com.waveset.adapter
Class LDAPResourceAdapterBase

java.lang.Object
  extended bycom.waveset.adapter.ResourceAdapterBase
      extended bycom.waveset.adapter.LDAPResourceAdapterBase
All Implemented Interfaces:
ActiveSync, ResourceAdapter
Direct Known Subclasses:
AD_LDAPResourceAdapter, LDAPResourceAdapter

public abstract class LDAPResourceAdapterBase
extends ResourceAdapterBase
implements ActiveSync


Nested Class Summary
 class LDAPResourceAdapterBase.AcctIter
          Class AcctIter
protected  class LDAPResourceAdapterBase.BlockAcctIter
          Implemenets a buffered account iterator used when Virtual List View controls are not available.
protected  class LDAPResourceAdapterBase.UpdateRow
          A row of data returned by getUpdateRows
protected  class LDAPResourceAdapterBase.UpdateRows
          Returned by getUpdateRows, this has a list of rows to update and a single row that is the "last one" to be saved for the next search so that we know where to start from.
 class LDAPResourceAdapterBase.VLVAcctIter
          The VLVAcctIter class uses the VirtualListViewControl from JNDI to get users from the LDAP server in blocks with blocksize users.
 
Nested classes inherited from class com.waveset.adapter.ResourceAdapterBase
ResourceAdapterBase.SimpleAccountIterator
 
Nested classes inherited from class com.waveset.adapter.ResourceAdapter
ResourceAdapter.ActionResult, ResourceAdapter.Features, ResourceAdapter.ObjectType
 
Field Summary
protected  com.waveset.adapter.util.ActionOnUser _accountActivator
           
protected  javax.naming.directory.DirContext _ctx
           
protected  boolean _encodePwd
           
protected static java.lang.String ALL_NON_OPERATIONAL_ATTRIBUTES
          "*" is a special attribute for searching LDAP that instructs the server to return all non-operational attributes in addition to any explicitly listed attributes.
static java.lang.String CLASS
           
static java.lang.String code_id
           
static java.lang.String LDAP_GROUPS_ATTR_NAME
           
static java.lang.String LDAP_SEARCH_ATTRIBUTE_NAMES
           
static java.lang.String LDAP_SEARCH_END_DATE
           
static java.lang.String LDAP_SEARCH_FILTER_STRING
          Constants for tailoring the search filter string.
static java.lang.String LDAP_SEARCH_OBJECT_CLASSES
           
static java.lang.String LDAP_SEARCH_START_DATE
           
static java.lang.String MICROSOFT
           
static java.lang.String NETSCAPE
           
static java.lang.String OPENLDAP
          The following vendor strings must have values that are unique.
static java.lang.String POSIX_GROUPS_ATTR_NAME
           
static java.lang.String RA_ACTIVE_SYNC_LDAP_FILTER
           
static java.lang.String RA_ACTIVE_SYNC_OBJECT_CLASSES
           
static java.lang.String RA_ATTRIBUTE_FILTER
           
static java.lang.String RA_BLOCKSIZE
           
static java.lang.String RA_CHANGE_NUMBER_ATTRIBUTE_NAME
           
static java.lang.String RA_ENABLE_CONNECTION_POOLING
          true <=> connection pooling will be used for some connections
static java.lang.String RA_GROUP_OBJCLASS
           
static java.lang.String RA_GRP_MBR_ATTR
           
static java.lang.String RA_HOST
           
static java.lang.String RA_INCL_OBJCLASSES_IN_SEARCH_FILTER
          true <=> the object classes are AND'ed into the filter.
static java.lang.String RA_LDAP_SEARCH_FILTER
          used when listing accounts (optional)
static java.lang.String RA_MOD_NAMING_ATTR
           
static java.lang.String RA_PASSWORD
           
static java.lang.String RA_PORT
           
static java.lang.String RA_PROCESS_NAME
          Deprecated. as of IdM 5.5. Use RA_PROCESS_RULE instead.
static java.lang.String RA_SSL
           
static java.lang.String RA_USE_BLOCKS
           
static java.lang.String RA_USERDN
           
static java.lang.String RA_VLV_SORT_ATTRIBUTE
           
static java.lang.String RA_WSNAME
           
static java.lang.String SUN
           
static java.lang.String UNDISCOVERED
           
static java.lang.String UNKNOWN
           
 
Fields inherited from class com.waveset.adapter.ResourceAdapterBase
_cache, _context, _excludedAccountsRule, _excludedAccountsRuleInited, _listAllObjectsAttrParse, _listAllObjectsAttrParseName, _listUserAttrParse, _listUserAttrParseName, _listUserGroupsAttrParse, _listUserGroupsAttrParseName, _resource, _thread, _trace, displayInfoCode, RA_BLOCKCOUNT, RA_LOGIN_ACTION, RA_LOGOFF_ACTION, RA_MULTI_VALUED_ATTRS, RA_TEST_MODE
 
Fields inherited from interface com.waveset.adapter.ActiveSync
ACTIVE_SYNC_EVENT_RES_ATTRS_XML, ACTIVE_SYNC_STD_RES_ATTRS_XML, ATTR_IS_DELETED, DATE_FORMAT, DATE_TIME_FORMAT, RA_APPLY_META_VIEW, RA_ASSIGN_SOURCE_ON_CREATE, RA_CONFIRMATION_RULE, RA_CORRELATION_RULE, RA_CREATE_UNMATCHED, RA_DELETE_RULE, RA_FORM, RA_ID, RA_IDM_NAME_RULE, RA_LEGACY_EVENT_GEN, RA_LOG_LEVEL, RA_LOG_PATH, RA_LOG_SIZE, RA_MAX_AGE_LENGTH, RA_MAX_AGE_UNIT, RA_MAX_ARCHIVES, RA_NAME, RA_PARAMETERIZED_INPUT_FORM, RA_POPULATE_GLOBAL, RA_POSTPOLL_WORKFLOW, RA_PREPOLL_WORKFLOW, RA_PROCESS_RULE, RA_PROXY_ADMINISTRATOR, RA_RESET_TO_TODAY, RA_RESOLVE_PROCESS_RULE, RA_SCHEDULE_INTERVAL, RA_SCHEDULE_INTERVAL_COUNT, RA_SCHEDULE_START_DATE, RA_SCHEDULE_START_TIME, RA_SYNC_CONFIG_MODE, RA_SYNC_POST_PROCESS_FORM, RA_UPDATE_IF_DELETE, RA_USE_INPUT_FORM, TIME_FORMAT, TRACE_LEVEL_DEBUG, TRACE_LEVEL_ERROR, TRACE_LEVEL_INFO, TRACE_LEVEL_NONE, TRACE_LEVEL_WARNING
 
Fields inherited from interface com.waveset.adapter.ResourceAdapter
CHANGE_PASSWORD_LOCATION, DISABLE, ENABLE, EXPIRE_PASSWORD, GUID, IGNORE_ATTR, NEW_ACCOUNT_ID, OP_DAYS_INACTIVE, OP_DISABLED, OP_DORMANT, OP_EXPIRED, OP_EXPIREDPWD, OP_INACTIVE, OP_LOCKED, OP_NO_PASSWORD_SET, OP_NOOWNERSHIP, OP_NOPASSWORDREQ, OP_NUMINACTIVEDAYS, OP_NUMPWDAYS, OP_PWNUMDAYS, RA_BASE_CTX, RA_DISPLAY_NAME_ATTR, RA_NEW_OBJECT_ID, RA_NEW_OBJECT_NAME, RA_OBJECT_ATTRIBUTES, RA_OBJECT_CLASS, RA_OBJECT_ID, RA_OBJECT_TYPE, RA_OP_TYPE, RA_RENAME_OP, RA_REQUESTOR, RA_SAVEAS_OP, RA_SEARCH_ATTRIBUTE_NAMES, RA_SEARCH_ATTRS_TO_GET, RA_SEARCH_CONTEXT, RA_SEARCH_FILTER, RA_SEARCH_RUN_AS_PASSWORD, RA_SEARCH_RUN_AS_USER, RA_SEARCH_SCOPE, RA_SEARCH_SCOPE_OBJECT, RA_SEARCH_SCOPE_ONE_LEVEL, RA_SEARCH_SCOPE_SUBTREE, RA_SEARCH_TIME_LIMIT, RESET_PASSWORD, SYSTEM_ATTRIBUTES, UNLOCK, WS_USER_PASSWORD
 
