|
DLESE Tools v1.6.0 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.dlese.dpc.ldap.LdapClient
public class LdapClient
Handles all LDAP communications for DLESE applications.
For info on the properties file, see the
LdapClient constructor
.
For info on required and optional attributes, see
addUserEntry
.
For info on search filter syntax and semantics, see
searchDn
.
Caution: The properties file contains an unencrypted administrator password. The file must not be readable by outsiders!
lists/open/hydrology
DLESElistName=hydrology,DLESEsetName=open,DLESEou=lists,dc=dlese,dc=org
All list names must start with either "lists/" or "groups/".
They may have as many levels as desired.
Contrary to standard LDAP, this interface constructs
intermediate levels for list entrys as needed.
So if you create a list
/lists/committees/steering/voting
the intermediate LDAP entries are created if needed:
/lists
/lists/committees
/lists/committees/steering
Currently this interface does not remove unused intermediate
entries. So, for example, if you remove the list
/lists/committees/steering/voting
the intermediate LDAP entries are not removed:
/lists
/lists/committees
/lists/committees/steering
If need be, they may be removed using the ldapmodify shell command,
which is part of standard OpenLDAP.
All lists starting with "lists/open/" have open enrollment, meaning users can self-register and self-remove. All other lists can be changed only by the list owner or an admin.
Example: lists/open/hydrology
Corresponding LDAP dn: DLESElistName=hydrology,DLESEsetName=open,DLESEou=lists,dc=dlese,dc=org
Meaning: Hydrology interest group; open enrollment
Example: lists/committees/steering/voting
Corresponding Ldap dn: DLESElistName=voting,DLESEsetName=steering,DLESEsetName=committees,DLESEou=lists,dc=dlese,dc=org
Meaning: Voting members of the steering committee;
controlled enrollment
Example: groups/dpc/cataloguers/experienced
Corresponding Ldap dn: DLESElistName=experienced,DLESEsetName=cataloguers,DLESEsetName=dpc,DLESEou=groups,dc=dlese,dc=org
Meaning: Experienced DPC cataloguers; controlled enrollment
Flavors | Method | Desc |
---|---|---|
People entries: | ||
admin |
userAuthenticates: Test: does a user authenticate | |
admin |
addUserEntry: Creates a new user entry | |
admin |
removeUserEntry: Removes a user entry | |
admin |
userExists: Tests if a user entry exists | |
user ,
admin |
getUserAttributes: Gets attributes for 1 user entry | |
user ,
admin |
getSingleAttribute: Gets 1 attribute for 1 user entry | |
user ,
admin |
setUserAttribute: Sets/replaces 1 attribute and all it's values | |
user ,
admin |
addUserAttributeValue: Adds a new value for an attribute | |
user ,
admin |
removeUserAttributeValue: Removes a value for an attribute | |
Object entries: | ||
user |
getUserObject: Retrieves a java object | |
user |
storeUserObject: Stores a java object associated with a user | |
user |
removeUserObject: Removes a java object associated with a user | |
Lists: | ||
admin |
createList: Creates a new list | |
admin |
removeEntireList: Removes an entire list | |
user |
addListName: Adds a name to a list | |
user |
removeListName: Removes a name from a list | |
user ,
admin |
getListAttributes: Gets attributes of all members of a list | |
user ,
admin |
getListMembers: Gets dns of all members of a list | |
user ,
admin |
getListNames: Gets UIDs of all members of a list | |
All entries: | ||
user ,
admin |
search: Searches all entries using the specified filter |
getUserAttributes( String authName, String password,
String subjectName, String[] attrNames)
,
take the uid and password as the first two parameters.
getUserAttributes(
String subjectName, String[] attrNames)
.
