Skip to content
Permalink
Browse files
FC-291 - Support Relax Control
  • Loading branch information
shawnmckinney committed Apr 6, 2021
1 parent b56a5ff commit 9dffb9cc0929760aaddb87cc4d3f02c88cea8a40
Show file tree
Hide file tree
Showing 5 changed files with 170 additions and 25 deletions.
@@ -52,6 +52,10 @@
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.message.controls.ManageDsaIT;
import org.apache.directory.api.ldap.model.message.controls.ManageDsaITImpl;
import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz;
import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthzImpl;
import org.apache.directory.fortress.core.CfgException;
import org.apache.directory.fortress.core.CreateException;
import org.apache.directory.fortress.core.FinderException;
@@ -235,7 +239,7 @@ public String newValue(String value)
User create( User entity ) throws CreateException
{
LdapConnection ld = null;

boolean setRelaxedControl = false;
try
{
entity.setInternalId();
@@ -301,6 +305,7 @@ else if( !Config.getInstance().getBoolean( GlobalIds.USER_CREATION_PASSWORD_FIEL
if ( ( Config.getInstance().isOpenldap() || Config.getInstance().isApacheds() ) && StringUtils.isNotEmpty( entity.getPwPolicy() ) )
{
myEntry.add( OPENLDAP_POLICY_SUBENTRY, PolicyDAO.getPolicyDn( entity ) );
setRelaxedControl = true;
}

if ( StringUtils.isNotEmpty( entity.getOu() ) )
@@ -347,7 +352,7 @@ else if( !Config.getInstance().getBoolean( GlobalIds.USER_CREATION_PASSWORD_FIEL
}

ld = getAdminConnection();
add( ld, myEntry, entity );
add( ld, myEntry, entity, setRelaxedControl );
entity.setDn( dn );
}
catch ( LdapEntryAlreadyExistsException e )
@@ -378,7 +383,7 @@ User update( User entity ) throws UpdateException
{
LdapConnection ld = null;
String userDn = getDn( entity.getUserId(), entity.getContextId() );

boolean setRelaxedControl = false;
try
{
List<Modification> mods = new ArrayList<Modification>();
@@ -430,6 +435,7 @@ User update( User entity ) throws UpdateException
{
mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, OPENLDAP_POLICY_SUBENTRY,
PolicyDAO.getPolicyDn( entity ) ) );
setRelaxedControl = true;
}

if ( entity.isSystem() != null )
@@ -495,7 +501,7 @@ User update( User entity ) throws UpdateException
if ( mods.size() > 0 )
{
ld = getAdminConnection();
modify( ld, userDn, mods, entity );
modify( ld, userDn, mods, entity, setRelaxedControl );
entity.setDn( userDn );
}

@@ -602,7 +608,7 @@ void lock( User user ) throws UpdateException
mods.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, OPENLDAP_PW_LOCKED_TIME,
LOCK_VALUE ) );
ld = getAdminConnection();
modify( ld, userDn, mods, user );
modify( ld, userDn, mods, user, true );
}
catch ( LdapException e )
{
@@ -630,7 +636,7 @@ void unlock( User user ) throws UpdateException
List<Modification> mods = new ArrayList<Modification>();
mods.add( new DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE, OPENLDAP_PW_LOCKED_TIME ) );
ld = getAdminConnection();
modify( ld, userDn, mods, user );
modify( ld, userDn, mods, user, true );
}
catch ( LdapNoSuchAttributeException e )
{
@@ -47,18 +47,7 @@
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.exception.LdapOperationErrorException;
import org.apache.directory.api.ldap.model.message.BindRequest;
import org.apache.directory.api.ldap.model.message.BindRequestImpl;
import org.apache.directory.api.ldap.model.message.BindResponse;
import org.apache.directory.api.ldap.model.message.CompareRequest;
import org.apache.directory.api.ldap.model.message.CompareRequestImpl;
import org.apache.directory.api.ldap.model.message.CompareResponse;
import org.apache.directory.api.ldap.model.message.Control;
import org.apache.directory.api.ldap.model.message.Response;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchRequest;
import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.message.*;
import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz;
import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthzImpl;
import org.apache.directory.api.ldap.model.name.Dn;
@@ -229,6 +218,21 @@ protected void add( LdapConnection connection, Entry entry ) throws LdapExceptio
* @throws LdapException in the event system error occurs.
*/
protected void add( LdapConnection connection, Entry entry, FortEntity entity ) throws LdapException
{
add( connection, entry, entity, false );
}