Constructor Summary
LDAPResourceAdapterBase()
           
LDAPResourceAdapterBase(Resource res, ObjectCache cache)
           
 
Method Summary
protected  boolean addAttributes(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject, WSUser user, java.lang.String operation, WavesetResult result)
          This may be overloaded by a subclass.
protected  void addUserToGroup(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject, java.lang.String grpMemberAttr, java.lang.String group)
          Deprecated. Use addUserToGroup(String, String, String).
protected  void addUserToGroup(java.lang.String accountRef, java.lang.String grpMemberAttr, java.lang.String group)
           
protected  void addUserToGroups(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject, java.lang.String accountRef, java.lang.String accountRefAttr, boolean accountRefIsDN, java.lang.String groupsAttrName, java.lang.String grpMemberAttr, WSUser user, java.lang.String operation, WavesetResult result)
           
protected  void addUserToGroups(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject, WSUser user, java.lang.String operation, WavesetResult result)
          Ensure that the user's group membership is as specified in the LDAP_GROUPS_ATTR_NAME attr.
 WavesetResult authenticate(java.util.HashMap loginInfo)
          Authenticates the user against the resource.
protected  java.lang.String buildBaseUrl()
          Deprecated. As of 4.0, the base context resource attribute can be a multi-valued attribute. This method only returns the URL for one of the base contexts. also this method does not function properly if Java 1.4 or later is used and the container has non-ASCII characters
protected  java.lang.String buildBaseUrl(java.lang.String container)
          Deprecated. there is no need to build the base URL if the provider URL is set on the context also this method does not function properly if Java 1.4 or later is used and the container has non-ASCII characters
protected  com.waveset.adapter.iapi.IAPI buildEvent(LDAPResourceAdapterBase.UpdateRow row)
          Deprecated. As of IdM 5.5.
 void callCompleted(com.waveset.adapter.iapi.IAPI call)
          An call generated by this resource adapter has completed.
 WavesetResult checkCreateAccount(WSUser user)
           
 WavesetResult checkDeleteAccount(WSUser user)
           
 WavesetResult checkUpdateAccount(WSUser user)
           
protected  void closeConnection(javax.naming.directory.DirContext ctx)
           
 java.lang.String constructAccountFilter()
          Constructs an account filter for retrieving accounts.
protected  java.lang.String constructAccountFilter(java.lang.Object[] objectClasses)
          Constructs an account filter for retrieving accounts.
protected  java.lang.String constructObjectClassFilter(java.lang.String operator, java.lang.Object[] objectClasses)
           
 WavesetResult createAccounts(WSUser[] users)
           
 WavesetResult createObject(GenericObject object, java.util.Map options)
          Creates the specified objectId of type objectType using the list of attributes provided.
 WavesetResult deleteAccounts(WSUser[] users)
           
 WavesetResult deleteObject(GenericObject object, java.util.Map options)
          Deletes the requested objectId of the requested objectType from the resource
protected  WavesetResult doCreateOrUpdateObjectRequest(java.lang.String objectType, java.lang.String objectId, GenericObject attributes, GenericObject oldAttributes, java.util.Map options, java.lang.String cmd)
           
protected  WavesetResult doCreateOrUpdateObjectRequest(java.lang.String objectType, java.lang.String objectId, GenericObject attributes, java.util.Map options, java.lang.String cmd)
           
 byte[] encodePwd(java.lang.String p)
           
protected  void ensureObjectClassInSchemaMap()
          The view's "objectClass" list is used in ActiveSync and required.
protected  WSUser fetchUser(GenericObject changeLogEntry)
           
protected  WSUser fetchUser(GenericObject changeLogEntry, java.lang.String ldapFilter)
          Take a change log entry and get the object associated with it.
protected  com.waveset.adapter.util.ActionOnUser getAccountActivator()
           
 WSAttributes getAccountAttributes(java.lang.String accountIdentity)
          This method is obsolete.
 AccountIterator getAccountIterator()
           
 AccountIterator getAccountIterator(java.util.Map params)
          Return an iterator for objects of the requested object classes meeting the requested filter.
 java.lang.Object getAttributeValue(java.lang.String name)
          Get or set an attribute value for the ActiveSync.
 java.lang.String getBaseContextAttrName()
          Returns the name, if any, of the attribute used by the resource as the base context or the context to which all operations is bound
 java.util.List getBaseContexts()
          Needs to be overridden by subclass in order to support browsing and editing of resource objects
protected  java.util.Hashtable getContextEnv(java.lang.String host, int port, java.lang.String baseDn, java.lang.String bindDn, java.lang.String bindPass, boolean ssl)
          Return a Hashtable of properties for the connection.
 GenericObject getFeatures()
          Expose features supported by the Resource Adapter.
protected  void getGroups(javax.naming.Name dn, java.lang.String grpMemberAttr, java.util.Vector groups, java.util.Vector attrs)
          Deprecated. Use getGroups(String, String, Vector, Vector).
protected  void getGroups(java.lang.String accountRef, java.lang.String grpMemberAttr, java.util.Vector groups, java.util.Vector attrs)
          Returns, in the groups argument, the groups that the account specified by accountRef is a member of.
protected  java.util.List getLdapAccountAttributeNames()
           
protected  java.lang.String[] getLdapAccountAttributeNamesForQuery()
           
protected  javax.naming.directory.Attributes getLDAPAttributes(java.lang.String objectId, javax.naming.directory.DirContext[] ctxArray)
          Deprecated. Use getLDAPAttributes(String, DirContext, String, String[]).
protected  javax.naming.directory.Attributes getLDAPAttributes(java.lang.String objectId, javax.naming.directory.DirContext[] ctxArray, java.lang.String ldapFilter)
          Deprecated. Use getLDAPAttributes(String, DirContext, String, String[]).
protected  javax.naming.directory.Attributes getLDAPAttributes(java.lang.String objectId, javax.naming.directory.DirContext ctx, java.lang.String ldapFilter, java.lang.String[] attrsToGet)
           
protected  GenericObject getLDIFAttributeValue(java.util.StringTokenizer st)
          Attributes can be single valued like name: value or multivalued name: value\nname: value2.
 GenericObject getObject(java.lang.String objectType, java.lang.String objectId, java.util.List attrsToGet, java.util.Map options)
          Returns the requested objectId of the requested objectType from the resource
 java.lang.String getrn(java.lang.String dn)
           
protected  GenericObject getRootDSE()
          Get the root DSE and extract some needed attributes about the changelog.
 java.lang.String getServerVendor()
           
 WSUser getUser(WSUser user)
          Retrieves account information from the resource for the specified WSUser and returns a new WSUser based on the information from the resource.
 WSUser getUser(WSUser user, long milli)
           
protected  WSUser getUser(WSUser user, java.lang.String ldapFilter)
          Retrieves account information from the resource for the specified WSUser and returns a new WSUser based on the information from the resource.
protected  boolean getUserCheckForDisabled(WSUser user, WavesetResult result)
           
 void init()
          initialize yourself.
protected  boolean isAccountObjectType(java.lang.String resourceObjectType)
           
protected  boolean isPoolingEnabled()
           
 java.util.ArrayList listAllObjects(java.lang.String resourceObjectType, java.util.Map options, java.lang.String runAsUser, EncryptedData runAsPassword)
          This method will return a list of object names of the specified object type.
 java.util.List listObjects(java.lang.String objectType, java.util.Map options)
          Returns a list of objects matching the requested objectType and options
protected  void logUpdate(int level, LDAPResourceAdapterBase.UpdateRow update, WavesetResult result)
          Log whatever we want to from an update.
protected  javax.naming.directory.DirContext makeConnection()
           
protected  javax.naming.directory.DirContext makeConnection(boolean canBePooled)
           
protected  javax.naming.directory.DirContext makeUnpooledConnection()
           
protected  WSAttributes mapLDAPAttributes(javax.naming.directory.Attributes ldapAttrs, java.lang.String identity, javax.naming.directory.DirContext ctx)
           
protected  GenericObject mapLDAPAttributes(javax.naming.directory.DirContext ctx, java.lang.String objectType, java.lang.String objectName, java.lang.String objectId, java.util.List attrsToGet, javax.naming.directory.Attributes ldapAttrs, GenericObject object)
           
protected  GenericObject mapLDAPAttributes(java.lang.String objectType, java.lang.String objectName, java.lang.String objectId, java.util.List attrsToGet, javax.naming.directory.Attributes ldapAttrs, GenericObject object)
           
