LDAP.java revision 31e884b62c9fe19fbd76d0aff5b03dffba66985f
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: LDAP.java,v 1.17 2010/01/25 22:09:16 qcheng Exp $
*
* Portions Copyrighted 2010-2016 ForgeRock AS.
*/
public class LDAP extends AMLoginModule {
// static variables
private static final String USER_CREATION_ATTR =
"iplanet-am-ldap-user-creation-attr-list";
private static final String INVALID_CHARS =
"iplanet-am-auth-ldap-invalid-chars";
private boolean sslTrustAll = false;
private boolean isSecure = false;
private boolean useStartTLS = false;
// local variables
protected String validatedUserID;
private String userPassword;
private int requiredPasswordLength = 0;
private String currentConfigName;
private String protocolVersion;
private int currentState;
protected LDAPAuthUtils ldapUtil;
private boolean isReset;
private boolean isProfileCreationEnabled;
private boolean getCredentialsFromSharedState;
private Map sharedState;
public Map currentConfig;
protected String amAuthLDAP;
protected Principal userPrincipal;
enum LoginScreen {
static {
}
}
private final int state;
}
return name;
}
}
int intValue() {
return state;
}
}
/**
* TODO-JAVADOC
*/
public LDAP() {
amAuthLDAP = "amAuthLDAP";
}
/**
* TODO-JAVADOC
*/
if (debug.messageEnabled()) {
}
this.sharedState = sharedState;
}
/**
* TODO-JAVADOC
*/
public boolean initializeLDAP() throws AuthLoginException {
try {
currentConfig, "iplanet-am-auth-ldap-base-dn");
}
"iplanet-am-auth-ldap-min-password-length");
try {
} catch (NumberFormatException ex) {
}
}
"iplanet-am-auth-ldap-bind-dn", "");
"iplanet-am-auth-ldap-user-naming-attribute", "uid");
"iplanet-am-auth-ldap-user-search-attributes");
protocolVersion = CollectionHelper.getMapAttr(currentConfig, "openam-auth-ldap-secure-protocol-version", "TLSv1");
"iplanet-am-auth-ldap-search-scope", "SUBTREE");
"iplanet-am-auth-ldap-auth-level");
try {
} catch (Exception e) {
}
}
}
).booleanValue();
).booleanValue();
"openam-auth-ldap-heartbeat-timeunit", "SECONDS");
final int operationTimeout = CollectionHelper.getIntMapAttr(currentConfig, OPERATION_TIMEOUT_ATTR , 0 , debug);
// set the optional attributes here
if (debug.messageEnabled()) {
+ "\nrequiredPasswordLength-> " + requiredPasswordLength
+ "\nbaseDN-> " + baseDN
+ "\nuserNamingAttr-> " + userNamingAttr
+ "\nuserSearchAttr(s)-> " + userSearchAttrs
+ "\nuserCreationAttrs-> " + userCreationAttrs
+ "\nsearchFilter-> " + searchFilter
+ "\nsearchScope-> " + searchScope
+ "\nisSecure-> " + isSecure
+ "\nuseStartTLS-> " + useStartTLS
+ "\ntrustAll-> " + sslTrustAll
+ "\nauthLevel-> " + authLevel
+ "\nbeheraEnabled->" + beheraEnabled
+ "\nprimaryServers-> " + primaryServers
+ "\nsecondaryServers-> " + secondaryServers
+ "\nheartBeatInterval-> " + heartBeatInterval
+ "\nheartBeatTimeUnit-> " + heartBeatTimeUnit
+ "\noperationTimeout-> " + operationTimeout
+ "\nPattern : " + regEx);
}
return true;
}
}
throws AuthLoginException {
try {
}
getCredentialsFromSharedState = true;
} else {
//callbacks is not null
}
if (debug.messageEnabled()) {
}
throw new InvalidPasswordException("amAuth",
"invalidPasswd", null);
}
//store username password both in success and failure case
if (initializeLDAP()) {
//validate username
} else {
}
boolean passwordValidationSuccessFlag = true;
// Validating Password only if authentication
// information entered is correct
try {
} catch (UserNamePasswordValidationException upve) {
if (debug.messageEnabled()) {
"password policy rules specified"
+ " in OpenAM");
}
isReset = true;
"PasswordInvalid");
passwordValidationSuccessFlag = false;
}
}
}
return currentState;
if (debug.messageEnabled()) {
}
// callbacks[3] is a user selected button index
// PwdAction == 0 is a Submit button
int pwdAction =
if (pwdAction == 0) {
try {
// check minimal password length requirement
int newPasswordLength = 0;
if (newPassword != null) {
}
if (newPasswordLength < requiredPasswordLength) {
if (debug.messageEnabled()) {
+ " than the minimal length of "
}
// add log
"CHANGE_USER_PASSWORD_FAILED", false, null);
} else {
if (newState ==
// log change password success
"changePasswdSucceeded",
"CHANGE_USER_PASSWORD_SUCCEEDED");
} else {
// add log
"CHANGE_USER_PASSWORD_FAILED", false, null);
}
}
if (debug.messageEnabled()) {
}
} catch(UserNamePasswordValidationException upve) {
if (debug.messageEnabled()) {
"need a different password");
}
"NewPasswordInvalid");
}
return currentState;
} else {
if (isReset) {
isReset = false;
}
return ISAuthConstants.LOGIN_SUCCEED;
}
} else {
}
} catch (LDAPUtilException ex) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
}
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
return currentState;
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
throw new AuthLoginException(amAuthLDAP,
} else {
}
} catch (UserNamePasswordValidationException upve) {
// Note: Do not set failure Id for this exception
if (debug.messageEnabled()) {
}
throw new AuthLoginException(upve);
}
}
/**
* Returns principal.
