Package com.thortech.xl.util.adapters
Class tcUtilLDAPController
java.lang.Object
com.thortech.xl.util.adapters.tcUtilLDAPController
Class that provides the JNDI Interface to LDAP Director.
Requires that jndi.jar be in the classpath.
Requires that jndi.jar be in the classpath.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic int
The home directory is required.static int
The account is currently locked out.static int
Organization is disabledstatic int
The user cannot change the password.static int
The user can send an encrypted password.static int
The password for this account will never expire.static int
No password is required.static int
The logon script is executed.static int
The user must log on using a smart card. -
Constructor Summary
ConstructorsConstructorDescriptiontcUtilLDAPController
(String server, String rootcon, String princ, String p_password) Contructor that sets the primary connection parameterstcUtilLDAPController
(String server, String rootcon, String princ, String p_password, boolean pSecure) Contructor that sets the primary connection parameters, and also provides a method to set the security constrainttcUtilLDAPController
(String server, String rootcon, String princ, String p_password, Boolean pSecure) Creates a new tcUtilLDAPController object. -
Method Summary
Modifier and TypeMethodDescriptionvoid
Connects to a directory object.boolean
createObject
(String name, Attributes pattrs) Method used internally to create any type of object.boolean
deleteObject
(String name) Internal method that executes the JNDI delete method.void
Closes connection to directory servergetAttributeObject
(String psProperty, String psValue) UTILITY method that returns an Attribute object given an attribute name and an attribute valuegetAttributes
(String hierarchy, String name) Returns a hash of the objects attributes and their values.getAttributesObject
(Hashtable poProperties) UTILITY method that returns an Attributes object given a hashtable containing attribute name-value pairsgetAttributesObject
(Vector poProperties) UTILITY method that returns an Attributes object given a vector containing attribute name-value pairsgetAttributeValueBasedOnSearch
(String hierarchy, String distinguishName, String ObjectClass, String attrname) This method will search in the specified hierarchy using the specified distinguished name and objectclass.getAttributeValues
(String hierarchy, String name, String attrname) Lists the value(s) of a particular object attribute.boolean
getBitMaskedAttribute
(String hierarchy, String name, String attrName, int attrMask) There are many attributes in LDAP that are stored as integers but are actually bit masks (e.g.getCanonicalName
(String nameDN) UTILITY method that extracts the canonical name of an object from its Distinguished Name.getCountryCode
(String country) Utility that returns the 2-letter code associated with the country specified.getCountryNum
(String country) Utility that returns the AD-specific Numeric code associated with the country specified.getHashtableFromAttributes
(Attributes poAttr) returns a hashtable containing all the attributesgetHashtableFromVector
(Vector poVector) UTILITY method that returns a Hashtable object given a vector containing name-value pairs in string array format.getHierarchyVector
(String nameDN, Vector basehier) UTILITY method that constructs the hierarchy vector for an object from the Relative Distinguished Name of that object.getParentHierarchyDN
(String nameDN, String basehier) UTILITY method that constructs the hierarchy vector for the parent of an object from the Relative Distinguished Name of that object.getParentHierarchyVector
(String nameDN, Vector basehier) UTILITY method that constructs the hierarchy vector for the parent of an object from the Relative Distinguished Name of that object.Forms the basis of building the hierarchical tree to the LDAP object.getPathFromVector
(Vector hierarchy) This method will return a string representation of the LDAP hierarchy path which is encapsulated in the Vector.getRelativeDistinguishedName
(String nameDN, String basehier) UTILITY method that extracts the canonical name of an object from its Distinguished Name.getRootDSEProperty
(String attrName) Searches LDAP for the RootDSE object and get the value of a particular property from itvoid
listEnvironment
(String hierarchy, String filter) Returns a List of Environmentsstatic void
boolean
modifyAttributesAdd
(String name, Attributes pattrs) Internal method that executes the JNDI modifyAttributes method, specifying the mode as "add".
"add" means that the attributes are set only if they don't already exist.boolean
modifyAttributesDelete
(String name, Attributes pattrs) Internal method that executes the JNDI modifyAttributes method, specifying the mode as "delete".