protected  void modifyObject(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject obj, javax.naming.directory.DirContext ctx)
          Make a call to the LDAP server and modify the person in the directory.
 boolean namesEqual(java.lang.String name1, java.lang.String name2)
          This method will return true if name1 equals name2.
protected  int parseAttrValue(java.lang.String str, java.lang.StringBuffer attrValue)
           
protected  java.util.Vector parseOutRDN(javax.naming.directory.DirContext ctx, java.lang.String dn)
          Parses a DN to give the components of the least-signficant DN.
 int poll()
          the poll method.
protected  void processUpdates(java.util.List list)
          Take a list of Maps that are rows of the audit data and turn them into IAPI calls.
protected  void realCreate(WSUser user, WavesetResult result)
          Needs to be overridden by subclass if default createAccounts() implementation is used.
protected  void realDelete(WSUser user, WavesetResult result)
          Needs to be overridden by subclass if default deleteAccounts() implementation is used.
protected  void realDisable(WSUser user, WavesetResult result)
           
protected  void realEnable(WSUser user, WavesetResult result)
           
protected  void realUpdate(WSUser user, WavesetResult result)
          Needs to be overridden by subclass if default updateAccounts() implementation is used.
protected  boolean removeAttributeDelta(javax.naming.directory.Attributes ldapAttrs, WSUser user)
          Any attributes found in ldapAttrs but not found in the user will be removed from the ldap entry
protected  boolean removeNameFromAttribute(javax.naming.directory.DirContext ctx, javax.naming.Name dn, javax.naming.directory.Attribute attr)
          Deprecated. Use removeNameFromAttribute(DirContext, String, boolean, Attribute).
protected  boolean removeNameFromAttribute(javax.naming.directory.DirContext ctx, java.lang.String name, boolean nameIsDN, javax.naming.directory.Attribute attr)
           
protected  void removeUserFromAllGroups(javax.naming.Name dn, java.lang.String grpMemberAttr, WavesetResult result)
          Deprecated. Use removeUserFromAllGroups(String, boolean, String, WavesetResult).
protected  void removeUserFromAllGroups(java.lang.String accountRef, boolean accountRefIsDN, java.lang.String grpMemberAttr, WavesetResult result)
          Remove the given accountRef from all Groups
protected  void removeUserFromGroup(javax.naming.directory.DirContext ctx, javax.naming.Name dn, java.lang.String group, java.lang.String grpMemberAttr, javax.naming.directory.Attributes attrs)
          Deprecated. Use removeUserFromGroup(DirContext, String, boolean, String, String, Attributes).
protected  void removeUserFromGroup(javax.naming.directory.DirContext ctx, java.lang.String accountRef, boolean accountRefIsDN, java.lang.String group, java.lang.String grpMemberAttr, javax.naming.directory.Attributes attrs)
           
protected  void removeUserFromGroups(javax.naming.Name dn, java.util.Vector memberOf, java.lang.String grpMemberAttr, WavesetResult result)
          Deprecated. Use removeUserFromGroups(String, boolean, Vector, String, WavesetResult).
protected  void removeUserFromGroups(java.lang.String accountRef, boolean accountRefIsDN, java.util.Vector memberOf, java.lang.String grpMemberAttr, WavesetResult result)
          Removes the user from the groups it is currently a member of that are not in the set of new groups that it will soon be a member of.
protected  void renameUserAcrossGroups(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject, WSUser user, java.lang.String oldDn, WavesetResult result)
          Used when renaming the ldapobject's dn
protected  void renameUserAcrossGroups(java.lang.String accountRef, java.lang.String groupsAttrName, java.lang.String grpMemberAttr, WSUser user, java.lang.String oldAccountRef, boolean oldAccountRefIsDN, WavesetResult result)
           
protected  void renameUserAcrossPosixGroups(java.lang.String newUid, WSUser user, javax.naming.directory.Attributes ldapAttrs, WavesetResult result)
           
 void setAttributeValue(java.lang.String name, java.lang.Object value)
           
protected  void setLdapObjectAttribute(java.lang.String attrName, java.lang.Object[] values, com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject, java.lang.String operation)
           
protected  boolean setLdapObjectAttributeMultivalued(java.lang.String attrName, java.util.List values, java.util.List oldValues, com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject, boolean isDn)
           
protected  void setLdapObjectAttributeMultivalued(java.lang.String attrName, java.util.List values, java.util.List oldValues, com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject, java.lang.String objectType)
           
 void shutdown()
          shutdown
protected  void startConnection()
          Needs to be overridden by subclass if default createAccounts() implementation is used.
protected  void stopConnection()
          Needs to be overridden by subclass if default createAccounts() implementation is used.
 boolean supportsAccountDisable()
          Indicates whether or not this resource supports account disable.
 boolean supportsExcludedAccounts()
           
 WavesetResult testConfiguration()
          This currently only adds validations for filters.
 WavesetResult updateAccounts(WSUser[] users)
           
 WavesetResult updateObject(GenericObject object, java.util.Map options)
          Updates the specified objectId of type objectType using the list of attributes provided.
protected  boolean userActivation(java.lang.String operation, WSUser user, WavesetResult result)
          Used by realEnable, realDisable to load needed attributes into user and then attempt to activate/deactivate
 
Methods inherited from class com.waveset.adapter.ResourceAdapterBase
checkForNoPasswordInSchema, checkSyntax, createAccount, createIdentity, createPrototypeResource, deleteAccount, deleteAccount, disableAccount, disableAccounts, dnsEqual, dnsEqual, enableAccount, enableAccounts, executeResourceAttributeJavascriptAction, fillInResourceInfo, fillInResourceInfo, getAccountIterator, getAction, getActionNotFoundErrorMessage, getActionNotFoundMessage, getActionRunAsPassword, getActionRunAsUser, getActionTimeout, getActionType, getAdapter, getAdapter, getAdapter, getAdapterProxy, getAdapterProxy, getAllAccounts, getAttrNameFromMapName, getAttrNameFromMapName, getAttrParse, getAttrTypeFromMapName, getAttrTypeFromMapName, getAUserName, getBaseContextObject, getBlockSize, getContext, getExcludedAccountsRule, getIdentity, getListAllObjectsAttrParse, getListUserAttrParse, getListUserGroupsAttrParse, getOptionalBooleanResAttrVal, getOptionalBooleanResAttrVal, getOptionalEncryptedResAttrVal, getOptionalResAttrVal, getOptionalStringResAttrVal, getRequiredResAttr, getRequiredResAttr, getRequiredResAttrVal, getRequiredResAttrVal, getRequiredResAttrVals, getRequiredUserAttributeNames, getResAttrValActionOnUser, getResAttrVals, getResource, getResourceAccounts, getResourceInfo, getResourceObjectAttrValNameAttr, getResourceObjectClassAttr, getResourceObjectTypePrefix, getSchemaMap, getWSAttrByMapName, getWSAttrByMapName, getWSAttrFromMap, handleActionResult, handleJavascriptActionResult, isAccountAttributeSecret, isExcludedAccount, isExcludedAccount, isFeatureEnabled, isSupported, isTestMode, listAllObjects, listObjects, listObjectsOfType, lookupAction, lookupAction, lookupActions, objectClassesMatchType, println, restoreResourceObjectClassAttr, run, run, runResourceAttributeJavascriptAction, scan, setCache, setContext, setDisabled, setFromResource, setResource, setResourceObjectClassAttr, setResourceOptionAttrs, startConnectionWrapper, supportsAccountActions, supportsActions, supportsCaseInsensitiveAccountIds, supportsContainerObjectTypes, supportsResourceAccount, supportsScanning, updateAccount, updateResourceAccount, updateResourceIdentity, vmStoreBoot, vmStoreGet, vmStoreInit, vmStoreLatch, vmStorePut
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

code_id

public static final java.lang.String code_id
See Also:
Constant Field Values

CLASS

public static final java.lang.String CLASS
See Also:
Constant Field Values

RA_HOST

public static final java.lang.String RA_HOST
See Also:
Constant Field Values

RA_PORT

public static final java.lang.String RA_PORT
See Also:
Constant Field Values

RA_SSL

public static final java.lang.String RA_SSL
See Also:
Constant Field Values

RA_USERDN

public static final java.lang.String RA_USERDN
See Also:
Constant Field Values

RA_PASSWORD

public static final java.lang.String RA_PASSWORD
See Also:
Constant Field Values

RA_GROUP_OBJCLASS

public static final java.lang.String RA_GROUP_OBJCLASS
See Also:
Constant Field Values

RA_WSNAME

public static final java.lang.String RA_WSNAME
See Also:
Constant Field Values

RA_MOD_NAMING_ATTR

public static final java.lang.String RA_MOD_NAMING_ATTR
See Also:
Constant Field Values

RA_LDAP_SEARCH_FILTER

public static final java.lang.String RA_LDAP_SEARCH_FILTER
used when listing accounts (optional)

See Also:
Constant Field Values

RA_INCL_OBJCLASSES_IN_SEARCH_FILTER

public static final java.lang.String RA_INCL_OBJCLASSES_IN_SEARCH_FILTER
true <=> the object classes are AND'ed into the filter. This was the default behavior before this feaure was added.