/**
* Add a new ldap entry to the directory. Add audit context.
*
* @param connection handle to ldap connection.
* @param entry contains data to add..
* @param entity contains audit context.
* @param setRelaxedControl when true adds managed dsa control to request
* @throws LdapException in the event system error occurs.
*/
protected void add( LdapConnection connection, Entry entry, FortEntity entity, boolean setRelaxedControl ) throws LdapException
{
COUNTERS.incrementAdd();

@@ -249,8 +253,13 @@ protected void add( LdapConnection connection, Entry entry, FortEntity entity )
entry.add( GlobalIds.FT_MODIFIER_ID, entity.getModId() );
}
}

connection.add( entry );
AddRequest addRequest = new AddRequestImpl();
addRequest.setEntry( entry );
if ( setRelaxedControl )
{
addRequest.addControl( new RelaxControlImpl() );
}
AddResponse response = connection.add( addRequest );
}


@@ -296,11 +305,37 @@ protected void modify( LdapConnection connection, Dn dn, List<Modification> mods
*/
protected void modify( LdapConnection connection, String dn, List<Modification> mods,
FortEntity entity ) throws LdapException
{
modify( connection, dn, mods, entity, false );
}


/**
* Update exiting ldap entry to the directory. Add audit context.
*
* @param connection handle to ldap connection.
* @param dn contains distinguished node of entry.
* @param mods contains data to modify.
* @param entity contains audit context.
* @param setRelaxedControl when true adds managed dsa control to request
* @throws LdapException in the event system error occurs.
*/
protected void modify( LdapConnection connection, String dn, List<Modification> mods,
FortEntity entity, boolean setRelaxedControl ) throws LdapException
{
COUNTERS.incrementMod();
audit( mods, entity );
connection.modify( dn, mods.toArray( new Modification[]
{} ) );
ModifyRequest modRequest = new ModifyRequestImpl();
for( Modification mod : mods )
{
modRequest.addModification( mod );
}
if ( setRelaxedControl )
{
modRequest.addControl( new RelaxControlImpl() );
}
modRequest.setName( new Dn( dn ) );
ModifyResponse response = connection.modify( modRequest );
}


@@ -318,8 +353,7 @@ protected void modify( LdapConnection connection, Dn dn, List<Modification> mods
{
COUNTERS.incrementMod();
audit( mods, entity );
connection.modify( dn, mods.toArray( new Modification[]
{} ) );
connection.modify( dn, mods.toArray( new Modification[] {} ) );
}


@@ -1337,4 +1371,4 @@ public static void closeAllConnectionPools(){
LdapConnectionProvider.closeAllConnectionPools();
}

}
}
@@ -0,0 +1,35 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.fortress.core.ldap;


import org.apache.directory.api.ldap.model.message.Control;

/**
* The LDAP Relax Rules Control. It's defined in https://tools.ietf.org/html/draft-zeilenga-ldap-relax-03.
* This control is sent with every update of pwdPolicySubEntry on user.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public interface RelaxControl extends Control
{
/** The LDAP Relax Rules Control OID */
String OID = "1.3.6.1.4.1.4203.666.5.12";
}
@@ -0,0 +1,31 @@
package org.apache.directory.fortress.core.ldap;


import org.apache.directory.api.asn1.Asn1Object;
import org.apache.directory.api.asn1.DecoderException;
import org.apache.directory.api.asn1.EncoderException;
import org.apache.directory.api.ldap.codec.api.ControlDecorator;
import org.apache.directory.api.ldap.codec.api.LdapApiService;

import java.nio.ByteBuffer;


public class RelaxControlDecorator extends ControlDecorator<RelaxControl> implements RelaxControl
{
public RelaxControlDecorator(LdapApiService codec, RelaxControl control) {
super(codec, control);
}
public int computeLength() {
return 0;
}

public Asn1Object decode(byte[] controlBytes) throws DecoderException
{
return this;
}

public ByteBuffer encode(ByteBuffer buffer) throws EncoderException
{
return buffer;
}
}
@@ -0,0 +1,39 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.fortress.core.ldap;

import org.apache.directory.api.ldap.model.message.controls.AbstractControl;

/**
* The LDAP Relax Rules Control. It's defined in https://tools.ietf.org/html/draft-zeilenga-ldap-relax-03.
* This control is sent with every update of pwdPolicySubEntry on user.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public class RelaxControlImpl extends AbstractControl implements RelaxControl {
public RelaxControlImpl() {
super("1.3.6.1.4.1.4203.666.5.12");
}

public RelaxControlImpl(boolean isCritical) {
super("1.3.6.1.4.1.4203.666.5.12");
this.setCritical(isCritical);
}
}

0 comments on commit 9dffb9c

Please sign in to comment.