"delete" means that the existing name/value pairs get deleted.boolean
modifyAttributesReplace
(String name, Attributes pattrs) Internal method that executes the JNDI modifyAttributes method, specifying the mode as "replace".
"replace" means that the value(s) of the existing attributes get replaced with those specified.boolean
moveObject
(String source, String destination, String name) Moves an LDAP objectremovePlus
(String parent, String accept) This function replace all the occurences of "+" in the "parent" string with the "accept" stringstatic String
removeSpace1
(String parent, String accept) Removes the spaces from the first stringboolean
Internal method that executes the JNDI rename method.Searches LDAP for the objects fulfilling the criteria specified by the search filter.searchResult
(String orgRDN, String filter) Searches LDAP for the objects fulfilling the criteria specified by the search filter.searchResult
(String orgRDN, String filter, String[] returnAttributes) Searches LDAP for the objects fulfilling the criteria specified by the search filter.boolean
setBitMaskedAttribute
(String hierarchy, String name, String attrName, int attrMask, boolean check) There are many attributes in LDAP that are stored as integers but are actually bit masks (e.g.
-
Field Details
-
UAC_SCRIPT
public static int UAC_SCRIPTThe logon script is executed. -
UAC_ORGANIZATIONDISABLE
public static int UAC_ORGANIZATIONDISABLEOrganization is disabled -
UAC_HOMEDIR_REQD
public static int UAC_HOMEDIR_REQDThe home directory is required. -
UAC_LOCKEDOUT
public static int UAC_LOCKEDOUTThe account is currently locked out. -
UAC_PWD_NOTREQD
public static int UAC_PWD_NOTREQDNo password is required. -
UAC_PWD_CANTCHANGE
public static int UAC_PWD_CANTCHANGEThe user cannot change the password. -
UAC_PWD_ENCRYPTED
public static int UAC_PWD_ENCRYPTEDThe user can send an encrypted password. -
UAC_PWD_NOEXPIRE
public static int UAC_PWD_NOEXPIREThe password for this account will never expire. -
UAC_SMARTCARD
public static int UAC_SMARTCARDThe user must log on using a smart card.
-
-
Constructor Details
-
tcUtilLDAPController
Contructor that sets the primary connection parameters- Parameters:
server
- The domain or the IP address of the LDAP Server, e.g. w2kaddcd02, thor60.thortech.comrootcon
- The domain root for the LDAP structure, e.g. DC=THORTECH,DC=comprinc
- The Distinguished Name of the Admin User the program will log in as, e.g. CN=Admin,CN=Users,DC=THORDEV,DC=comp_password
- The password of the Admin User
-
tcUtilLDAPController
public tcUtilLDAPController(String server, String rootcon, String princ, String p_password, boolean pSecure) throws Exception Contructor that sets the primary connection parameters, and also provides a method to set the security constraint- Parameters:
server
- The domain or the IP address of the LDAP Server, e.g. w2kaddcd02, thor60.thortech.comrootcon
- The domain root for the LDAP structure, e.g. DC=THORTECH,DC=comprinc
- The Distinguished Name of the Admin User the program will log in as, e.g. CN=Admin,CN=Users,DC=THORDEV,DC=comp_password
- The password of the Admin UserpSecure
- boolean telling whether to use secure connection (SSL) or not- Throws:
Exception
-
tcUtilLDAPController
public tcUtilLDAPController(String server, String rootcon, String princ, String p_password, Boolean pSecure) throws Exception Creates a new tcUtilLDAPController object.- Parameters:
server
- The domain or the IP address of the LDAP Server, e.g. w2kaddcd02, thor60.thortech.comrootcon
- The domain root for the LDAP structure, e.g. DC=THORTECH,DC=comprinc
- The Distinguished Name of the Admin User the program will log in as, e.g. CN=Admin,CN=Users,DC=THORDEV,DC=comp_password
- The password of the Admin UserpSecure
- boolean telling whether to use secure connection (SSL) or not- Throws:
Exception
-
-
Method Details
-
moveObject
Moves an LDAP object- Parameters:
source
- Parent heirarchy of the Objects current location, e.g OU=Devel,OU=Engineeringdestination
- Parent heirarchy of the Objects destination location, e.g OU=Devel,OU=Engineeringname
