import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.Attributes;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
class ModifyACL
implements com.novell.service.ndssdk.jndi.ldap.ext.LDAPDSConstants {
public static void main(String[] args) {
String attrName;
String attrValue;
int privileges = 0;
if (args.length != 5) {
usage();
}
String hostURL = args[0];
String loginDN = args[1];
String password = args[2];
String entryDN = args[3];
String trusteeDN = args[4];
privileges |= LDAP_DS_ENTRY_BROWSE;
privileges |= LDAP_DS_ENTRY_ADD;
privileges |= LDAP_DS_ENTRY_DELETE;
String aclValue = Integer.toString(privileges)+ "#" + "entry" + "#"
+ trusteeDN + "#" + "[Entry Rights]";
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, hostURL);
env.put( Context.SECURITY_PRINCIPAL, loginDN );
env.put( Context.SECURITY_CREDENTIALS, password );
DirContext ctx = new InitialDirContext(env);
System.out.println( "\n Entry DN: " + entryDN );
System.out.println( " Trustee DN: " + trusteeDN );
System.out.println( "\n Modifying entry DN's ACL value...");
ModificationItem[] mod = new ModificationItem[1];
Attribute modACL = new BasicAttribute("acl", aclValue);
mod[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, modACL);
ctx.modifyAttributes(entryDN, mod);
System.out.println( " Modification was successful." );
String returnAttrs[] = { "acl"};
Attributes attrs = ctx.getAttributes( entryDN, returnAttrs );
NamingEnumeration ae = attrs.getAll();
while ( ae.hasMore() ) {
Attribute attr = (Attribute)ae.next();
NamingEnumeration attrValues = attr.getAll();
System.out.println();
System.out.println(" ====================================");
System.out.println(" Entry DN's ACL values:");
System.out.println(" ====================================");
while ( attrValues.hasMore() &&
( attrValue = (String)attrValues.next() ) != null )
PrintACLValue( attrValue );
}
System.out.println( "\n Removing newly added ACL value..." );
mod[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, modACL);
ctx.modifyAttributes(entryDN, mod);
System.out.println( " Removed the newly added ACL value." );
ctx.close();
}
catch (NamingException e) {
System.err.println("ModifyACL example failed.");
e.printStackTrace();
}
finally {
System.exit(0);
}
}
public static void PrintACLValue( String ACLValue ) {
int privileges;
String scope, trusteeName, protName;
privileges = Integer.parseInt(
ACLValue.substring( 0, ACLValue.indexOf((int)'#')) );
protName = ACLValue.substring(
ACLValue.lastIndexOf((int)'#') + 1, ACLValue.length());
ACLValue = ACLValue.substring(
ACLValue.indexOf((int)'#') + 1, ACLValue.lastIndexOf((int)'#') );
scope = ACLValue.substring( 0, ACLValue.indexOf((int)'#') );
trusteeName = ACLValue.substring(
ACLValue.indexOf((int)'#') + 1, ACLValue.length() );
StringBuffer privs = new StringBuffer();
if ( protName.equalsIgnoreCase("[Entry Rights]")) {
if ( (privileges & LDAP_DS_ENTRY_BROWSE) != 0 )
privs.append("BrowseEntry ");
if ( (privileges & LDAP_DS_ENTRY_ADD) != 0 )
privs.append("AddEntry ");
if ( (privileges & LDAP_DS_ENTRY_DELETE) != 0 )
privs.append("DeleteEntry ");
if ( (privileges & LDAP_DS_ENTRY_RENAME) != 0 )
privs.append("RenameEntry ");
if ( (privileges & LDAP_DS_ENTRY_SUPERVISOR) != 0 )
privs.append("Supervisor");
}
else {
if ( (privileges & LDAP_DS_ATTR_COMPARE) != 0 )
privs.append("CompareAttributes ");
if ( (privileges & LDAP_DS_ATTR_READ) != 0 )
privs.append("ReadAttributes ");
if ( (privileges & LDAP_DS_ATTR_WRITE) != 0 )
privs.append("Write/Add/DeleteAttributes ");
if ( (privileges & LDAP_DS_ATTR_SELF) != 0 )
privs.append("Add/DeleteSelf ");
if ( (privileges & LDAP_DS_ATTR_SUPERVISOR) != 0 )
privs.append("Supervisor");
}
System.out.println(" Trustee name: " + trusteeName + "\n scope:"
+ scope + "\n Protected attribute name: "
+ protName + "\n Privileges: " + privs);
System.out.println(" --------------------------------------------");
}
public static void usage() {
System.err.println("\n Usage: java ModifyACL <host URL> <login dn>"
+" <password> <entry dn>\n <trustee dn>");
System.err.println("\n Example: java ModifyACL ldap://Acme.com:389 "
+ " \"cn=Admin,o=Acme\" secret"
+ "\n \"cn=test,ou=Sales,o=Acme\" "
+ "\"cn=trustee,o=Acme\"");
System.exit(1);
}
}