49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * CDDL HEADER START
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * The contents of this file are subject to the terms of the
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Common Development and Distribution License, Version 1.0 only
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * (the "License"). You may not use this file except in compliance
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * with the License.
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * or http://forgerock.org/license/CDDLv1.0.html.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * See the License for the specific language governing permissions
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * and limitations under the License.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * When distributing Covered Code, include this CDDL HEADER in each
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * file and include the License file at legal-notices/CDDLv1_0.txt.
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * If applicable, add the following below this CDDL HEADER, with the
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * fields enclosed by brackets "[]" replaced with your own identifying
8cf870d281dc8c242f083d14dfef05f24aa5fceeJnRouvignac * information:
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Portions Copyright [yyyy] [name of copyright owner]
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * CDDL HEADER END
617eca34ddbeeea84d0763be5acb799a36b2c57djvergara * Copyright 2008-2010 Sun Microsystems, Inc.
64c1a3c40117e62ddf3d2d6c09f6ebec51187829cjr * Portions Copyright 2012-2014 ForgeRock AS
64c1a3c40117e62ddf3d2d6c09f6ebec51187829cjrimport org.opends.server.replication.plugin.EntryHistorical;
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Class providing some utilities to create LDAP connections using JNDI and
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * to manage entries retrieved using JNDI.
908fad360e5d610ebaef4e634787343eac17be6fjvergara private static final int DEFAULT_LDAP_CONNECT_TIMEOUT = 30000;
b369c17aec493f598a0fefe8885418cd3db596e9jvergara "org.opends.connectionutils.isstarttls";
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Private constructor: this class cannot be instantiated.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Creates a clear LDAP connection and returns the corresponding LdapContext.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * This methods uses the specified parameters to create a JNDI environment
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * hashtable and creates an InitialLdapContext instance.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param ldapURL
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * the target LDAP URL
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param dn
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * passed as Context.SECURITY_PRINCIPAL if not null
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param pwd
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * passed as Context.SECURITY_CREDENTIALS if not null
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param timeout
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * passed as com.sun.jndi.ldap.connect.timeout if > 0
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param env
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * null or additional environment properties
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @throws NamingException
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * the exception thrown when instantiating InitialLdapContext
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @return the created InitialLdapContext.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see javax.naming.Context
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see javax.naming.ldap.InitialLdapContext
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara public static InitialLdapContext createLdapContext(String ldapURL, String dn,
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara String pwd, int timeout, Hashtable<String, String> env)
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara { // We clone 'env' so that we can modify it freely
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara "com.sun.jndi.ldap.LdapCtxFactory");
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara env.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(timeout));
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara /* Contains the DirContext and the Exception if any */
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara public void run()
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Creates an LDAPS connection and returns the corresponding LdapContext.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * This method uses the TrusteSocketFactory class so that the specified
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * trust manager gets called during the SSL handshake. If trust manager is
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * null, certificates are not verified during SSL handshake.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param ldapsURL the target *LDAPS* URL.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param dn passed as Context.SECURITY_PRINCIPAL if not null.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param pwd passed as Context.SECURITY_CREDENTIALS if not null.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param timeout passed as com.sun.jndi.ldap.connect.timeout if > 0.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param env null or additional environment properties.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param trustManager null or the trust manager to be invoked during SSL
7d34d5efd6624b7e07f0adb2f78a163a953a5bd2ludo * negotiation.
1c296036a417944f7b568e510fa612f647f5a62flutoff * @param keyManager null or the key manager to be invoked during SSL
7d34d5efd6624b7e07f0adb2f78a163a953a5bd2ludo * negotiation.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @return the established connection with the given parameters.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @throws NamingException the exception thrown when instantiating
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * InitialLdapContext.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see javax.naming.Context
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see javax.naming.ldap.InitialLdapContext
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see TrustedSocketFactory
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara public static InitialLdapContext createLdapsContext(String ldapsURL,
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara String dn, String pwd, int timeout, Hashtable<String, String> env,
1c296036a417944f7b568e510fa612f647f5a62flutoff TrustManager trustManager, KeyManager keyManager) throws NamingException {
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara { // We clone 'env' so that we can modify it freely
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara "com.sun.jndi.ldap.LdapCtxFactory");
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara org.opends.admin.ads.util.TrustedSocketFactory.class.getName());
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara /* Contains the DirContext and the Exception if any */
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara public void run() {
1c296036a417944f7b568e510fa612f647f5a62flutoff TrustedSocketFactory.setCurrentThreadTrustManager(fTrustManager,
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff * Clones the provided InitialLdapContext and returns a connection using
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff * the same parameters.