See Also:
Constant Field Values

RA_VLV_SORT_ATTRIBUTE

public static final java.lang.String RA_VLV_SORT_ATTRIBUTE
See Also:
Constant Field Values

RA_GRP_MBR_ATTR

public static final java.lang.String RA_GRP_MBR_ATTR
See Also:
Constant Field Values

RA_USE_BLOCKS

public static final java.lang.String RA_USE_BLOCKS
See Also:
Constant Field Values

LDAP_GROUPS_ATTR_NAME

public static final java.lang.String LDAP_GROUPS_ATTR_NAME
See Also:
Constant Field Values

POSIX_GROUPS_ATTR_NAME

public static final java.lang.String POSIX_GROUPS_ATTR_NAME
See Also:
Constant Field Values

RA_ENABLE_CONNECTION_POOLING

public static final java.lang.String RA_ENABLE_CONNECTION_POOLING
true <=> connection pooling will be used for some connections

See Also:
Constant Field Values

LDAP_SEARCH_FILTER_STRING

public static final java.lang.String LDAP_SEARCH_FILTER_STRING
Constants for tailoring the search filter string.

See Also:
RA_LDAP_SEARCH_FILTER, RA_INCL_OBJCLASSES_IN_SEARCH_FILTER, Constant Field Values

LDAP_SEARCH_START_DATE

public static final java.lang.String LDAP_SEARCH_START_DATE
See Also:
Constant Field Values

LDAP_SEARCH_END_DATE

public static final java.lang.String LDAP_SEARCH_END_DATE
See Also:
Constant Field Values

LDAP_SEARCH_OBJECT_CLASSES

public static final java.lang.String LDAP_SEARCH_OBJECT_CLASSES
See Also:
Constant Field Values

LDAP_SEARCH_ATTRIBUTE_NAMES

public static final java.lang.String LDAP_SEARCH_ATTRIBUTE_NAMES
See Also:
Constant Field Values

_encodePwd

protected boolean _encodePwd

_ctx

protected javax.naming.directory.DirContext _ctx

RA_BLOCKSIZE

public static final java.lang.String RA_BLOCKSIZE
See Also:
Constant Field Values

RA_CHANGE_NUMBER_ATTRIBUTE_NAME

public static final java.lang.String RA_CHANGE_NUMBER_ATTRIBUTE_NAME
See Also:
Constant Field Values

RA_ACTIVE_SYNC_OBJECT_CLASSES

public static final java.lang.String RA_ACTIVE_SYNC_OBJECT_CLASSES
See Also:
Constant Field Values

RA_ACTIVE_SYNC_LDAP_FILTER

public static final java.lang.String RA_ACTIVE_SYNC_LDAP_FILTER
See Also:
Constant Field Values

RA_ATTRIBUTE_FILTER

public static final java.lang.String RA_ATTRIBUTE_FILTER
See Also:
Constant Field Values

RA_PROCESS_NAME

public static final java.lang.String RA_PROCESS_NAME
Deprecated. as of IdM 5.5. Use RA_PROCESS_RULE instead.

See Also:
Constant Field Values

OPENLDAP

public static final java.lang.String OPENLDAP
The following vendor strings must have values that are unique.

See Also:
Constant Field Values

MICROSOFT

public static final java.lang.String MICROSOFT
See Also:
Constant Field Values

NETSCAPE

public static final java.lang.String NETSCAPE
See Also:
Constant Field Values

SUN

public static final java.lang.String SUN
See Also:
Constant Field Values

UNDISCOVERED

public static final java.lang.String UNDISCOVERED
See Also:
Constant Field Values

UNKNOWN

public static final java.lang.String UNKNOWN
See Also:
Constant Field Values

ALL_NON_OPERATIONAL_ATTRIBUTES

protected static final java.lang.String ALL_NON_OPERATIONAL_ATTRIBUTES
"*" is a special attribute for searching LDAP that instructs the server to return all non-operational attributes in addition to any explicitly listed attributes.

See Also:
Constant Field Values

_accountActivator

protected com.waveset.adapter.util.ActionOnUser _accountActivator
Constructor Detail

LDAPResourceAdapterBase

public LDAPResourceAdapterBase(Resource res,
                               ObjectCache cache)

LDAPResourceAdapterBase

public LDAPResourceAdapterBase()
Method Detail

getServerVendor

public java.lang.String getServerVendor()

getFeatures

public GenericObject getFeatures()
Expose features supported by the Resource Adapter. Note: ActiveSync is considered a facet, not a feature.

Specified by:
getFeatures in interface ResourceAdapter
Overrides:
getFeatures in class ResourceAdapterBase
Returns:
GenericObject containing Features, as both key and value, which are supported by this resource adapter.
See Also:
ResourceAdapter.Features

namesEqual

public boolean namesEqual(java.lang.String name1,
                          java.lang.String name2)
This method will return true if name1 equals name2. It overrides the default implementation which does a straight string compare, since we know we will be comparing two dn names.

We will normalize the names before checking for equality. Normalization will be done using an implementation of RFC2253 which specifies the standard for the string representation of distinguished names handling issue such as capitalization, component ordering, special characters, internationalized characters, trimming spaces, etc.

Specified by:
namesEqual in interface ResourceAdapter
Overrides:
namesEqual in class ResourceAdapterBase

checkCreateAccount

public WavesetResult checkCreateAccount(WSUser user)
                                 throws WavesetException
Specified by:
checkCreateAccount in interface ResourceAdapter
Specified by:
checkCreateAccount in class ResourceAdapterBase
Throws:
WavesetException

realCreate

protected void realCreate(WSUser user,
                          WavesetResult result)
                   throws WavesetException
Description copied from class: ResourceAdapterBase
Needs to be overridden by subclass if default createAccounts() implementation is used.

Overrides:
realCreate in class ResourceAdapterBase
Throws:
WavesetException

createAccounts

public WavesetResult createAccounts(WSUser[] users)
                             throws WavesetException
Specified by:
createAccounts in interface ResourceAdapter
Overrides:
createAccounts in class ResourceAdapterBase
Throws:
WavesetException

addAttributes

protected boolean addAttributes(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject,
                                WSUser user,
                                java.lang.String operation,
                                WavesetResult result)
                         throws WavesetException
This may be overloaded by a subclass. Returns true if an attempt will be made to set the password. Returns false otherwise.

Throws:
WavesetException

setLdapObjectAttributeMultivalued

protected void setLdapObjectAttributeMultivalued(java.lang.String attrName,
                                                 java.util.List values,
                                                 java.util.List oldValues,
                                                 com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject,
                                                 java.lang.String objectType)
                                          throws WavesetException
Throws:
WavesetException

setLdapObjectAttributeMultivalued

protected boolean setLdapObjectAttributeMultivalued(java.lang.String attrName,
                                                    java.util.List values,
                                                    java.util.List oldValues,
                                                    com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject,
                                                    boolean isDn)
                                             throws WavesetException
Parameters:
attrName -
values -
oldValues -
ldapObject -
isDn -
Returns:
true if any modifications were added
Throws:
WavesetException

setLdapObjectAttribute

protected void setLdapObjectAttribute(java.lang.String attrName,
                                      java.lang.Object[] values,
                                      com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject,
                                      java.lang.String operation)
                               throws WavesetException
Throws:
WavesetException

encodePwd

public byte[] encodePwd(java.lang.String p)
                 throws WavesetException
Throws:
WavesetException

checkUpdateAccount

public WavesetResult checkUpdateAccount(WSUser user)
                                 throws WavesetException
Specified by:
checkUpdateAccount in interface ResourceAdapter
Specified by:
checkUpdateAccount in class ResourceAdapterBase
Throws:
WavesetException

realUpdate

protected void realUpdate(WSUser user,
                          WavesetResult result)
                   throws WavesetException
Description copied from class: ResourceAdapterBase
Needs to be overridden by subclass if default updateAccounts() implementation is used.