- The name of the object, including the object type, e.g. "cn=Consultant" uses the rename method to specify that the member attributes distinguished name is to be changed. Since this includes the full path, it changes the location also- Returns:
- boolean True if renaming has been successful, else false
- Throws:
Exception
- See Also:
-
rename
Internal method that executes the JNDI rename method. It is used by moveObject- Parameters:
hierarchy
- The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=Engineeringoldname
- The old name of the object, including the object type, e.g. "cn=Consultant"newname
- The new name of the object, including the object type, e.g. "cn=Consultant"- Returns:
- boolean True if renaming has been successful, else false
- Throws:
Exception
- See Also:
-
search
Searches LDAP for the objects fulfilling the criteria specified by the search filter. It scans the whole tree below the specified OU.- Parameters:
hierarchy
- The hierarchical structure to the OU to search below, e.g OU=Devel,OU=Engineeringfilter
- Specifies the conditions to search for in the form of a search filter. A search filter is a search query expresed in the form of a logical expression in prefix notation (i.e., the logical operator appears before its arguments). Some examples are:
1) Search for an Object where sn = "Geisel" and mail has a value (any value)(&(sn=Geisel) (mail=))
2) Search for Objects where either sn is "Geisel" and mail is any value, or sn begins with "L"(| (& (sn=Geisel) (mail=)) (sn=L))
For further information, look at RFC 2254
Commonly Used Search Filters Are:
1)Search for group policies: (objectClass=groupPolicyContainer)
2)Search for the Group "groupname": (&(objectClass=group)(cn=groupname))- Returns:
- Returns a Vector of Strings containing the DN of the object (relative to parameter v). Returns null vector if not found
- Throws:
Exception
-
searchResult
Searches LDAP for the objects fulfilling the criteria specified by the search filter.- Parameters:
orgRDN
- the name of the context to searchfilter
- filter criteria- Returns:
- Vector containg the searched results
- Throws:
Exception
-
searchResult
public Vector searchResult(String orgRDN, String filter, String[] returnAttributes) throws Exception Searches LDAP for the objects fulfilling the criteria specified by the search filter. Returns a set of attributes specified as an input parameter- Parameters:
orgRDN
- the name of the context to searchfilter
- Filter CriterionreturnAttributes
- List of attributes to be returned- Returns:
- Vector containing the searched results
- Throws:
Exception
-
getRootDSEProperty
Searches LDAP for the RootDSE object and get the value of a particular property from it- Parameters:
attrName
- The attribute name to get- Returns:
- Returns a String containing the value of that attribute if found Returns "" if not found
- Throws:
Exception
-
listEnvironment
Returns a List of Environments- Parameters:
hierarchy
- The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=Engineeringfilter
- filter criteria- Throws:
Exception
-
getAttributes
Returns a hash of the objects attributes and their values. The key is the attribute name, while the value is a vector containing the list of values for that object.- Parameters:
hierarchy
- The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=Engineeringname
- The path of the object relative to the connected hierarchy, usually it is just the objects name- Returns:
- A Hastable of the form {attribute name, Vector of attribute values}
- Throws:
Exception
-
getAttributeValues
Lists the value(s) of a particular object attribute. Returns it as a vector to accommodate properties that have a list of values.- Parameters:
hierarchy
- The hierarchy of the object to connect to (to get permissions) e.g OU=Devel,OU=Engineeringname
- The path of the object relative to the connected hierarchy, usually it is just the objects nameattrname
- The name of the attribute (property) whose value(s) needs to be retrieved.- Returns:
- A Vector of Strings, consisting of all the values this attribute was set to.