LdapDemo
.void testDemoClient( String propsFile) // Name of properties file throws LdapException { LdapClient democlient = new LdapClient( propsFile); try { democlient.isAlive(); } catch( LdapException lex) { System.out.println( "\nDemoClient: isAlive says there's trouble: " + lex); throw lex; } LdapEntry[] entries = democlient.search( null, // base = null: start at top of DB tree "objectclass=*", // filter: find all entries null, // attrNames = null: return all attributes 0); // maxres = 0 implies return all results if (entries == null) System.out.println("\nDemoClient: No entries found"); else { System.out.println("\nDemoClient: num entries found: " + entries.length); // For each returned entry: for (int ii = 0; ii < entries.length; ii++) { System.out.println("\nEntry " + ii + " dn: " + entries[ii].getDn()); // For each attribute of the entry: for (int jj = 0; jj < entries[ii].getAttrsRows(); jj++) { System.out.print(" Attribute: " + entries[ii].getAttrName( jj) + " Values:"); String[] valueStrings = entries[ii].getAttrStrings(jj); // For each value of the attribute: for (int kk = 0; kk < valueStrings.length; kk++) { System.out.print(" \"" + valueStrings[kk] + "\""); } // end for kk System.out.println(); } // end for jj } // end for ii System.out.println(); } // if entries != null } // end testDemoClient
Field Summary | |
---|---|
protected Properties |
props
|
Constructor Summary | |
---|---|
LdapClient(String pfile)
Creates a client using the info in the specified properties file. |
Method Summary | |
---|---|
void |
addAttributeValueDn(String authDn,
String password,
String subjectDn,
String attrName,
String value)
Low level method: adds a single value to a single attribute, using the specified dn/pswd for authorization. |
void |
addEntryDn(String authDn,
String password,
String newDn,
String[][] attrStgs)
Low level method: adds a new LDAP entry, using the specified dn/pswd for authorization. |
void |
addListName(String authName,
String password,
String listName,
String userName)
Adds a single "DLESElistMember" name to the specified list. |
void |
addUserAttributeValue(String subjectName,
String attrName,
String value)
Adds a single value to a single attribute, using the admin dn/pswd for authorization. |
void |
addUserAttributeValue(String authName,
String password,
String subjectName,
String attrName,
String value)
Adds a single value to a single attribute, using the specified uid/pswd for authorization. |
void |
addUserEntry(String newName,
String[][] attrStgs)
Adds a new LDAP entry for a user, using a the admin dn/pswd for authorization. |
void |
createList(String listName,
String ownerName)
Creates an empty list of names, using a the admin dn/pswd for authorization, and adds the owner as a DLESElistMember of the list. |
LdapEntry |
getAttributesDn(String authDn,
String password,
String subjectDn,
String[] attrNames)
Low level method: Retrieves attributes of a single entry, using the specified dn/pswd for authorization. |
LdapEntry[] |
getListAttributes(String listName,
String[] attrNames)
Returns the desired attributes for each "DLESElistMember" attribute value from a list, using a the admin dn/pswd for authorization. |
LdapEntry[] |
getListAttributes(String authName,
String password,
String listName,
String[] attrNames)
Returns the desired attributes for each "DLESElistMember" attribute value from a list, using the specified dn/pswd for authorization. |
String[] |
getListMembers(String listName)
Returns all the "DLESElistMember" attribute values from a list, as full dn's (distinguished names), using a the admin dn/pswd for authorization. |
String[] |
getListMembers(String authName,
String password,
String listName)
Returns all the "DLESElistMember" attribute values from a list, as full dn's (distinguished names), using a the specified dn/pswd for authorization. |
String[] |
getListMembersDn(String authDn,
String password,
String listDn)
Low level: Returns all the "DLESElistMember" attribute values from a list, as full dn's (distinguished names); returns null if no DLESElistMembers in the list. |
String[] |
getListNames(String listName)
Returns all the "DLESElistMember" attribute values from a list, as uids (not full dn's); returns null if no DLESElistMembers in the list. |
String[] |
getListNames(String authName,
String password,
String listName)
Returns all the "DLESElistMember" attribute values from a list, as uids (not full dn's); returns null if no DLESElistMembers in the list. |
Object |
getObjectDn(String authDn,
String password,
String objectDn)
Low level method: Retrieves a serialized Java Object, using the specified dn/pswd for authorization. |
protected String |
getProperty(String propName,
Properties props,
String pfile)
Returns the desired property value; throws an LdapException if not found. |
String[] |
getSingleAttribute(String subjectName,
String attrName)
Retrieves values for a single attribute of a single entry, using the admin dn/pswd for authorization. |
String[] |
getSingleAttribute(String authName,
String password,
String subjectName,
String attrName)
Retrieves values for a single attribute of a single entry, using the specified uid/pswd for authorization. |
String[] |
getSingleAttributeDn(String authDn,
String password,
String subjectDn,
String attrName)
Low level method: Returns the values associated with a single attribute of a single entry, or null if no values exist. |
