Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.novell.nam.common.ldap.jndi
Class LDAPStorePlugin

java.lang.Object
  extended by com.novell.nam.common.ldap.jndi.LDAPStorePlugin

public abstract class LDAPStorePlugin
extends java.lang.Object

Constructor Summary
LDAPStorePlugin()
           
 
Method Summary
 int getAttributeEffectiveRights(javax.naming.ldap.ExtendedResponse response)
          Obtain the attribute effective rights from the LDAP ExtendedResponse object that was obtained from the LDAP extension call to the LDAP server.
 javax.naming.ldap.ExtendedRequest getAttributeEffectiveRightsExtendedRequest(java.lang.String objectDN, java.lang.String trusteeDN)
          Allows the creation of a customized ExtendedRequest object to implement the LDAP extension for evaluating the attribute effective rights a given trustee has to a given directory object.
abstract  java.lang.String getDirectoryName()
          Returns the descriptive display name of this directory type.
 int getEntryEffectiveRights(javax.naming.ldap.ExtendedResponse response)
          Obtain the entry effective rights from the LDAP ExtendedResponse object that was obtained from the LDAP extension call to the LDAP server.
 javax.naming.ldap.ExtendedRequest getEntryEffectiveRightsExtendedRequest(java.lang.String objectDN, java.lang.String trusteeDN)
          Allows the creation of a customized ExtendedRequest object to implement the LDAP extension for evaluating the entry effective rights a given trustee has to a given directory object.
abstract  java.lang.String getGUIDAttributeName()
          Returns the schema name of the Globally Unique Identifier attribute for this directory type.
abstract  java.lang.String getMemberAttributeName()
          Returns the schema name of the Group Member attribute for this directory type.
abstract  java.lang.String getUserClassName()
          Returns the schema name of the User class for this directory type.
abstract  java.lang.String getUserNamingAttrName()
          Returns the schema name of the naming attribute of the User class for this directory type.
 boolean hasAttributeCompareRights(int iAttributeRights)
          Does the trustee have COMPARE attribute rights to the object? COMPARE rights is taken from the Novell eDirectory specification.
 boolean hasAttributeReadRights(int iAttributeRights)
          Does the trustee have READ attribute rights to the object? READ rights is taken from the Novell eDirectory specification.
 boolean hasAttributeSelfRights(int iAttributeRights)
          Does the trustee have SELF attribute rights to the object? SELF rights is taken from the Novell eDirectory specification.
 boolean hasAttributeSupervisorRights(int iAttributeRights)
          Does the trustee have SUPERVISOR attribute rights to the object? SUPERVISOR rights is taken from the Novell eDirectory specification.
 boolean hasAttributeWriteRights(int iAttributeRights)
          Does the trustee have WRITE attribute rights to the object? WRITE rights is taken from the Novell eDirectory specification.
 boolean hasEntryAddRights(int iEntryRights)
          Does the trustee have ADD entry rights to the object? ADD rights is taken from the Novell eDirectory specification.
 boolean hasEntryBrowseRights(int iEntryRights)
          Does the trustee have BROWSE entry rights to the object? BROWSE rights is taken from the Novell eDirectory specification.
 boolean hasEntryDeleteRights(int iEntryRights)
          Does the trustee have DELETE entry rights to the object? DELETE rights is taken from the Novell eDirectory specification.
 boolean hasEntryRenameRights(int iEntryRights)
          Does the trustee have RENAME entry rights to the object? RENAME rights is taken from the Novell eDirectory specification.
 boolean hasEntrySupervisorRights(int iEntryRights)
          Does the trustee have SUPERVISOR entry rights to the object? SUPERVISOR rights is taken from the Novell eDirectory specification.
 boolean hasObjectSearchRights(int iEntryRights, int iAttributeRights)
          Does the trustee have sufficient entry and/or attribute rights to allow searching for objects in the object's context? Searching implies that the trustee must have at least BROWSE entry rights and READ attribute rights for the "cn" and "objectClass" attributes.
 void onCreateConnection(java.util.Hashtable<java.lang.String,java.lang.Object> environment)
          Called just before a new JNDI LDAP connection is created.
 void onCreateConnectionException(javax.naming.AuthenticationException ae)
          Allows customized handling of exceptions thrown during the create JNDI LDAP connection attempt.
 void onCreateConnectionException(javax.naming.OperationNotSupportedException onse)
          Allows customized handling of exceptions thrown during the create JNDI LDAP connection attempt.
 java.util.Hashtable<java.lang.String,java.lang.Object> postUserAccountCreation(java.lang.String strCorrelationId, java.lang.String name, java.lang.String password, java.lang.String context)
          Some directory types require that attributes be set on the object after it has been created.
abstract  javax.naming.directory.Attributes preUserAccountCreation(java.lang.String strCorrelationId, java.lang.String name, java.lang.String password, java.lang.String context)
          The plug-in must provide all of the attributes required to create a user object.
 boolean supportsEffectiveRightsRetrieval()
          Allows the plugin to indicate if it supports the retrieval of effective rights.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LDAPStorePlugin

