3.3 eDirectory Plug-In

The following code is from the eDirectory plug-in:

package com.novell.nam.common.ldap.jndi;

import javax.naming.AuthenticationException;
import javax.naming.OperationNotSupportedException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.ExtendedRequest;
import javax.naming.ldap.ExtendedResponse;

import com.novell.nam.common.ldap.jndi.ext.GetEffectiveRightsRequest;
import com.novell.nam.common.ldap.jndi.ext.GetEffectiveRightsResponse;
import com.novell.nam.common.ldap.jndi.ext.NdsAttributeRights;
import com.novell.nam.common.ldap.jndi.ext.NdsEntryRights;
import com.novell.nam.common.ldap.jndi.ext.NdsRights;

public class LDAPStorePluginEDir extends LDAPStorePlugin
{
  @Override
    public String getDirectoryName()
    {
      return "Novell eDirectory";
    }
    
  @Override
    public String getGUIDAttributeName()
    {
      return "GUID";
    }
    
  @Override
    public String getMemberAttributeName()
    {
      return "member";
    }

  @Override
    public String getUserClassName()
    {
      return "User";
    }

  @Override
    public String getUserNamingAttrName()
    {
      return "cn";
    }
    
  @Override
  public String getFailedLoginCountAttributeName()
  {
    return "loginIntruderAttempts";
  }

  public Attributes preUserAccountCreation(String strCorrelationId, String name, String password, String context)
    {
        Attributes  attrs = new BasicAttributes();
        attrs.put(JNDIConstants.LDAP_ATTR_OBJECTCLASS,"User");
        attrs.put(JNDIConstants.LDAP_ATTR_CN,name);
        attrs.put(JNDIConstants.LDAP_ATTR_SN,"NAM Generated");
        attrs.put("userPassword",password);
        return attrs;
    }
    
    public void onCreateConnectionException(AuthenticationException ae)
    throws JNDIException
  {
      // Check the return message to see if we can interpret it.
        String strDetails = ae.getMessage();
        // Look for "Incorrect Password"
        int iIdxLdapErrorCode = strDetails.indexOf(" 49 ");
        int iIdxNDSErrorCode = strDetails.indexOf("(-669)");
        if ((-1 != iIdxLdapErrorCode) && (-1 != iIdxNDSErrorCode))
        {
            if (iIdxLdapErrorCode < iIdxNDSErrorCode)
            {   // The user typed in an incorrect password
              throw new JNDIExceptionIncorrectPassword(ae, ae.getLocalizedMessage());
            }
        }
        // Look for Expired Password
        iIdxLdapErrorCode = strDetails.indexOf(" 49 ");
        iIdxNDSErrorCode = strDetails.indexOf("(-222)");
        if ((-1 != iIdxLdapErrorCode) && (-1 != iIdxNDSErrorCode))
        {
            if (iIdxLdapErrorCode < iIdxNDSErrorCode)
            {   // The password for this user account has expired. 
              throw new JNDIExceptionExpiredPassword(ae, ae.getLocalizedMessage());
            }
        }
  }
  
  public void onCreateConnectionException(OperationNotSupportedException onse)
    throws JNDIException
  {
    // Check the return message to see if we can interpret it.
        String strDetails = onse.getMessage();
        // Look for "Incorrect Password"
        int iIdxLdapErrorCode = strDetails.indexOf(" 53 ");
        if (iIdxLdapErrorCode != -1)
        {
            int iIdxNDSErrorCode = strDetails.indexOf("(-220)");
            
            // Check for account disabled (or a restriction has disabled the account)
            if (iIdxNDSErrorCode != -1 && iIdxLdapErrorCode < iIdxNDSErrorCode)
                throw new JNDIExceptionDisabledAccount(onse, onse.getLocalizedMessage());
            
            // Check for intruder detection disablement
            iIdxNDSErrorCode = strDetails.indexOf("(-218)");
            if (iIdxNDSErrorCode != -1 && iIdxLdapErrorCode < iIdxNDSErrorCode)
                throw new JNDIExceptionRestrictedAccount(onse, onse.getLocalizedMessage());

            // Check for intruder detection disablement
            iIdxNDSErrorCode = strDetails.indexOf("(-197)");
            if (iIdxNDSErrorCode != -1 && iIdxLdapErrorCode < iIdxNDSErrorCode)
              throw new JNDIExceptionIntruderDetection(onse, onse.getLocalizedMessage());
        }
  }
  
  public boolean supportsEffectiveRightsRetrieval()
  {
    return true;
  }
  
  public ExtendedRequest getEntryEffectiveRightsExtendedRequest(String objectDN, String trusteeDN)
  {
    return new GetEffectiveRightsRequest(objectDN, trusteeDN);
  }
  
  public int getEntryEffectiveRights(ExtendedResponse response)
  {
    if (response instanceof GetEffectiveRightsResponse)
    {
      NdsRights rights = ((GetEffectiveRightsResponse)response).getRights();
      return rights.getRights();
    }
    return 0;
  }
  
  public ExtendedRequest getAttributeEffectiveRightsExtendedRequest(String objectDN, String trusteeDN)
  {
    return new GetEffectiveRightsRequest(objectDN, trusteeDN, NdsRights.ALL_ATTRIBUTES_RIGHTS);
  }
  
  public int getAttributeEffectiveRights(ExtendedResponse response)
  {
    if (response instanceof GetEffectiveRightsResponse)
    {
      NdsRights rights = ((GetEffectiveRightsResponse)response).getRights();
      return rights.getRights();
    }
    return 0;
  }
  
  public boolean hasEntrySupervisorRights(int iEntryRights)
  {
    return new NdsEntryRights(iEntryRights).hasSupervisor();
  }
  
  public boolean hasEntryBrowseRights(int iEntryRights)
  {
    return new NdsEntryRights(iEntryRights).hasBrowse();
  }
  
  public boolean hasEntryRenameRights(int iEntryRights)
  {
    return new NdsEntryRights(iEntryRights).hasRename();
  }
  
  public boolean hasEntryDeleteRights(int iEntryRights)
  {
    return new NdsEntryRights(iEntryRights).hasDelete();
  }
  
  public boolean hasEntryAddRights(int iEntryRights)
  {
    return new NdsEntryRights(iEntryRights).hasAdd();
  }
  
  public boolean hasAttributeCompareRights(int iAttributeRights)
    {
    return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasCompare();
    }

    public boolean hasAttributeReadRights(int iAttributeRights)
    {
    return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasRead();
    }

    public boolean hasAttributeWriteRights(int iAttributeRights)
    {
    return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasWrite();
    }

    public boolean hasAttributeSelfRights(int iAttributeRights)
    {
    return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasSelf();
    }

    public boolean hasAttributeSupervisorRights(int iAttributeRights)
    {
    return new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights).hasSupervisor();
    }

  public boolean hasObjectSearchRights(int iEntryRights, int iAttributeRights)
  {
    NdsEntryRights entryRights = new NdsEntryRights(iEntryRights);
    NdsAttributeRights attributeRights = new NdsAttributeRights(NdsRights.ALL_ATTRIBUTES_RIGHTS, iAttributeRights);  
    if (entryRights.hasSupervisor())
    {  // Supervisor entry rights are sufficient for doing a user search
      return true;
    }
    if (entryRights.hasBrowse())
    {  // Browse entry rights plus supervisor/compare attribute rights are sufficient for doing a user search
      if (attributeRights.hasSupervisor() || attributeRights.hasCompare())
      {
        return true;
      }
    }
    return false;
  }
}