- Throws:
Exception
-
getAttributeValueBasedOnSearch
public String getAttributeValueBasedOnSearch(String hierarchy, String distinguishName, String ObjectClass, String attrname) throws Exception This method will search in the specified hierarchy using the specified distinguished name and objectclass. From the search result, it will return the value of the specified attribute. A possible call to this method can look like: String attrVal = getAttributeValueBasedOnSearch( "ou=people,dc=oracle,dc=com", "cn=adharmad, ou=idmgmt, ou=stit", "inetOrgPerson", "givenName") This call should search for an LDAP object having DN: "cn=adharmad,ou=idmgmt, ou=stit", in the hierarchy: "ou=people,dc=oracle,dc=com", having objectClass "inetOrgPerson" and return the "givenName" attribute if this object is found.- Parameters:
hierarchy
- The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=EngineeringdistinguishName
- Distinguishing nameObjectClass
- Object Classattrname
- attribute name- Returns:
- String value of the specified attribute
- Throws:
Exception
-
removePlus
This function replace all the occurences of "+" in the "parent" string with the "accept" string- Parameters:
parent
- The string in whicjh "+" is to be replacedaccept
- The String with which "+" is to be replaced- Returns:
- String Updated String
-
connect
Connects to a directory object. Usually it is the parent of the object you want to modify. This method uses the class variables dirserver, rootcontext, principal and principal_password- Parameters:
hierarchy
- Object path from object to root context (excluding root context). It must be a String of format "Class Type=Object CN,Class Type=Object CN" where:
- Class Type is the objects class type ("CN", "OU", ...)
- Object CN is the LDAP objects common name (" nkaushik", "finance group", ... ). Basically whatever is assigned to the mandatory property "cn" or "ou".
So to get to the LDAP object with the distinguished name:
CN=Dumbo,OU=Leaders,OU=Elephants,DC=thordev,DC=com
and with the constructor parameter rootcon = "DC=thordev,DC=com",
the string would beCN=Dumbo,OU=Leaders,OU=Elephants
- Throws:
Exception
-
disconnect
public void disconnect()Closes connection to directory server -
getPath
Forms the basis of building the hierarchical tree to the LDAP object. Used by connect to build the correct connection.- Parameters:
hierarchy
- Contains the elements in the tree, deepest one first. The String must be of format "Class Type=Object CN,Class Type=Object CN" where:
- Class Type is the objects class type ("CN", "OU", ...)
- Object CN is the LDAP objects common name (" nkaushik", "finance group", ... ). Basically whatever is assigned to the mandatory property "cn" or "ou".
e.g.CN=Dumbo,OU=Leaders,OU=Elephants
- Returns:
- String of the canonical path (including the root context), e.g. OU=Users,OU=abc,OU=Companies,DC=thordev,DC=com
-
getPathFromVector
This method will return a string representation of the LDAP hierarchy path which is encapsulated in the Vector. The Vector contains objects of type String array (String[]). Each element of the vector will be a string array of size 2. The first element of the string array will be the node type, and the second element will be the node value. eg - Consider this call to the method: Vector v = new Vector(); v.add(new String[] {"ou", "servertech"}); v.add(new String[] {"dc", "oracle"}); v.add(new String[] {"dc", "com"}); String dirPath = getPathFromVector(v); This call will return the string "ou=servertech,dc=oracle,dc=com".- Parameters:
hierarchy
- The hierarchy of the object to connect to (to get permissions), e.g OU=Devel,OU=Engineering- Returns:
- String string representation of the LDAP hierarchy path
-
createObject
Method used internally to create any type of object. Please Note: the attributes must contain the following attributes: "objectclass" and "cn"- Parameters:
name
- The name of the object to be created, e.g. the usernamepattrs
- The various attributes that need to be set, as an Attributes object- Returns:
- boolean True if the creation is successful, else false
-
modifyAttributesReplace
Internal method that executes the JNDI modifyAttributes method, specifying the mode as "replace".
