com.waveset.adapter
Class LDAPRoleSyncAdapter
java.lang.Object
com.waveset.adapter.ResourceAdapterBase
com.waveset.adapter.LDAPResourceAdapterBase
com.waveset.adapter.LDAPResourceAdapter
com.waveset.adapter.LDAPActiveSyncAdapterBase
com.waveset.adapter.LDAPRoleSyncAdapter
- All Implemented Interfaces:
- ActiveSync, ResourceAdapter
- public class LDAPRoleSyncAdapter
- extends LDAPActiveSyncAdapterBase
This is a simple adapter that searches for all of an objectclass -
the only thing that it works with currently is nsroledefinition, builds
a tree from it, and synchronizes that tree with a subtree of lighthouse
object groups.
The LDAP tree is built by reading the "children" attribute from the
object, nsroledn for nsroledefinition, and building a tree from that.
The lighthouse organization tree is build by listing all lighthouse
organizations, reading the "member object group" attributes which is the
parent.
The resource attribute "Base lighthouse organization" specifies where in
the lighthouse organization tree to synchronize - object groups within
that subtree are created, moved, or deleted to keep the two in
synchronization.
Various gyrations are used to create top down and delete bottom up. Exceptions
deleting are logged but ignored because they will be common - if anything
references an organization it cannot be deleted. In general, the minimum
number of moves are done to move whole subtrees to match.
It is expected that this will run occasionally when the LDAP tree is fairly
quiet. If the LDAP tree is in flux, things still work but extra
organizations will be created and moved.
Everything is done in the poll() routine, there is no breaking up of the
work or keeping track of changes except for the log.
There can be multiple trees of roles and they are independently synchronized.
An example of this is if you create a role - before you make it a nested
role, it appears as a top level peer to the top role. After you nest it,
it appears within that role.
Field Summary |
static java.lang.String |
code_id
|
Fields inherited from class com.waveset.adapter.LDAPResourceAdapterBase |
_accountActivator, _ctx, _encodePwd, ALL_NON_OPERATIONAL_ATTRIBUTES, LDAP_GROUPS_ATTR_NAME, LDAP_SEARCH_ATTRIBUTE_NAMES, LDAP_SEARCH_END_DATE, LDAP_SEARCH_FILTER_STRING, LDAP_SEARCH_OBJECT_CLASSES, LDAP_SEARCH_START_DATE, MICROSOFT, NETSCAPE, OPENLDAP, POSIX_GROUPS_ATTR_NAME, RA_ACTIVE_SYNC_LDAP_FILTER, RA_ENABLE_CONNECTION_POOLING, RA_GROUP_OBJCLASS, RA_GRP_MBR_ATTR, RA_HOST, RA_INCL_OBJCLASSES_IN_SEARCH_FILTER, RA_LDAP_SEARCH_FILTER, RA_MOD_NAMING_ATTR, RA_PASSWORD, RA_PORT, RA_SSL, RA_USE_BLOCKS, RA_USERDN, RA_VLV_SORT_ATTRIBUTE, RA_WSNAME, SUN, UNDISCOVERED, UNKNOWN |
Fields inherited from class com.waveset.adapter.ResourceAdapterBase |
_cache, _context, _excludedAccountsRule, _excludedAccountsRuleInited, _listAllObjectsAttrParse, _listAllObjectsAttrParseName, _listUserAttrParse, _listUserAttrParseName, _listUserGroupsAttrParse, _listUserGroupsAttrParseName, _resource, _thread, _trace, displayInfoCode, RA_BLOCKCOUNT, RA_LOGIN_ACTION, RA_LOGOFF_ACTION, RA_MULTI_VALUED_ATTRS, RA_TEST_MODE |
Fields inherited from interface com.waveset.adapter.ActiveSync |
ACTIVE_SYNC_EVENT_RES_ATTRS_XML, ACTIVE_SYNC_STD_RES_ATTRS_XML, ATTR_IS_DELETED, DATE_FORMAT, DATE_TIME_FORMAT, RA_APPLY_META_VIEW, RA_ASSIGN_SOURCE_ON_CREATE, RA_CONFIRMATION_RULE, RA_CORRELATION_RULE, RA_CREATE_UNMATCHED, RA_DELETE_RULE, RA_FORM, RA_ID, RA_IDM_NAME_RULE, RA_LEGACY_EVENT_GEN, RA_LOG_LEVEL, RA_LOG_PATH, RA_LOG_SIZE, RA_MAX_AGE_LENGTH, RA_MAX_AGE_UNIT, RA_MAX_ARCHIVES, RA_NAME, RA_PARAMETERIZED_INPUT_FORM, RA_POPULATE_GLOBAL, RA_POSTPOLL_WORKFLOW, RA_PREPOLL_WORKFLOW, RA_PROCESS_RULE, RA_PROXY_ADMINISTRATOR, RA_RESET_TO_TODAY, RA_RESOLVE_PROCESS_RULE, RA_SCHEDULE_INTERVAL, RA_SCHEDULE_INTERVAL_COUNT, RA_SCHEDULE_START_DATE, RA_SCHEDULE_START_TIME, RA_SYNC_CONFIG_MODE, RA_SYNC_POST_PROCESS_FORM, RA_UPDATE_IF_DELETE, RA_USE_INPUT_FORM, TIME_FORMAT, TRACE_LEVEL_DEBUG, TRACE_LEVEL_ERROR, TRACE_LEVEL_INFO, TRACE_LEVEL_NONE, TRACE_LEVEL_WARNING |