7d34d5efd6624b7e07f0adb2f78a163a953a5bd2ludo * @param ctx the connection to be cloned.
b138eb36479de1170a91322a845ad9e977c3af56ludovicp * @param timeout the timeout to establish the connection in milliseconds.
b138eb36479de1170a91322a845ad9e977c3af56ludovicp * Use {@code 0} to express no timeout.
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff * @param trustManager the trust manager to be used to connect.
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff * @param keyManager the key manager to be used to connect.
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff * @return the new InitialLdapContext connected to the server.
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff * @throws NamingException if there was an error creating the new connection.
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff public static InitialLdapContext cloneInitialLdapContext(
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff final InitialLdapContext ctx, int timeout, TrustManager trustManager,
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff /* Contains the DirContext and the Exception if any */
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff public void run() {
d25372dc8e65a9ed019a88fdf659ca61313f1b31jcduff TrustedSocketFactory.setCurrentThreadTrustManager(fTrustManager,
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Creates an LDAP+StartTLS connection and returns the corresponding
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * LdapContext.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * This method first creates an LdapContext with anonymous bind. Then it
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * requests a StartTlsRequest extended operation. The StartTlsResponse is
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * setup with the specified hostname verifier. Negotiation is done using a
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * TrustSocketFactory so that the specified TrustManager gets called during
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * the SSL handshake.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * If trust manager is null, certificates are not checked during SSL
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * handshake.
5ef1a9f815af36a5c1c7a85a526e6887b68d920flutoff * @param ldapURL the target *LDAP* URL.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param dn passed as Context.SECURITY_PRINCIPAL if not null.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param pwd passed as Context.SECURITY_CREDENTIALS if not null.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param timeout passed as com.sun.jndi.ldap.connect.timeout if > 0.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param env null or additional environment properties.
06b934ca1d5196671ac1a5b507052035f003697blutoff * @param trustManager null or the trust manager to be invoked during SSL
7d34d5efd6624b7e07f0adb2f78a163a953a5bd2ludo * negotiation.
06b934ca1d5196671ac1a5b507052035f003697blutoff * @param keyManager null or the key manager to be invoked during SSL
7d34d5efd6624b7e07f0adb2f78a163a953a5bd2ludo * negotiation.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param verifier null or the hostname verifier to be setup in the
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * StartTlsResponse.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @return the established connection with the given parameters.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @throws NamingException the exception thrown when instantiating
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * InitialLdapContext.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see javax.naming.Context
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see javax.naming.ldap.InitialLdapContext
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see javax.naming.ldap.StartTlsRequest
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see javax.naming.ldap.StartTlsResponse
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @see TrustedSocketFactory
5ef1a9f815af36a5c1c7a85a526e6887b68d920flutoff public static InitialLdapContext createStartTLSContext(String ldapURL,
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara String dn, String pwd, int timeout, Hashtable<String, String> env,
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara { // We clone 'env' to modify it freely
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara "com.sun.jndi.ldap.LdapCtxFactory");
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara /* Contains the DirContext and the Exception if any */
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara public void run() {
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara InitialLdapContext result = new InitialLdapContext(fEnv, null);
06b934ca1d5196671ac1a5b507052035f003697blutoff tls.negotiate(new TrustedSocketFactory(fTrustManager,fKeyManager));
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara "Failed to negotiate Start TLS operation");
b369c17aec493f598a0fefe8885418cd3db596e9jvergara result.addToEnvironment(STARTTLS_PROPERTY, "true");
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara result.addToEnvironment(Context.SECURITY_AUTHENTICATION , "simple");
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara result.addToEnvironment(Context.SECURITY_PRINCIPAL, fDn);
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara result.addToEnvironment(Context.SECURITY_CREDENTIALS, fPwd);
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * Returns the LDAP URL used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @param ctx the context to analyze.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @return the LDAP URL used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara public static String getLdapUrl(InitialLdapContext ctx)
b369c17aec493f598a0fefe8885418cd3db596e9jvergara s = (String)ctx.getEnvironment().get(Context.PROVIDER_URL);
b369c17aec493f598a0fefe8885418cd3db596e9jvergara // This is really strange. Seems like a bug somewhere.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara LOG.log(Level.WARNING, "Naming exception getting environment of "+ctx,
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * Returns the host name used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @param ctx the context to analyze.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @return the host name used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara public static String getHostName(InitialLdapContext ctx)