"replace" means that the value(s) of the existing attributes get replaced with those specified. If an attribute does not exist, then it gets created. Assumes that the connection is already made.- Parameters:
name
- The RDN path of the object (relative to the connected hierarchy), usually it is just the objects name (e.g. CN= nkaushik)pattrs
- The list of attributes and their values that need to be set- Returns:
- boolean True if modification is successful, else false
-
modifyAttributesAdd
Internal method that executes the JNDI modifyAttributes method, specifying the mode as "add".
"add" means that the attributes are set only if they don't already exist. Assumes that the connection is already made.- Parameters:
name
- The RDN path of the object (relative to the connected hierarchy), usually it is just the objects name (e.g. CN= nkaushik)pattrs
- The list of attributes and their values that need to be set- Returns:
- boolean
-
modifyAttributesDelete
Internal method that executes the JNDI modifyAttributes method, specifying the mode as "delete".
"delete" means that the existing name/value pairs get deleted. Assumes that the connection is already made.- Parameters:
name
- The RDN path of the object (relative to the connected hierarchy), usually it is just the objects name (e.g. CN= nkaushik)pattrs
- The list of attributes and their values that need to be set. It must contain the name AND the value of the attribute to be deleted.- Returns:
- boolean
-
setBitMaskedAttribute
public boolean setBitMaskedAttribute(String hierarchy, String name, String attrName, int attrMask, boolean check) throws Exception There are many attributes in LDAP that are stored as integers but are actually bit masks (e.g. userOrganizationControl, systemFlags).
This Internal method allows you to set or unset a particular bit (or group of bits) using a bit mask.- Parameters:
hierarchy
- The hierarchy to the LDAP object to connect to (to get permissions)name
- The path of the object relative to the connected hierarchy, usually it is just the objects name and class (e.g. CN= nkaushik)attrName
- The name of the attribute to be setattrMask
- The integer mask to use to locate the bit(s) to be modified. e.g. if we want to change the 5th bit, the mask would be binary 10000, and so attrMask = 16check
- boolean indicating if we want to set the bit(s) (check=True) or unset the bit(s) (check=False)- Returns:
- boolean indicating success
- Throws:
Exception
- boolean
-
getBitMaskedAttribute
public boolean getBitMaskedAttribute(String hierarchy, String name, String attrName, int attrMask) throws Exception There are many attributes in LDAP that are stored as integers but are actually bit masks (e.g. userOrganizationControl, systemFlags).
This Internal method allows you to see if a particular bit is set or unset- Parameters:
hierarchy
- The hierarchy to the LDAP object to connect to (to get permissions)name
- The path of the object relative to the connected hierarchy, usually it is just the objects name and class (e.g. CN= nkaushik)attrName
- The name of the attribute to be checkedattrMask
- The integer mask to use to locate the bit(s) to be checked. e.g. if we want to see the 5th bit, the mask would be binary 10000, and so attrMask = 16- Returns:
- True if the bit is set (corresponding to the property being checked), False if the bit is unset (corresponding to the property being unchecked)
- Throws:
Exception
-
deleteObject
Internal method that executes the JNDI delete method. Assumes that the connection is already made.- Parameters:
name
- The RDN path of the object (relative to the connected hierarchy), usually it is just the objects name, e.g CN= nkaushik- Returns:
- boolean true is able to delete successfully else false
-
getHashtableFromVector
UTILITY method that returns a Hashtable object given a vector containing name-value pairs in string array format. Useful for generating hashtables to use for setting properties- Parameters:
poVector
- A vector of string arrays, in which the first element of the array is the key, the second is the value- Returns:
- The Hashtable representing the key-value pairs
-
getHashtableFromAttributes
returns a hashtable containing all the attributes- Parameters:
poAttr
- Attributes- Returns:
- hashtable containing all the attributes
- Throws:
Exception
-
getAttributesObject
UTILITY method that returns an Attributes object given a hashtable containing attribute name-value pairs- Parameters:
poProperties
- A hashtable in which the keys are the attribute names and the objects are the attribute values- Returns:
- The Attributes object representing the list of name-value pairs
-
getAttributesObject
UTILITY method that returns an Attributes object given a vector containing attribute name-value pairs- Parameters:
poProperties