public LDAPStorePlugin()
Method Detail

getDirectoryName

public abstract java.lang.String getDirectoryName()
Returns the descriptive display name of this directory type. For example, for eDirectory, this method might return "Novell eDirectory".

Returns:
The descriptive display name of this directory type.

getGUIDAttributeName

public abstract java.lang.String getGUIDAttributeName()
Returns the schema name of the Globally Unique Identifier attribute for this directory type. For example, for eDirectory, this method might return "GUID".

Returns:
The schema name of the Globally Unique Identifier attribute.

getMemberAttributeName

public abstract java.lang.String getMemberAttributeName()
Returns the schema name of the Group Member attribute for this directory type. For example, for eDirectory, this method might return "member".

Returns:
The schema name of the Globally Unique Identifier attribute.

getUserClassName

public abstract java.lang.String getUserClassName()
Returns the schema name of the User class for this directory type. For example, for eDirectory, this method might return "User".

Returns:
The schema name of the User class.

getUserNamingAttrName

public abstract java.lang.String getUserNamingAttrName()
Returns the schema name of the naming attribute of the User class for this directory type. For example, for eDirectory, this method might return "cn".

Returns:
The schema name of the naming attribute of the User class.

onCreateConnection

public void onCreateConnection(java.util.Hashtable<java.lang.String,java.lang.Object> environment)
Called just before a new JNDI LDAP connection is created. Allows the plug-in to view, modify, add, remove connection creation parameters to/from the environment. For example, for directory types where following referrals is desired, code like "environment.put(Context.REFERRAL, "follow");" might be implemented here.

Parameters:
environment - the fully-populated set of parameters that will be used to create

preUserAccountCreation

public abstract javax.naming.directory.Attributes preUserAccountCreation(java.lang.String strCorrelationId,
                                                                         java.lang.String name,
                                                                         java.lang.String password,
                                                                         java.lang.String context)
The plug-in must provide all of the attributes required to create a user object. This method is called during user account provisioning. Optional attributes might also be included in the attribute set.

This method is called by NIDP just before calling the method:

javax.naming.directory.DirContext.createSubcontext(String name, Attributes attrs) throws NamingException

The Attributes object returned from this method is the same object that NIDP will pass to the above referenced call.

Calls to preUserAccountCreation() and postUserAccountCreation() might be matched up using the strCorrelationId parameter.

Parameters:
strCorrelationId - A random unique string used to correlate pre and post account creation method calls.
name - The user account name that will be used to create the new user account.
password - The user account password that will be used to create the new user account.
context - The full directory context where the new user account will be created.
Returns:
An javax.naming.directory.Attributes object containing all of the attributes required to create the user account.

postUserAccountCreation

public java.util.Hashtable<java.lang.String,java.lang.Object> postUserAccountCreation(java.lang.String strCorrelationId,
                                                                                      java.lang.String name,
                                                                                      java.lang.String password,
                                                                                      java.lang.String context)
Some directory types require that attributes be set on the object after it has been created. Therefore, this method allows the plug-in to provide the attributes to be set on the user object after creation. For example, a directory type might require that the password be set after the user object is created.

This method is called by NIDP just after calling the method:

javax.naming.directory.DirContext.createSubcontext(String name, Attributes attrs) throws NamingException

This method is called by NIDP just before calling the method:

javax.naming.directory.DirContext.modifyAttributes(String name, ModificationItem[] mods) throws NamingException The name value pairs returned in the Hashtable constitute the values that will be used in the mods parameter of the above referenced call. Calls to preUserAccountCreation() and postUserAccountCreation() might be matched up using the strCorrelationId parameter. If the return value from this method is null, then the modifyAttributes method will not be called by NIDP.

