Attributes pattrs)
      Internal method that executes the JNDI modifyAttributes method, specifying the mode as "replace".
      "replace" means that the value(s) of the existing attributes get replaced with those specified. If an attribute does not exist, then it gets created. Assumes that the connection is already made.
      Parameters:
      name - The RDN path of the object (relative to the connected hierarchy), usually it is just the objects name (e.g. CN= nkaushik)
      pattrs - The list of attributes and their values that need to be set
      Returns:
      boolean True if modification is successful, else false
    • modifyAttributesAdd

      public boolean modifyAttributesAdd(String name, Attributes pattrs)
      Internal method that executes the JNDI modifyAttributes method, specifying the mode as "add".
      "add" means that the attributes are set only if they don't already exist. Assumes that the connection is already made.
      Parameters:
      name - The RDN path of the object (relative to the connected hierarchy), usually it is just the objects name (e.g. CN= nkaushik)
      pattrs - The list of attributes and their values that need to be set
      Returns:
      boolean
    • modifyAttributesDelete

      public boolean modifyAttributesDelete(String name, Attributes pattrs)
      Internal method that executes the JNDI modifyAttributes method, specifying the mode as "delete".
      "delete" means that the existing name/value pairs get deleted. Assumes that the connection is already made.
      Parameters:
      name - The RDN path of the object (relative to the connected hierarchy), usually it is just the objects name (e.g. CN= nkaushik)
      pattrs - The list of attributes and their values that need to be set. It must contain the name AND the value of the attribute to be deleted.
      Returns:
      boolean
    • setBitMaskedAttribute

      public boolean setBitMaskedAttribute(String hierarchy, String name, String attrName, int attrMask, boolean check) throws Exception
      There are many attributes in LDAP that are stored as integers but are actually bit masks (e.g. userOrganizationControl, systemFlags).
      This Internal method allows you to set or unset a particular bit (or group of bits) using a bit mask.
      Parameters:
      hierarchy - The hierarchy to the LDAP object to connect to (to get permissions)
      name - The path of the object relative to the connected hierarchy, usually it is just the objects name and class (e.g. CN= nkaushik)
      attrName - The name of the attribute to be set
      attrMask - The integer mask to use to locate the bit(s) to be modified. e.g. if we want to change the 5th bit, the mask would be binary 10000, and so attrMask = 16
      check - boolean indicating if we want to set the bit(s) (check=True) or unset the bit(s) (check=False)
      Returns:
      boolean indicating success
      Throws:
      Exception - boolean
    • getBitMaskedAttribute

      public boolean getBitMaskedAttribute(String hierarchy, String name, String attrName, int attrMask) throws Exception
      There are many attributes in LDAP that are stored as integers but are actually bit masks (e.g. userOrganizationControl, systemFlags).
      This Internal method allows you to see if a particular bit is set or unset
      Parameters:
      hierarchy - The hierarchy to the LDAP object to connect to (to get permissions)
      name - The path of the object relative to the connected hierarchy, usually it is just the objects name and class (e.g. CN= nkaushik)
      attrName - The name of the attribute to be checked
      attrMask - The integer mask to use to locate the bit(s) to be checked. e.g. if we want to see the 5th bit, the mask would be binary 10000, and so attrMask = 16
      Returns:
      True if the bit is set (corresponding to the property being checked), False if the bit is unset (corresponding to the property being unchecked)
      Throws:
      Exception
    • deleteObject

      public boolean deleteObject(String name)
      Internal method that executes the JNDI delete method. Assumes that the connection is already made.
      Parameters:
      name - The RDN path of the object (relative to the connected hierarchy), usually it is just the objects name, e.g CN= nkaushik
      Returns:
      boolean true is able to delete successfully else false
    • getHashtableFromVector

      public Hashtable getHashtableFromVector(Vector poVector)
      UTILITY method that returns a Hashtable object given a vector containing name-value pairs in string array format. Useful for generating hashtables to use for setting properties
      Parameters:
      poVector - A vector of string arrays, in which the first element of the array is the key, the second is the value
      Returns:
      The Hashtable representing the key-value pairs
    • getHashtableFromAttributes

      public Hashtable getHashtableFromAttributes(Attributes poAttr) throws Exception
      returns a hashtable containing all the attributes
      Parameters:
      poAttr - Attributes
      Returns:
      hashtable containing all the attributes
      Throws:
      Exception
    • getAttributesObject

      public Attributes getAttributesObject(Hashtable poProperties)
      UTILITY method that returns an Attributes object given a hashtable containing attribute name-value pairs
      Parameters:
      poProperties - A hashtable in which the keys are the attribute names and the objects are the attribute values
      Returns:
      The Attributes object representing the list of name-value pairs
    • getAttributesObject