LdapEntry |
getUserAttributes(String subjectName,
String[] attrNames)
Retrieves attributes of a single entry, using the admin dn/pswd for authorization. |
LdapEntry |
getUserAttributes(String authName,
String password,
String subjectName,
String[] attrNames)
Retrieves attributes of a single entry, using the specified uid/pswd for authorization. |
Object |
getUserObject(String authName,
String password,
String userName,
String objectName)
Retrieves a serialized Java Object, using the specified uid/pswd for authorization. |
LdapEntry |
getUserObjectAttributes(String authName,
String password,
String userName,
String objectName,
String[] attrNames)
Deprecated: Retrieves the attributes associated with a serialized Java Object, using the specified uid/pswd for authorization. |
Date |
getUtcCreateTimestamp(String subjectName)
Returns the UTC (GMT) time of creation for a given entry. |
Date |
getUtcModifyTimestamp(String subjectName)
Returns the UTC (GMT) time of last modification for a given entry. |
void |
isAlive()
Tests to see if the server, adminDn, and adminPswd specified in the properties file are actually working. |
protected String |
mkUserDn(String userName)
Given a UID, returns the corresponding full dn (distinguished name). |
void |
removeAttributeValueDn(String authDn,
String password,
String subjectDn,
String attrName,
String value)
Low level method: removes a single value from a single attribute, or removes the entire attribute and all values, using the specified dn/pswd for authorization. |
void |
removeEntireList(String listName)
Removes a list of names, using a the admin dn/pswd for authorization. |
void |
removeEntryDn(String authDn,
String password,
String subjectDn)
Low level method: removes an entry from the LDAP database, using the specified dn/pswd for authorization. |
void |
removeListName(String authName,
String password,
String listName,
String userName)
Removes a single "DLESElistMember" name from the specified list. |
void |
removeUserAttributeValue(String subjectName,
String attrName,
String value)
Removes a single value from a single attribute, or removes the entire attribute and all values, using a the admin dn/pswd for authorization. |
void |
removeUserAttributeValue(String authName,
String password,
String subjectName,
String attrName,
String value)
Removes a single value from a single attribute, or removes the entire attribute and all values, using the specified uid/pswd for authorization. |
void |
removeUserEntry(String subjectName)
Removes an entry from the LDAP database, using a the admin dn/pswd for authorization. |
void |
removeUserObject(String authName,
String password,
String userName,
String objectName)
Removes a serialized Java Object, and associated attributes, using the specified uid/pswd for authorization. |
void |
renameEntryDn(String authDn,
String password,
String oldDn,
String newDn)
Deprecated: Low level method: renames an entry in the LDAP database, using the specified dn/pswd for authorization. |
void |
renameUserEntry(String oldName,
String newName)
Deprecated: Renames an user entry in the LDAP database, using a the admin dn/pswd for authorization. |
LdapEntry[] |
search(String base,
String filter,
String[] attrNames,
int maxres)
Searches and retrieves attributes for 0 or more entries, using the admin dn/pswd for authorization. |
LdapEntry[] |
search(String authName,
String password,
String base,
String filter,
String[] attrNames,
int maxres)
Searches and retrieves attributes for 0 or more entries, using the specified uid/pswd for authorization. |
LdapEntry[] |
searchDn(String authDn,
String password,
String specBase,
String filter,
String[] attrNames,
int maxres)
Low level method: searches and retrieves attributes for 0 or more entries, using the specified dn/pswd for authorization. |
void |
setAttributeDn(String authDn,
String password,
String subjectDn,
String attrName,
String[] values)
Low level method: sets the value of a single attribute, using the specified dn/pswd for authorization. |
void |
setUserAttribute(String subjectName,
String attrName,
String[] values)
Sets the value of a single attribute, using the admin dn/pswd for authorization. |
void |
setUserAttribute(String authName,
String password,
String subjectName,
String attrName,
String[] values)
Sets the value of a single attribute, using the specified uid/pswd for authorization. |
void |
storeObjectDn(String authDn,
String password,
String curDn,
String[][] attrStgs,
Object obj)
Low level method: stores a serialized Java Object, and associated attributes, using the specified dn/pswd for authorization. |
void |
storeUserObject(String authName,
String password,
String userName,
String objectName,
Object obj)
Stores a serialized Java Object, and associated attributes, using the specified uid/pswd for authorization. |
boolean |
userAuthenticates(String subjectName,
String password)
Returns true if the subjectName/password pair authenticates successfully; false otherwise. |
boolean |
userExists(String subjectName)
Tests to see if a user entry exists in the LDAP database, using a the admin dn/pswd for authorization. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected Properties props
Constructor Detail |
---|
public LdapClient(String pfile) throws LdapException
Caution: The properties file contains an unencrypted administrator password. The file must not be readable by outsiders!