Parameters:
strCorrelationId - A random unique string used to correlate pre and post account creation method calls.
name - The user account name that will be used to create the new user account.
password - The user account password that will be used to create the new user account.
context - The full directory context where the new user account will be created.
Returns:
An java.util.Hashtable object containing name value pairs of attributes to be set on the newly created user account.

onCreateConnectionException

public void onCreateConnectionException(javax.naming.AuthenticationException ae)
                                 throws JNDIException
Allows customized handling of exceptions thrown during the create JNDI LDAP connection attempt. Plug-ins might examine the exception and throw out an NIDPException derived exception.

If the plug-in does nothing, the original exception is re-thrown by NIDP.

Several pre-defined exceptions exist which might be thrown by the plug-in implementation. These are enumerated below in the see-also list.

A general implementation of this method might examine the parameter Exception ae, then based on the findings, specific to a given LDAP server, throw out a more detailed or "correct" exception.

Parameters:
ae - The AuthenticationException thrown during JNDI LDAP connection creation.
Throws:
NIDPException - if the plug-in desires to change the Exception.
JNDIException
See Also:
JNDIExceptionCommunication, JNDIExceptionConnectionTimeout, JNDIExceptionDisabledAccount, JNDIExceptionExpiredPassword, JNDIExceptionExpiringPassword, JNDIExceptionIncorrectPassword, JNDIExceptionIntruderDetection, JNDIExceptionLDAPServiceNotAvailable, JNDIExceptionNameNotFound, JNDIExceptionRestrictedAccount

onCreateConnectionException

public void onCreateConnectionException(javax.naming.OperationNotSupportedException onse)
                                 throws JNDIException
Allows customized handling of exceptions thrown during the create JNDI LDAP connection attempt. Plug-ins might examine the exception and throw out an NIDPException derived exception.

If the plug-in does nothing, the original exception is re-thrown by NIDP.

Several pre-defined exceptions exist which might be thrown by the plug-in implementation. These are enumerated below in the see-also list.

A general implementation of this method might examine the parameter Exception ae, then based on the findings, specific to a given LDAP server, throw out a more detailed or "correct" exception.

Parameters:
ae - The OperationNotSupportedException thrown during JNDI LDAP connection creation.
Throws:
NIDPException - if the plug-in desires to change the Exception.
JNDIException
See Also:
JNDIExceptionCommunication, JNDIExceptionConnectionTimeout, JNDIExceptionDisabledAccount, JNDIExceptionExpiredPassword, JNDIExceptionExpiringPassword, JNDIExceptionIncorrectPassword, JNDIExceptionIntruderDetection, JNDIExceptionLDAPServiceNotAvailable, JNDIExceptionNameNotFound, JNDIExceptionRestrictedAccount

supportsEffectiveRightsRetrieval

public boolean supportsEffectiveRightsRetrieval()
Allows the plugin to indicate if it supports the retrieval of effective rights. If the plugin responds false, then no effective rights calculations will be performed by NIDP.

Returns:
boolean true iff this plugin implementation supports all of the following effective rights methods in this plugin class.
See Also:
getEntryEffectiveRightsExtendedRequest(String, String)t, getAttributeEffectiveRightsExtendedRequest(String, String), getEntryEffectiveRights(ExtendedResponse), getAttributeEffectiveRights(ExtendedResponse), hasEntrySupervisorRights(int), hasEntryBrowseRights(int), hasEntryRenameRights(int), hasEntryDeleteRights(int), hasEntryAddRights(int), hasAttributeCompareRights(int), hasAttributeReadRights(int), hasAttributeWriteRights(int), hasAttributeSelfRights(int), hasAttributeSupervisorRights(int), hasObjectSearchRights(int, int)

getEntryEffectiveRightsExtendedRequest

public javax.naming.ldap.ExtendedRequest getEntryEffectiveRightsExtendedRequest(java.lang.String objectDN,
                                                                                java.lang.String trusteeDN)
Allows the creation of a customized ExtendedRequest object to implement the LDAP extension for evaluating the entry effective rights a given trustee has to a given directory object. If such an operation is not possible this method MUST return a null.