Overrides:
realUpdate in class ResourceAdapterBase
Throws:
WavesetException

updateAccounts

public WavesetResult updateAccounts(WSUser[] users)
                             throws WavesetException
Specified by:
updateAccounts in interface ResourceAdapter
Overrides:
updateAccounts in class ResourceAdapterBase
Throws:
WavesetException

renameUserAcrossGroups

protected void renameUserAcrossGroups(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject,
                                      WSUser user,
                                      java.lang.String oldDn,
                                      WavesetResult result)
                               throws WavesetException
Used when renaming the ldapobject's dn

Parameters:
ldapObject -
user -
oldDn -
result -
Throws:
WavesetException

renameUserAcrossPosixGroups

protected void renameUserAcrossPosixGroups(java.lang.String newUid,
                                           WSUser user,
                                           javax.naming.directory.Attributes ldapAttrs,
                                           WavesetResult result)
                                    throws WavesetException
Throws:
WavesetException

renameUserAcrossGroups

protected void renameUserAcrossGroups(java.lang.String accountRef,
                                      java.lang.String groupsAttrName,
                                      java.lang.String grpMemberAttr,
                                      WSUser user,
                                      java.lang.String oldAccountRef,
                                      boolean oldAccountRefIsDN,
                                      WavesetResult result)
                               throws WavesetException
Throws:
WavesetException

addUserToGroups

protected void addUserToGroups(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject,
                               WSUser user,
                               java.lang.String operation,
                               WavesetResult result)
                        throws WavesetException
Ensure that the user's group membership is as specified in the LDAP_GROUPS_ATTR_NAME attr. The user's DN will be added to the the groups' membership attribute as specified in the RA_GRP_MBR_ATTR resource attribute.

Throws:
WavesetException

addUserToGroups

protected void addUserToGroups(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject,
                               java.lang.String accountRef,
                               java.lang.String accountRefAttr,
                               boolean accountRefIsDN,
                               java.lang.String groupsAttrName,
                               java.lang.String grpMemberAttr,
                               WSUser user,
                               java.lang.String operation,
                               WavesetResult result)
                        throws WavesetException
Parameters:
ldapObject - The java object representing the entry whose membership in one or more groups is being set or updated.
accountRef - The value that will be used as the groups' reference to the entry in the groups' membership attribute (specified in the grpMemberAttr argument). This is usually the account's dn or uid.
accountRefIsDN - Whether or not the accountRef is a DN string or not.
groupsAttrName - The name of the attribute on the WSUser that contains the list of groups in which the entry should be a member, e.g. "ldapGroups" or "posixGroups".
grpMemberAttr - The attribute of the group that contains the list of the group's members, e.g. "member", "uniqueMember", or "memberUid".
user - The WSUser containing the groupsAttrName.
operation - The account operation: "create" or "update".
result - Contains any errors that occur.
Throws:
WavesetException

addUserToGroup

protected void addUserToGroup(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject ldapObject,
                              java.lang.String grpMemberAttr,
                              java.lang.String group)
                       throws WavesetException
Deprecated. Use addUserToGroup(String, String, String).

Parameters:
ldapObject -
grpMemberAttr -
group -
Throws:
WavesetException

addUserToGroup

protected void addUserToGroup(java.lang.String accountRef,
                              java.lang.String grpMemberAttr,
                              java.lang.String group)
                       throws WavesetException
Throws:
WavesetException

buildBaseUrl

protected java.lang.String buildBaseUrl()
Deprecated. As of 4.0, the base context resource attribute can be a multi-valued attribute. This method only returns the URL for one of the base contexts. also this method does not function properly if Java 1.4 or later is used and the container has non-ASCII characters


buildBaseUrl

protected java.lang.String buildBaseUrl(java.lang.String container)
Deprecated. there is no need to build the base URL if the provider URL is set on the context also this method does not function properly if Java 1.4 or later is used and the container has non-ASCII characters


getGroups

protected void getGroups(javax.naming.Name dn,
                         java.lang.String grpMemberAttr,
                         java.util.Vector groups,
                         java.util.Vector attrs)
                  throws WavesetException
Deprecated. Use getGroups(String, String, Vector, Vector).

Returns, in the groups argument, the groups that the specified dn is a member of.

Throws:
WavesetException

getGroups

protected void getGroups(java.lang.String accountRef,
                         java.lang.String grpMemberAttr,
                         java.util.Vector groups,
                         java.util.Vector attrs)
                  throws WavesetException
Returns, in the groups argument, the groups that the account specified by accountRef is a member of.

Parameters:
accountRef - The reference to the account whose groups will be returned. Usually the DN or uid.
grpMemberAttr - The attribute of the group entries that contains the accountRef if the account is a member of the group.
groups - Updated with the account's groups.
attrs - Update with the value of the grpMemberAttr attribute for each group. This vector parallels the groups vector.
Throws:
WavesetException

removeNameFromAttribute

protected boolean removeNameFromAttribute(javax.naming.directory.DirContext ctx,
                                          javax.naming.Name dn,
                                          javax.naming.directory.Attribute attr)
                                   throws WavesetException
Deprecated. Use removeNameFromAttribute(DirContext, String, boolean, Attribute).

Parameters:
ctx -
dn -
attr -
Returns:
Throws:
WavesetException

removeNameFromAttribute

protected boolean removeNameFromAttribute(javax.naming.directory.DirContext ctx,
                                          java.lang.String name,
                                          boolean nameIsDN,
                                          javax.naming.directory.Attribute attr)
                                   throws WavesetException
Throws:
WavesetException

removeUserFromGroup

protected void removeUserFromGroup(javax.naming.directory.DirContext ctx,
                                   javax.naming.Name dn,
                                   java.lang.String group,
                                   java.lang.String grpMemberAttr,
                                   javax.naming.directory.Attributes attrs)
                            throws WavesetException
Deprecated. Use removeUserFromGroup(DirContext, String, boolean, String, String, Attributes).

Parameters:
ctx -
dn -
group -
grpMemberAttr -
attrs -
Throws:
WavesetException

removeUserFromGroup

protected void removeUserFromGroup(javax.naming.directory.DirContext ctx,
                                   java.lang.String accountRef,
                                   boolean accountRefIsDN,
                                   java.lang.String group,
                                   java.lang.String grpMemberAttr,
                                   javax.naming.directory.Attributes attrs)
                            throws WavesetException
Throws:
WavesetException

removeUserFromAllGroups

protected void removeUserFromAllGroups(javax.naming.Name dn,
                                       java.lang.String grpMemberAttr,
                                       WavesetResult result)
                                throws WavesetException
Deprecated. Use removeUserFromAllGroups(String, boolean, String, WavesetResult).

Remove the given dn from all Groups

Parameters:
dn -
grpMemberAttr -
result -
Throws:
WavesetException

removeUserFromAllGroups

protected void removeUserFromAllGroups(java.lang.String accountRef,
                                       boolean accountRefIsDN,
                                       java.lang.String grpMemberAttr,
                                       WavesetResult result)
                                throws WavesetException
Remove the given accountRef from all Groups

Parameters:
accountRef -
accountRefIsDN -
grpMemberAttr -
result -
Throws:
WavesetException

removeUserFromGroups

protected void removeUserFromGroups(javax.naming.Name dn,
                                    java.util.Vector memberOf,
                                    java.lang.String grpMemberAttr,
                                    WavesetResult result)
                             throws WavesetException
Deprecated. Use removeUserFromGroups(String, boolean, Vector, String, WavesetResult).

Removes the user from the groups it is currently a member of that are not in the set of new groups that it will soon be a member of. Also, the memberOf vector has any groups that the user is already a member of removed, so as not to add the user to groups it is already a member of.

Throws:
WavesetException

removeUserFromGroups

protected void removeUserFromGroups(java.lang.String accountRef,
                                    boolean accountRefIsDN,
                                    java.util.Vector memberOf,
                                    java.lang.String grpMemberAttr,
                                    WavesetResult result)
                             throws WavesetException
Removes the user from the groups it is currently a member of that are not in the set of new groups that it will soon be a member of. Also, the memberOf vector has any groups that the user is already a member of removed, so as not to add the user to groups it is already a member of.