Properties file fields:
Field | Meaning |
---|---|
hostUrl | URL of the LDAP server |
dnbase | The suffix of the dn (distinguished names) for all entries in the LDAP database |
adminDn | The full dn (distinguished name) of the administrator for this DLESE subgroup |
adminPswd | The unencrypted password for the adminDn |
Sample properties file:
hostUrl ldap://localhost:3890 dnbase dc=dlese,dc=org adminDn DLESEloginName=jsmith,DLESEou=people,dc=dlese,dc=org adminPswd someSecret
LdapException
Method Detail |
---|
public void isAlive() throws LdapException
LdapException
public Date getUtcCreateTimestamp(String subjectName) throws LdapException
subjectName
- the uid about which info is requested
LdapException
public Date getUtcModifyTimestamp(String subjectName) throws LdapException
subjectName
- the uid about which info is requested
LdapException
public boolean userAuthenticates(String subjectName, String password) throws LdapException
subjectName
- the uid about which info is requestedpassword
- the password associated with subjectName
LdapException
public String[] getSingleAttribute(String authName, String password, String subjectName, String attrName) throws LdapException
getSingleAttributeDn
.
See addUserEntry
for doc on the
attribute names.
authName
- the uid of the callerpassword
- the password associated with authNamesubjectName
- the uid about which info is requestedattrName
- is the name of the desired attribute.
LdapException
public String[] getSingleAttribute(String subjectName, String attrName) throws LdapException
getSingleAttributeDn
.
See addUserEntry
for doc on the
attribute names.
subjectName
- the uid about which info is requestedattrName
- is the name of the desired attribute.
LdapException
public String[] getSingleAttributeDn(String authDn, String password, String subjectDn, String attrName) throws LdapException
authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnsubjectDn
- the dn about which info is requestedattrName
- is the name of the desired attribute.
LdapException
public LdapEntry getUserAttributes(String authName, String password, String subjectName, String[] attrNames) throws LdapException
getAttributesDn
.
See addUserEntry
for doc on the
attribute names.
authName
- the uid of the callerpassword
- the password associated with authNamesubjectName
- the uid about which info is requestedattrNames
- an array of attribute names to be returned.
If null, all available attributes are returned.
LdapNotFoundException
if entry not found.
If attrNames was specified, the LdapEntry has the same
attributes in the specified order.
If attrNames is null, the LdapEntry contains all available attributes for the entry, sorted by attribute name.
LdapException
public LdapEntry getUserAttributes(String subjectName, String[] attrNames) throws LdapException
getAttributesDn
.
subjectName
- the uid about which info is requestedattrNames
- an array of attribute names to be returned.
If null, all available attributes are returned.
LdapNotFoundException
if entry not found.
If attrNames was specified, the LdapEntry has the same
attributes in the specified order.
If attrNames is null, the LdapEntry contains all available attributes for the entry, sorted by attribute name.
LdapException
public LdapEntry getAttributesDn(String authDn, String password, String subjectDn, String[] attrNames) throws LdapException
authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnsubjectDn
- the dn about which info is requestedattrNames
- an array of attribute names to be returned.
If null, all available attributes are returned.
LdapNotFoundException
if entry not found.
If attrNames was specified, the LdapEntry has the same
attributes in the specified order.
If attrNames is null, the LdapEntry contains all available attributes for the entry, sorted by attribute name.
LdapException
public LdapEntry[] search(String authName, String password, String base, String filter, String[] attrNames, int maxres) throws LdapException
searchDn
for details.
See addUserEntry
for doc on the
attribute names.
authName
- the uid of the callerpassword
- the password associated with authNamebase
- The starting dn of the search. If null or "", start at top.filter
- The search phrase. See associated notes on filter syntax.attrNames
- an array of attribute names to be returned.
If attrNames is non-null, each LdapEntry has the same
attributes in the specified order.