*
* @return principal.
*/
public Principal getPrincipal() {
if (userPrincipal != null) {
return userPrincipal;
} else if (validatedUserID != null) {
return userPrincipal;
} else {
return null;
}
}
/**
* Cleans up state fields.
*/
public void destroyModuleState() {
}
/**
* TODO-JAVADOC
*/
public void nullifyUsedVars() {
userPassword = null;
userAttrMap = null;
sharedState = null;
amAuthLDAP = null;
}
try {
switch (newState) {
case SUCCESS:
setForceCallbacksRead(false);
break;
case PASSWORD_EXPIRING:
{
/**
* In case of sharedstate if the chain breaks in ldap
* because of abnormal condition like pwd expiring
* then the callbacks has to be read fresh so that new
* screen appears for the user.
*/
setForceCallbacksRead(true);
}
break;
case PASSWORD_RESET_STATE:
case CHANGE_AFTER_RESET:
isReset = true;
/**
* In case of sharedstate if the chain breaks in ldap
* because of abnormal condition like pwd reset
* then the callbacks has to be read fresh so that new
* screen appears for the user.
*/
setForceCallbacksRead(true);
break;
case PASSWORD_EXPIRED_STATE:
break;
case ACCOUNT_LOCKED:
break;
case GRACE_LOGINS:
{
setForceCallbacksRead(true);
if (cbk instanceof ConfirmationCallback) {
}
}
}
}
break;
case TIME_BEFORE_EXPIRATION:
{
setForceCallbacksRead(true);
}
case USER_NOT_FOUND:
case SERVER_DOWN:
default:
}
} catch (LDAPUtilException ex) {
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
return;
}
}
}
}
throws AuthLoginException {
switch (newState) {
// Instantiating the callback implementation variable. This
// will be used to notify the plug-in classes that a
// successful password change was performed.
try {
// We need the current system time since this is required
// as part of the callback method parameter.
// We now notify the plug-in that a successful
// password change was performed.
} catch (AMAuthCallBackException acbe) {
if (debug.errorEnabled()) {
"AMAuthCallBackImpl instance or callback module " +
"raised an exception.", acbe);
}
}
break;
case PASSWORD_NOT_UPDATE:
break;
case PASSWORD_MISMATCH:
break;
case WRONG_PASSWORD_ENTERED:
break;
case PASSWORD_MIN_CHARACTERS:
break;
case USER_PASSWORD_SAME:
break;
break;
case PASSWORD_IN_HISTORY:
break;
case PASSWORD_TOO_SHORT:
break;
case PASSWORD_TOO_YOUNG:
break;
default:
}
}
private void createProfile() {
if (debug.messageEnabled()) {
}
}
}
if (tmpPassword == null) {
// treat a NULL password as an empty password
tmpPassword = new char[0];
}
}
/**
* Retrieves the user creation attribute list from the
* ldap configuration. The format of each line in the attribute
* list is localAttribute:externalAttribute , this indicates the
* the mapping of the local attribute in local iDS to the external
* attribute in remote iDS.
* This method parses each line in the list to separate the local
* attribute and external attribute and creates a set of
* external attributes and a Map with key as the internal
* attribute and value the external attribute.
*/
if (debug.messageEnabled()) {
}
while (attrIterator.hasNext()) {
if (i != -1) {
} else {
}
} else {
}
}
}
}
/**
* this method retrieves the key which is the external
* attribute from the attributeValues and maps it
* to the local attribute. A new map with localAttribute
* as the key and value is the value of the attribute in
* external iDS is created.
*/
if (debug.messageEnabled()) {
}
while (userIterator.hasNext()) {
if (debug.messageEnabled()) {
}
}
}
if (debug.messageEnabled()) {
}
return newAttrMap;
}
}