Throws:
WavesetException

checkDeleteAccount

public WavesetResult checkDeleteAccount(WSUser user)
                                 throws WavesetException
Specified by:
checkDeleteAccount in interface ResourceAdapter
Specified by:
checkDeleteAccount in class ResourceAdapterBase
Throws:
WavesetException

realDelete

protected void realDelete(WSUser user,
                          WavesetResult result)
                   throws WavesetException
Description copied from class: ResourceAdapterBase
Needs to be overridden by subclass if default deleteAccounts() implementation is used.

Overrides:
realDelete in class ResourceAdapterBase
Throws:
WavesetException

deleteAccounts

public WavesetResult deleteAccounts(WSUser[] users)
                             throws WavesetException
Specified by:
deleteAccounts in interface ResourceAdapter
Overrides:
deleteAccounts in class ResourceAdapterBase
Throws:
WavesetException

mapLDAPAttributes

protected WSAttributes mapLDAPAttributes(javax.naming.directory.Attributes ldapAttrs,
                                         java.lang.String identity,
                                         javax.naming.directory.DirContext ctx)
                                  throws WavesetException
Throws:
WavesetException

getLDAPAttributes

protected javax.naming.directory.Attributes getLDAPAttributes(java.lang.String objectId,
                                                              javax.naming.directory.DirContext[] ctxArray)
                                                       throws WavesetException
Deprecated. Use getLDAPAttributes(String, DirContext, String, String[]).

See comments on overloaded method below

Throws:
WavesetException

getLDAPAttributes

protected javax.naming.directory.Attributes getLDAPAttributes(java.lang.String objectId,
                                                              javax.naming.directory.DirContext[] ctxArray,
                                                              java.lang.String ldapFilter)
                                                       throws WavesetException
Deprecated. Use getLDAPAttributes(String, DirContext, String, String[]).

Retrieves the LDAP attributes for an object from the LDAP server. The first element in the ctxArray is a reference to the directory context so it can be used for other requests of the server. It is up to the caller to close the context. The element should be null if there is a problem getting (connecting to) the context. If ldapFilter is non-null then null will be returned if the object does not match the filter.

Throws:
WavesetException

getLDAPAttributes

protected javax.naming.directory.Attributes getLDAPAttributes(java.lang.String objectId,
                                                              javax.naming.directory.DirContext ctx,
                                                              java.lang.String ldapFilter,
                                                              java.lang.String[] attrsToGet)
                                                       throws WavesetException
Parameters:
objectId - The DN of the object to get attributes for.
ctx - A valid DirContext.
ldapFilter - Filter the user must match (if non-null). Null is returned if the object does not match the filter.
attrsToGet - Array of attributes to return. If null then all attributes in the schema map and all non-operational attributes are returned.
Returns:
The object's attributes. Null if the object does not match the filter (if specified) or the object was not found.
Throws:
WavesetException

getAccountAttributes

public WSAttributes getAccountAttributes(java.lang.String accountIdentity)
                                  throws WavesetException
Description copied from interface: ResourceAdapter
This method is obsolete. ResourceAdapterBase provides a default implementation that throws a "not implemented" WavesetException.

Specified by:
getAccountAttributes in interface ResourceAdapter
Overrides:
getAccountAttributes in class ResourceAdapterBase
Throws:
WavesetException

getrn

public java.lang.String getrn(java.lang.String dn)
                       throws WavesetException
Throws:
WavesetException

closeConnection

protected void closeConnection(javax.naming.directory.DirContext ctx)

makeConnection

protected javax.naming.directory.DirContext makeConnection()
                                                    throws WavesetException
Throws:
WavesetException

makeUnpooledConnection

protected javax.naming.directory.DirContext makeUnpooledConnection()
                                                            throws WavesetException
Throws:
WavesetException

makeConnection

protected javax.naming.directory.DirContext makeConnection(boolean canBePooled)
                                                    throws WavesetException
Throws:
WavesetException

getContextEnv

protected java.util.Hashtable getContextEnv(java.lang.String host,
                                            int port,
                                            java.lang.String baseDn,
                                            java.lang.String bindDn,
                                            java.lang.String bindPass,
                                            boolean ssl)

Return a Hashtable of properties for the connection.

Note: an LDAP url is contructed and added to the Hashtable with the key Context.PROVIDER_URL. No escaping is done on the baseDn string before adding to the URL, so the baseDn argument should be encoded using com.waveset.util.Util.rfc2396URLPieceEncodeSpecial(String) (if it's not null).


modifyObject

protected void modifyObject(com.waveset.adapter.LDAPResourceAdapterBase.LDAPObject obj,
                            javax.naming.directory.DirContext ctx)
                     throws WavesetException
Make a call to the LDAP server and modify the person in the directory.

Parameters:
obj -
ctx -
Throws:
WavesetException

getUser

protected WSUser getUser(WSUser user,
                         java.lang.String ldapFilter)
                  throws WavesetException
Retrieves account information from the resource for the specified WSUser and returns a new WSUser based on the information from the resource. Returns null if the account does not exist or if the user does not match the specified ldapFilter.

Throws:
WavesetException

getUser

public WSUser getUser(WSUser user)
               throws WavesetException
Description copied from interface: ResourceAdapter
Retrieves account information from the resource for the specified WSUser and returns a new WSUser based on the information from the resource. Returns null if the account does not exist.

Specified by:
getUser in interface ResourceAdapter
Overrides:
getUser in class ResourceAdapterBase
Throws:
WavesetException

authenticate

public WavesetResult authenticate(java.util.HashMap loginInfo)
                           throws WavesetException
Description copied from interface: ResourceAdapter
Authenticates the user against the resource. If authentication is successful, the authenticated id will be returned. If more info is required to complete authentication the result will contain the required info

Specified by:
authenticate in interface ResourceAdapter
Specified by:
authenticate in class ResourceAdapterBase
Throws:
WavesetException

getAccountIterator

public AccountIterator getAccountIterator()
                                   throws WavesetException
Specified by:
getAccountIterator in interface ResourceAdapter
Overrides:
getAccountIterator in class ResourceAdapterBase
Throws:
WavesetException

getAccountIterator

public AccountIterator getAccountIterator(java.util.Map params)
                                   throws WavesetException
Return an iterator for objects of the requested object classes meeting the requested filter. Both criteria can come from the resource attributes or the params Map. The Map will override the resource attributes.

Specified by:
getAccountIterator in interface ResourceAdapter
Overrides:
getAccountIterator in class ResourceAdapterBase
Parameters:
params - - Map of parameters to override the resource attributes. Supported parameters are: LDAP_SEARCH_OBJECT_CLASSES - a List of String. Names of requested object classes LDAP_SEARCH_START_DATE - a String. objects modified after this date (>=). This uses the modifyTimestamp operational attribute LDAP_SEARCH_END_DATE - a String. objects modified before this date ( <) This uses the modifyTimestamp operational attribute LDAP_SEARCH_FILTER_STRING - a String. totally override the filter string LDAP_SEARCH_ATTRIBUTE_NAMES - a List of String. override schema map.
Throws:
WavesetException

parseAttrValue

protected int parseAttrValue(java.lang.String str,
                             java.lang.StringBuffer attrValue)

parseOutRDN

protected java.util.Vector parseOutRDN(javax.naming.directory.DirContext ctx,
                                       java.lang.String dn)
Parses a DN to give the components of the least-signficant DN. It returns a vector of strings: attr_name, attr_val, attr_name, ... The vector will have more than one name/value pair when the RDN is multivalued (e.g., "cn=bob smith+ou=sales"). For example, the DN "cn=bob,ou=marketing,o=bigco" would return a vector with 2 strings: "cn" and "bob". A null reference is returned if there is a problem parsing the DN.


supportsExcludedAccounts

public boolean supportsExcludedAccounts()
Specified by:
supportsExcludedAccounts in interface ResourceAdapter
Overrides:
supportsExcludedAccounts in class ResourceAdapterBase

getBaseContextAttrName

public java.lang.String getBaseContextAttrName()
                                        throws WavesetException
Returns the name, if any, of the attribute used by the resource as the base context or the context to which all operations is bound

Specified by:
getBaseContextAttrName in interface ResourceAdapter
Overrides:
getBaseContextAttrName in class ResourceAdapterBase
Returns:
the name, if any, of the attribute used by the resource as the base context or the context to which all operations is bound
Throws:
WavesetException

getBaseContexts

public java.util.List getBaseContexts()
                               throws WavesetException
Description copied from class: ResourceAdapterBase
Needs to be overridden by subclass in order to support browsing and editing of resource objects