If attrNames == null, all available attributes are returned
for each entry, sorted by attribute name.maxres
- the maximum number of LDAP entries to return.
If maxres <= 0, all matching entries are returned.
LdapException
public LdapEntry[] search(String base, String filter, String[] attrNames, int maxres) throws LdapException
searchDn
for details.
See addUserEntry
for doc on the
attribute names.
authName
- the uid of the callerpassword
- the password associated with authNamebase
- The starting dn of the search. If null or "", start at top.filter
- The search phrase.attrNames
- an array of attribute names to be returned
If null, all available attributes are returned.maxres
- the maximum number of LDAP entries to return.
If maxres <= 0, all matching entries are returned.
LdapException
public LdapEntry[] searchDn(String authDn, String password, String specBase, String filter, String[] attrNames, int maxres) throws LdapException
addUserEntry
for doc on the
attribute names.
Filter syntax
Filter syntax is described in RFC 2254 and associated RFCs. The attributes contained in the various DLESE entry types are specified in the OpenLDAP configuration file, "slapd.conf", and in the OpenLDAP schema files. Here is a summary of the syntax.
Filter character set
The character set used in filters is the UTF-8 encoding of ISO 10646 (Unicode): see www.unicode.org/. Any character in the character set may be represented by a backslash with two hex chars. For example, the asterisk * could also be written \2A.
Filter items
A filter expression is composed of items. An item is
a single comparison, of the form:
( attributeName=value )
The simplest filter is a single item, like:
(sn=smith)
This filter matches all entries having a surname (sn) of smith.
Most searches are case insensitive, so this would find
surnames like "Smith", "SmiTH", "smith", etc.
Some attributes are optional. To find all entries
in which an attribute exists, even if it has a blank
value, use a filter item like:
(labeledURI=*)
This finds all entries having a labeledURI (used to specify
a URL).
The "*" acts much like a shell wildcard, so to find
all entries having a labeledURI that uses http and
involves dlese, one could use:
(labeledURI=*http://*dlese*)
Filter expressions
Boolean expressions may be build up from items using the
idiotic "prefix notation" specified by RFC 2254.
I guess they didn't feel like writing a real expression parser.
For example, to find all entries having
givenName = "sally" and surname = "smith" and phone with
a "303" area code, one could use:
(& (givenName=sally) (sn=smith) (telephoneNumber=303*) )
That is, the "&" operator precedes all its operands.
Quotes in filters
Quotes within filters are not used.
In some cases they happen to work, but in general they do not.
So the following two filters appear to work identically, although
only the first is correct.
(cn=sally smith)
OK
(cn="sally smith")
Incorrect
Filter operators and symbols
The exact meaning of the comparison operators "=", "~=", ">=", "<=" are defined in the attribute's definition. For example, attributeType "sn" (a surname) is defined in the OpenLDAP schema file "core.schema". There "sn" inherits the syntax of attributeType "name". The definition of "name" specifies "EQUALITY caseIgnoreMatch", meaning that comparisons are case insensitive.
Incredibly, RFC 2254 defines no operators for "<" and ">".
Operator or symbol | Meaning |
---|---|
= | Test equality,
according to the attribute definition Example: (sn=smith) Notes: Matches all entries having an sn of "smith", or a case-changed variant thereof. Usually case insensitive. |
=~ | Test approximate equality,
according to the attribute definition Example: (sn=~smith) Notes: seldom used |
<= | Test less than or equal,
according to the attribute definition Example: (numWidgets<=33) Notes: seldom used |
>= | Test greater than or equal,
according to the attribute definition Example: (numWidgets>=33) Notes: seldom used |
* | Wildcard: 0 or more chars Example: (sn=*smith*) Notes: matches all entries having sn that contains "smith" in any case: "Smithsonian", "Arrowsmith", "blacksmIThing", etc. Example: (sn=*) Notes: matches all entries having an "sn" attribute Example: (objectclass=*) Notes: matches all entries in the LDAP database, since all entries must have an "objectclass" attribute |
& | Logical and Example: (& (sn=smith) (givenName=Sally)) Notes: Matches all entries having both sn=smith and givenName=Sally Caution: uses idiotic prefix notation: (& item1 item2 item3 ... ) |
| | Logical or Example: (| (sn=smith) (givenName=Sally)) Notes: Matches all entries having either sn=smith or givenName=Sally Caution: uses idiotic prefix notation: (| item1 item2 item3 ... ) |
! | Logical negation Example: (! (sn=*smith*)) Notes: Matches all entries that don't contain the string "smith" or a case-changed variant thereof. |
\ | Escape character Example: (cn=stars \2A for sale) Notes: Matches all entries having cn="stars * for sale". Example: (cn=parens \28\29 for sale) Notes: Matches all entries having cn="parens () for sale". Example: (cn=*\A9*) Notes: Matches all entries with cn containing a copyright symbol. |
authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnspecBase
- The starting dn of the search.