      public Attributes getAttributesObject(Vector poProperties)
      UTILITY method that returns an Attributes object given a vector containing attribute name-value pairs
      Parameters:
      poProperties - A vector of string arrays, in which the first element of the array is the attribute name, the second is the attribute value
      Returns:
      The Attributes object representing the list of name-value pairs
    • getAttributeObject

      public Attribute getAttributeObject(String psProperty, String psValue)
      UTILITY method that returns an Attribute object given an attribute name and an attribute value
      Parameters:
      psProperty - The attribute name
      psValue - The attribute value
      Returns:
      The Attribute object representing this name-value pair
    • getCanonicalName

      public String getCanonicalName(String nameDN)
      UTILITY method that extracts the canonical name of an object from its Distinguished Name. Useful when working with objects retrieved from a search result, when all you have is the DN.
      Parameters:
      nameDN - The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest first
      Returns:
      A String which is the objects canonical name, e.g. nkaushik
    • getRelativeDistinguishedName

      public String getRelativeDistinguishedName(String nameDN, String basehier)
      UTILITY method that extracts the canonical name of an object from its Distinguished Name. Useful when working with objects retrieved from a search result, when all you have is the DN.
      Parameters:
      nameDN - The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest first
      basehier - The basehier with respect to which the RDN should be given
      Returns:
      A String which is the objects relative distinguished name, e.g. CN= nkaushik
    • getHierarchyVector

      public Vector getHierarchyVector(String nameDN, Vector basehier)
      UTILITY method that constructs the hierarchy vector for an object from the Relative Distinguished Name of that object. Useful when working with objects retrieved from a search result, when all you have is the Relative DN and the hierarchy the search was conducted below.
      The returned hierarchy vector is a vector of 2-element string arrays.
      Important: Remember, that since the relative DN was probably retrieved through a search which returns RDNs(like getUsers, getGroup, etc), to get the hierarchy relative to the root context, you must pass in as the second parameter the hierarchy below which the search was done.
      Parameters:
      nameDN - The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest first
      basehier - The hierarchy that the nameDN is relative to, in case it needs to be appended. Can be NULL
      Returns:
      A Vector of String arrays, where each element is ["object class", "object name"], e.g. ["ou", "abc company"]
    • getParentHierarchyVector

      public Vector getParentHierarchyVector(String nameDN, Vector basehier)
      UTILITY method that constructs the hierarchy vector for the parent of an object from the Relative Distinguished Name of that object. Useful when working with objects retrieved from a search result, when all you have is the Relative DN and the hierarchy the search was conducted below.
      The returned hierarchy vector is a vector of 2-element string arrays.
      Important: Remember, that since the relative DN was probably retrieved through a search which returns RDNs(like getUsers, getGroup, etc), to get the hierarchy relative to the root context, you must pass in as the second parameter the hierarchy below which the search was done.
      Parameters:
      nameDN - The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest first
      basehier - The hierarchy that the nameDN is relative to, in case it needs to be appended. Can be NULL
      Returns:
      A Vector of String arrays, where each element is ["object class", "object name"], e.g. ["ou", "abc company"]
    • getParentHierarchyDN

      public String getParentHierarchyDN(String nameDN, String basehier)
      UTILITY method that constructs the hierarchy vector for the parent of an object from the Relative Distinguished Name of that object. Useful when working with objects retrieved from a search result, when all you have is the Relative DN and the hierarchy the search was conducted below.
      The returned hierarchy vector is a string.
      Important: Remember, that since the relative DN was probably retrieved through a search which returns RDNs(like getUsers, getGroup, etc), to get the hierarchy relative to the root context, you must pass in as the second parameter the hierarchy below which the search was done.
      Parameters:
      nameDN - The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest first
      basehier - The hierarchy that the nameDN is relative to, in case it needs to be appended. Can be NULL
      Returns:
      A String arrays, where each element is ["object class", "object name"], e.g. ["ou", "abc company"]
    • getCountryCode

      public String getCountryCode(String country)
      Utility that returns the 2-letter code associated with the country specified. If the hashtable countryCodes does not exist, then it builds it.
      Parameters:
      country - The name of the country specified in AD terms (United States,...)
      Returns:
      The two-letter code
    • getCountryNum

      public String getCountryNum(String country)
      Utility that returns the AD-specific Numeric code associated with the country specified. If the hashtable countryNums does not exist then it builds it.
      Parameters:
      country - The name of the country specified in AD terms (United States,...)
      Returns:
      The numeric code
    • removeSpace1

      public static String removeSpace1(String parent, String accept)
      Removes the spaces from the first string
      Parameters:
      parent -
      accept -
      Returns:
      string without any spaces
    • main

      public static void main(String[] args)