The following code is from the eDirectory plug-in:
package com.novell.nam.common.ldap.jndi;
import javax.naming.AuthenticationException;
import javax.naming.OperationNotSupportedException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.ExtendedRequest;
import javax.naming.ldap.ExtendedResponse;
import com.novell.nam.common.ldap.jndi.ext.GetEffectiveRightsRequest;
import com.novell.nam.common.ldap.jndi.ext.GetEffectiveRightsResponse;
import com.novell.nam.common.ldap.jndi.ext.NdsAttributeRights;
import com.novell.nam.common.ldap.jndi.ext.NdsEntryRights;
import com.novell.nam.common.ldap.jndi.ext.NdsRights;
public class LDAPStorePluginEDir extends LDAPStorePlugin
{
@Override
public String getDirectoryName()
{
return "Novell eDirectory";
}
@Override
public String getGUIDAttributeName()
{
return "GUID";
}
@Override
public String getMemberAttributeName()
{
return "member";
}
@Override
public String getUserClassName()
{
return "User";
}
@Override
public String getUserNamingAttrName()
{
return "cn";
}
@Override
public String getFailedLoginCountAttributeName()
{
return "loginIntruderAttempts";
}
public Attributes preUserAccountCreation(String strCorrelationId, String name, String password, String context)
{
Attributes attrs = new BasicAttributes();
attrs.put(JNDIConstants.LDAP_ATTR_OBJECTCLASS,"User");
attrs.put(JNDIConstants.LDAP_ATTR_CN,name);
attrs.put(JNDIConstants.LDAP_ATTR_SN,"NAM Generated");
attrs.put("userPassword",password);
return attrs;
}
public void onCreateConnectionException(AuthenticationException ae)
throws JNDIException
{
// Check the return message to see if we can interpret it.
String strDetails = ae.getMessage();
// Look for "Incorrect Password"
int iIdxLdapErrorCode = strDetails.indexOf(" 49 ");
int iIdxNDSErrorCode = strDetails.indexOf("(-669)");
if ((-1 != iIdxLdapErrorCode) && (-1 != iIdxNDSErrorCode))
{
if (iIdxLdapErrorCode < iIdxNDSErrorCode)
{ // The user typed in an incorrect password
throw new JNDIExceptionIncorrectPassword(ae, ae.getLocalizedMessage());
}
}
// Look for Expired Password
iIdxLdapErrorCode = strDetails.indexOf(" 49 ");
iIdxNDSErrorCode = strDetails.indexOf("(-222)");
if ((-1 != iIdxLdapErrorCode) && (-1 != iIdxNDSErrorCode))
{
if (iIdxLdapErrorCode < iIdxNDSErrorCode)
{ // The password for this user account has expired.
throw new JNDIExceptionExpiredPassword(ae, ae.getLocalizedMessage());
}
}
}
public void onCreateConnectionException(OperationNotSupportedException onse)
throws JNDIException
{
// Check the return message to see if we can interpret it.
String strDetails = onse.getMessage();
// Look for "Incorrect Password"
int iIdxLdapErrorCode = strDetails.indexOf(" 53 ");
if (iIdxLdapErrorCode != -1)
{
int iIdxNDSErrorCode = strDetails.indexOf("(-220)");
// Check for account disabled (or a restriction has disabled the account)
if (iIdxNDSErrorCode != -1 && iIdxLdapErrorCode < iIdxNDSErrorCode)
throw new JNDIExceptionDisabledAccount(onse, onse.getLocalizedMessage());
// Check for intruder detection disablement
iIdxNDSErrorCode = strDetails.indexOf("(-218)");
if (iIdxNDSErrorCode != -1 && iIdxLdapErrorCode < iIdxNDSErrorCode)
throw new JNDIExceptionRestrictedAccount(onse, onse.getLocalizedMessage());
// Check for intruder detection disablement
iIdxNDSErrorCode = strDetails.indexOf("(-197)");
if (iIdxNDSErrorCode != -1 && iIdxLdapErrorCode < iIdxNDSErrorCode)
throw new JNDIExceptionIntruderDetection(onse, onse.getLocalizedMessage());
}
}
public boolean supportsEffectiveRightsRetrieval()
{
return true;
}
public ExtendedRequest getEntryEffectiveRightsExtendedRequest(String objectDN, String trusteeDN)
{
return new GetEffectiveRightsRequest(objectDN, trusteeDN);
}
public int getEntryEffectiveRights(ExtendedResponse response)
{
if (response instanceof GetEffectiveRightsResponse)
{
NdsRights rights = ((GetEffectiveRightsResponse)response).getRights();
return rights.getRights();
}
return 0;
}
public ExtendedRequest getAttributeEffectiveRightsExtendedRequest(String objectDN, String trusteeDN)
{
return new GetEffectiveRightsRequest(objectDN, trusteeDN, NdsRights.ALL_ATTRIBUTES_RIGHTS);
}
public int getAttributeEffectiveRights(ExtendedResponse response)
{
if (response instanceof GetEffectiveRightsResponse)
{
NdsRights rights = ((GetEffectiveRightsResponse)response).getRights();
return rights.getRights();
}
return 0;
}
public boolean hasEntrySupervisorRights(int iEntryRights)
{
return new NdsEntryRights(iEntryRights).hasSupervisor();
}
public boolean hasEntryBrowseRights(int iEntryRights)
{
return new NdsEntryRights(iEntryRights).hasBrowse();
}
public boolean hasEntryRenameRights(int iEntryRights)
{
return new NdsEntryRights(iEntryRights).hasRename();
}
public boolean hasEntryDeleteRights(int iEntryRights)
{
return new NdsEntryRights(iEntryRights).hasDelete();
}
public boolean hasEntryAddRights(int iEntryRights)
{
return new NdsEntryRights(iEntryRights).hasAdd();
}
public boolean hasAttributeCompareRights(int iAttributeRights)
{
return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasCompare();
}
public boolean hasAttributeReadRights(int iAttributeRights)
{
return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasRead();
}
public boolean hasAttributeWriteRights(int iAttributeRights)
{
return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasWrite();
}
public boolean hasAttributeSelfRights(int iAttributeRights)
{
return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasSelf();
}
public boolean hasAttributeSupervisorRights(int iAttributeRights)
{
return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasSupervisor();
}
public boolean hasObjectSearchRights(int iEntryRights, int iAttributeRights)
{
NdsEntryRights entryRights = new NdsEntryRights(iEntryRights);
NdsAttributeRights attributeRights = new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights);
if (entryRights.hasSupervisor())
{ // Supervisor entry rights are sufficient for doing a user search
return true;
}
if (entryRights.hasBrowse())
{ // Browse entry rights plus supervisor/compare attribute rights are sufficient for doing a user search
if (attributeRights.hasSupervisor() || attributeRights.hasCompare())
{
return true;
}
}
return false;
}
}