If null or "", start at top.filter
- The search phrase.attrNames
- an array of attribute names to be returned
If null, all available attributes are returned.maxres
- the maximum number of LDAP entries to return.
If maxres <= 0, all matching entries are returned.
If attrNames is null, ALL available attributes are returned for each entry. In this case:
LdapException
public void setUserAttribute(String authName, String password, String subjectName, String attrName, String[] values) throws LdapException
setAttributeDn
.
authName
- the uid of the callerpassword
- the password associated with authNamesubjectName
- the uid containing the attribute to be modifiedattrName
- the attribute namevalues
- the new values for the attribute
LdapException
public void setUserAttribute(String subjectName, String attrName, String[] values) throws LdapException
setAttributeDn
.
subjectName
- the uid containing the attribute to be modifiedattrName
- the attribute namevalues
- the new values for the attribute
LdapException
public void setAttributeDn(String authDn, String password, String subjectDn, String attrName, String[] values) throws LdapException
authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnsubjectDn
- the dn containing the attribute to be modifiedattrName
- the attribute namevalues
- the new values for the attribute
LdapException
public void addUserAttributeValue(String authName, String password, String subjectName, String attrName, String value) throws LdapException
addAttributeValueDn
.
authName
- the uid of the callerpassword
- the password associated with authNamesubjectName
- the uid containing the attribute to be modifiedattrName
- the attribute namevalue
- the new value
LdapException
public void addUserAttributeValue(String subjectName, String attrName, String value) throws LdapException
addAttributeValueDn
.
authName
- the uid of the callerpassword
- the password associated with authNamesubjectName
- the uid containing the attribute to be modifiedattrName
- the attribute namevalue
- the new value
LdapException
public void addAttributeValueDn(String authDn, String password, String subjectDn, String attrName, String value) throws LdapException
authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnsubjectDn
- the dn containing the attribute to be modifiedattrName
- the attribute namevalue
- the new value
LdapException
public void removeUserAttributeValue(String authName, String password, String subjectName, String attrName, String value) throws LdapException
host
- the URI of the LDAP server.authName
- the uid of the callerpassword
- the password associated with authNamesubjectName
- the uid containing the attribute to be modifiedattrName
- the attribute namevalue
- the value to be removed.
If null, the entire attribute and all values are removed.
LdapException
public void removeUserAttributeValue(String subjectName, String attrName, String value) throws LdapException
host
- the URI of the LDAP server.authName
- the uid of the callerpassword
- the password associated with authNamesubjectName
- the uid containing the attribute to be modifiedattrName
- the attribute namevalue
- the value to be removed.
If null, the entire attribute and all values are removed.
LdapException
public void removeAttributeValueDn(String authDn, String password, String subjectDn, String attrName, String value) throws LdapException
host
- the URI of the LDAP server.authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnsubjectDn
- the dn containing the attribute to be modifiedattrName
- the attribute namevalue
- the value to be removed.
If null, the entire attribute and all values are removed.
LdapException
public void addUserEntry(String newName, String[][] attrStgs) throws LdapException
Required attributes
All values are unique except as noted.
See the OpenLDAP configuration file, slapd.conf, for the final say.
Attribute | Meaning | Typical values |
---|---|---|
DLESEemailPrimary | primary email address | somebody@someplace.org |
DLESEloginName | login name | jsmith |
DLESEnameFirst | first name (given name) | James |
DLESEnameLast | last name (surname or family name) | Smith |
userPassword | login password | aBigSecret |
Optional attributes
All values are unique except as noted.
See the OpenLDAP configuration file, slapd.conf, for the final say.