- A vector of string arrays, in which the first element of the array is the attribute name, the second is the attribute value- Returns:
- The Attributes object representing the list of name-value pairs
-
getAttributeObject
UTILITY method that returns an Attribute object given an attribute name and an attribute value- Parameters:
psProperty
- The attribute namepsValue
- The attribute value- Returns:
- The Attribute object representing this name-value pair
-
getCanonicalName
UTILITY method that extracts the canonical name of an object from its Distinguished Name. Useful when working with objects retrieved from a search result, when all you have is the DN.- Parameters:
nameDN
- The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest first- Returns:
- A String which is the objects canonical name, e.g. nkaushik
-
getRelativeDistinguishedName
UTILITY method that extracts the canonical name of an object from its Distinguished Name. Useful when working with objects retrieved from a search result, when all you have is the DN.- Parameters:
nameDN
- The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest firstbasehier
- The basehier with respect to which the RDN should be given- Returns:
- A String which is the objects relative distinguished name, e.g. CN= nkaushik
-
getHierarchyVector
UTILITY method that constructs the hierarchy vector for an object from the Relative Distinguished Name of that object. Useful when working with objects retrieved from a search result, when all you have is the Relative DN and the hierarchy the search was conducted below.
The returned hierarchy vector is a vector of 2-element string arrays.
Important: Remember, that since the relative DN was probably retrieved through a search which returns RDNs(like getUsers, getGroup, etc), to get the hierarchy relative to the root context, you must pass in as the second parameter the hierarchy below which the search was done.- Parameters:
nameDN
- The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest firstbasehier
- The hierarchy that the nameDN is relative to, in case it needs to be appended. Can be NULL- Returns:
- A Vector of String arrays, where each element is ["object class", "object name"], e.g. ["ou", "abc company"]
-
getParentHierarchyVector
UTILITY method that constructs the hierarchy vector for the parent of an object from the Relative Distinguished Name of that object. Useful when working with objects retrieved from a search result, when all you have is the Relative DN and the hierarchy the search was conducted below.
The returned hierarchy vector is a vector of 2-element string arrays.
Important: Remember, that since the relative DN was probably retrieved through a search which returns RDNs(like getUsers, getGroup, etc), to get the hierarchy relative to the root context, you must pass in as the second parameter the hierarchy below which the search was done.- Parameters:
nameDN
- The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest firstbasehier
- The hierarchy that the nameDN is relative to, in case it needs to be appended. Can be NULL- Returns:
- A Vector of String arrays, where each element is ["object class", "object name"], e.g. ["ou", "abc company"]
-
getParentHierarchyDN
UTILITY method that constructs the hierarchy vector for the parent of an object from the Relative Distinguished Name of that object. Useful when working with objects retrieved from a search result, when all you have is the Relative DN and the hierarchy the search was conducted below.
The returned hierarchy vector is a string.
Important: Remember, that since the relative DN was probably retrieved through a search which returns RDNs(like getUsers, getGroup, etc), to get the hierarchy relative to the root context, you must pass in as the second parameter the hierarchy below which the search was done.- Parameters:
nameDN
- The names of the various LDAP objects in the hierarchy, from parent to root, Important: deepest firstbasehier
- The hierarchy that the nameDN is relative to, in case it needs to be appended. Can be NULL- Returns:
- A String arrays, where each element is ["object class", "object name"], e.g. ["ou", "abc company"]
-
getCountryCode
Utility that returns the 2-letter code associated with the country specified. If the hashtable countryCodes does not exist, then it builds it.- Parameters:
country
- The name of the country specified in AD terms (United States,...)- Returns:
- The two-letter code
-
getCountryNum
Utility that returns the AD-specific Numeric code associated with the country specified. If the hashtable countryNums does not exist then it builds it.- Parameters:
country
- The name of the country specified in AD terms (United States,...)- Returns:
- The numeric code
-
removeSpace1
Removes the spaces from the first string- Parameters:
parent
-accept
-- Returns:
- string without any spaces
-
main
-