b369c17aec493f598a0fefe8885418cd3db596e9jvergara // This is really strange. Seems like a bug somewhere.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara LOG.log(Level.WARNING, "Error getting host: "+t, t);
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * Returns the port number used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @param ctx the context to analyze.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @return the port number used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara // This is really strange. Seems like a bug somewhere.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara LOG.log(Level.WARNING, "Error getting port: "+t, t);
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * Returns the host port representation of the server to which this
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * context is connected.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @param ctx the context to analyze.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @return the host port representation of the server to which this
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * context is connected.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara public static String getHostPort(InitialLdapContext ctx)
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * Returns the bind DN used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @param ctx the context to analyze.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @return the bind DN used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara public static String getBindDN(InitialLdapContext ctx)
b369c17aec493f598a0fefe8885418cd3db596e9jvergara bindDN = (String)ctx.getEnvironment().get(Context.SECURITY_PRINCIPAL);
b369c17aec493f598a0fefe8885418cd3db596e9jvergara // This is really strange. Seems like a bug somewhere.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara LOG.log(Level.WARNING, "Naming exception getting environment of "+ctx,
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * Returns the password used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @param ctx the context to analyze.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @return the password used in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara public static String getBindPassword(InitialLdapContext ctx)
b369c17aec493f598a0fefe8885418cd3db596e9jvergara bindPwd = (String)ctx.getEnvironment().get(Context.SECURITY_CREDENTIALS);
b369c17aec493f598a0fefe8885418cd3db596e9jvergara // This is really strange. Seems like a bug somewhere.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara LOG.log(Level.WARNING, "Naming exception getting environment of "+ctx,
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * Tells whether we are using SSL in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @param ctx the context to analyze.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @return <CODE>true</CODE> if we are using SSL and <CODE>false</CODE>
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * otherwise.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara public static boolean isSSL(InitialLdapContext ctx)
b369c17aec493f598a0fefe8885418cd3db596e9jvergara boolean isSSL = false;
7d34d5efd6624b7e07f0adb2f78a163a953a5bd2ludo isSSL = getLdapUrl(ctx).toLowerCase().startsWith("ldaps");
b369c17aec493f598a0fefe8885418cd3db596e9jvergara // This is really strange. Seems like a bug somewhere.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara LOG.log(Level.WARNING, "Error getting if is SSL "+t, t);
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * Tells whether we are using StartTLS in the provided InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @param ctx the context to analyze.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @return <CODE>true</CODE> if we are using StartTLS and <CODE>false</CODE>
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * otherwise.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara public static boolean isStartTLS(InitialLdapContext ctx)
b369c17aec493f598a0fefe8885418cd3db596e9jvergara boolean isStartTLS = false;
b369c17aec493f598a0fefe8885418cd3db596e9jvergara isStartTLS = "true".equalsIgnoreCase((String)ctx.getEnvironment().get(
b369c17aec493f598a0fefe8885418cd3db596e9jvergara // This is really strange. Seems like a bug somewhere.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara LOG.log(Level.WARNING, "Naming exception getting environment of "+ctx,
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Method used to know if we can connect as administrator in a server with a
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * given password and dn.
7d34d5efd6624b7e07f0adb2f78a163a953a5bd2ludo * @param ldapUrl the LDAP URL of the server.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param dn the dn to be used.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param pwd the password to be used.
b138eb36479de1170a91322a845ad9e977c3af56ludovicp * @param timeout the timeout to establish the connection in milliseconds.
b138eb36479de1170a91322a845ad9e977c3af56ludovicp * Use {@code 0} to express no timeout.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @return <CODE>true</CODE> if we can connect and read the configuration and
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * <CODE>false</CODE> otherwise.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara public static boolean canConnectAsAdministrativeUser(String ldapUrl,
b138eb36479de1170a91322a845ad9e977c3af56ludovicp ctx = createLdapsContext(ldapUrl, dn, pwd, timeout,
b369c17aec493f598a0fefe8885418cd3db596e9jvergara canConnectAsAdministrativeUser = connectedAsAdministrativeUser(ctx);
b369c17aec493f598a0fefe8885418cd3db596e9jvergara // Nothing to do.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara throw new IllegalStateException("Unexpected throwable.", t);
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * Method used to know if we are connected as administrator in a server with a
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * given InitialLdapContext.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @param ctx the context.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * @return <CODE>true</CODE> if we are connected and read the configuration
b369c17aec493f598a0fefe8885418cd3db596e9jvergara * and <CODE>false</CODE> otherwise.