Attribute | Meaning | Typical values |
---|---|---|
DLESEadr1 | street address line 1 | 123 Some Street |
DLESEadr2 | street address line 2 | Dept 456 |
DLESEcity | street address: city | Whoville |
DLESEcounty | street address: county | Tack County |
DLESEcountry | street address: country | USA |
DLESEemailAlt | alternate email address | someOther@someU.edu |
DLESEfax | fax phone number | 303-555-1212 |
DLESEfocus | focus (may have multiple values) | elementary school, graduate students, ... |
DLESEnameMiddle | middle name or initial | M |
DLESEnameNick | nick name or casual name | Slim |
DLESEnameSuffix | name suffix, like Sr or PhD | PhD |
DLESEnameTitle | common title, like Mr, Ms, Dr | Dr |
DLESEorg1 | organization 1 | UCAR |
DLESEorg2 | organization 2 | U of Colorado |
DLESEphone1 | primary phone number | 303-555-1212 |
DLESEphone2 | secondary phone number | 303-555-1212 |
DLESEpostalCode | street address: postalCode | 81234-4321 |
DLESEprofResp | professional responsibility (may have multiple values) | teaching, student, administrator, ... |
DLESEstate | street address: state | CO |
DLESEurl | url | http://www.somesite.org |
DLESEuserPasswordPhrase | password reminder phrase | Mother's name |
DLESEworkSphere | work sphere (may have multiple values) | atmosphere, biosphere, solid earth, ... |
newName
- the new uidattrStgs
- the names and values of the attributes.
Each row i represents one attribute and it's values:
attrs[i][0] is the String attribute name,
and attrs[i][1 ... rowlen-1] are the String values.
Note: the attrStgs matrix need not be rectangular, since different attributes may have different numbers of values.
The "objectclass" attribute is added automatically, and should not be specified in attrStgs.
LdapException
public void addEntryDn(String authDn, String password, String newDn, String[][] attrStgs) throws LdapException
authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnnewDn
- the new dnattrStgs
- the names and values of the attributes.
Each row i represents one attribute and it's values:
attrs[i][0] is the String attribute name,
and attrs[i][1 ... rowlen-1] are the String values.
Note: the attrStgs matrix need not be rectangular, since different attributes may have different numbers of values.
LdapException
public void storeUserObject(String authName, String password, String userName, String objectName, Object obj) throws LdapException
getUserObject
.
CAUTION: Storing a null object leaves a JNDI Context in the database, and on the next getUserObject call the Context will be returned instead of a user object. Storing a null object is NOT RECOMMENDED!
authName
- the uid of the callerpassword
- the password associated with authNameuserName
- the name of the user associated with this objectobjectName
- the name associated with this object, such as "dcsState".attrStgs
- the names and values of the attributes.
Each row i represents one attribute and it's values:
attrs[i][0] is the String attribute name,
and attrs[i][1 ... rowlen-1] are the String values.
Note: the attrStgs matrix need not be rectangular, since different attributes may have different numbers of values.
obj
- the Java Object to be serialized.
LdapException
public void storeObjectDn(String authDn, String password, String curDn, String[][] attrStgs, Object obj) throws LdapException
getObjectDn
.
authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnnewDn
- the new dnattrStgs
- the names and values of the attributes.
This must contain ALL the needed attributes: objectclass, etc. Note: the attrStgs matrix need not be rectangular, since different attributes may have different numbers of values.
obj
- the Java Object to be serialized.
LdapException
public void removeUserObject(String authName, String password, String userName, String objectName) throws LdapException
authName
- the uid of the callerpassword
- the password associated with authNameuserName
- the name of the user associated with this objectobjectName
- the name associated with this object, such as "dcsState".
Silly JNDI/LDAP spec: Returns void, with no exceptions, whether or not the objectName existed before the call.
LdapException
public Object getUserObject(String authName, String password, String userName, String objectName) throws LdapException
storeUserObject
.
To retrieve the attributes, use
getUserObjectAttributes
.
authName
- the uid of the callerpassword
- the password associated with authNameuserName
- the name of the user associated with this objectobjectName
- the name associated with this object.
LdapException
public Object getObjectDn(String authDn, String password, String objectDn) throws LdapException
storeObjectDn
.
authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnobjectDn
- the dn of the object.
LdapException
public LdapEntry getUserObjectAttributes(String authName, String password, String userName, String objectName, String[] attrNames) throws LdapException
This method is deprecated since currently no
user-accessible attributes are stored with Java objects.
At some future date we could change this, allowing
attributes to be stored with Java objects.