Specified by:
getBaseContexts in interface ResourceAdapter
Overrides:
getBaseContexts in class ResourceAdapterBase
Returns:
a list of the base context strings, if any. Return null if base contexts are not supported or defined. For backwards compatibility, this implementation will call the deprecated method getBaseContextAttrName() to get the name of the base context resource attribute, if any. It will then return the value of that attribute.
Throws:
WavesetException

getObject

public GenericObject getObject(java.lang.String objectType,
                               java.lang.String objectId,
                               java.util.List attrsToGet,
                               java.util.Map options)
                        throws WavesetException
Returns the requested objectId of the requested objectType from the resource

Specified by:
getObject in interface ResourceAdapter
Overrides:
getObject in class ResourceAdapterBase
Parameters:
objectType - - a valid object type defined in the resource's section
objectId - - a valid fully qualified object identifier on this resource (e.g. "dn")
attrsToGet - - a list of attribute names supported by the specified objectType to be returned with the object
options - - not currently used since the objectId/objectType provide a unique identifier of the object being requested
Throws:
WavesetException

mapLDAPAttributes

protected GenericObject mapLDAPAttributes(java.lang.String objectType,
                                          java.lang.String objectName,
                                          java.lang.String objectId,
                                          java.util.List attrsToGet,
                                          javax.naming.directory.Attributes ldapAttrs,
                                          GenericObject object)
                                   throws WavesetException
Throws:
WavesetException

mapLDAPAttributes

protected GenericObject mapLDAPAttributes(javax.naming.directory.DirContext ctx,
                                          java.lang.String objectType,
                                          java.lang.String objectName,
                                          java.lang.String objectId,
                                          java.util.List attrsToGet,
                                          javax.naming.directory.Attributes ldapAttrs,
                                          GenericObject object)
                                   throws WavesetException
Throws:
WavesetException

createObject

public WavesetResult createObject(GenericObject object,
                                  java.util.Map options)
                           throws WavesetException
Creates the specified objectId of type objectType using the list of attributes provided.

Specified by:
createObject in interface ResourceAdapter
Overrides:
createObject in class ResourceAdapterBase
Parameters:
object - - a GenericObject containing the objectType, objectId, and list of attributes to be set on the new object
options - - several options can be specified which control the behavior of the search for referenced objects (e.g. group members) They include:
    "searchContext" - the value of this option determines within what context to perform search (ResourceAdapter.RA_SEARCH_CONTEXT). If no value, will assume search should be done from logical top.
  1. "searchScope" - specifies whether the search should be done on the current object, only within the context of the specified "searchContainer", or in all subcontext within the specified "searchContainer" (ResourceAdapter.RA_SEARCH_SCOPE). Valid values are "object", "oneLevel", or "subTree" indicates that the search should be performed on all sub containers within the specified "searchContainer".
  2. "searchTimeLimit" - the timelimit in milliseconds a search should not exceed (ResourceAdapter.RA_SEARCH_TIME_LIMIT).
  3. "searchAttributeNames" - a list of one or more attribute names used as the component of the tuple when searching for referenced objects (Resource_Adapter.RA_SEARCH_ATTRIBUTES).
    Throws:
    WavesetException

updateObject

public WavesetResult updateObject(GenericObject object,
                                  java.util.Map options)
                           throws WavesetException
Updates the specified objectId of type objectType using the list of attributes provided.

Specified by:
updateObject in interface ResourceAdapter
Overrides:
updateObject in class ResourceAdapterBase
Parameters:
object - - a GenericObject containing the objectType, objectId, and list of new and changed attributes to be set on the object
options - - several options can be specified which control the behavior of the search for referenced objects (e.g. group members) They include:
    "searchContext" - the value of this option determines within what context to perform search (ResourceAdapter.RA_SEARCH_CONTEXT). If no value, will assume search should be done from logical top.
  1. "searchScope" - specifies whether the search should be done on the current object, only within the context of the specified "searchContainer", or in all subcontext within the specified "searchContainer" (ResourceAdapter.RA_SEARCH_SCOPE). Valid values are "object", "oneLevel", or "subTree" indicates that the search should be performed on all sub containers within the specified "searchContainer".
  2. "searchTimeLimit" - the timelimit in milliseconds a search should not exceed (ResourceAdapter.RA_SEARCH_TIME_LIMIT).
  3. "searchAttributeNames" - a list of one or more attribute names used as the component of the tuple when searching for referenced objects (Resource_Adapter.RA_SEARCH_ATTRIBUTES).
    Throws:
    WavesetException

doCreateOrUpdateObjectRequest

protected WavesetResult doCreateOrUpdateObjectRequest(java.lang.String objectType,
                                                      java.lang.String objectId,
                                                      GenericObject attributes,
                                                      java.util.Map options,
                                                      java.lang.String cmd)
                                               throws WavesetException
Throws:
WavesetException

doCreateOrUpdateObjectRequest

protected WavesetResult doCreateOrUpdateObjectRequest(java.lang.String objectType,
                                                      java.lang.String objectId,
                                                      GenericObject attributes,
                                                      GenericObject oldAttributes,
                                                      java.util.Map options,
                                                      java.lang.String cmd)
                                               throws WavesetException
Throws:
WavesetException

deleteObject

public WavesetResult deleteObject(GenericObject object,
                                  java.util.Map options)
                           throws WavesetException
Deletes the requested objectId of the requested objectType from the resource

Specified by:
deleteObject in interface ResourceAdapter
Overrides:
deleteObject in class ResourceAdapterBase
Parameters:
object - - a valid object type defined in the resource's section
options - - not currently used since the objectId/objectType provide a unique identifier of the object being deleted
Throws:
WavesetException

listObjects

public java.util.List listObjects(java.lang.String objectType,
                                  java.util.Map options)
                           throws WavesetException
Returns a list of objects matching the requested objectType and options

Specified by:
listObjects in interface ResourceAdapter
Overrides:
listObjects in class ResourceAdapterBase
Parameters:
objectType - - the name of a valid object class for this specified "resId".
options - - several options can be specified which control the behavior of the search. They include:
    "searchContext" - the value of this option determines within what context to perform search (ResourceAdapter.RA_SEARCH_CONTEXT). If not specified, will attempt to get a value from RA_BASE_CONTEXT. If no value, will assume search should be done from logical top.
  1. "searchFilter" - optional specification, in LDAP search filter format as specified in RFC 1558, of one or more object tuples either and'ed or or'ed together. If not specified, a filter will be constructed using the specified objectType. (ResourceAdapter.SEARCH_FILTER).
  2. "searchScope" - specifies whether the search should be done on the current object, only within the context of the specified "searchContext", or in all subcontext within the specified "searchContext" (ResourceAdapter.RA_SEARCH_SCOPE). Valid values are "object", "oneLevel", or "subTree" indicates that the search should be performed on all sub contexts within the specified "searchContext".
  3. "searchTimeLimit" - the timelimit in milliseconds a search should not exceed (ResourceAdapter.RA_SEARCH_TIME_LIMIT).
  4. "searchAttrsToGet" - the list of objectType specific attribute names to get per object
  5. "runAsUser" - user name this request is to be run as. If not specified, defaults to resource proxy admin user.
  6. "runAsPassword" - password of runAsUser. Required to authenticate with resource in order to run the list request as the specified user
Note: This method does not use the RA_LDAP_SEARCH_FILTER resource attribute when listing objects because the filter is explicitly passed in.
Throws:
WavesetException

constructObjectClassFilter

protected java.lang.String constructObjectClassFilter(java.lang.String operator,
                                                      java.lang.Object[] objectClasses)
Returns:
an LDAP Filter constructed from the specified object classes. E.g. constructObjectClassFilter("&", {"top", "person"}) will return "(&(objectclass=top)(objectclass=person))".

constructAccountFilter

public java.lang.String constructAccountFilter()
                                        throws WavesetException
Constructs an account filter for retrieving accounts. The account filter might include the object classes from the resource attr and/or the user provided filter.