b369c17aec493f598a0fefe8885418cd3db596e9jvergara public static boolean connectedAsAdministrativeUser(InitialLdapContext ctx)
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Search for the config to check that it is the directory manager.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara SearchControls searchControls = new SearchControls();
6206ed2d27885390956a5dc0be3271367f84b20bJnRouvignac new String[] { SchemaConstants.NO_ATTRIBUTES });
239f425b7a5059eceffdb4fb3a80842f4d6ac7b2ludovicp ctx.search("cn=config", "objectclass=*", searchControls);
7d34d5efd6624b7e07f0adb2f78a163a953a5bd2ludo "Unexpected error closing enumeration on cn=Config entry", ex);
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara // Nothing to do.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara throw new IllegalStateException("Unexpected throwable.", t);
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * This is just a commodity method used to try to get an InitialLdapContext.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param t the Thread to be used to create the InitialLdapContext.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param pair an Object[] array that contains the InitialLdapContext and the
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Throwable if any occurred.
b138eb36479de1170a91322a845ad9e977c3af56ludovicp * @param timeout the timeout in milliseconds. If we do not get to create the
b138eb36479de1170a91322a845ad9e977c3af56ludovicp * connection before the timeout a CommunicationException will be thrown.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @return the created InitialLdapContext
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @throws NamingException if something goes wrong during the creation.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara private static InitialLdapContext getInitialLdapContext(Thread t,
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara // This might happen for problems in sockets
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara // so it does not necessarily imply a bug
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara boolean throwException = false;
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara // This might happen for problems in sockets
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara // so it does not necessarily imply a bug
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara ConnectException x = new ConnectException("Connection timed out");
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara xx = new CommunicationException("Connection timed out");
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara throw new IllegalStateException("Unexpected throwable occurred",
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Returns the default LDAP timeout in milliseconds when we try to connect to
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * a server.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @return the default LDAP timeout in milliseconds when we try to connect to
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * a server.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara public static int getDefaultLDAPTimeout()
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Returns the String that can be used to represent a given host name in a
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * LDAP URL.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * This method must be used when we have IPv6 addresses (the address in the
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * LDAP URL must be enclosed with brackets).
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param host the host name.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @return the String that can be used to represent a given host name in a
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * LDAP URL.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara public static String getHostNameForLdapUrl(String host)
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara // Assume an IPv6 address has been specified and adds the brackets
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara // for the URL.
4d7a9734afbc1f92d79b9d3bf092d56998c13bd7jvergara * Returns the LDAP URL for the provided parameters.
4d7a9734afbc1f92d79b9d3bf092d56998c13bd7jvergara * @param host the host name.
4d7a9734afbc1f92d79b9d3bf092d56998c13bd7jvergara * @param port the LDAP port.
4d7a9734afbc1f92d79b9d3bf092d56998c13bd7jvergara * @param useSSL whether to use SSL or not.
4d7a9734afbc1f92d79b9d3bf092d56998c13bd7jvergara * @return the LDAP URL for the provided parameters.
4d7a9734afbc1f92d79b9d3bf092d56998c13bd7jvergara public static String getLDAPUrl(String host, int port, boolean useSSL)
4e75d856e42d4ea01d4a4ed72534266c45b4a99djvergara * Tells whether the provided Throwable was caused because of a problem with
4e75d856e42d4ea01d4a4ed72534266c45b4a99djvergara * a certificate while trying to establish a connection.
4e75d856e42d4ea01d4a4ed72534266c45b4a99djvergara * @param t the Throwable to analyze.
4e75d856e42d4ea01d4a4ed72534266c45b4a99djvergara * @return <CODE>true</CODE> if the provided Throwable was caused because of a
4e75d856e42d4ea01d4a4ed72534266c45b4a99djvergara * problem with a certificate while trying to establish a connection and
4e75d856e42d4ea01d4a4ed72534266c45b4a99djvergara * <CODE>false</CODE> otherwise.
4e75d856e42d4ea01d4a4ed72534266c45b4a99djvergara public static boolean isCertificateException(Throwable t)
4e75d856e42d4ea01d4a4ed72534266c45b4a99djvergara boolean returnValue = false;
4e75d856e42d4ea01d4a4ed72534266c45b4a99djvergara returnValue = (t instanceof SSLHandshakeException) ||
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Returns the String representation of the first value of an attribute in a
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * LDAP entry.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param entry the entry.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param attrName the attribute name.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @return the String representation of the first value of an attribute in a
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * LDAP entry.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @throws NamingException if there is an error processing the entry.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara static public String getFirstValue(SearchResult entry, String attrName)
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara if (o instanceof String)
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * Returns a Set with the String representation of the values of an attribute
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * in a LDAP entry. The returned Set will never be null.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param entry the entry.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @param attrName the attribute name.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @return a Set with the String representation of the values of an attribute
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * in a LDAP entry.
49ce6d7c2babc40f2ad8d9c44637088e865919f3jvergara * @throws NamingException if there is an error processing the entry.