Parameters:
objectDN - The distinguished name of the target object for which the trustee's rights will be obtained.
trusteeDN - The distinguished name of the trustee object.
Returns:
An javax.naming.ldap.ExtendedRequest object representing the implementation of the LDAP extension to be used to obtain the trustee's effective rights to the given object.

getAttributeEffectiveRightsExtendedRequest

public javax.naming.ldap.ExtendedRequest getAttributeEffectiveRightsExtendedRequest(java.lang.String objectDN,
                                                                                    java.lang.String trusteeDN)
Allows the creation of a customized ExtendedRequest object to implement the LDAP extension for evaluating the attribute effective rights a given trustee has to a given directory object. If such an operation is not possible this method MUST return a null.

Parameters:
objectDN - The distinguished name of the target object for which the trustee's rights will be obtained.
trusteeDN - The distinguished name of the trustee object.
Returns:
An javax.naming.ldap.ExtendedRequest object representing the implementation of the LDAP extension to be used to obtain the trustee's effective rights to the given object.

getEntryEffectiveRights

public int getEntryEffectiveRights(javax.naming.ldap.ExtendedResponse response)
Obtain the entry effective rights from the LDAP ExtendedResponse object that was obtained from the LDAP extension call to the LDAP server. The rights must be "encoded" into an integer which will then be passed back to the has*() methods for evaluation.

Parameters:
response - An javax.naming.ldap.ExtendedResponse object representing the response from the LDAP extension call to the LDAP server..
Returns:
An integer representing the rights as extracted from the ExtendedResponse object.

getAttributeEffectiveRights

public int getAttributeEffectiveRights(javax.naming.ldap.ExtendedResponse response)
Obtain the attribute effective rights from the LDAP ExtendedResponse object that was obtained from the LDAP extension call to the LDAP server. The rights must be "encoded" into an integer which will then be passed back to the has*() methods for evaluation.

Parameters:
response - An javax.naming.ldap.ExtendedResponse object representing the response from the LDAP extension call to the LDAP server..
Returns:
An integer representing the rights as extracted from the ExtendedResponse object.

hasEntrySupervisorRights

public boolean hasEntrySupervisorRights(int iEntryRights)
Does the trustee have SUPERVISOR entry rights to the object? SUPERVISOR rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasEntryBrowseRights

public boolean hasEntryBrowseRights(int iEntryRights)
Does the trustee have BROWSE entry rights to the object? BROWSE rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasEntryRenameRights

public boolean hasEntryRenameRights(int iEntryRights)
Does the trustee have RENAME entry rights to the object? RENAME rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasEntryDeleteRights

public boolean hasEntryDeleteRights(int iEntryRights)
Does the trustee have DELETE entry rights to the object? DELETE rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasEntryAddRights

public boolean hasEntryAddRights(int iEntryRights)
Does the trustee have ADD entry rights to the object? ADD rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasAttributeCompareRights

public boolean hasAttributeCompareRights(int iAttributeRights)
Does the trustee have COMPARE attribute rights to the object? COMPARE rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasAttributeReadRights

public boolean hasAttributeReadRights(int iAttributeRights)
Does the trustee have READ attribute rights to the object? READ rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasAttributeWriteRights

public boolean hasAttributeWriteRights(int iAttributeRights)
Does the trustee have WRITE attribute rights to the object? WRITE rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasAttributeSelfRights

public boolean hasAttributeSelfRights(int iAttributeRights)
Does the trustee have SELF attribute rights to the object? SELF rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasAttributeSupervisorRights

public boolean hasAttributeSupervisorRights(int iAttributeRights)
Does the trustee have SUPERVISOR attribute rights to the object? SUPERVISOR rights is taken from the Novell eDirectory specification. Other directory plugin types that return true for this method are implying equivalent rights.

Returns:
true iff the associated right is granted.

hasObjectSearchRights

public boolean hasObjectSearchRights(int iEntryRights,
                                     int iAttributeRights)
Does the trustee have sufficient entry and/or attribute rights to allow searching for objects in the object's context? Searching implies that the trustee must have at least BROWSE entry rights and READ attribute rights for the "cn" and "objectClass" attributes. This method is meant to be a "composite" rights calculation instead of a "atomic" rights accessor. Meaning, the calculation may require checking several rights.

Returns:
true iff the associated right is granted.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2005-2009, 2012 Novell,Inc. All Rights Reserved.