Throws:
WavesetException

constructAccountFilter

protected java.lang.String constructAccountFilter(java.lang.Object[] objectClasses)
Constructs an account filter for retrieving accounts. The account filter might include the object classes and/or the user provided filter.


isAccountObjectType

protected boolean isAccountObjectType(java.lang.String resourceObjectType)

isPoolingEnabled

protected boolean isPoolingEnabled()

listAllObjects

public java.util.ArrayList listAllObjects(java.lang.String resourceObjectType,
                                          java.util.Map options,
                                          java.lang.String runAsUser,
                                          EncryptedData runAsPassword)
                                   throws WavesetException
Description copied from interface: ResourceAdapter
This method will return a list of object names of the specified object type. If you need to be able to specify which attrs to return, use listObjects instead

Specified by:
listAllObjects in interface ResourceAdapter
Overrides:
listAllObjects in class ResourceAdapterBase
Parameters:
resourceObjectType - - a type of object that is either well-known or is meaningful to the resource. Every resource is expected to recognize certain values. For example, listAllObjects(ObjectType.ACCOUNT, null, null, null) should return a list of all account names.
options - - a map of options
runAsUser - - (optional) if specified, connect as this user to list all objects of the specified type.
runAsPassword - - (optional) if specified, connect with this password to list all objects of the specified type.
Returns:
a list of all object names of a specified type.
Throws:
WavesetException

getAttributeValue

public java.lang.Object getAttributeValue(java.lang.String name)
                                   throws WavesetException
Description copied from interface: ActiveSync
Get or set an attribute value for the ActiveSync. Setting an attribute value only changes the in-memory copy of the attribute, not the persistent value. Set is typically only used for status or scheduling updates.

Specified by:
getAttributeValue in interface ActiveSync
Throws:
WavesetException

setAttributeValue

public void setAttributeValue(java.lang.String name,
                              java.lang.Object value)
                       throws WavesetException
Specified by:
setAttributeValue in interface ActiveSync
Throws:
WavesetException

init

public void init()
          throws java.lang.Exception
initialize yourself. throw exception if initialization failed

Specified by:
init in interface ActiveSync
Throws:
java.lang.Exception

poll

public int poll()
the poll method. Called at a configurable interval, this polls the remote resource for changes, converts them to IAPI calls, and posts them back to the server.

Specified by:
poll in interface ActiveSync
Returns:
0 if no work done, n if n calls processed

ensureObjectClassInSchemaMap

protected void ensureObjectClassInSchemaMap()
The view's "objectClass" list is used in ActiveSync and required. Since the LDAP attribute "objectclass" is standard, and not case sensitive, this method ensures ActiveSync can detect changes needed for filtering without requiring the distracting entry in the resource's schema map. (Enhancement 11880)


shutdown

public void shutdown()
Description copied from interface: ActiveSync
shutdown

Specified by:
shutdown in interface ActiveSync

getRootDSE

protected GenericObject getRootDSE()
                            throws WavesetException
Get the root DSE and extract some needed attributes about the changelog. The method looks a little strange, but seems to be the only one supported for getting this configuration information.

Throws:
WavesetException

processUpdates

protected void processUpdates(java.util.List list)
                       throws WavesetException,
                              com.waveset.adapter.iapi.IAPIException
Take a list of Maps that are rows of the audit data and turn them into IAPI calls.

Throws:
WavesetException
com.waveset.adapter.iapi.IAPIException

logUpdate

protected void logUpdate(int level,
                         LDAPResourceAdapterBase.UpdateRow update,
                         WavesetResult result)
Log whatever we want to from an update.


buildEvent

protected com.waveset.adapter.iapi.IAPI buildEvent(LDAPResourceAdapterBase.UpdateRow row)
                                            throws WavesetException,
                                                   com.waveset.adapter.iapi.IAPIException
Deprecated. As of IdM 5.5.

Extract the user identity information and attributes, create an IAPIUser object to update Lighthouse, and return it.

Throws:
WavesetException
com.waveset.adapter.iapi.IAPIException

callCompleted

public void callCompleted(com.waveset.adapter.iapi.IAPI call)
An call generated by this resource adapter has completed. Check the result of the call, propogate the result back to the source (like updating a column in a database), and delete it if we are done.

If this does not delete the call, there must be something else that deletes it - or it will just go away when it expires.

Parameters:
call - - the event that has changed.
See Also:


fetchUser

protected WSUser fetchUser(GenericObject changeLogEntry)
                    throws WavesetException
Throws:
WavesetException

fetchUser

protected WSUser fetchUser(GenericObject changeLogEntry,
                           java.lang.String ldapFilter)
                    throws WavesetException
Take a change log entry and get the object associated with it. Return null if the entry doesn't match the ldapFilter.

Throws:
WavesetException

getLDIFAttributeValue

protected GenericObject getLDIFAttributeValue(java.util.StringTokenizer st)
Attributes can be single valued like name: value or multivalued name: value\nname: value2. In either case they are terminated by a line \n- \n. Return a String for single valued attrs, a List of String for multiple values. Assume that the passed-in tokenizer is at the first name/value pair, tokenizes on \n and should consume the training \n- \n line.


getLdapAccountAttributeNames

protected java.util.List getLdapAccountAttributeNames()
Returns:
the names of all ldap attributes pulled from the resource's AccountAttributeType list.

getLdapAccountAttributeNamesForQuery

protected java.lang.String[] getLdapAccountAttributeNamesForQuery()
Returns:
the list of all attribute names for a query. The special "*" attribute is included to retrieve all non-operational attributes on the entry. This was primarily added to account for operational attributes that might be specified in the AccountAttributeType list.

testConfiguration

public WavesetResult testConfiguration()
                                throws WavesetException
This currently only adds validations for filters.

Specified by:
testConfiguration in interface ResourceAdapter
Overrides:
testConfiguration in class ResourceAdapterBase
Throws:
WavesetException

startConnection

protected void startConnection()
                        throws WavesetException
Description copied from class: ResourceAdapterBase
Needs to be overridden by subclass if default createAccounts() implementation is used.

Overrides:
startConnection in class ResourceAdapterBase
Throws:
WavesetException

stopConnection

protected void stopConnection()
                       throws WavesetException
Description copied from class: ResourceAdapterBase
Needs to be overridden by subclass if default createAccounts() implementation is used.

Overrides:
stopConnection in class ResourceAdapterBase
Throws:
WavesetException

getAccountActivator

protected com.waveset.adapter.util.ActionOnUser getAccountActivator()
Returns:
the activator to use for this resource

supportsAccountDisable

public boolean supportsAccountDisable()
Description copied from interface: ResourceAdapter
Indicates whether or not this resource supports account disable. If it does not, the provisioning engine will attempt to simulate disable by generating random passwords. If we end up with more of these "can you do this" methods, we might want to generalize it into a more extensible way to describe features and levels of support.

Specified by:
supportsAccountDisable in interface ResourceAdapter
Overrides:
supportsAccountDisable in class ResourceAdapterBase
Returns:
true if the resource supports the account disable/enable function.

removeAttributeDelta

protected boolean removeAttributeDelta(javax.naming.directory.Attributes ldapAttrs,
                                       WSUser user)
                                throws WavesetException
Any attributes found in ldapAttrs but not found in the user will be removed from the ldap entry

Parameters:
ldapAttrs - before snap shot
user - after snap shot
Returns:
true if changed (ergo before has an attribute that's not found in the after snap shot)
Throws:
WavesetException

getUserCheckForDisabled

protected boolean getUserCheckForDisabled(WSUser user,
                                          WavesetResult result)
Parameters:
user - that been loaded with requisite attributes
result -
Returns:
true if the resource indicates the user is disabled

userActivation

protected boolean userActivation(java.lang.String operation,
                                 WSUser user,
                                 WavesetResult result)
                          throws WavesetException
Used by realEnable, realDisable to load needed attributes into user and then attempt to activate/deactivate

Parameters:
operation -
user -
result -
Returns:
Throws:
WavesetException

getUser

public WSUser getUser(WSUser user,
                      long milli)
               throws WavesetException,
                      java.lang.InterruptedException
Specified by:
getUser in interface ResourceAdapter
Overrides:
getUser in class ResourceAdapterBase
Parameters:
user -
milli -
Returns:
Throws:
WavesetException
java.lang.InterruptedException

realDisable

protected void realDisable(WSUser user,
                           WavesetResult result)
                    throws WavesetException
Overrides:
realDisable in class ResourceAdapterBase
Parameters:
user -
result -
Throws:
WavesetException

realEnable

protected void realEnable(WSUser user,
                          WavesetResult result)
                   throws WavesetException
Overrides:
realEnable in class ResourceAdapterBase
Parameters:
user -
result -
Throws:
WavesetException