Fields inherited from interface com.waveset.adapter.ResourceAdapter |
CHANGE_PASSWORD_LOCATION, DISABLE, ENABLE, EXPIRE_PASSWORD, GUID, IGNORE_ATTR, NEW_ACCOUNT_ID, OP_DAYS_INACTIVE, OP_DISABLED, OP_DORMANT, OP_EXPIRED, OP_EXPIREDPWD, OP_INACTIVE, OP_LOCKED, OP_NO_PASSWORD_SET, OP_NOOWNERSHIP, OP_NOPASSWORDREQ, OP_NUMINACTIVEDAYS, OP_NUMPWDAYS, OP_PWNUMDAYS, RA_BASE_CTX, RA_DISPLAY_NAME_ATTR, RA_NEW_OBJECT_ID, RA_NEW_OBJECT_NAME, RA_OBJECT_ATTRIBUTES, RA_OBJECT_CLASS, RA_OBJECT_ID, RA_OBJECT_TYPE, RA_OP_TYPE, RA_RENAME_OP, RA_REQUESTOR, RA_SAVEAS_OP, RA_SEARCH_ATTRIBUTE_NAMES, RA_SEARCH_ATTRS_TO_GET, RA_SEARCH_CONTEXT, RA_SEARCH_FILTER, RA_SEARCH_RUN_AS_PASSWORD, RA_SEARCH_RUN_AS_USER, RA_SEARCH_SCOPE, RA_SEARCH_SCOPE_OBJECT, RA_SEARCH_SCOPE_ONE_LEVEL, RA_SEARCH_SCOPE_SUBTREE, RA_SEARCH_TIME_LIMIT, RESET_PASSWORD, SYSTEM_ATTRIBUTES, UNLOCK, WS_USER_PASSWORD |
Methods inherited from class com.waveset.adapter.LDAPResourceAdapterBase |
addUserToGroup, addUserToGroup, addUserToGroups, addUserToGroups, authenticate, buildBaseUrl, buildBaseUrl, buildEvent, checkCreateAccount, checkDeleteAccount, checkUpdateAccount, closeConnection, constructAccountFilter, constructAccountFilter, constructObjectClassFilter, createAccounts, createObject, deleteAccounts, deleteObject, doCreateOrUpdateObjectRequest, doCreateOrUpdateObjectRequest, encodePwd, ensureObjectClassInSchemaMap, fetchUser, getAccountAttributes, getAccountIterator, getAccountIterator, getBaseContextAttrName, getBaseContexts, getContextEnv, getFeatures, getGroups, getGroups, getLdapAccountAttributeNames, getLdapAccountAttributeNamesForQuery, getLDAPAttributes, getLDAPAttributes, getLDAPAttributes, getObject, getrn, getServerVendor, getUser, getUser, getUser, getUserCheckForDisabled, isAccountObjectType, isPoolingEnabled, listAllObjects, listObjects, logUpdate, makeConnection, makeConnection, makeUnpooledConnection, mapLDAPAttributes, mapLDAPAttributes, mapLDAPAttributes, modifyObject, namesEqual, parseAttrValue, parseOutRDN, realCreate, realDelete, realDisable, realEnable, realUpdate, removeAttributeDelta, removeNameFromAttribute, removeNameFromAttribute, removeUserFromAllGroups, removeUserFromAllGroups, removeUserFromGroup, removeUserFromGroup, removeUserFromGroups, removeUserFromGroups, renameUserAcrossGroups, renameUserAcrossGroups, renameUserAcrossPosixGroups, setLdapObjectAttribute, setLdapObjectAttributeMultivalued, setLdapObjectAttributeMultivalued, startConnection, stopConnection, supportsAccountDisable, supportsExcludedAccounts, testConfiguration, updateAccounts, updateObject, userActivation |
Methods inherited from class com.waveset.adapter.ResourceAdapterBase |
checkForNoPasswordInSchema, checkSyntax, createAccount, createIdentity, deleteAccount, deleteAccount, disableAccount, disableAccounts, dnsEqual, dnsEqual, enableAccount, enableAccounts, executeResourceAttributeJavascriptAction, fillInResourceInfo, fillInResourceInfo, getAccountIterator, getAction, getActionNotFoundErrorMessage, getActionNotFoundMessage, getActionRunAsPassword, getActionRunAsUser, getActionTimeout, getActionType, getAdapter, getAdapter, getAdapter, getAdapterProxy, getAdapterProxy, getAllAccounts, getAttrNameFromMapName, getAttrNameFromMapName, getAttrParse, getAttrTypeFromMapName, getAttrTypeFromMapName, getAUserName, getBaseContextObject, getBlockSize, getContext, getExcludedAccountsRule, getIdentity, getListAllObjectsAttrParse, getListUserAttrParse, getListUserGroupsAttrParse, getOptionalBooleanResAttrVal, getOptionalBooleanResAttrVal, getOptionalEncryptedResAttrVal, getOptionalResAttrVal, getOptionalStringResAttrVal, getRequiredResAttr, getRequiredResAttr, getRequiredResAttrVal, getRequiredResAttrVal, getRequiredResAttrVals, getRequiredUserAttributeNames, getResAttrValActionOnUser, getResAttrVals, getResource, getResourceAccounts, getResourceInfo, getResourceObjectAttrValNameAttr, getResourceObjectClassAttr, getResourceObjectTypePrefix, getSchemaMap, getWSAttrByMapName, getWSAttrByMapName, getWSAttrFromMap, handleActionResult, handleJavascriptActionResult, isAccountAttributeSecret, isExcludedAccount, isExcludedAccount, isFeatureEnabled, isSupported, isTestMode, listAllObjects, listObjects, listObjectsOfType, lookupAction, lookupAction, lookupActions, objectClassesMatchType, println, restoreResourceObjectClassAttr, run, run, runResourceAttributeJavascriptAction, scan, setCache, setContext, setDisabled, setFromResource, setResourceObjectClassAttr, setResourceOptionAttrs, startConnectionWrapper, supportsAccountActions, supportsActions, supportsCaseInsensitiveAccountIds, supportsContainerObjectTypes, supportsResourceAccount, supportsScanning, updateAccount, updateResourceAccount, updateResourceIdentity, vmStoreBoot, vmStoreGet, vmStoreInit, vmStoreLatch, vmStorePut |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
code_id
public static final java.lang.String code_id
- See Also:
- Constant Field Values
LDAPRoleSyncAdapter
public LDAPRoleSyncAdapter(Resource res,
ObjectCache cache)
LDAPRoleSyncAdapter
public LDAPRoleSyncAdapter()
init
public void init()
throws java.lang.Exception
- Description copied from class:
LDAPActiveSyncAdapterBase
- initialize yourself. throw exception if initialization failed
- Specified by:
init
in interface ActiveSync
- Overrides:
init
in class LDAPActiveSyncAdapterBase
- Throws:
java.lang.Exception
setResource
public void setResource(Resource r)
- Specified by:
setResource
in interface ResourceAdapter
- Overrides:
setResource
in class LDAPActiveSyncAdapterBase
staticCreatePrototypeResource
public static Resource staticCreatePrototypeResource()
throws WavesetException
- Override the default to set our class and type and add the source-
specific attributes.
- Throws:
WavesetException
createPrototypeResource
public Resource createPrototypeResource()
throws WavesetException
- Specified by:
createPrototypeResource
in interface ResourceAdapter
- Overrides:
createPrototypeResource
in class LDAPResourceAdapter
- Throws:
WavesetException
poll
public int poll()
- the poll method. Called at a configurable interval, this polls the remote
resource for changes, converts them to IAPI calls, and posts them
back to the server.
- Specified by:
poll
in interface ActiveSync
- Overrides:
poll
in class LDAPActiveSyncAdapterBase
- Returns:
- 0 if no work done, n if n calls processed
listToOrganizationNames
public void listToOrganizationNames(java.util.List list,
java.lang.StringBuffer strBuf)
getOrgNameFromDN
public java.lang.String getOrgNameFromDN(java.lang.String orgDN)
callCompleted
public void callCompleted(com.waveset.adapter.iapi.IAPI call)
- Description copied from class:
LDAPActiveSyncAdapterBase
- An call generated by this resource adapter has completed.
Check the result of the call, propogate the result back to
the source (like updating a column in a database), and delete it
if we are done.
If this does not delete the call, there must be something else that
deletes it - or it will just go away when it expires.
- Overrides:
callCompleted
in class LDAPActiveSyncAdapterBase
- Parameters:
call
- - See Also:
stripBackSlash
public static java.lang.String stripBackSlash(java.lang.String input)
localInit
public void localInit()