See storeUserObject
.
See storeUserObject
.
To retrieve the Object itself, use
getUserObject
.
authName
- the uid of the callerpassword
- the password associated with authNameuserName
- the name of the user associated with this objectobjectName
- the name associated with this object.attrNames
- an array of attribute names to be returned.
If null, all available attributes are returned.
LdapNotFoundException
if entry not found.
If attrNames was specified, the LdapEntry has the same
attributes in the specified order.
If attrNames is null, the LdapEntry contains all available attributes for the entry, sorted by attribute name.
LdapException
public void renameUserEntry(String oldName, String newName) throws LdapException
CAUTION: This will throw an Exception if any user objects are stored for this user, since OpenLDAP does not yet support renaming subtrees. NOT RECOMMENDED!
authName
- the uid of the callerpassword
- the password associated with authNameoldName
- the old uid.newName
- the new uid.
LdapException
public void renameEntryDn(String authDn, String password, String oldDn, String newDn) throws LdapException
host
- the URI of the LDAP server.authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnoldDn
- the old dn.newDn
- the new dn.
LdapException
public void removeUserEntry(String subjectName) throws LdapException
Silly JNDI/LDAP spec: Returns void, with no exceptions, whether or not the subjectName existed before the call.
subjectName
- the uid to be removed.
LdapException
public void removeEntryDn(String authDn, String password, String subjectDn) throws LdapException
Silly JNDI/LDAP spec: Returns void, with no exceptions, whether or not the subjectDn existed before the call.
host
- the URI of the LDAP server.authDn
- the authorized dn (distinguished name) of the callerpassword
- the password associated with authDnsubjectDn
- the dn to be removed.
LdapException
public boolean userExists(String subjectName) throws LdapException
subjectName
- the uid to be removed.
LdapException
public void createList(String listName, String ownerName) throws LdapException
listName
- the name of the list to be created.
On open lists, the user can add/remove themself.
On all other lists, only the list owner can add/remove DLESEloginNames.ownerName
- the uid of the list owner.
LdapException
public void removeEntireList(String listName) throws LdapException
Silly JNDI/LDAP spec: Returns void, with no exceptions, whether or not the listName existed before the call.
listName
- the name of the list to be created.
LdapException
public void addListName(String authName, String password, String listName, String userName) throws LdapException
authName
- the uid of the callerpassword
- the password associated with authNamelistName
- the name of the list to be created.userName
- the uid to be added to the list.
LdapException
public void removeListName(String authName, String password, String listName, String userName) throws LdapException
authName
- the uid of the callerpassword
- the password associated with authNamelistName
- the name of the list to be created.userName
- the uid to be removed from the list.
LdapException
public String[] getListMembers(String authName, String password, String listName) throws LdapException
authName
- the uid of the callerpassword
- the password associated with authNamelistName
- the name of the list to be created.
LdapException
public String[] getListMembers(String listName) throws LdapException
authName
- the uid of the callerpassword
- the password associated with authNamelistName
- the name of the list to be created.
LdapException
public String[] getListMembersDn(String authDn, String password, String listDn) throws LdapException
authName
- the uid of the callerpassword
- the password associated with authNamelistName
- the name of the list to be created.
LdapException
public String[] getListNames(String authName, String password, String listName) throws LdapException
getListMembers
.
authName
- the uid of the callerpassword
- the password associated with authNamelistName
- the name of the list to be created.
LdapException
public String[] getListNames(String listName) throws LdapException
getListMembers
.
listName
- the name of the list to be created.
LdapException
public LdapEntry[] getListAttributes(String authName, String password, String listName, String[] attrNames) throws LdapException
getListMembers
.
authName
- the uid of the callerpassword
- the password associated with authNamelistName
- the name of the list to be created.attrNames
- an array of attribute names to be returned.
If null, all available attributes are returned.
LdapException
public LdapEntry[] getListAttributes(String listName, String[] attrNames) throws LdapException
getListMembers
.
listName
- the name of the list to be created.attrNames
- an array of attribute names to be returned.
If null, all available attributes are returned.
LdapException
protected String getProperty(String propName, Properties props, String pfile) throws LdapException
propName
- The name of the desired property.props
- The Properties container.pfile
- The name of the properties file: not opened,
only used for error messages.
LdapException
protected String mkUserDn(String userName)
|
DLESE Tools v1.6.0 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |