├── .gitignore
├── LICENSE
├── README.md
├── jenkins-pipeline
├── pom.xml
├── src
├── main
│ ├── assembly
│ │ └── connector.xml
│ ├── java
│ │ └── com
│ │ │ └── evolveum
│ │ │ └── polygon
│ │ │ └── connector
│ │ │ └── ldap
│ │ │ ├── AbstractLdapConfiguration.java
│ │ │ ├── AbstractLdapConnector.java
│ │ │ ├── ConnectionLog.java
│ │ │ ├── ConnectorBinaryAttributeDetector.java
│ │ │ ├── ErrorHandler.java
│ │ │ ├── LdapConfiguration.java
│ │ │ ├── LdapConnector.java
│ │ │ ├── LdapConstants.java
│ │ │ ├── LdapSchemaTranslator.java
│ │ │ ├── LdapUtil.java
│ │ │ ├── OperationLog.java
│ │ │ ├── ReconnectException.java
│ │ │ ├── ad
│ │ │ ├── AdAttributeHandler.java
│ │ │ ├── AdAttributeType.java
│ │ │ ├── AdConstants.java
│ │ │ ├── AdErrorHandler.java
│ │ │ ├── AdErrorSubcode.java
│ │ │ ├── AdLdapConfiguration.java
│ │ │ ├── AdLdapConnector.java
│ │ │ ├── AdLdapFilterTranslator.java
│ │ │ ├── AdObjectClass.java
│ │ │ ├── AdSchemaLoader.java
│ │ │ ├── AdSchemaManager.java
│ │ │ ├── AdSchemaTranslator.java
│ │ │ ├── AdUserParametersHandler.java
│ │ │ ├── AdUserParametersHandlerException.java
│ │ │ ├── DsidError.java
│ │ │ ├── GlobalCatalogConnectionManager.java
│ │ │ ├── MutedLoggingSchemaErrorHandler.java
│ │ │ └── WindowsErrorCode.java
│ │ │ ├── connection
│ │ │ ├── ConnectionManager.java
│ │ │ ├── ServerConnectionPool.java
│ │ │ └── ServerDefinition.java
│ │ │ ├── package-info.java
│ │ │ ├── schema
│ │ │ ├── AbstractSchemaTranslator.java
│ │ │ ├── AssociationHolder.java
│ │ │ ├── AttributeHandler.java
│ │ │ ├── GuardedStringValue.java
│ │ │ ├── LdapFilterTranslator.java
│ │ │ ├── LdapObjectClasses.java
│ │ │ ├── ReferenceAttributeTranslator.java
│ │ │ ├── ScopedFilter.java
│ │ │ └── SystemSchemaLoader.java
│ │ │ ├── search
│ │ │ ├── DefaultSearchStrategy.java
│ │ │ ├── SearchStrategy.java
│ │ │ ├── SimplePagedResultsSearchStrategy.java
│ │ │ └── VlvSearchStrategy.java
│ │ │ └── sync
│ │ │ ├── AdDirSyncStrategy.java
│ │ │ ├── ModifyTimestampSyncStrategy.java
│ │ │ ├── OpenLdapAccessLogSyncStrategy.java
│ │ │ ├── SunChangelogSyncStrategy.java
│ │ │ └── SyncStrategy.java
│ └── resources
│ │ ├── com
│ │ └── evolveum
│ │ │ └── polygon
│ │ │ └── connector
│ │ │ └── ldap
│ │ │ ├── Messages.properties
│ │ │ └── ad
│ │ │ └── Messages.properties
│ │ └── logging.properties
└── test
│ ├── java
│ └── com
│ │ └── evolveum
│ │ └── polygon
│ │ └── connector
│ │ └── ldap
│ │ ├── AbstractOpenDjTest.java
│ │ ├── TestAD.java
│ │ ├── TestLdapUtil.java
│ │ └── TestOpenDj.java
│ └── resources
│ └── opendj-template
│ ├── config
│ ├── MakeLDIF
│ │ ├── cities
│ │ ├── example.template
│ │ ├── first.names
│ │ ├── last.names
│ │ ├── states
│ │ └── streets
│ ├── admin-backend.ldif
│ ├── admin-backend.ldif.old
│ ├── admin-keystore
│ ├── admin-keystore.pin
│ ├── admin-truststore
│ ├── ads-truststore
│ ├── ads-truststore.pin
│ ├── archived-configs
│ │ ├── config-20150306180837Z.gz
│ │ ├── config-20150306180838Z.gz
│ │ ├── config-20150306180847Z-2.gz
│ │ ├── config-20150306180847Z-3.gz
│ │ ├── config-20150306180847Z-4.gz
│ │ ├── config-20150306180847Z-5.gz
│ │ ├── config-20150306180847Z-6.gz
│ │ ├── config-20150306180847Z-7.gz
│ │ ├── config-20150306180847Z-8.gz
│ │ ├── config-20150306180847Z-9.gz
│ │ ├── config-20150306180847Z.gz
│ │ ├── config-20150306181208Z.gz
│ │ ├── config-20150306181505Z.gz
│ │ ├── config-20150306181507Z.gz
│ │ └── config-20150306181728Z.gz
│ ├── buildinfo
│ ├── config.ldif
│ ├── config.ldif.startok
│ ├── http-config.json
│ ├── java.properties
│ ├── messages
│ │ ├── account-disabled.template
│ │ ├── account-enabled.template
│ │ ├── account-expired.template
│ │ ├── account-idle-locked.template
│ │ ├── account-permanently-locked.template
│ │ ├── account-reset-locked.template
│ │ ├── account-temporarily-locked.template
│ │ ├── account-unlocked.template
│ │ ├── password-changed.template
│ │ ├── password-expired.template
│ │ ├── password-expiring.template
│ │ └── password-reset.template
│ ├── schema
│ │ ├── 00-core.ldif
│ │ ├── 01-pwpolicy.ldif
│ │ ├── 02-config.ldif
│ │ ├── 03-changelog.ldif
│ │ ├── 03-pwpolicyextension.ldif
│ │ ├── 03-rfc2713.ldif
│ │ ├── 03-rfc2714.ldif
│ │ ├── 03-rfc2739.ldif
│ │ ├── 03-rfc2926.ldif
│ │ ├── 03-rfc3112.ldif
│ │ ├── 03-rfc3712.ldif
│ │ ├── 03-uddiv3.ldif
│ │ ├── 04-rfc2307bis.ldif
│ │ ├── 05-rfc4876.ldif
│ │ ├── 05-samba.ldif
│ │ ├── 05-solaris.ldif
│ │ ├── 06-compat.ldif
│ │ └── 99-user.ldif
│ ├── tasks.ldif
│ ├── tasks.ldif.save
│ ├── tools.properties
│ ├── upgrade
│ │ ├── schema.ldif.-1
│ │ └── schema.ldif.current
│ └── wordlist.txt
│ ├── db
│ └── userRoot
│ │ ├── 00000000.jdb
│ │ ├── je.config.csv
│ │ ├── je.info.0
│ │ ├── je.lck
│ │ └── je.stat.csv
│ ├── locks
│ ├── backend-adminRoot.lock
│ ├── backend-ads-truststore.lock
│ ├── backend-backup.lock
│ ├── backend-monitor.lock
│ ├── backend-replicationChanges.lock
│ ├── backend-schema.lock
│ ├── backend-tasks.lock
│ ├── backend-userRoot.lock
│ └── server.lock
│ └── logs
│ ├── access
│ ├── errors
│ ├── replication
│ └── server.out
└── test.sh
/.gitignore:
--------------------------------------------------------------------------------
1 | *.class
2 |
3 | # Mobile Tools for Java (J2ME)
4 | .mtj.tmp/
5 |
6 | # Package Files #
7 | *.jar
8 | *.war
9 | *.ear
10 |
11 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
12 | hs_err_pid*
13 | /target/
14 | *~
15 |
16 | .classpath
17 | .project
18 | .settings/
19 |
20 | .idea
21 | *.iml
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # connector-ldap
2 | Polygon/ConnId LDAP Connector based on ApacheDS client SDK
3 |
--------------------------------------------------------------------------------
/jenkins-pipeline:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (C) 2010-2022 Evolveum and contributors
3 | *
4 | * This work is dual-licensed under the Apache License 2.0
5 | * and European Union Public License. See LICENSE file for details.
6 | */
7 |
8 | def verbose = params.VERBOSE ?: '0'
9 |
10 | podTemplate(
11 | nodeSelector: params.NODE_SELECTOR,
12 | activeDeadlineSeconds: 600, // 10min total build limit
13 | idleMinutes: 10,
14 | // No need for secret volume, no mvn deploy done here.
15 | volumes: [ secretVolume(secretName: "jenkins-nexus", mountPath: "/root/jenkins-nexus")],
16 | workspaceVolume: dynamicPVC(requestsSize: "20Gi"),
17 | containers: [
18 | containerTemplate(name: 'jnlp',
19 | image: 'jenkins/inbound-agent:4.13-2-alpine',
20 | runAsUser: '0',
21 | resourceRequestCpu: '1',
22 | resourceLimitCpu: '1',
23 | resourceRequestMemory: '1Gi',
24 | resourceLimitMemory: '1Gi'),
25 | containerTemplate(name: 'maven',
26 | image: params.BUILDER_IMAGE ?: 'maven:3.8.5-openjdk-17',
27 | runAsUser: '0',
28 | ttyEnabled: true,
29 | command: 'cat',
30 | resourceRequestCpu: params.BUILDER_CPU ?: '4',
31 | resourceLimitCpu: params.BUILDER_CPU ?: '4',
32 | resourceRequestMemory: '8Gi',
33 | resourceLimitMemory: '8Gi') // see also -Xmx flag lower
34 | ]
35 | ) {
36 | node(POD_LABEL) {
37 | try {
38 | stage("checkout") {
39 | retry(3) {
40 | git branch: params.BRANCH ?: 'master',
41 | url: 'https://github.com/Evolveum/connector-ldap.git'
42 | }
43 | }
44 | stage("build") {
45 | container('maven') {
46 | withCredentials([
47 | usernamePassword(credentialsId:"dependencyTrack", usernameVariable:"DTRACK_URL", passwordVariable: "DTRACK_TOKEN")
48 | ]) {
49 | sh """#!/bin/bash -ex
50 | # .m2 is mutable and short-term, we just sym-link the settings.xml there.
51 | mkdir -p /root/.m2
52 | ln -s ../jenkins-nexus/settings.xml /root/.m2/settings.xml
53 |
54 | if [ "${verbose}" -ge 1 ]; then
55 | env | sort
56 | mvn --version
57 | df -h
58 | fi
59 |
60 | mvn -B -ntp -P sbom,dependencytrack clean ${params.SKIP_DEPLOY ? 'install' : 'deploy -DdeployAtEnd=true'}
61 |
62 | if [ "${verbose}" -ge 1 ]; then
63 | df -h
64 | fi
65 | """
66 | }
67 | }
68 | }
69 | stage("collect-test-results") {
70 | container('maven') {
71 | // If we get here it's success, test results can change it to UNSTABLE.
72 | currentBuild.result = 'SUCCESS'
73 |
74 | step([
75 | $class: 'Publisher',
76 | reportFilenamePattern: '**/testng-results.xml',
77 | failureOnFailedTestConfig: true
78 | ])
79 |
80 | if (currentBuild.result == 'UNSTABLE' || params.ARCHIVE_LOGS) {
81 | sh "find . -wholename '*/target/test.log' -print0 | tar -czf test-logs.tgz --null -T -"
82 | archiveArtifacts allowEmptyArchive: true, artifacts: "test-logs.tgz", followSymlinks: false
83 | }
84 | }
85 | }
86 | } catch (Exception e) {
87 | currentBuild.result = 'FAILURE' // error below will not set result for mailer!
88 | error "Marking build as FAILURE because of: ${e}"
89 | } finally {
90 | if (verbose > '0') {
91 | echo "Build: ${currentBuild}"
92 | echo "Result: ${currentBuild.currentResult}"
93 | }
94 |
95 | try {
96 | // Very basic mails, later we can use https://plugins.jenkins.io/email-ext/
97 | step([$class: 'Mailer',
98 | notifyEveryUnstableBuild: true,
99 | recipients: env.DEFAULT_MAIL_RECIPIENT,
100 | sendToIndividuals: false])
101 |
102 | sh """#!/bin/bash -ex
103 | if [ "${verbose}" -ge 1 ]
104 | then
105 | df -h
106 | fi
107 | """
108 | } catch (Exception e) {
109 | println 'Could not send email: ' + e
110 | }
111 | }
112 | }
113 | }
114 |
--------------------------------------------------------------------------------
/src/main/assembly/connector.xml:
--------------------------------------------------------------------------------
1 |
2 |
17 |
21 |
22 | connector
23 |
24 |
25 | jar
26 |
27 |
28 | false
29 |
30 |
31 |
32 | target/classes
33 |
34 |
35 |
36 |
37 |
38 |
39 | lib
40 | false
41 | runtime
42 |
43 | net.tirasa.connid:connector-framework
44 |
45 |
46 |
47 |
48 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ConnectorBinaryAttributeDetector.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2015 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap;
17 |
18 | import org.apache.directory.api.ldap.codec.api.BinaryAttributeDetector;
19 |
20 | import com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator;
21 |
22 | /**
23 | * @author semancik
24 | *
25 | */
26 | public class ConnectorBinaryAttributeDetector implements BinaryAttributeDetector {
27 |
28 | private AbstractSchemaTranslator schemaTranslator;
29 |
30 | public void setSchemaTranslator(AbstractSchemaTranslator schemaTranslator) {
31 | this.schemaTranslator = schemaTranslator;
32 | }
33 |
34 | @Override
35 | public boolean isBinary(String attributeId) {
36 | if (schemaTranslator == null) {
37 | // This is needed to fetch the schema
38 | return false;
39 | }
40 | return schemaTranslator.isBinaryAttribute(attributeId);
41 | }
42 |
43 | }
44 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/LdapConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2015-2019 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package com.evolveum.polygon.connector.ldap;
18 |
19 | import org.apache.directory.api.ldap.model.constants.SchemaConstants;
20 | import org.identityconnectors.common.logging.Log;
21 | import org.identityconnectors.framework.spi.ConfigurationProperty;
22 |
23 | import static com.evolveum.polygon.connector.ldap.LdapConstants.OBJECT_CLASS_GROUP_OF_NAMES;
24 |
25 | /**
26 | * LDAP Connector configuration.
27 | *
28 | * @author Radovan Semancik
29 | *
30 | */
31 | public class LdapConfiguration extends AbstractLdapConfiguration {
32 |
33 | private static final Log LOG = Log.getLog(LdapConfiguration.class);
34 |
35 | /**
36 | * Specifies strategy of handling account lockouts.
37 | * Please note that the "openldap" lockout strategy is EXPERIMENTAL.
38 | * Possible values: "none", "openldap"
39 | * Default value: "none"
40 | */
41 | private String lockoutStrategy = LOCKOUT_STRATEGY_NONE;
42 |
43 | public static final String CONF_PROP_NAME_LOCKOUT_STRATEGY = "lockoutStrategy";
44 |
45 | public static final String LOCKOUT_STRATEGY_NONE = "none";
46 | public static final String LOCKOUT_STRATEGY_OPENLDAP = "openldap";
47 |
48 | /**
49 | * DN of the OpenLDAP access log
50 | */
51 | private String openLdapAccessLogDn;
52 |
53 | /**
54 | * optional additional search filter in the OpenLDAP access log
55 | */
56 | private String openLdapAccessLogAdditionalFilter;
57 |
58 | /**
59 | * Attribute that supports language tag (RFC 3866).
60 | * Those attributes will be presented as Map in the schema. They are designed to match
61 | * midPoint PolyString, especially its "lang" part.
62 | * EXPERIMENTAL. Not officially supported. Use at your own risk only.
63 | */
64 | private String[] languageTagAttributes;
65 |
66 | /**
67 | * Normally, when multivalue attribute is used as single-valued attribute then an error is thrown.
68 | * This is the default behavior, as it is much better at detecting errors in the data. However, it
69 | * may be a problem, because throwing hard error may prohibit further attempts to correct the value.
70 | *
71 | * This configuration property changes that behavior. If tolerateMultivalueReduction is set to true,
72 | * then the connector will discard all the extra values. Just one of the values will be kept.
73 | * Connector will try to use the first value. But as LDAP does not guarantee value ordering,
74 | * that value may be quite arbitrary.
75 | *
76 | * EXPERIMENTAL. Not officially supported. Use at your own risk only.
77 | */
78 | private boolean tolerateMultivalueReduction;
79 |
80 |
81 | /**
82 | * Used in cases when the "member" attribute of some object classes is mandatory, to avoid exceptions when creating
83 | * or updating an object of such object class. When creating or updating such object with an empty "member" attribute
84 | * the connector will react to the error reply from the server in retrying the operation with the value in "placeholderMember"
85 | * used in the "member" attribute.
86 | *
87 | * Currently used together only with the "managedAssociationPairs" configuration parameter.
88 | *
89 | * EXPERIMENTAL.
90 | */
91 | private String placeholderMember;
92 |
93 | public LdapConfiguration(){
94 |
95 | groupObjectClasses = new String[]{OBJECT_CLASS_GROUP_OF_NAMES};
96 | }
97 |
98 | @ConfigurationProperty(order = 100, allowedValues = { LOCKOUT_STRATEGY_NONE , LOCKOUT_STRATEGY_OPENLDAP })
99 | public String getLockoutStrategy() {
100 | return lockoutStrategy;
101 | }
102 |
103 | public void setLockoutStrategy(String lockoutStrategy) {
104 | this.lockoutStrategy = lockoutStrategy;
105 | }
106 |
107 | public boolean isOpenLdapLockoutStrategy() {
108 | if (lockoutStrategy == null || LdapConfiguration.LOCKOUT_STRATEGY_NONE.equals(lockoutStrategy)) {
109 | return false;
110 | } else if (LdapConfiguration.LOCKOUT_STRATEGY_OPENLDAP.equals(lockoutStrategy)) {
111 | return true;
112 | } else {
113 | throw new IllegalStateException("Unknown lockout strategy " + lockoutStrategy);
114 | }
115 | }
116 |
117 | @ConfigurationProperty(order = 101)
118 | public String getOpenLdapAccessLogDn() {
119 | return this.openLdapAccessLogDn;
120 | }
121 |
122 | public void setOpenLdapAccessLogDn(String accessLogDn) {
123 | this.openLdapAccessLogDn = accessLogDn;
124 | }
125 |
126 | @ConfigurationProperty(order = 102)
127 | public String getOpenLdapAccessLogAdditionalFilter() {
128 | return this.openLdapAccessLogAdditionalFilter;
129 | }
130 |
131 | public void setOpenLdapAccessLogAdditionalFilter(String accessLogAditionalFilter) {
132 | this.openLdapAccessLogAdditionalFilter = accessLogAditionalFilter;
133 | }
134 |
135 | @ConfigurationProperty(order = 103)
136 | public String[] getLanguageTagAttributes() {
137 | return languageTagAttributes;
138 | }
139 |
140 | public void setLanguageTagAttributes(String[] languageTagAttribute) {
141 | this.languageTagAttributes = languageTagAttribute;
142 | }
143 |
144 | @ConfigurationProperty(order = 104)
145 | public boolean isTolerateMultivalueReduction() {
146 | return tolerateMultivalueReduction;
147 | }
148 |
149 | public void setTolerateMultivalueReduction(boolean tolerateMultivalueReduction) {
150 | this.tolerateMultivalueReduction = tolerateMultivalueReduction;
151 | }
152 |
153 | @ConfigurationProperty(order = 105)
154 | public String getPlaceholderMember() {
155 | return placeholderMember;
156 | }
157 |
158 | public void setPlaceholderMember(String placeholderMember) {
159 | this.placeholderMember = placeholderMember;
160 | }
161 |
162 | @Override
163 | public void recompute() {
164 | if (getUidAttribute() == null) {
165 | setUidAttribute(SchemaConstants.ENTRY_UUID_AT);
166 | }
167 | super.recompute();
168 | }
169 |
170 | }
171 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/LdapConstants.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2016 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap;
17 |
18 | import org.identityconnectors.framework.common.objects.AttributeUtil;
19 |
20 | import java.util.Map;
21 |
22 | /**
23 | * @author semancik
24 | *
25 | */
26 | public class LdapConstants {
27 |
28 | public static final String ATTRIBUTE_OBJECTCLASS_NAME = "objectClass";
29 | public static final String ATTRIBUTE_ENTRYUUID_NAME = "entryUUID";
30 | public static final String ATTRIBUTE_NSUNIQUEID_NAME = "nsUniqueId";
31 | public static final String ATTRIBUTE_MODIFYTIMESTAMP_NAME = "modifyTimestamp";
32 | public static final String ATTRIBUTE_MODIFIERSNAME_NAME = "modifiersName";
33 | public static final String ATTRIBUTE_CREATETIMESTAMP_NAME = "createTimestamp";
34 | public static final String ATTRIBUTE_CREATORSNAME_NAME = "creatorsName";
35 |
36 | public static final String ATTRIBUTE_CN_NAME = "cn";
37 | public static final String ATTRIBUTE_CN_OID = "2.5.4.3";
38 |
39 | public static final String ATTRIBUTE_DC_NAME = "dc";
40 | public static final String ATTRIBUTE_DC_OID = "0.9.2342.19200300.100.1.25";
41 |
42 | public static final String ATTRIBUTE_OU_NAME = "ou";
43 | public static final String ATTRIBUTE_OU_OID = "2.5.4.11";
44 |
45 | public static final String ATTRIBUTE_389DS_FIRSTCHANGENUMBER = "firstchangenumber";
46 | public static final String ATTRIBUTE_389DS_LASTCHANGENUMBER = "lastchangenumber";
47 |
48 | // Account disable attribute for OpenDS/OpenDJ servers. Used in tests.
49 | public static final String ATTRIBUTE_OPENDJ_DS_PWP_ACCOUNT_DISABLED_NAME = "ds-pwp-account-disabled";
50 |
51 | // Group memebership virtual attribure used by some servers (e.g. OpenDJ).
52 | public static final String ATTRIBUTE_IS_MEMBER_OF_NAME = "isMemberOf";
53 |
54 | // Group memebership virtual attribure used by other servers (e.g. OpenLDAP).
55 | public static final String ATTRIBUTE_MEMBER_OF_NAME = "memberOf";
56 |
57 | // TODO isn't this the same as SchemaConstants.PWD_ACCOUNT_LOCKED_TIME_AT?
58 | public static final String ATTRIBUTE_OPENLDAP_PWD_ACCOUNT_LOCKED_TIME_NAME = "pwdAccountLockedTime";
59 |
60 | public static final String ATTRIBUTE_OPENLDAP_PWD_ACCOUNT_LOCKED_TIME_VALUE = "000001010000Z";
61 |
62 | public static final String MATCHING_RULE_CASE_IGNORE_MATCH_NAME = "caseIgnoreMatch";
63 | public static final String MATCHING_RULE_CASE_IGNORE_MATCH_OID = "2.5.13.2";
64 |
65 | public static final String MATCHING_RULE_CASE_IGNORE_IA5_MATCH_NAME = "caseIgnoreIA5Match";
66 | public static final String MATCHING_RULE_CASE_IGNORE_IA5_MATCH_OID = "1.3.6.1.4.1.1466.109.114.2";
67 |
68 | public static final String SYNTAX_AUTH_PASSWORD = "1.3.6.1.4.1.4203.1.1.2";
69 | public static final String SYNTAX_SUN_DEFINED_ACCESS_CONTROL_INFORMATION = "1.3.6.1.4.1.26027.1.3.4";
70 | public static final String SYNTAX_COLLECTIVE_CONFLICT_BEHAVIOR = "1.3.6.1.4.1.26027.1.3.6";
71 | public static final String SYNTAX_NIS_NETGROUP_TRIPLE_SYNTAX = "1.3.6.1.1.1.0.0";
72 | public static final String SYNTAX_NIS_BOOT_PARAMETER_SYNTAX = "1.3.6.1.1.1.0.1";
73 | public static final String SYNTAX_AD_DN_WITH_BINARY_SYNTAX = "1.2.840.113556.1.4.903";
74 | public static final String SYNTAX_AD_DN_WITH_STRING_SYNTAX = "1.2.840.113556.1.4.904";
75 | public static final String SYNTAX_AD_CASE_IGNORE_STRING_TELETEX_SYNTAX = "1.2.840.113556.1.4.905";
76 | public static final String SYNTAX_AD_CASE_IGNORE_STRING_SYNTAX = "1.2.840.113556.1.4.1221";
77 | public static final String SYNTAX_AD_INTEGER8_SYNTAX = "1.2.840.113556.1.4.906";
78 | public static final String SYNTAX_AD_OBJECT_DS_DN = "2.5.5.1";
79 | public static final String SYNTAX_AD_STRING_OBJECT_IDENTIFIER = "2.5.5.2";
80 | public static final String SYNTAX_AD_STRING_CASE = "2.5.5.3";
81 | public static final String SYNTAX_AD_STRING_TELETEX = "2.5.5.4";
82 | public static final String SYNTAX_AD_STRING_IA5 = "2.5.5.5";
83 | public static final String SYNTAX_AD_STRING_NUMERIC = "2.5.5.6";
84 | public static final String SYNTAX_AD_OBJECT_DN_BINARY = "2.5.5.7";
85 | public static final String SYNTAX_AD_ADSTYPE_BOOLEAN = "2.5.5.8";
86 | public static final String SYNTAX_AD_ADSTYPE_INTEGER = "2.5.5.9";
87 | public static final String SYNTAX_AD_ADSTYPE_OCTET_STRING = "2.5.5.10";
88 | public static final String SYNTAX_AD_UTC_TIME = "2.5.5.11";
89 | public static final String SYNTAX_AD_STRING_UNICODE = "2.5.5.12";
90 | public static final String SYNTAX_AD_SECURITY_DESCRIPTOR_SYNTAX = "1.2.840.113556.1.4.907";
91 | public static final String SYNTAX_AD_OBJECT_PRESENTATION_ADDRESS = "2.5.5.13";
92 | public static final String SYNTAX_AD_OBJECT_ACCESS_POINT = "2.5.5.14";
93 | public static final String SYNTAX_AD_ADSTYPE_NT_SECURITY_DESCRIPTOR = "2.5.5.15";
94 |
95 | public static final String SYNTAX_AD_LARGE_INTEGER = "2.5.5.16";
96 | public static final String SYNTAX_AD_STRING_SID = "2.5.5.17";
97 |
98 | public static final String CONTROL_TREE_DELETE_OID = "1.2.840.113556.1.4.805";
99 |
100 | public static final String OBJECT_CLASS_GROUP_OF_NAMES = "groupOfNames";
101 | public static final String OBJECT_CLASS_GROUP_OF_UNIQ_NAMES = "groupOfUniqueNames";
102 | public static final String OBJECT_CLASS_POSIX_GROUP = "posixGroup";
103 |
104 | public static final Map MEMBERSHIP_ATTRIBUTES = Map.of(OBJECT_CLASS_GROUP_OF_NAMES,"member",
105 | OBJECT_CLASS_GROUP_OF_UNIQ_NAMES,"uniqueMember",
106 | OBJECT_CLASS_POSIX_GROUP,"memberUid");
107 |
108 | public static final String R_I_R_OBJECT = AttributeUtil.createSpecialName("OBJECT");
109 | public static final String R_I_R_SUBJECT = AttributeUtil.createSpecialName("SUBJECT");
110 | public static final String ATTR_SCHEMA_SUBJECT = "group";
111 | public static final String ATTR_SCHEMA_OBJECT = "member";
112 | }
113 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/OperationLog.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2016 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap;
17 |
18 | import org.apache.directory.ldap.client.api.LdapNetworkConnection;
19 | import org.identityconnectors.common.logging.Log;
20 |
21 | /**
22 | * @author semancik
23 | *
24 | */
25 | public class OperationLog {
26 |
27 | static final Log LOG = Log.getLog(OperationLog.class);
28 |
29 | public static void logOperationReq(LdapNetworkConnection connection, String format, Object... params) {
30 | if (LOG.isInfo()) {
31 | LOG.info(LdapUtil.formatConnectionInfo(connection) + " " + format, params);
32 | }
33 | }
34 |
35 | public static void logOperationRes(LdapNetworkConnection connection, String format, Object... params) {
36 | if (LOG.isInfo()) {
37 | LOG.info(LdapUtil.formatConnectionInfo(connection) + " " + format, params);
38 | }
39 | }
40 |
41 | public static void logOperationErr(LdapNetworkConnection connection, String format, Object... params) {
42 | if (LOG.isError()) {
43 | LOG.error(LdapUtil.formatConnectionInfo(connection) + " " + format, params);
44 | }
45 | }
46 |
47 | public static void log(String format, Object... params) {
48 | LOG.info(format, params);
49 | }
50 |
51 | public static void error(String format, Object... params) {
52 | LOG.error(format, params);
53 | }
54 |
55 | public static boolean isLogOperations() {
56 | return LOG.isInfo();
57 | }
58 |
59 | }
60 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ReconnectException.java:
--------------------------------------------------------------------------------
1 | package com.evolveum.polygon.connector.ldap;
2 |
3 | /**
4 | * Exception used to request operation retry with connection re-connect.
5 | * It is a RuntimeException, although it should be checked exception.
6 | * But all ConnId exceptions are runtime, and we want to avoid crazy class casts and instanceofs.
7 | */
8 | @SuppressWarnings("unused")
9 | public class ReconnectException extends RuntimeException {
10 |
11 | public ReconnectException(String message) {
12 | super(message);
13 | }
14 |
15 | public ReconnectException(String message, Throwable cause) {
16 | super(message, cause);
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/AdAttributeHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2016-2020 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import org.apache.directory.api.ldap.model.entry.Attribute;
19 | import org.apache.directory.api.ldap.model.entry.Entry;
20 | import org.apache.directory.api.ldap.model.entry.Value;
21 | import org.apache.directory.api.ldap.model.exception.LdapException;
22 | import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
23 | import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
24 | import org.apache.directory.api.ldap.model.message.SearchScope;
25 | import org.apache.directory.api.ldap.model.name.Dn;
26 | import org.apache.directory.ldap.client.api.LdapNetworkConnection;
27 | import org.identityconnectors.common.logging.Log;
28 | import org.identityconnectors.framework.common.objects.AttributeBuilder;
29 | import org.identityconnectors.framework.common.objects.AttributeValueCompleteness;
30 |
31 | import com.evolveum.polygon.connector.ldap.AbstractLdapConfiguration;
32 | import com.evolveum.polygon.connector.ldap.OperationLog;
33 | import com.evolveum.polygon.connector.ldap.schema.AttributeHandler;
34 | import com.evolveum.polygon.connector.ldap.search.SearchStrategy;
35 |
36 | /**
37 | * This is an additional handler that will process incomplete (range)
38 | * attributes such as members;range=0-1500
39 | *
40 | * @author semancik
41 | *
42 | */
43 | public class AdAttributeHandler implements AttributeHandler {
44 |
45 | private static final Log LOG = Log.getLog(AdAttributeHandler.class);
46 |
47 | private SearchStrategy searchStrategy;
48 |
49 | public AdAttributeHandler(SearchStrategy searchStrategy) {
50 |
51 | this.searchStrategy = searchStrategy;
52 | }
53 |
54 | @Override
55 | public void handle(LdapNetworkConnection connection, Entry entry, Attribute ldapAttribute, AttributeBuilder ab) {
56 | int semicolonIndex = ldapAttribute.getId().indexOf(';');
57 | if (semicolonIndex >= 0) {
58 | String attrName = ldapAttribute.getId().substring(0, semicolonIndex);
59 | String attrOption = ldapAttribute.getId().substring(semicolonIndex+1);
60 | if (attrOption.startsWith("range=")) {
61 | if (searchStrategy.allowPartialAttributeValues()) {
62 | LOG.ok("Got attribute {0} with range option {1}, do NOT following as partial values are allowed",
63 | attrName, attrOption);
64 | ab.setAttributeValueCompleteness(AttributeValueCompleteness.INCOMPLETE);
65 | } else {
66 | LOG.ok("Got attribute {0} with range option {1}, following as partial values are not allowed",
67 | attrName, attrOption);
68 | while (true) {
69 | Range range = parseRange(attrOption);
70 | if (range.top) {
71 | LOG.ok("reached the top of the range ({0}), breaking", attrOption);
72 | break;
73 | }
74 | Attribute rangeAttribute = rangeSearch(connection, entry, attrName, range.high);
75 | if (rangeAttribute == null) {
76 | LOG.ok("no range attribute returned in response, breaking", attrOption);
77 | break;
78 | }
79 | LOG.ok("Range attribute: {0}", rangeAttribute.getId());
80 | for (Value rangeValue: rangeAttribute) {
81 | try {
82 | ldapAttribute.add(rangeValue);
83 | } catch (LdapInvalidAttributeValueException e) {
84 | throw new IllegalStateException("Error adding value "+rangeValue+" to attribute "+ldapAttribute+": "+e.getMessage(), e);
85 | }
86 | }
87 | semicolonIndex = rangeAttribute.getId().indexOf(';');
88 | if (semicolonIndex < 0) {
89 | // Strange. but it looks like we have all the values now
90 | LOG.ok("found no range option, breaking", attrOption);
91 | break;
92 | } else {
93 | attrOption = rangeAttribute.getId().substring(semicolonIndex+1);
94 | }
95 | }
96 | }
97 | } else {
98 | LOG.ok("Unknown attribute option: {0}", ldapAttribute.getId());
99 | }
100 | }
101 | }
102 |
103 | private Attribute rangeSearch(LdapNetworkConnection connection, Entry previousEntry, String attrName, int high) {
104 | Dn dn = previousEntry.getDn();
105 | String attributesToGet = attrName + ";range=" + (high + 1) + "-*";
106 | Entry entry = null;
107 | OperationLog.logOperationReq(connection, "Search REQ base={0}, filter={1}, scope={2}, attributes={3}",
108 | dn, AbstractLdapConfiguration.SEARCH_FILTER_ALL, SearchScope.OBJECT, attributesToGet);
109 | try {
110 | entry = connection.lookup( dn, attributesToGet );
111 |
112 | if ( entry == null ) {
113 | OperationLog.logOperationErr(connection, "Entry not found for {0}", dn);
114 | throw searchStrategy.getErrorHandler().processLdapException( "Range search for "+dn+" with "+attributesToGet+" failed",
115 | new LdapNoSuchObjectException("No entry found for " + dn));
116 | }
117 | } catch (LdapException e) {
118 | OperationLog.logOperationErr(connection, "Search ERR {0}: {1}", e.getClass().getName(), e.getMessage(), e);
119 | searchStrategy.getConnectionLog().error(connection, "search", e, dn + " OBJECT (objectclass=*)");
120 | throw searchStrategy.getErrorHandler().processLdapException("Range search for "+dn+" with "+attributesToGet+" failed", e);
121 | }
122 |
123 | OperationLog.logOperationRes(connection, "Search RES {0}", entry);
124 | if (searchStrategy.getConnectionLog().isSuccess()) {
125 | searchStrategy.getConnectionLog().success(connection, "search", dn + " OBJECT (objectclass=*)");
126 | }
127 |
128 | String attrPrefix = attrName + ";range=";
129 | for(Attribute attr : entry) {
130 | if (attr.getId().startsWith(attrPrefix)) {
131 | return attr;
132 | }
133 | }
134 | return null;
135 | }
136 |
137 | private Range parseRange(String opt) {
138 | int iEq = opt.indexOf('=');
139 | int iDash = opt.indexOf('-');
140 | Range range = new Range();
141 | range.low = Integer.parseInt(opt.substring(iEq + 1, iDash));
142 | String hiStr = opt.substring(iDash + 1);
143 | if ("*".equals(hiStr)) {
144 | range.top = true;
145 | } else {
146 | range.high = Integer.parseInt(hiStr);
147 | }
148 | return range;
149 | }
150 |
151 | private class Range {
152 | int low;
153 | int high;
154 | boolean top = false;
155 | }
156 |
157 | }
158 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/AdAttributeType.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2019 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import org.apache.directory.api.ldap.model.schema.AttributeType;
19 |
20 | /**
21 | * @author semancik
22 | *
23 | */
24 | public class AdAttributeType extends AttributeType {
25 | private static final long serialVersionUID = 1L;
26 |
27 | public AdAttributeType(String oid) {
28 | super(oid);
29 | }
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/AdConstants.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2015-2019 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import java.util.Map;
19 | import java.util.Set;
20 |
21 | /**
22 | * @author semancik
23 | *
24 | */
25 | public class AdConstants {
26 |
27 | /**
28 | * Name used for native AD schema in Apache Directory API.
29 | */
30 | public static final String AD_SCHEMA_NAME = "AD";
31 |
32 | public static final String ATTRIBUTE_OBJECT_GUID_NAME = "objectGUID";
33 | public static final String ATTRIBUTE_OBJECT_SID_NAME = "objectSid";
34 | public static final String ATTRIBUTE_OBJECT_CATEGORY_NAME = "objectCategory";
35 | public static final String ATTRIBUTE_SAM_ACCOUNT_NAME_NAME = "sAMAccountName";
36 | public static final String ATTRIBUTE_UNICODE_PWD_NAME = "unicodePwd";
37 | public static final String ATTRIBUTE_UNICODE_PWD_OID = "1.2.840.113556.1.4.90";
38 | public static final String ATTRIBUTE_CN_NAME = "cn";
39 | public static final String ATTRIBUTE_USER_ACCOUNT_CONTROL_NAME = "userAccountControl";
40 | public static final String ATTRIBUTE_NT_SECURITY_DESCRIPTOR = "nTSecurityDescriptor";
41 | public static final String ATTRIBUTE_IS_DELETED = "isDeleted";
42 | public static final String ATTRIBUTE_DISTINGUISHED_NAME_NAME = "distinguishedName";
43 | public static final String ATTRIBUTE_PWD_LAST_SET_NAME = "pwdLastSet";
44 | public static final String ATTRIBUTE_SCHEMA_NAMING_CONTEXT_NAME = "schemaNamingContext";
45 | public static final String ATTRIBUTE_GOVERNS_ID_NAME = "governsID";
46 | public static final String ATTRIBUTE_ATTRIBUTE_ID_NAME = "attributeID";
47 | public static final String ATTRIBUTE_LDAP_DISPLAY_NAME_NAME = "lDAPDisplayName";
48 | public static final String ATTRIBUTE_IS_SINGLE_VALUED_NAME = "isSingleValued";
49 | public static final String ATTRIBUTE_ATTRIBUTE_SYNTAX_NAME = "attributeSyntax";
50 | public static final String ATTRIBUTE_MUST_CONTAIN_NAME = "mustContain";
51 | public static final String ATTRIBUTE_SYSTEM_MUST_CONTAIN_NAME = "systemMustContain";
52 | public static final String ATTRIBUTE_MAY_CONTAIN_NAME = "mayContain";
53 | public static final String ATTRIBUTE_SYSTEM_MAY_CONTAIN_NAME = "systemMayContain";
54 |
55 | public static final String ATTRIBUTE_SYSTEM_POSS_SUPERIORS_NAME = "systemPossSuperiors";
56 | public static final String ATTRIBUTE_SYSTEM_ONLY_NAME = "systemOnly";
57 | public static final String ATTRIBUTE_SUB_CLASS_OF_NAME = "subClassOf";
58 | public static final String ATTRIBUTE_AUXILIARY_CLASS_NAME = "auxiliaryClass";
59 | public static final String ATTRIBUTE_DEFAULT_OBJECT_CATEGORY_NAME = "defaultObjectCategory";
60 |
61 |
62 | public static final String ATTRIBUTE_MS_DS_MEMBER_TRANSITIVE= "msds-memberTransitive";
63 | public static final String ATTRIBUTE_MS_DS_MEMBER_OF_TRANSITIVE= "msds-memberOfTransitive";
64 |
65 | public static final String OBJECT_CLASS_CLASS_SCHEMA = "classSchema";
66 | public static final String OBJECT_CLASS_ATTRIBUTE_SCHEMA = "attributeSchema";
67 | public static final String OBJECT_CLASS_DMD = "dMD";
68 | public static final String OBJECT_CLASS_SUB_SCHEMA = "subSchema";
69 |
70 | public static final String OBJECT_CLASS_NAME_USER = "user";
71 | public static final String OBJECT_CLASS_NAME_GROUP = "group";
72 |
73 | public static final Map AD_MEMBERSHIP_ATTRIBUTES = Map.of(OBJECT_CLASS_NAME_GROUP,"member");
74 | public static final Set AD_BASE_SCOPE_ONLY = Set.of(ATTRIBUTE_MS_DS_MEMBER_TRANSITIVE,
75 | ATTRIBUTE_MS_DS_MEMBER_OF_TRANSITIVE);
76 | /*
77 | * https://docs.microsoft.com/en-us/windows/desktop/adschema/a-useraccountcontrol
78 | *
79 | *
80 | */
81 | protected static enum UAC {
82 | //account types
83 | //Typical user : 0x200 (512)
84 | //Domain controller : 0x82000 (532480) this is: ADS_UF_SERVER_TRUST_ACCOUNT + ADS_UF_TRUSTED_FOR_DELEGATION
85 | //Workstation/server: 0x1000 (4096)
86 |
87 | ADS_UF_SCRIPT (0x00000001, true), //int: 1 //The logon script is executed.
88 | //ADS_UF_ACCOUNTDISABLE is readonly because OperationalAttributes.ENABLE_NAME is master
89 | ADS_UF_ACCOUNTDISABLE (0x00000002, true), //int: 2 //The user account is disabled.
90 | ADS_UF_HOMEDIR_REQUIRED (0x00000008), //int: 8 //The home directory is required.
91 | ADS_UF_LOCKOUT (0x00000010, true), //int: 16 //The account is currently locked out.
92 | ADS_UF_PASSWD_NOTREQD (0x00000020), //int: 32 //No password is required.
93 | ADS_UF_PASSWD_CANT_CHANGE (0x00000040, true), //int: 64 //The user cannot change the password. [!Note]You cannot assign the permission settings of PASSWD_CANT_CHANGE by directly modifying the UserAccountControl attribute. For more information and a code example that shows how to prevent a user from changing the password, see User Cannot Change Password.
94 | ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED (0x00000080), //int: 128 //The user can send an encrypted password.
95 | ADS_UF_TEMP_DUPLICATE_ACCOUNT (0x00000100, true), //int: 256 //This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Also known as a local user account.
96 | ADS_UF_NORMAL_ACCOUNT (0x00000200, true), //int: 512 //This is a default account type that represents a typical user.
97 | ADS_UF_INTERDOMAIN_TRUST_ACCOUNT (0x00000800, true), //int: 2048 //This is a permit to trust account for a system domain that trusts other domains.
98 | ADS_UF_WORKSTATION_TRUST_ACCOUNT (0x00001000, true), //int: 4096 //This is a computer account for a computer that is a member of this domain.
99 | ADS_UF_SERVER_TRUST_ACCOUNT (0x00002000, true), //int: 8192 //This is a computer account for a system backup domain controller that is a member of this domain.
100 | //N/A (0x00004000), //int: 548864 //Not used.
101 | //N/A (0x00008000), //int: 565248//Not used.
102 | ADS_UF_DONT_EXPIRE_PASSWD (0x00010000), //int: 65536 //The password for this account will never expire.
103 | ADS_UF_MNS_LOGON_ACCOUNT (0x00020000), //int: 131072 //This is an MNS logon account.
104 | ADS_UF_SMARTCARD_REQUIRED (0x00040000), //int: 262144 //The user must log on using a smart card.
105 | ADS_UF_TRUSTED_FOR_DELEGATION (0x00080000), //int: 524288 //The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service.
106 | ADS_UF_NOT_DELEGATED (0x00100000), //int: 1048576 //The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
107 | ADS_UF_USE_DES_KEY_ONLY (0x00200000), //int: 2097152 //Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
108 | ADS_UF_DONT_REQUIRE_PREAUTH (0x00400000), //int: 4194304 //This account does not require Kerberos pre-authentication for logon.
109 | ADS_UF_PASSWORD_EXPIRED (0x00800000, true), //int: 8388608 //The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.
110 | ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (0x01000000), //int: 16777216 //The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network.
111 | ;
112 |
113 | private final int bit;
114 | private final boolean readOnly;
115 |
116 | UAC(final int bit)
117 | {
118 | this.bit = bit;
119 | this.readOnly = false;
120 | }
121 |
122 | UAC(final int bit, final boolean readOnly)
123 | {
124 | this.bit = bit;
125 | this.readOnly = readOnly;
126 | }
127 |
128 | public int getBit()
129 | {
130 | return bit;
131 | }
132 | public boolean isReadOnly()
133 | {
134 | return readOnly;
135 | }
136 |
137 | private static final UAC[] copyOfValues = values();
138 |
139 | public static UAC forName(String name) {
140 | for (UAC value : copyOfValues) {
141 | if (value.name().equals(name)) {
142 | return value;
143 | }
144 | }
145 | return null;
146 | }
147 | }
148 |
149 | }
150 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/AdErrorHandler.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2015-2020 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import com.evolveum.polygon.connector.ldap.ErrorHandler;
19 | import com.evolveum.polygon.connector.ldap.LdapUtil;
20 | import org.apache.directory.api.ldap.model.exception.LdapException;
21 | import org.apache.directory.api.ldap.model.exception.LdapOperationException;
22 | import org.apache.directory.api.ldap.model.exception.LdapOtherException;
23 | import org.apache.directory.api.ldap.model.message.LdapResult;
24 | import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
25 | import org.identityconnectors.common.logging.Log;
26 | import org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException;
27 |
28 | import java.lang.reflect.Constructor;
29 | import java.lang.reflect.InvocationTargetException;
30 |
31 | public class AdErrorHandler extends ErrorHandler {
32 |
33 | private static final Log LOG = Log.getLog(AdErrorHandler.class);
34 |
35 | @Override
36 | public RuntimeException processLdapResult(String connectorMessage, LdapResult ldapResult) {
37 | if (ldapResult.getResultCode() == ResultCodeEnum.UNWILLING_TO_PERFORM ||
38 | ldapResult.getResultCode() == ResultCodeEnum.OPERATIONS_ERROR) {
39 | AdErrorSubcode adErrorSubcode = AdErrorSubcode.parseDiagnosticMessage(ldapResult.getDiagnosticMessage());
40 | if (adErrorSubcode != null) {
41 | Class exceptionClass = adErrorSubcode.getExceptionClass();
42 | String exceptionMessage = LdapUtil.sanitizeString(ldapResult.getDiagnosticMessage()) + ": " + adErrorSubcode.name() + ": " + adErrorSubcode.getMessage();
43 | LdapUtil.logOperationError(connectorMessage, ldapResult, exceptionMessage);
44 | RuntimeException exception = instantiateException(exceptionClass, exceptionMessage);
45 | if (exception instanceof InvalidAttributeValueException) {
46 | ((InvalidAttributeValueException)exception).setAffectedAttributeNames(adErrorSubcode.getAffectedAttributes());
47 | }
48 | throw exception;
49 | }
50 |
51 | }
52 | if (ldapResult.getResultCode() == ResultCodeEnum.OTHER) {
53 | RuntimeException otherExpression = processOtherError(connectorMessage, ldapResult.getDiagnosticMessage(), ldapResult, null);
54 | if (otherExpression != null) {
55 | return otherExpression;
56 | }
57 | }
58 | DsidError dsidError = DsidError.parseDiagnosticMessage(ldapResult.getDiagnosticMessage());
59 | if (dsidError != null) {
60 | LdapUtil.logOperationError(connectorMessage, ldapResult, dsidError.getMessage());
61 | throw instantiateException(dsidError.getExceptionClass(), dsidError.getMessage());
62 | }
63 | return super.processLdapResult(connectorMessage, ldapResult);
64 | }
65 |
66 | private RuntimeException instantiateException(Class exceptionClass, String exceptionMessage) {
67 | try {
68 | Constructor exceptionConstructor;
69 | exceptionConstructor = exceptionClass.getConstructor(String.class);
70 | return exceptionConstructor.newInstance(exceptionMessage);
71 | } catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
72 | return new RuntimeException("Error instantiating exception " + exceptionClass.getName() + ", original message: " + exceptionMessage, e);
73 | }
74 | }
75 |
76 | @Override
77 | public RuntimeException processLdapException(String connectorMessage, LdapException ldapException) {
78 |
79 | DsidError dsidError = DsidError.parseDiagnosticMessage(ldapException.getMessage());
80 | if (dsidError != null) {
81 | LdapUtil.logOperationError(connectorMessage, ldapException, dsidError.getMessage());
82 | throw instantiateException(dsidError.getExceptionClass(), dsidError.getMessage());
83 | }
84 |
85 | if (ldapException instanceof LdapOtherException) {
86 | RuntimeException otherExpression = processOtherError(connectorMessage, ldapException.getMessage(), null, (LdapOtherException) ldapException);
87 | if (otherExpression != null) {
88 | return otherExpression;
89 | }
90 | }
91 | return super.processLdapException(connectorMessage, ldapException);
92 | }
93 |
94 |
95 | /**
96 | * This is category of errors that we do not know anything just a string error message.
97 | * And we have to figure out what is going on just from the message.
98 | */
99 | private RuntimeException processOtherError(String connectorMessage, String diagnosticMessage, LdapResult ldapResult, LdapOperationException ldapException) {
100 | WindowsErrorCode errorCode = WindowsErrorCode.parseDiagnosticMessage(diagnosticMessage);
101 | if (errorCode == null) {
102 | return null;
103 | }
104 | try {
105 | Class exceptionClass = errorCode.getExceptionClass();
106 | Constructor exceptionConstructor;
107 | exceptionConstructor = exceptionClass.getConstructor(String.class);
108 | String exceptionMessage = LdapUtil.sanitizeString(diagnosticMessage) + ": " + errorCode.name() + ": " + errorCode.getMessage();
109 | RuntimeException exception = exceptionConstructor.newInstance(exceptionMessage);
110 | if (ldapResult != null) {
111 | LdapUtil.logOperationError(connectorMessage, ldapResult, exceptionMessage);
112 | } else {
113 | LdapUtil.logOperationError(connectorMessage, ldapException, exceptionMessage);
114 | }
115 | return exception;
116 | } catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
117 | LOG.error("Error during LDAP error handling: {0}: {1}", e.getClass(), e.getMessage(), e);
118 | // fallback
119 | return null;
120 | }
121 | }
122 |
123 |
124 | }
125 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/AdErrorSubcode.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2017 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import java.util.Arrays;
19 | import java.util.Collection;
20 |
21 | import org.identityconnectors.framework.common.exceptions.AlreadyExistsException;
22 | import org.identityconnectors.framework.common.exceptions.ConnectorException;
23 | import org.identityconnectors.framework.common.exceptions.ConnectorSecurityException;
24 | import org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException;
25 | import org.identityconnectors.framework.common.exceptions.PermissionDeniedException;
26 | import org.identityconnectors.framework.common.exceptions.UnknownUidException;
27 | import org.identityconnectors.framework.common.objects.OperationalAttributes;
28 |
29 | /**
30 | * Based on http://www.ldapwiki.com/wiki/WILL_NOT_PERFORM and other data
31 | *
32 | * Constants starting with X are not actual codes, just a guess.
33 | *
34 | * @author Radovan Semancik
35 | */
36 | public enum AdErrorSubcode {
37 |
38 | // See with operationsError(1) LDAP result code, as a result of search operation. MID-6439
39 | X_BIND_REQUIRED(0x4dc, "In order to perform this operation a successful bind must be completed on the connection", ConnectorSecurityException.class),
40 |
41 | INVALID_PRIMARY_GROUP(0x51c, "This security ID may not be assigned as the primary groupof an object", InvalidAttributeValueException.class),
42 | NO_IMPERSONATION_TOKEN(0x51d, "An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client", ConnectorSecurityException.class),
43 | CANT_DISABLE_MANDATORY(0x51e, "The group may not be disabled", PermissionDeniedException.class),
44 | NO_LOGON_SERVERS(0x51f, "There are currently no logon servers available to service the logon request", PermissionDeniedException.class),
45 | NO_SUCH_LOGON_SESSION(0x520, "A specified logon session does not exist. It may already have been terminated", PermissionDeniedException.class),
46 | NO_SUCH_PRIVILEGE(0x521, "A specified privilege does not exist", ConnectorSecurityException.class),
47 | PRIVILEGE_NOT_HELD(0x522, "A required privilege is not held by the client", PermissionDeniedException.class),
48 | INVALID_ACCOUNT_NAME(0x523, "The name provided is not a properly formed account name", InvalidAttributeValueException.class),
49 | USER_EXISTS(0x524, "The specified user already exists", AlreadyExistsException.class),
50 | NO_SUCH_USER(0x525, "The specified user does not exist", UnknownUidException.class),
51 | GROUP_EXISTS(0x526, "The specified group already exists", AlreadyExistsException.class),
52 | NO_SUCH_GROUP(0x527, "The specified group does not exist", UnknownUidException.class),
53 | MEMBER_IN_GROUP(0x528, "Either the specified user account is already a member of the specified group, or the specified group cannot be deleted because it contains a member", ConnectorException.class),
54 | MEMBER_NOT_IN_GROUP(0x529, "The specified user account is not a member of the specified group account", ConnectorException.class),
55 | LAST_ADMIN(0x52a, "The last remaining administration account cannot be disabled or deleted", PermissionDeniedException.class),
56 | WRONG_PASSWORD(0x52b, "Unable to update the password. The value provided as the current password is incorrect",
57 | InvalidAttributeValueException.class, OperationalAttributes.PASSWORD_NAME),
58 | ILL_FORMED_PASSWORD(0x52c, "Unable to update the password. The value provided for the new password contains values that are not allowed in passwords",
59 | InvalidAttributeValueException.class, OperationalAttributes.PASSWORD_NAME),
60 | PASSWORD_RESTRICTION(0x52d, "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirement of the domain",
61 | InvalidAttributeValueException.class, OperationalAttributes.PASSWORD_NAME),
62 | LOGON_FAILURE(0x52e, "Logon failure unknown user name or bad password", PermissionDeniedException.class),
63 | ACCOUNT_RESTRICTION(0x52f, "Logon failure user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced", PermissionDeniedException.class),
64 | INVALID_LOGON_HOURS(0x530, "Logon failure account logon time restriction violation", PermissionDeniedException.class),
65 | INVALID_WORKSTATION(0x531, "Logon failure user not allowed to log on to this computer", PermissionDeniedException.class),
66 | PASSWORD_EXPIRED(0x532, "Logon failure the specified account password has expired", PermissionDeniedException.class),
67 | ACCOUNT_DISABLED(0x533, "Logon failure account currently disabled", PermissionDeniedException.class),
68 | NONE_MAPPED(0x534, "No mapping between account names and security IDs was done", PermissionDeniedException.class),
69 | TOO_MANY_LUIDS_REQUESTED(0x535, "Too many local user identifiers (LUIDs) were requested at one time", ConnectorException.class),
70 | LUIDS_EXHAUSTED(0x536, "No more local user identifiers (LUIDs) are available", ConnectorException.class),
71 | INVALID_SUB_AUTHORITY(0x537, "The subauthority part of a security ID is invalid for this particular use", ConnectorException.class),
72 | INVALID_ACL(0x538, "The access control list (ACL) structure is invalid", ConnectorException.class),
73 | INVALID_SID(0x539, "The security ID structure is invalid", ConnectorException.class),
74 | INVALID_SECURITY_DESCR(0x53a, "The security descriptor structure is invalid", ConnectorException.class);
75 |
76 | private int code;
77 | private String message;
78 | private Class exceptionClass;
79 | private Collection affectedAttributes;
80 |
81 | private AdErrorSubcode(int code, String message, Class exceptionClass, String... affectedAttributes) {
82 | this.code = code;
83 | this.message = message;
84 | this.exceptionClass = exceptionClass;
85 | if (affectedAttributes != null && affectedAttributes.length != 0) {
86 | this.affectedAttributes = Arrays.asList(affectedAttributes);
87 | }
88 | }
89 |
90 | public int getCode() {
91 | return code;
92 | }
93 |
94 | public String getMessage() {
95 | return message;
96 | }
97 |
98 | public Class getExceptionClass() {
99 | return exceptionClass;
100 | }
101 |
102 | public Collection getAffectedAttributes() {
103 | return affectedAttributes;
104 | }
105 |
106 | public static AdErrorSubcode parseDiagnosticMessage(String diagnosticMessage) {
107 | if (diagnosticMessage == null) {
108 | return null;
109 | }
110 | int indexColon = diagnosticMessage.indexOf(':');
111 | if (indexColon < 1) {
112 | return null;
113 | }
114 | String codeString = diagnosticMessage.substring(0, indexColon);
115 | int code;
116 | try {
117 | code = Integer.parseInt(codeString, 16);
118 | } catch (NumberFormatException e) {
119 | return null;
120 | }
121 | return getByCode(code);
122 | }
123 |
124 | private static AdErrorSubcode getByCode(int code) {
125 | for (AdErrorSubcode val: values()) {
126 | if (code == val.code) {
127 | return val;
128 | }
129 | }
130 | return null;
131 | }
132 | }
133 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/AdLdapFilterTranslator.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2015-2019 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import org.apache.directory.api.ldap.model.constants.SchemaConstants;
19 | import org.apache.directory.api.ldap.model.filter.EqualityNode;
20 | import org.apache.directory.api.ldap.model.filter.ExprNode;
21 | import org.apache.directory.api.ldap.model.schema.ObjectClass;
22 | import org.identityconnectors.common.logging.Log;
23 |
24 | import com.evolveum.polygon.connector.ldap.schema.LdapFilterTranslator;
25 | import com.evolveum.polygon.connector.ldap.LdapUtil;
26 | import com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator;
27 |
28 | /**
29 | * @author semancik
30 | *
31 | */
32 | public class AdLdapFilterTranslator extends LdapFilterTranslator {
33 |
34 | private static final Log LOG = Log.getLog(AdLdapFilterTranslator.class);
35 |
36 | public AdLdapFilterTranslator(AbstractSchemaTranslator schemaTranslator, ObjectClass ldapObjectClass) {
37 | super(schemaTranslator, ldapObjectClass);
38 | }
39 |
40 | @Override
41 | protected ExprNode createObjectClassFilter(org.apache.directory.api.ldap.model.schema.ObjectClass ldapObjectClass) {
42 | if ((ldapObjectClass instanceof AdObjectClass)) {
43 | if (getConfiguration().isIncludeObjectCategoryFilter()) {
44 | String defaultObjectCategory = ((AdObjectClass)ldapObjectClass).getDefaultObjectCategory();
45 | if (defaultObjectCategory == null) {
46 | LOG.warn("Requested search by object category, but object class {0} does not have default object category defined in the schema.", ldapObjectClass.getName());
47 | return super.createObjectClassFilter(ldapObjectClass);
48 | }
49 | return LdapUtil.filterAnd(
50 | super.createObjectClassFilter(ldapObjectClass),
51 | new EqualityNode<>(AdConstants.ATTRIBUTE_OBJECT_CATEGORY_NAME, defaultObjectCategory));
52 | } else {
53 | return super.createObjectClassFilter(ldapObjectClass);
54 | }
55 | } else {
56 | return super.createObjectClassFilter(ldapObjectClass);
57 | }
58 | }
59 |
60 | }
61 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/AdObjectClass.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2019 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import org.apache.directory.api.ldap.model.schema.ObjectClass;
19 |
20 | /**
21 | * @author semancik
22 | *
23 | */
24 | public class AdObjectClass extends ObjectClass {
25 | private static final long serialVersionUID = 1L;
26 |
27 | private String defaultObjectCategory;
28 |
29 | public AdObjectClass(String oid) {
30 | super(oid);
31 | }
32 |
33 | public String getDefaultObjectCategory() {
34 | return defaultObjectCategory;
35 | }
36 |
37 | public void setDefaultObjectCategory(String defaultObjectCategory) {
38 | this.defaultObjectCategory = defaultObjectCategory;
39 | }
40 |
41 | }
42 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/AdSchemaManager.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2019 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import java.io.IOException;
19 |
20 | import org.apache.directory.api.ldap.model.exception.LdapException;
21 | import org.apache.directory.api.ldap.model.schema.SchemaObjectWrapper;
22 | import org.apache.directory.api.ldap.model.schema.registries.Registries;
23 | import org.apache.directory.api.ldap.model.schema.registries.Schema;
24 | import org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManager;
25 |
26 | /**
27 | * @author semancik
28 | *
29 | */
30 | public class AdSchemaManager extends DefaultSchemaManager {
31 |
32 | public AdSchemaManager(AdSchemaLoader schemaLoader) {
33 | super(schemaLoader);
34 | }
35 |
36 | @Override
37 | protected void addSchemaObjects( Schema schema, Registries registries ) throws LdapException {
38 | for (SchemaObjectWrapper objectWrapper : schema.getContent()) {
39 | addSchemaObject(registries, objectWrapper.get(), schema);
40 | }
41 | }
42 |
43 | }
44 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/AdUserParametersHandlerException.java:
--------------------------------------------------------------------------------
1 | package com.evolveum.polygon.connector.ldap.ad;
2 |
3 | public class AdUserParametersHandlerException extends Exception {
4 |
5 | private static final long serialVersionUID = -664996482924399043L;
6 |
7 | public AdUserParametersHandlerException() {
8 | super();
9 | }
10 |
11 | public AdUserParametersHandlerException(String message, Throwable cause) {
12 | super(message, cause);
13 | }
14 |
15 | public AdUserParametersHandlerException(String message) {
16 | super(message);
17 | }
18 |
19 | public AdUserParametersHandlerException(Throwable cause) {
20 | super(cause);
21 | }
22 |
23 | }
24 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/DsidError.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2021 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import com.evolveum.polygon.connector.ldap.ReconnectException;
19 | import org.identityconnectors.framework.common.exceptions.RetryableException;
20 |
21 | import java.util.regex.Matcher;
22 | import java.util.regex.Pattern;
23 |
24 | /**
25 | * Handling the strange (and mostly undocumented) errors with DSID identifier, e.g:
26 | *
27 | * unavailableCriticalExtension: 00000057: LdapErr: DSID-0C090850, comment: Error processing control, data 0, v2580? (12)
28 | *
29 | */
30 | public class DsidError {
31 |
32 | // There are three codes for "X_BIND_REQUIRED" error. Strange, yet not entirely surprising.
33 | static public final String CODE_X_BIND_REQUIRED_1 = "0C0907E9";
34 | static public final String CODE_X_BIND_REQUIRED_2 = "0C090A71";
35 | static public final String CODE_X_BIND_REQUIRED_3 = "0C090C88";
36 |
37 | static public final String CODE_UNAVAILABLE_CRITICAL_EXTENSION = "0C090850";
38 |
39 | private static final Pattern DSID_PATTERN = Pattern.compile("LdapErr: DSID-([0-0a-fA-F]+)");
40 |
41 | private final String code;
42 | private final String message;
43 | private final Class exceptionClass;
44 |
45 | public DsidError(String code, String message, String originalDiagnosticMessage, Class exceptionClass) {
46 | this.code = code;
47 | if (originalDiagnosticMessage == null) {
48 | this.message = message;
49 | } else {
50 | this.message = message + "(original message: " + originalDiagnosticMessage +" )";
51 | }
52 | this.exceptionClass = exceptionClass;
53 | }
54 |
55 | public String getMessage() {
56 | return message;
57 | }
58 |
59 | public Class getExceptionClass() {
60 | return exceptionClass;
61 | }
62 |
63 | public boolean isCode(String code) {
64 | return this.code.equals(code);
65 | }
66 |
67 | public static DsidError parseDiagnosticMessage(String diagnosticMessage) {
68 | if (diagnosticMessage == null) {
69 | return null;
70 | }
71 | Matcher matcher = DSID_PATTERN.matcher(diagnosticMessage);
72 | if (!matcher.find()) {
73 | return null;
74 | }
75 | String codeString = matcher.group(1).toUpperCase();
76 | switch (codeString) {
77 |
78 | case CODE_X_BIND_REQUIRED_1:
79 | // 000004DC: LdapErr: DSID-0C0907E9, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580?: X_BIND_REQUIRED: In order to perform this operation a successful bind must be completed on the connection
80 | //
81 | // Looks like something on the server has "logged out" the connection, while LDAP channel remains active.
82 | // Observed on ADAM server.
83 | //
84 | // MID-6815
85 | return new DsidError(CODE_X_BIND_REQUIRED_1, "Connection was unbound on the server", diagnosticMessage, ReconnectException.class);
86 |
87 | case CODE_X_BIND_REQUIRED_2:
88 | // 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839?: X_BIND_REQUIRED: In order to perform this operation a successful bind must be completed on the connection
89 | //
90 | // Looks like something on the server has "logged out" the connection, while LDAP channel remains active.
91 | //
92 | // MID-7371
93 | return new DsidError(CODE_X_BIND_REQUIRED_2, "Connection was unbound on the server", diagnosticMessage, ReconnectException.class);
94 |
95 | case CODE_X_BIND_REQUIRED_3:
96 | // 000004DC: LdapErr: DSID-0C090C88, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v4f7c?: X_BIND_REQUIRED: In order to perform this operation a successful bind must be completed on the connection
97 | //
98 | // Looks like something on the server has "logged out" the connection, while LDAP channel remains active.
99 | //
100 | // MID-9724
101 | return new DsidError(CODE_X_BIND_REQUIRED_3, "Connection was unbound on the server", diagnosticMessage, ReconnectException.class);
102 |
103 | case CODE_UNAVAILABLE_CRITICAL_EXTENSION:
104 | // unavailableCriticalExtension: 00000057: LdapErr: DSID-0C090850, comment: Error processing control, data 0, v2580? (12)
105 | //
106 | // Not sure about this error. It looks like we have exceeded or depleted indexing resources on the server.
107 | // It seems to be related to paging (SPR control).
108 | // It happens sometimes (rarely) for operation that works perfectly other times.
109 | // However, it seems to be a temporary error. The "unavailableCriticalExtension" would suggest a permanent error, therefore overriding the exception type.
110 | // MID-6530
111 | return new DsidError(CODE_UNAVAILABLE_CRITICAL_EXTENSION, "Search or indexing limits (temporarily) exceeded?", diagnosticMessage, RetryableException.class);
112 | }
113 | return null;
114 | }
115 | }
116 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/GlobalCatalogConnectionManager.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2016-2018 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import com.evolveum.polygon.connector.ldap.ConnectionLog;
19 | import com.evolveum.polygon.connector.ldap.ErrorHandler;
20 | import org.apache.directory.api.ldap.model.name.Dn;
21 | import org.apache.directory.ldap.client.api.LdapNetworkConnection;
22 | import org.identityconnectors.framework.common.objects.OperationOptions;
23 |
24 | import com.evolveum.polygon.connector.ldap.connection.ConnectionManager;
25 |
26 | /**
27 | * @author semancik
28 | *
29 | */
30 | public class GlobalCatalogConnectionManager extends ConnectionManager {
31 |
32 | public GlobalCatalogConnectionManager(AdLdapConfiguration configuration, ErrorHandler errorHandler, ConnectionLog connectionLog) {
33 | super(configuration, errorHandler, connectionLog);
34 | }
35 |
36 | @Override
37 | protected String[] getServersConfiguration() {
38 | return getConfiguration().getGlobalCatalogServers();
39 | }
40 |
41 | }
42 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/MutedLoggingSchemaErrorHandler.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2018 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import java.util.List;
19 |
20 | import org.apache.directory.api.ldap.model.schema.LoggingSchemaErrorHandler;
21 | import org.slf4j.Logger;
22 |
23 | /**
24 | * @author semancik
25 | *
26 | */
27 | public class MutedLoggingSchemaErrorHandler extends LoggingSchemaErrorHandler {
28 |
29 | @Override
30 | protected void log( Logger log, String message ) {
31 | // Push logging messages down to trace level. There are too many schema errors in AD.
32 | log.trace( message );
33 | }
34 |
35 | }
36 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/ad/WindowsErrorCode.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2017-2018 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.ad;
17 |
18 | import org.identityconnectors.framework.common.exceptions.UnknownUidException;
19 |
20 | /**
21 | * Based on https://msdn.microsoft.com/en-us/library/windows/desktop/ms681390(v=vs.85).aspx
22 | *
23 | * @author semancik
24 | */
25 | public enum WindowsErrorCode {
26 |
27 | ERROR_DS_NO_PARENT_OBJECT(0x2089, "The operation could not be performed because the object's parent is either uninstantiated or deleted.", UnknownUidException.class),
28 | ERROR_DS_OBJ_NOT_FOUND(0x208D, "Directory object not found.", UnknownUidException.class);
29 |
30 | private int code;
31 | private String message;
32 | private Class exceptionClass;
33 |
34 | private WindowsErrorCode(int code, String message, Class exceptionClass) {
35 | this.code = code;
36 | this.message = message;
37 | this.exceptionClass = exceptionClass;
38 | }
39 |
40 | public int getCode() {
41 | return code;
42 | }
43 |
44 | public String getMessage() {
45 | return message;
46 | }
47 |
48 | public Class getExceptionClass() {
49 | return exceptionClass;
50 | }
51 |
52 | public static WindowsErrorCode parseDiagnosticMessage(String diagnosticMessage) {
53 | if (diagnosticMessage == null) {
54 | return null;
55 | }
56 | int indexColon = diagnosticMessage.indexOf(':');
57 | if (indexColon < 1) {
58 | return null;
59 | }
60 | String codeString = diagnosticMessage.substring(0, indexColon);
61 | int code;
62 | try {
63 | code = Integer.parseInt(codeString, 16);
64 | } catch (NumberFormatException e) {
65 | return null;
66 | }
67 | return getByCode(code);
68 | }
69 |
70 | private static WindowsErrorCode getByCode(int code) {
71 | for (WindowsErrorCode val: values()) {
72 | if (code == val.code) {
73 | return val;
74 | }
75 | }
76 | return null;
77 | }
78 | }
79 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/package-info.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2015 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package com.evolveum.polygon.connector.ldap;
18 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/schema/AssociationHolder.java:
--------------------------------------------------------------------------------
1 | package com.evolveum.polygon.connector.ldap.schema;
2 |
3 | import java.util.Objects;
4 |
5 | public class AssociationHolder {
6 |
7 | private String name;
8 | private String associationAttributeName;
9 | private String otherAttributeInReferenceName;
10 | private String subtype;
11 | private String roleInReference;
12 | private String subjectObjectClassName;
13 | private String objectObjectClassName;
14 | private Boolean isRequired;
15 |
16 | public AssociationHolder(String name, String subjectObjectClassName, String objectObjectClassName, String associationAttributeName,
17 | String subtype , String roleInReference, String otherAttributeInReferenceName) {
18 |
19 | this.name = name;
20 | this.subjectObjectClassName = subjectObjectClassName;
21 | this.objectObjectClassName = objectObjectClassName;
22 | this.associationAttributeName = associationAttributeName;
23 | this.subtype = subtype;
24 | this.roleInReference = roleInReference;
25 | this.otherAttributeInReferenceName = otherAttributeInReferenceName;
26 | }
27 |
28 | public String getName() {
29 | return name;
30 | }
31 |
32 | public void setName(String name) {
33 | this.name = name;
34 | }
35 |
36 | public String getAssociationAttributeName() {
37 | return associationAttributeName;
38 | }
39 |
40 | public String getSubtype() {
41 | return subtype;
42 | }
43 |
44 | public Boolean isRequired() {
45 | return isRequired;
46 | }
47 |
48 | public void setRequired(Boolean required) {
49 | isRequired = required;
50 | }
51 |
52 | public String getRoleInReference() {
53 | return roleInReference;
54 | }
55 |
56 | public String getSubjectObjectClassName() {
57 | return subjectObjectClassName;
58 | }
59 |
60 | public String getObjectObjectClassName() {
61 | return objectObjectClassName;
62 | }
63 |
64 | public String getOtherAttributeInReferenceName() {
65 | return otherAttributeInReferenceName;
66 | }
67 |
68 | @Override
69 | public boolean equals(Object o) {
70 | if (this == o) return true;
71 | if (o == null || getClass() != o.getClass()) return false;
72 | AssociationHolder holder = (AssociationHolder) o;
73 | return Objects.equals(getName(), holder.getName()) && Objects.equals(getAssociationAttributeName(), holder.getAssociationAttributeName()) && Objects.equals(getOtherAttributeInReferenceName(), holder.getOtherAttributeInReferenceName()) && Objects.equals(getSubtype(), holder.getSubtype()) && Objects.equals(getRoleInReference(), holder.getRoleInReference()) && Objects.equals(getSubjectObjectClassName(), holder.getSubjectObjectClassName()) && Objects.equals(getObjectObjectClassName(), holder.getObjectObjectClassName()) && Objects.equals(isRequired, holder.isRequired);
74 | }
75 |
76 | @Override
77 | public int hashCode() {
78 | return Objects.hash(getName(), getAssociationAttributeName(), getOtherAttributeInReferenceName(), getSubtype(), getRoleInReference(), getSubjectObjectClassName(), getObjectObjectClassName(), isRequired);
79 | }
80 |
81 | @Override
82 | public String toString() {
83 | return "AssociationHolder{" +
84 | "name='" + name + '\'' +
85 | ", associationAttributeName='" + associationAttributeName + '\'' +
86 | ", otherAttributeInReferenceName='" + otherAttributeInReferenceName + '\'' +
87 | ", subtype='" + subtype + '\'' +
88 | ", roleInReference='" + roleInReference + '\'' +
89 | ", subjectObjectClassName='" + subjectObjectClassName + '\'' +
90 | ", objectObjectClassName='" + objectObjectClassName + '\'' +
91 | ", isRequired=" + isRequired +
92 | '}';
93 | }
94 | }
95 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/schema/AttributeHandler.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2016 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.schema;
17 |
18 | import org.apache.directory.api.ldap.model.entry.Entry;
19 | import org.apache.directory.ldap.client.api.LdapNetworkConnection;
20 | import org.identityconnectors.framework.common.objects.AttributeBuilder;
21 |
22 | /**
23 | * @author semancik
24 | *
25 | */
26 | public interface AttributeHandler {
27 |
28 | void handle(LdapNetworkConnection connection, Entry entry, org.apache.directory.api.ldap.model.entry.Attribute ldapAttribute, AttributeBuilder ab);
29 |
30 | }
31 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/schema/GuardedStringValue.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2015-2018 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.schema;
17 |
18 | import org.apache.directory.api.ldap.model.entry.Value;
19 | import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
20 | import org.apache.directory.api.ldap.model.schema.AttributeType;
21 | import org.identityconnectors.common.security.GuardedString;
22 |
23 | /**
24 | * Fake LDAP value that stores string as GuardedString.
25 | * We want to decrypt GuardedString at the very last moment to avoid
26 | * recording the value in logs.
27 | *
28 | * @author semancik
29 | *
30 | */
31 | public class GuardedStringValue extends Value {
32 |
33 | GuardedString guardedStringValue;
34 |
35 | public GuardedStringValue(AttributeType attributeType, GuardedString val) throws LdapInvalidAttributeValueException {
36 | super(attributeType, val.toString());
37 | this.guardedStringValue = val;
38 | }
39 |
40 | public GuardedString getGuardedStringValue() {
41 | return guardedStringValue;
42 | }
43 |
44 |
45 | }
46 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/schema/LdapObjectClasses.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2015-2017 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.schema;
17 |
18 | import java.util.ArrayList;
19 | import java.util.List;
20 |
21 | /**
22 | * @author semancik
23 | *
24 | */
25 | public class LdapObjectClasses {
26 |
27 | org.apache.directory.api.ldap.model.schema.ObjectClass ldapLowestStructuralObjectClass;
28 | List ldapStructuralObjectClasses = new ArrayList<>();
29 | List ldapAuxiliaryObjectClasses = new ArrayList<>();
30 |
31 | public org.apache.directory.api.ldap.model.schema.ObjectClass getLdapLowestStructuralObjectClass() {
32 | return ldapLowestStructuralObjectClass;
33 | }
34 |
35 | public void setLdapLowestStructuralObjectClass(
36 | org.apache.directory.api.ldap.model.schema.ObjectClass ldapLowestStructuralObjectClass) {
37 | this.ldapLowestStructuralObjectClass = ldapLowestStructuralObjectClass;
38 | }
39 |
40 | public List getLdapStructuralObjectClasses() {
41 | return ldapStructuralObjectClasses;
42 | }
43 |
44 | public List getLdapAuxiliaryObjectClasses() {
45 | return ldapAuxiliaryObjectClasses;
46 | }
47 |
48 | @Override
49 | public String toString() {
50 | return "LdapObjectClasses(ldapLowestStructuralObjectClass=" + ldapLowestStructuralObjectClass
51 | + ", ldapStructuralObjectClasses=" + ldapStructuralObjectClasses
52 | + ", ldapAuxiliaryObjectClasses=" + ldapAuxiliaryObjectClasses + ")";
53 | }
54 |
55 |
56 | }
57 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/schema/ReferenceAttributeTranslator.java:
--------------------------------------------------------------------------------
1 | package com.evolveum.polygon.connector.ldap.schema;
2 |
3 | import com.evolveum.polygon.connector.ldap.*;
4 | import org.apache.directory.api.ldap.model.entry.Attribute;
5 | import org.apache.directory.api.ldap.model.entry.Value;
6 | import org.apache.directory.api.ldap.model.schema.AttributeType;
7 | import org.identityconnectors.common.logging.Log;
8 | import org.identityconnectors.framework.common.objects.*;
9 |
10 | import java.util.*;
11 | public class ReferenceAttributeTranslator {
12 |
13 | private static final Log LOG = Log.getLog(ReferenceAttributeTranslator.class);
14 | private ConnectorObjectBuilder connectorObjectBuilder;
15 | private final AbstractSchemaTranslator translator;
16 | private ObjectClass objectClass;
17 | private final OperationOptions options;
18 |
19 |
20 | public ReferenceAttributeTranslator(AbstractSchemaTranslator translator, ObjectClass objectClass
21 | , OperationOptions options) {
22 |
23 | this.translator = translator;
24 | this.objectClass = objectClass;
25 | this.options = options;
26 | }
27 |
28 |
29 | public void translate(Attribute ldapAttribute) {
30 | String ldapAttributeName = ldapAttribute.getId();
31 |
32 | AttributeType attributeType = ldapAttribute.getAttributeType();
33 | Iterator iterator = ldapAttribute.iterator();
34 | Map> objectAssociationSets = translator.getObjectAssociationSets();
35 | Map> subjectAssociationSets = translator.getSubjectAssociationSets();
36 | String objectClassName = objectClass.getObjectClassValue();
37 | String referenceAttributeName= null;
38 | String syntaxOid = null;
39 | if (ldapAttribute != null) {
40 |
41 | if (attributeType != null) {
42 |
43 | syntaxOid = attributeType.getSyntaxOid();
44 | }
45 | }
46 |
47 | Map referenceAttributes = new HashMap<>();
48 | Boolean isSubject = false;
49 | if (subjectAssociationSets.containsKey(objectClassName)) {
50 |
51 | isSubject = true;
52 | Set holders = subjectAssociationSets.get(objectClassName);
53 | for (AssociationHolder holder : holders) {
54 |
55 | if (objectClassName.equals(holder.getSubjectObjectClassName())) {
56 |
57 | if (ldapAttributeName != null && ldapAttributeName.
58 |
59 | equalsIgnoreCase(holder.getAssociationAttributeName())) {
60 | referenceAttributeName = holder.getName();
61 | }
62 | }
63 | }
64 | }
65 |
66 | if (objectAssociationSets.containsKey(objectClassName)) {
67 |
68 | if (isSubject) {
69 |
70 | Set holders = objectAssociationSets.get(objectClassName);
71 | // In this case we are iterating through the members parameter of an OC which can be both subject and object
72 | for (AssociationHolder holder : holders) {
73 |
74 | if (objectClassName.equals(holder.getSubjectObjectClassName())) {
75 | if (ldapAttributeName != null && ldapAttributeName.
76 | equalsIgnoreCase(holder.getAssociationAttributeName())) {
77 | referenceAttributeName = holder.getName();
78 | isSubject = false;
79 | }
80 | }
81 | }
82 | } else {
83 |
84 | referenceAttributeName = LdapConstants.ATTR_SCHEMA_OBJECT;
85 | }
86 | }
87 |
88 | if (iterator != null) {
89 |
90 | while (iterator.hasNext()) {
91 | Value ldapValue = iterator.next();
92 | String tanslatedValue;
93 |
94 | if (translator.isStringSyntax(syntaxOid)) {
95 |
96 | LOG.ok("Converting: {0} (syntax {1}, value {2}): explicit string", ldapAttributeName, syntaxOid, ldapValue.getClass());
97 | tanslatedValue = ldapValue.getString();
98 | } else if (ldapValue.isHumanReadable()) {
99 |
100 | LOG.ok("Converting: {0} (syntax {1}, value {2}): detected string", ldapAttributeName, syntaxOid, ldapValue.getClass());
101 | tanslatedValue = ldapValue.getString();
102 | } else {
103 |
104 | LOG.error("Could not handle the value of association attribute: {0}. Syntax non interpretable as" +
105 | " string is not supported.", ldapAttributeName);
106 | return;
107 | }
108 |
109 | if (tanslatedValue != null && !tanslatedValue.isEmpty()) {
110 |
111 | if (!translator.shouldValueBeIncluded(tanslatedValue, ldapAttributeName)) {
112 | continue;
113 | }
114 |
115 | ConnectorObjectIdentification connectorObjectIdentification;
116 | if (!isSubject) {
117 |
118 | connectorObjectIdentification = new ConnectorObjectIdentification(null, constructIDAttributes(tanslatedValue));
119 | } else {
120 |
121 | String targetOcName = null;
122 | Set targets = (Set) translator.getSubjectAssociationSets()
123 | .get(objectClass.getObjectClassValue());
124 | for (AssociationHolder target : targets) {
125 |
126 | /// Assuming that each OC would have a different association attribute (memberOf, uniqueMember)
127 | if(ldapAttributeName.equalsIgnoreCase(target.getAssociationAttributeName())){
128 |
129 | targetOcName = target.getObjectObjectClassName();
130 | break;
131 | }
132 | }
133 | connectorObjectIdentification = new ConnectorObjectIdentification(new ObjectClass(targetOcName),
134 | constructIDAttributes(tanslatedValue));
135 | }
136 |
137 | ConnectorObjectReference connectorObjectReference =
138 | new ConnectorObjectReference(connectorObjectIdentification);
139 | if (referenceAttributes.containsKey(referenceAttributeName)) {
140 |
141 | AttributeBuilder attributeBuilder = referenceAttributes.get(referenceAttributeName);
142 | attributeBuilder.addValue(connectorObjectReference);
143 | referenceAttributes.put(referenceAttributeName, attributeBuilder);
144 | } else {
145 |
146 | AttributeBuilder attributeBuilder = new AttributeBuilder();
147 | attributeBuilder.addValue(connectorObjectReference);
148 | attributeBuilder.setName(referenceAttributeName);
149 | referenceAttributes.put(referenceAttributeName, attributeBuilder);
150 | }
151 | }
152 | }
153 | }
154 |
155 | if (!referenceAttributes.isEmpty()) {
156 |
157 | for (AttributeBuilder referenceAttribute : referenceAttributes.values()) {
158 |
159 | connectorObjectBuilder.addAttribute(referenceAttribute.build());
160 | }
161 | }
162 | }
163 |
164 | private Set
165 | constructIDAttributes(String tanslatedValue) {
166 |
167 | Set idAttributes = new HashSet<>();
168 | org.identityconnectors.framework.common.objects.Attribute attribute =
169 | new AttributeBuilder().setName(Name.NAME).addValue(Collections.singleton(tanslatedValue)).build();
170 | idAttributes.add(attribute);
171 |
172 | return idAttributes;
173 | }
174 |
175 | public void setConnectorObjectBuilder(ConnectorObjectBuilder connectorObjectBuilder) {
176 | this.connectorObjectBuilder = connectorObjectBuilder;
177 | }
178 |
179 | public ObjectClass getObjectClass() {
180 | return objectClass;
181 | }
182 |
183 | public void setObjectClass(ObjectClass objectClass) {
184 | this.objectClass = objectClass;
185 | }
186 |
187 | }
188 |
--------------------------------------------------------------------------------
/src/main/java/com/evolveum/polygon/connector/ldap/schema/ScopedFilter.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Copyright (c) 2015-2016 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap.schema;
17 |
18 | import org.apache.directory.api.ldap.model.filter.ExprNode;
19 | import org.apache.directory.api.ldap.model.name.Dn;
20 |
21 | /**
22 | * @author semancik
23 | *
24 | */
25 | public class ScopedFilter {
26 |
27 | private ExprNode filter = null;
28 | private Dn baseDn = null;
29 |
30 | public ScopedFilter(ExprNode filter, Dn baseDn) {
31 | super();
32 | this.filter = filter;
33 | this.baseDn = baseDn;
34 | }
35 |
36 | public ScopedFilter(ExprNode filter) {
37 | super();
38 | this.filter = filter;
39 | }
40 |
41 | public ScopedFilter(Dn baseDn) {
42 | super();
43 | this.baseDn = baseDn;
44 | }
45 |
46 | public ExprNode getFilter() {
47 | return filter;
48 | }
49 |
50 | public Dn getBaseDn() {
51 | return baseDn;
52 | }
53 |
54 | @Override
55 | public int hashCode() {
56 | final int prime = 31;
57 | int result = 1;
58 | result = prime * result + ((baseDn == null) ? 0 : baseDn.hashCode());
59 | result = prime * result + ((filter == null) ? 0 : filter.hashCode());
60 | return result;
61 | }
62 |
63 | @Override
64 | public boolean equals(Object obj) {
65 | if (this == obj)
66 | return true;
67 | if (obj == null)
68 | return false;
69 | if (getClass() != obj.getClass())
70 | return false;
71 | ScopedFilter other = (ScopedFilter) obj;
72 | if (baseDn == null) {
73 | if (other.baseDn != null)
74 | return false;
75 | } else if (!baseDn.equals(other.baseDn))
76 | return false;
77 | if (filter == null) {
78 | if (other.filter != null)
79 | return false;
80 | } else if (!filter.equals(other.filter))
81 | return false;
82 | return true;
83 | }
84 |
85 | @Override
86 | public String toString() {
87 | return "ScopedFilter(filter=" + filter + ", baseDn=" + baseDn + ")";
88 | }
89 |
90 | }
91 |
--------------------------------------------------------------------------------
/src/main/resources/logging.properties:
--------------------------------------------------------------------------------
1 | // register SLF4JBridgeHandler as handler for the j.u.l. root logger
2 | handlers = org.slf4j.bridge.SLF4JBridgeHandler
3 |
4 |
--------------------------------------------------------------------------------
/src/test/java/com/evolveum/polygon/connector/ldap/AbstractOpenDjTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 | package com.evolveum.polygon.connector.ldap;
17 |
18 | import org.apache.commons.io.FileUtils;
19 | import org.identityconnectors.common.security.GuardedString;
20 | import org.identityconnectors.framework.api.APIConfiguration;
21 | import org.identityconnectors.framework.api.ConnectorFacade;
22 | import org.identityconnectors.framework.api.ConnectorFacadeFactory;
23 | import org.identityconnectors.test.common.TestHelpers;
24 | import org.opends.messages.Message;
25 | import org.opends.server.config.ConfigException;
26 | import org.opends.server.protocols.internal.InternalClientConnection;
27 | import org.opends.server.types.DirectoryEnvironmentConfig;
28 | import org.opends.server.types.InitializationException;
29 | import org.opends.server.util.EmbeddedUtils;
30 | import org.testng.annotations.AfterClass;
31 | import org.testng.annotations.BeforeClass;
32 |
33 | import java.io.File;
34 |
35 | public class AbstractOpenDjTest {
36 |
37 | private static final int PORT_NUMBER = 10389;
38 | protected static final String BASE_CONTEXT = "dc=example,dc=com";
39 | private static final String BIND_DN = "cn=directory manager";
40 | private static final String BIND_PASSWORD = "secret";
41 | protected static final File SERVER_ROOT_DIRECTORY = new File("target/opendj");
42 | private static final File SERVER_CONFIG_FILE = new File(SERVER_ROOT_DIRECTORY, "config/config.ldif");
43 | protected static final File SERVER_TEMPLATE_ROOT_DIRECTORY = new File("src/test/resources/opendj-template");
44 |
45 | public static final String[] OPERATIONAL_ATTRIBUTES = {
46 | LdapConstants.ATTRIBUTE_OPENDJ_DS_PWP_ACCOUNT_DISABLED_NAME,
47 | LdapConstants.ATTRIBUTE_IS_MEMBER_OF_NAME,
48 | LdapConstants.ATTRIBUTE_CREATETIMESTAMP_NAME
49 | };
50 |
51 | private InternalClientConnection internalConnection;
52 |
53 | @BeforeClass
54 | public void startServer() throws Exception {
55 | if (SERVER_ROOT_DIRECTORY.exists()) {
56 | FileUtils.deleteDirectory(SERVER_ROOT_DIRECTORY);
57 | }
58 | SERVER_ROOT_DIRECTORY.mkdirs();
59 | FileUtils.copyDirectory(SERVER_TEMPLATE_ROOT_DIRECTORY, SERVER_ROOT_DIRECTORY);
60 |
61 | DirectoryEnvironmentConfig envConfig = new DirectoryEnvironmentConfig();
62 | try {
63 | envConfig.setServerRoot(SERVER_ROOT_DIRECTORY);
64 | envConfig.setConfigFile(SERVER_CONFIG_FILE);
65 | // envConfig.setDisableConnectionHandlers(true);
66 | } catch (InitializationException ex) {
67 | throw new RuntimeException("OpenDJ initialization failed", ex);
68 | }
69 |
70 | // Check if the server is already running
71 | if (EmbeddedUtils.isRunning()) {
72 | throw new RuntimeException("Server already running");
73 | } else {
74 | System.out.println("Starting OpenDJ server");
75 | try {
76 | EmbeddedUtils.startServer(envConfig);
77 | } catch (ConfigException ex) {
78 | throw new RuntimeException("OpenDJ startup failed", ex);
79 | } catch (InitializationException ex) {
80 | throw new RuntimeException("OpenDJ startup failed", ex);
81 | }
82 | }
83 |
84 | internalConnection = InternalClientConnection.getRootConnection();
85 | if (internalConnection == null) {
86 | throw new RuntimeException("OpenDS cannot get internal connection (null)");
87 | }
88 |
89 | System.out.println("OpenDJ server started");
90 | }
91 |
92 |
93 | @AfterClass
94 | public void stopServer() {
95 | if (EmbeddedUtils.isRunning()) {
96 | System.out.println("Stopping OpenDJ server");
97 | EmbeddedUtils.stopServer(this.getClass().getName(), Message.EMPTY);
98 | System.out.println("OpenDJ server is stopped");
99 | } else {
100 | System.out.println("Attempt to stop OpenDJ server that is already stopped.");
101 | }
102 | }
103 |
104 | public boolean isServerRunning() {
105 | return EmbeddedUtils.isRunning();
106 | }
107 |
108 | protected ConnectorFacade createConnectorInstance() {
109 | return createConnectorInstance(createConnectorConfiguration());
110 | }
111 |
112 | protected ConnectorFacade createConnectorInstance(LdapConfiguration configuration) {
113 | ConnectorFacadeFactory factory = ConnectorFacadeFactory.getInstance();
114 | APIConfiguration apiConfiguration = TestHelpers.createTestConfiguration(LdapConnector.class, configuration);
115 | return factory.newInstance(apiConfiguration);
116 | }
117 |
118 | protected ConnectorFacade createMinimalConnectorInstance() {
119 | ConnectorFacadeFactory factory = ConnectorFacadeFactory.getInstance();
120 | APIConfiguration apiConfiguration = TestHelpers.createTestConfiguration(LdapConnector.class, createMinimalConnectorConfiguration());
121 | return factory.newInstance(apiConfiguration);
122 | }
123 |
124 | protected LdapConfiguration createConnectorConfiguration() {
125 | LdapConfiguration config = createMinimalConnectorConfiguration();
126 | config.setBaseContext(BASE_CONTEXT);
127 | config.setPagingStrategy(LdapConfiguration.PAGING_STRATEGY_AUTO);
128 | config.setVlvSortAttribute(LdapConstants.ATTRIBUTE_ENTRYUUID_NAME);
129 | config.setOperationalAttributes(OPERATIONAL_ATTRIBUTES);
130 | config.setEnableExtraTests(true);
131 | return config;
132 | }
133 |
134 | protected LdapConfiguration createMinimalConnectorConfiguration() {
135 | LdapConfiguration config = new LdapConfiguration();
136 | config.setHost("localhost");
137 | config.setPort(PORT_NUMBER);
138 | config.setBindDn(BIND_DN);
139 | config.setBindPassword(new GuardedString(BIND_PASSWORD.toCharArray()));
140 | return config;
141 | }
142 |
143 | }
144 |
--------------------------------------------------------------------------------
/src/test/java/com/evolveum/polygon/connector/ldap/TestLdapUtil.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022 Evolveum
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package com.evolveum.polygon.connector.ldap;
18 |
19 | import org.apache.directory.api.ldap.model.name.Dn;
20 | import org.identityconnectors.framework.common.exceptions.ConnectorException;
21 | import org.testng.annotations.Test;
22 |
23 | public class TestLdapUtil {
24 |
25 | @Test
26 | public void testDnAncestor() throws Exception {
27 | assertAncestor("dc=example,dc=com", "uid=foo,ou=people,dc=example,dc=com", true);
28 | assertAncestor("uid=foo,ou=people,dc=example,dc=com", "dc=example,dc=com", false);
29 | assertAncestor("dc=example,dc=com", "dc=example,dc=com", true);
30 | assertAncestor("dc=example,dc=com", "CN=foo bar,OU=people,DC=example,DC=com", true);
31 | assertAncestor("dc=example,dc=com", "CN=foo bar,OU=people,DC=EXamPLE,DC=COM", true);
32 | assertAncestor("DC=example,DC=com", "cn=foo bar,ou=people,dc=example,dc=com", true);
33 | assertAncestor("DC=exAMple,DC=com", "CN=foo bar,OU=people,DC=EXamPLE,dc=COM", true);
34 | assertAncestor("DC=badEXAMPLE,DC=com", "CN=foo bar,OU=people,DC=EXamPLE,dc=COM", false);
35 | assertAncestor("DC=badexample,DC=com", "CN=foo bar,OU=people,DC=example,dc=com", false);
36 | assertAncestor("dc=badexample,dc=com", "cn=foo bar,ou=people,dc=example,dc=com", false);
37 |
38 | assertAncestor("DC=ad2019,DC=lab,DC=evolveum,DC=com", "CN=Users,DC=ad2019,DC=lab,DC=evolveum,DC=com", true);
39 | assertAncestor("CN=Users,DC=ad2019,DC=lab,DC=evolveum,DC=com", "DC=ad2019,DC=lab,DC=evolveum,DC=com", false);
40 |
41 | }
42 |
43 | protected void assertAncestor(String upper, String lower, boolean expectedMatch) {
44 | Dn upperDn = LdapUtil.asDn(upper);
45 | Dn lowerDn = LdapUtil.asDn(lower);
46 | boolean ancestorOf = LdapUtil.isAncestorOf(upperDn, lowerDn);
47 | if (ancestorOf && !expectedMatch) {
48 | String msg = "Dn '"+upper+"' is wrongly evaluated as ancestor of '"+
49 | lower+"' (it should NOT be).";
50 | error(msg);
51 | throw new ConnectorException(msg);
52 | }
53 | if (!ancestorOf && expectedMatch) {
54 | String msg = "Dn '"+upper+"' is NOT evaluated as ancestor of '"+
55 | lower+"' (but it should be).";
56 | error(msg);
57 | throw new ConnectorException(msg);
58 | }
59 |
60 | if (ancestorOf) {
61 | info("Dn '"+upper+"' is correctly evaluated as ancestor of '"+
62 | lower+"'");
63 | } else {
64 | info("Dn '"+upper+"' is correctly evaluated NOT yo be ancestor of '"+
65 | lower+"'");
66 | }
67 | }
68 |
69 | private void info(String msg) {
70 | System.out.println(msg);
71 | }
72 |
73 | private void error(String msg) {
74 | System.err.println(msg);
75 | }
76 |
77 |
78 | }
79 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/MakeLDIF/cities:
--------------------------------------------------------------------------------
1 | Abilene
2 | Albany
3 | Albuquerque
4 | Alexandria
5 | Alpena
6 | Altoona
7 | Amarillo
8 | Anchorage
9 | Anniston
10 | Ardmore
11 | Atlanta
12 | Augusta
13 | Austin
14 | Bakersfield
15 | Baltimore
16 | Bangor
17 | Baton Rouge
18 | Beaumont
19 | Bend
20 | Billings
21 | Biloxi
22 | Binghamton
23 | Birmingham
24 | Bismarck
25 | Bloomington
26 | Bluefield
27 | Boise
28 | Boston
29 | Bowling Green
30 | Bryan
31 | Buffalo
32 | Burlington
33 | Butte
34 | Cadillac
35 | Casper
36 | Cedar Rapids
37 | Champaign
38 | Charleston
39 | Charlotte
40 | Charlottesville
41 | Chattanooga
42 | Cheyenne
43 | Chicago
44 | Chico
45 | Cincinnati
46 | Clarksburg
47 | Cleveland
48 | College Station
49 | Colorado Springs
50 | Columbia
51 | Columbus
52 | Corpus Christi
53 | Dallas
54 | Davenport
55 | Dayton
56 | Denver
57 | Des Moines
58 | Detroit
59 | Dothan
60 | Duluth
61 | Durham
62 | Eau Claire
63 | Elmira
64 | El Paso
65 | Erie
66 | Eugene
67 | Eureka
68 | Evansville
69 | Fairbanks
70 | Fargo
71 | Flint
72 | Florence
73 | Fort Myers
74 | Fort Smith
75 | Fort Wayne
76 | Fort Worth
77 | Fresno
78 | Gainesville
79 | Glendive
80 | Grand Junction
81 | Grand Rapids
82 | Great Falls
83 | Green Bay
84 | Greenville
85 | Hampton Roads
86 | Harlingen
87 | Harrisburg
88 | Harrisonburg
89 | Hartford
90 | Hattiesburg
91 | Helena
92 | Honolulu
93 | Houston
94 | Huntington
95 | Huntsville
96 | Idaho Falls
97 | Indianapolis
98 | Jackson
99 | Jacksonville
100 | Jefferson City
101 | Johnstown
102 | Jonesboro
103 | Joplin
104 | Kansas City
105 | Kirksville
106 | Klamath Falls
107 | Knoxville
108 | La Crosse
109 | Lafayette
110 | Lake Charles
111 | Lansing
112 | Laredo
113 | Las Vegas
114 | Lawton
115 | Lexington
116 | Lima
117 | Lincoln
118 | Little Rock
119 | Los Angeles
120 | Louisville
121 | Lubbock
122 | Lynchburg
123 | Macon
124 | Madison
125 | Mankato
126 | Marquette
127 | Mason City
128 | Medford
129 | Memphis
130 | Meridian
131 | Miami
132 | Milwaukee
133 | Minneapolis
134 | Missoula
135 | Mobile
136 | Moline
137 | Monroe
138 | Monterey Bay Area
139 | Montgomery
140 | Naples
141 | Nashville
142 | New Haven
143 | New Orleans
144 | New York
145 | North Platte
146 | Odessa
147 | Oklahoma City
148 | Omaha
149 | Orlando
150 | Ottumwa
151 | Paducah
152 | Palm Springs
153 | Panama City
154 | Parkersburg
155 | Pensacola
156 | Peoria
157 | Philadelphia
158 | Phoenix
159 | Pittsburgh
160 | Pocatello
161 | Port Arthur
162 | Portland
163 | Presque Isle
164 | Providence
165 | Pueblo
166 | Quincy
167 | Raleigh
168 | Rapid City
169 | Redding
170 | Reno
171 | Rhinelander
172 | Richmond
173 | Riverton
174 | Roanoke
175 | Rochester
176 | Rockford
177 | Sacramento
178 | Saginaw
179 | Saint Joseph
180 | Saint Louis
181 | Saint Paul
182 | Salem
183 | Salisbury
184 | Salt Lake City
185 | San Angelo
186 | San Antonio
187 | San Diego
188 | Santa Barbara
189 | Santa Fe
190 | Savannah
191 | Scranton
192 | Seattle
193 | Shreveport
194 | Sioux City
195 | Sioux Falls
196 | South Bend
197 | Spartanburg
198 | Spokane
199 | Springfield
200 | Steubenville
201 | Superior
202 | Syracuse
203 | Tallahassee
204 | Tampa Bay
205 | Terre Haute
206 | Toledo
207 | Topeka
208 | Traverse City
209 | Tucson
210 | Tulsa
211 | Tupelo
212 | Tuscaloosa
213 | Twin Falls
214 | Tyler
215 | Urbana
216 | Utica
217 | Victoria
218 | Waterloo
219 | Watertown
220 | Wausau
221 | Weston
222 | West Palm Beach
223 | Wheeling
224 | Wichita
225 | Wichita Falls
226 | Wichita FallsLawton
227 | Wilkes Barre
228 | Wilmington
229 | Winston
230 | Youngstown
231 | Yuma
232 | Zanesville
233 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/MakeLDIF/example.template:
--------------------------------------------------------------------------------
1 | define suffix=dc=example,dc=com
2 | define maildomain=example.com
3 | define numusers=10001
4 |
5 | branch: [suffix]
6 |
7 | branch: ou=People,[suffix]
8 | subordinateTemplate: person:[numusers]
9 |
10 | template: person
11 | rdnAttr: uid
12 | objectClass: top
13 | objectClass: person
14 | objectClass: organizationalPerson
15 | objectClass: inetOrgPerson
16 | givenName:
17 | sn:
18 | cn: {givenName} {sn}
19 | initials: {givenName:1}{sn:1}
20 | employeeNumber:
21 | uid: user.{employeeNumber}
22 | mail: {uid}@[maildomain]
23 | userPassword: password
24 | telephoneNumber:
25 | homePhone:
26 | pager:
27 | mobile:
28 | street: Street
29 | l:
30 | st:
31 | postalCode:
32 | postalAddress: {cn}${street}${l}, {st} {postalCode}
33 | description: This is the description for {cn}.
34 |
35 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/MakeLDIF/states:
--------------------------------------------------------------------------------
1 | AL
2 | AK
3 | AZ
4 | AR
5 | CA
6 | CO
7 | CT
8 | DE
9 | DC
10 | FL
11 | GA
12 | HI
13 | ID
14 | IL
15 | IN
16 | IA
17 | KS
18 | KY
19 | LA
20 | ME
21 | MD
22 | MA
23 | MI
24 | MN
25 | MS
26 | MO
27 | MT
28 | NE
29 | NV
30 | NH
31 | NJ
32 | NM
33 | NY
34 | NC
35 | ND
36 | OH
37 | OK
38 | OR
39 | PA
40 | RI
41 | SC
42 | SD
43 | TN
44 | TX
45 | UT
46 | VT
47 | VA
48 | WA
49 | WV
50 | WI
51 | WY
52 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/MakeLDIF/streets:
--------------------------------------------------------------------------------
1 | Adams
2 | Ash
3 | Birch
4 | Broadway
5 | Cedar
6 | Center
7 | Central
8 | Cherry
9 | Chestnut
10 | Church
11 | College
12 | Davis
13 | Dogwood
14 | East
15 | Eighth
16 | Eleventh
17 | Elm
18 | Fifteenth
19 | Fifth
20 | First
21 | Forest
22 | Fourteenth
23 | Fourth
24 | Franklin
25 | Green
26 | Hickory
27 | Highland
28 | Hill
29 | Hillcrest
30 | Jackson
31 | Jefferson
32 | Johnson
33 | Lake
34 | Lakeview
35 | Laurel
36 | Lee
37 | Lincoln
38 | Locust
39 | Madison
40 | Main
41 | Maple
42 | Meadow
43 | Mill
44 | Miller
45 | Ninth
46 | North
47 | Oak
48 | Park
49 | Pine
50 | Poplar
51 | Railroad
52 | Ridge
53 | River
54 | Second
55 | Seventh
56 | Sixth
57 | South
58 | Spring
59 | Spruce
60 | Sunset
61 | Sycamore
62 | Taylor
63 | Tenth
64 | Third
65 | Thirteenth
66 | Twelfth
67 | Valley
68 | Walnut
69 | Washington
70 | West
71 | Williams
72 | Willow
73 | Wilson
74 | Woodland
75 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/admin-backend.ldif:
--------------------------------------------------------------------------------
1 | dn: cn=admin data
2 | objectClass: top
3 | objectClass: ds-cfg-branch
4 | cn: admin data
5 | ds-sync-generation-id: 113844
6 | entryUUID: 46e489f6-1f92-3120-990f-54a178e95b21
7 |
8 | dn: cn=instance keys,cn=admin data
9 | objectClass: top
10 | objectClass: ds-cfg-branch
11 | cn: instance keys
12 | entryUUID: 66ceef12-f0d6-355e-9e9b-9bdcfe536d8c
13 |
14 | dn: cn=secret keys,cn=admin data
15 | objectClass: top
16 | objectClass: ds-cfg-branch
17 | cn: secret keys
18 | entryUUID: 26176404-8825-3f77-9efd-c52bd4061f3b
19 |
20 | dn: cn=Administrators,cn=admin data
21 | objectClass: top
22 | objectClass: groupofurls
23 | description: Group of identities which have full access.
24 | cn: Administrators
25 | memberURL: ldap:///cn=Administrators,cn=admin data??one?(objectclass=*)
26 | entryUUID: 80faa47a-77d6-3c78-a3c1-ea6ccbd2f735
27 |
28 | dn: cn=Server Groups,cn=admin data
29 | objectClass: top
30 | objectClass: ds-cfg-branch
31 | cn: Server Groups
32 | entryUUID: 9ee2aa25-d738-31fc-9fde-145fe9a53ae0
33 |
34 | dn: cn=all-servers,cn=Server Groups,cn=admin data
35 | objectClass: groupOfUniqueNames
36 | objectClass: top
37 | cn: all-servers
38 | uniqueMember: cn=localhost:10444
39 | modifyTimestamp: 20150306180846Z
40 | modifiersName: cn=Directory Manager,cn=Root DNs,cn=config
41 | entryUUID: 00450d2d-26b0-3d92-b9e8-f616539697fa
42 |
43 | dn: ds-cfg-key-id=10DE0F7F79ED46264B94A5C08E190F5A,cn=instance keys,cn=admin data
44 | objectClass: top
45 | objectClass: ds-cfg-instance-key
46 | ds-cfg-public-key-certificate;binary:: MIIB2TCCAUKgAwIBAgIEEgIl0TANBgkqhkiG9w0BAQUFADAxMRswGQYDVQQKExJPcGVuREogQ2VydGlmaWNhdGUxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xNTAzMDYxODA4NDVaFw0zNTAzMDExODA4NDVaMDExGzAZBgNVBAoTEk9wZW5ESiBDZXJ0aWZpY2F0ZTESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAXFEKwfwXQfN39ZiNDqDXUNKiYpGpreSvpXx5otnn9ighwrwYvw0Mw2Q2wXVyamed2mvAsAB+/h6ajk0ANu/PQo1iOhrbshr5ffP58/TJW+fvTfu1e5fgdl/XGqknP1S2AGWDn/JLe+MoTbPw4JFyyZqOZkTtnngmEYPpT55xqQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACGRCQ3mXkD6ULnuLb/9M0lUubFD78daC8upmV8igjHWW/IYaj1ewZdsuKIdW7PaojlCqpc8PNpW7VbssCVeGBD8jahrwu/5xYcJU6okp7p8o1Zp1fIwpaUvX97DfrfjGGUIGgRTM1RdCv2DOtCYB0dZIgmE/0tAs2x+V+gU+UTi
47 | ds-cfg-key-id: 10DE0F7F79ED46264B94A5C08E190F5A
48 | creatorsName: cn=Internal Client,cn=Root DNs,cn=config
49 | createTimestamp: 20150306180845Z
50 | entryUUID: 23934850-1671-47b4-8451-ac1c64b597d5
51 |
52 | dn: cn=Servers,cn=admin data
53 | objectClass: top
54 | objectClass: ds-cfg-branch
55 | cn: Servers
56 | creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
57 | createTimestamp: 20150306180846Z
58 | entryUUID: 21f7e441-4017-4b59-9137-26683e46a055
59 |
60 | dn: cn=localhost:10444,cn=Servers,cn=admin data
61 | objectClass: extensibleobject
62 | objectClass: top
63 | objectClass: ds-cfg-branch
64 | memberofgroups: all-servers
65 | jmxsEnabled: false
66 | adminport: 10444
67 | jmxEnabled: false
68 | ldapsEnabled: false
69 | jmxport: 1689
70 | ldapport: 10389
71 | id: localhost:10444
72 | ds-cfg-key-id: 10DE0F7F79ED46264B94A5C08E190F5A
73 | ldapEnabled: true
74 | startTLSEnabled: false
75 | cn: localhost:10444
76 | jmxsport: -1
77 | hostname: localhost
78 | adminEnabled: true
79 | ldapsport: 636
80 | entryUUID: ac944fab-2f03-4157-8b9b-c1141dc1f451
81 | createTimestamp: 20150306180846Z
82 | creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
83 | modifyTimestamp: 20150306180846Z
84 | modifiersName: cn=Directory Manager,cn=Root DNs,cn=config
85 |
86 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/admin-backend.ldif.old:
--------------------------------------------------------------------------------
1 | dn: cn=admin data
2 | objectClass: top
3 | objectClass: ds-cfg-branch
4 | cn: admin data
5 | entryUUID: 46e489f6-1f92-3120-990f-54a178e95b21
6 |
7 | dn: cn=instance keys,cn=admin data
8 | objectClass: top
9 | objectClass: ds-cfg-branch
10 | cn: instance keys
11 | entryUUID: 66ceef12-f0d6-355e-9e9b-9bdcfe536d8c
12 |
13 | dn: cn=secret keys,cn=admin data
14 | objectClass: top
15 | objectClass: ds-cfg-branch
16 | cn: secret keys
17 | entryUUID: 26176404-8825-3f77-9efd-c52bd4061f3b
18 |
19 | dn: cn=Administrators,cn=admin data
20 | objectClass: top
21 | objectClass: groupofurls
22 | description: Group of identities which have full access.
23 | cn: Administrators
24 | memberURL: ldap:///cn=Administrators,cn=admin data??one?(objectclass=*)
25 | entryUUID: 80faa47a-77d6-3c78-a3c1-ea6ccbd2f735
26 |
27 | dn: cn=Server Groups,cn=admin data
28 | objectClass: top
29 | objectClass: ds-cfg-branch
30 | cn: Server Groups
31 | entryUUID: 9ee2aa25-d738-31fc-9fde-145fe9a53ae0
32 |
33 | dn: cn=all-servers,cn=Server Groups,cn=admin data
34 | objectClass: groupOfUniqueNames
35 | objectClass: top
36 | cn: all-servers
37 | uniqueMember: cn=localhost:10444
38 | modifyTimestamp: 20150306180846Z
39 | modifiersName: cn=Directory Manager,cn=Root DNs,cn=config
40 | entryUUID: 00450d2d-26b0-3d92-b9e8-f616539697fa
41 |
42 | dn: ds-cfg-key-id=10DE0F7F79ED46264B94A5C08E190F5A,cn=instance keys,cn=admin data
43 | objectClass: top
44 | objectClass: ds-cfg-instance-key
45 | ds-cfg-public-key-certificate;binary:: MIIB2TCCAUKgAwIBAgIEEgIl0TANBgkqhkiG9w0BAQUFADAxMRswGQYDVQQKExJPcGVuREogQ2VydGlmaWNhdGUxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xNTAzMDYxODA4NDVaFw0zNTAzMDExODA4NDVaMDExGzAZBgNVBAoTEk9wZW5ESiBDZXJ0aWZpY2F0ZTESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCAXFEKwfwXQfN39ZiNDqDXUNKiYpGpreSvpXx5otnn9ighwrwYvw0Mw2Q2wXVyamed2mvAsAB+/h6ajk0ANu/PQo1iOhrbshr5ffP58/TJW+fvTfu1e5fgdl/XGqknP1S2AGWDn/JLe+MoTbPw4JFyyZqOZkTtnngmEYPpT55xqQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBACGRCQ3mXkD6ULnuLb/9M0lUubFD78daC8upmV8igjHWW/IYaj1ewZdsuKIdW7PaojlCqpc8PNpW7VbssCVeGBD8jahrwu/5xYcJU6okp7p8o1Zp1fIwpaUvX97DfrfjGGUIGgRTM1RdCv2DOtCYB0dZIgmE/0tAs2x+V+gU+UTi
46 | ds-cfg-key-id: 10DE0F7F79ED46264B94A5C08E190F5A
47 | creatorsName: cn=Internal Client,cn=Root DNs,cn=config
48 | createTimestamp: 20150306180845Z
49 | entryUUID: 23934850-1671-47b4-8451-ac1c64b597d5
50 |
51 | dn: cn=Servers,cn=admin data
52 | objectClass: top
53 | objectClass: ds-cfg-branch
54 | cn: Servers
55 | creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
56 | createTimestamp: 20150306180846Z
57 | entryUUID: 21f7e441-4017-4b59-9137-26683e46a055
58 |
59 | dn: cn=localhost:10444,cn=Servers,cn=admin data
60 | objectClass: extensibleobject
61 | objectClass: top
62 | objectClass: ds-cfg-branch
63 | memberofgroups: all-servers
64 | jmxsEnabled: false
65 | adminport: 10444
66 | jmxEnabled: false
67 | ldapsEnabled: false
68 | jmxport: 1689
69 | ldapport: 10389
70 | id: localhost:10444
71 | ds-cfg-key-id: 10DE0F7F79ED46264B94A5C08E190F5A
72 | ldapEnabled: true
73 | startTLSEnabled: false
74 | cn: localhost:10444
75 | jmxsport: -1
76 | hostname: localhost
77 | adminEnabled: true
78 | ldapsport: 636
79 | entryUUID: ac944fab-2f03-4157-8b9b-c1141dc1f451
80 | createTimestamp: 20150306180846Z
81 | creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
82 | modifyTimestamp: 20150306180846Z
83 | modifiersName: cn=Directory Manager,cn=Root DNs,cn=config
84 |
85 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/admin-keystore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/admin-keystore
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/admin-keystore.pin:
--------------------------------------------------------------------------------
1 | fHju7Eth7OXTQnci7JyF9v3SQRzaTq3mBSRKyyUJM0rL4pDb7A
2 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/admin-truststore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/admin-truststore
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/ads-truststore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/ads-truststore
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/ads-truststore.pin:
--------------------------------------------------------------------------------
1 | gJZpEpd4QSUF2tcct1qZMHD9m46R9CERBOJEPWRA1g38YX1oOw
2 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180837Z.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180837Z.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180838Z.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180838Z.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-2.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-2.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-3.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-3.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-4.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-4.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-5.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-5.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-6.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-6.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-7.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-7.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-8.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-8.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-9.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z-9.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306180847Z.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306181208Z.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306181208Z.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306181505Z.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306181505Z.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306181507Z.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306181507Z.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/archived-configs/config-20150306181728Z.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/config/archived-configs/config-20150306181728Z.gz
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/buildinfo:
--------------------------------------------------------------------------------
1 | 2.6.2.-1
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/http-config.json:
--------------------------------------------------------------------------------
1 | {
2 | // The Rest2LDAP authentication filter configuration. The filter will be
3 | // disabled if the configuration is not present. Upon successful
4 | // authentication the filter will create a security context containing the
5 | // following principals:
6 | //
7 | // "dn" - the DN of the user if known (may not be the case for sasl-plain)
8 | // "id" - the username used for authentication.
9 | "authenticationFilter" : {
10 | // Indicates whether the filter should allow HTTP BASIC authentication.
11 | "supportHTTPBasicAuthentication" : true,
12 |
13 | // Indicates whether the filter should allow alternative authentication
14 | // and, if so, which HTTP headers it should obtain the username and
15 | // password from.
16 | "supportAltAuthentication" : true,
17 | "altAuthenticationUsernameHeader" : "X-OpenIDM-Username",
18 | "altAuthenticationPasswordHeader" : "X-OpenIDM-Password",
19 |
20 | // The search parameters to use for "search-simple" authentication. The
21 | // %s filter format parameters will be substituted with the
22 | // client-provided username, using LDAP filter string character escaping.
23 | "searchBaseDN" : "ou=people,dc=example,dc=com",
24 | "searchScope" : "sub", // Or "one".
25 | "searchFilterTemplate" : "(&(objectClass=inetOrgPerson)(uid=%s))"
26 |
27 | // TODO: support for HTTP sessions?
28 | },
29 |
30 | // The Rest2LDAP Servlet configuration.
31 | "servlet" : {
32 | // The REST APIs and their LDAP attribute mappings.
33 | "mappings" : {
34 | "/users" : {
35 | "baseDN" : "ou=people,dc=example,dc=com",
36 | "readOnUpdatePolicy" : "controls",
37 | "useSubtreeDelete" : false,
38 | "usePermissiveModify" : true,
39 | "etagAttribute" : "etag",
40 | "namingStrategy" : {
41 | "strategy" : "clientDNNaming",
42 | "dnAttribute" : "uid"
43 | },
44 | "additionalLDAPAttributes" : [
45 | {
46 | "type" : "objectClass",
47 | "values" : [
48 | "top",
49 | "person",
50 | "organizationalPerson",
51 | "inetOrgPerson"
52 | ]
53 | }
54 | ],
55 | "attributes" : {
56 | "schemas" : { "constant" : [ "urn:scim:schemas:core:1.0" ] },
57 | "_id" : { "simple" : { "ldapAttribute" : "uid", "isSingleValued" : true, "isRequired" : true, "writability" : "createOnly" } },
58 | "_rev" : { "simple" : { "ldapAttribute" : "etag", "isSingleValued" : true, "writability" : "readOnly" } },
59 | "userName" : { "simple" : { "ldapAttribute" : "mail", "isSingleValued" : true, "writability" : "readOnly" } },
60 | "displayName" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "isRequired" : true } },
61 | "name" : { "object" : {
62 | "givenName" : { "simple" : { "ldapAttribute" : "givenName", "isSingleValued" : true } },
63 | "familyName" : { "simple" : { "ldapAttribute" : "sn", "isSingleValued" : true, "isRequired" : true } }
64 | } },
65 | "manager" : { "reference" : {
66 | "ldapAttribute" : "manager",
67 | "baseDN" : "ou=people,dc=example,dc=com",
68 | "primaryKey" : "uid",
69 | "mapper" : { "object" : {
70 | "_id" : { "simple" : { "ldapAttribute" : "uid", "isSingleValued" : true, "isRequired" : true } },
71 | "displayName" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "writability" : "readOnlyDiscardWrites" } }
72 | } }
73 | } },
74 | "groups" : { "reference" : {
75 | "ldapAttribute" : "isMemberOf",
76 | "baseDN" : "ou=groups,dc=example,dc=com",
77 | "writability" : "readOnly",
78 | "primaryKey" : "cn",
79 | "mapper" : { "object" : {
80 | "_id" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true } }
81 | } }
82 | } },
83 | "contactInformation" : { "object" : {
84 | "telephoneNumber" : { "simple" : { "ldapAttribute" : "telephoneNumber", "isSingleValued" : true } },
85 | "emailAddress" : { "simple" : { "ldapAttribute" : "mail", "isSingleValued" : true } }
86 | } },
87 | "meta" : { "object" : {
88 | "created" : { "simple" : { "ldapAttribute" : "createTimestamp", "isSingleValued" : true, "writability" : "readOnly" } },
89 | "lastModified" : { "simple" : { "ldapAttribute" : "modifyTimestamp", "isSingleValued" : true, "writability" : "readOnly" } }
90 | } }
91 | }
92 | },
93 | "/groups" : {
94 | "baseDN" : "ou=groups,dc=example,dc=com",
95 | "readOnUpdatePolicy" : "controls",
96 | "useSubtreeDelete" : false,
97 | "usePermissiveModify" : true,
98 | "etagAttribute" : "etag",
99 | "namingStrategy" : {
100 | "strategy" : "clientDNNaming",
101 | "dnAttribute" : "cn"
102 | },
103 | "additionalLDAPAttributes" : [
104 | {
105 | "type" : "objectClass",
106 | "values" : [
107 | "top",
108 | "groupOfUniqueNames"
109 | ]
110 | }
111 | ],
112 | "attributes" : {
113 | "schemas" : { "constant" : [ "urn:scim:schemas:core:1.0" ] },
114 | "_id" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "isRequired" : true, "writability" : "createOnly" } },
115 | "_rev" : { "simple" : { "ldapAttribute" : "etag", "isSingleValued" : true, "writability" : "readOnly" } },
116 | "displayName" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "isRequired" : true, "writability" : "readOnly" } },
117 | "members" : { "reference" : {
118 | "ldapAttribute" : "uniqueMember",
119 | "baseDN" : "dc=example,dc=com",
120 | "primaryKey" : "uid",
121 | "mapper" : { "object" : {
122 | "_id" : { "simple" : { "ldapAttribute" : "uid", "isSingleValued" : true, "isRequired" : true } },
123 | "displayName" : { "simple" : { "ldapAttribute" : "cn", "isSingleValued" : true, "writability" : "readOnlyDiscardWrites" } }
124 | } }
125 | } },
126 | "meta" : { "object" : {
127 | "created" : { "simple" : { "ldapAttribute" : "createTimestamp", "isSingleValued" : true, "writability" : "readOnly" } },
128 | "lastModified" : { "simple" : { "ldapAttribute" : "modifyTimestamp", "isSingleValued" : true, "writability" : "readOnly" } }
129 | } }
130 | }
131 | }
132 | }
133 | }
134 | }
135 |
136 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/java.properties:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | # Copyright 2008-2010 Sun Microsystems, Inc.
24 | # Portions Copyright 2011 ForgeRock AS
25 | #
26 | #
27 |
28 | #
29 | # This file contains the java properties that the different command lines will
30 | # use when launched. You can specify the location of the java binaries to be
31 | # used and the java arguments to be passed to the command line.
32 | # For instance you can specify to use the -server argument for the start-ds
33 | # command with an initial heap size of 256 Mb by setting
34 | # start-ds.java-args=-server -Xms256m
35 | # (the example assumes that the Java virtual machine supports those options).
36 | #
37 | # To set the java virtual machine to be used for a given command-line you must
38 | # set the property .java-home and to specify java arguments
39 | # you must set the property .java-args.
40 | #
41 | # There are certain command-lines (import-ldif, export-ldif, backup, restore)
42 | # that can work on two modes: online and offline. When they run in online mode
43 | # (the server is running and the user specifies LDAP parameters to launch the
44 | # operation) the operation is not actually performed in the Java Virtual Machine
45 | # of the command-line but on the server side. This is why when launching these
46 | # command-lines on online-mode it is preferred to use the -client argument for
47 | # the java virtual machine (and even limit the maximum size of the heap).
48 | # However when these command-lines are launched in offline mode it is
49 | # recommended to use the -server argument to launch the command-line.
50 | # This is the reason why you can specify different java properties for both
51 | # modes (for instance import-ldif.offline.java-args and
52 | # import-ldif.online.java-args).
53 | #
54 | # IMPORTANT NOTE: Once you have modified this file and set the java properties
55 | # that you want the command-lines to use you must run the command-line
56 | # bin/dsjavaproperties for the different scripts to be updated with the
57 | # specified settings.
58 | #
59 | # Examples:
60 | # Specify to overwrite the content of the environment variable OPENDJ_JAVA_HOME
61 | # (i.e. the contents of this properties file for the java home will be analyzed
62 | # before checking whether OPENDJ_JAVA_HOME is specified in the environment):
63 | # overwrite-env-java-home=true
64 | #
65 | # Specify to overwrite the content of the environment variable OPENDJ_JAVA_ARGS
66 | # (i.e. the contents of this properties file for the java args will be analyzed
67 | # before checking whether OPENDJ_JAVA_ARGS is specified in the environment):
68 | # overwrite-env-java-args=true
69 | #
70 | # Specify to use a particular Java Virtual Machine for the offline import:
71 | # import-ldif.offline.java-home=/usr/jdk1.7
72 | #
73 | # Specify to use -client argument when running dsconfig:
74 | # dsconfig.java-args=-client
75 | #
76 | # Specify to use -server argument when running import-ldif on server mode:
77 | # import-ldif.offline.java-args=-server
78 | #
79 | # Specify to use the java home for all the command-lines that have not
80 | # an associated property defined:
81 | # default.java-home=/usr/jdk1.6
82 | #
83 | # Specify to use the -client argument for all the command-lines that have not
84 | # an associated property defined:
85 | # default.java-args=-client
86 |
87 | default.java-home=/usr/lib/jvm/java-7-openjdk-amd64/jre
88 | overwrite-env-java-home=false
89 | overwrite-env-java-args=false
90 |
91 | restore.online.java-args=-Xms8m -client
92 | dsreplication.offline.java-args=-server
93 | rebuild-index.java-args=-server
94 | dsconfig.java-args=-Xms8m -client
95 | dsframework.java-args=-Xms8m -client
96 | ldapdelete.java-args=-Xms8m -client
97 | backup.online.java-args=-Xms8m -client
98 | ldapcompare.java-args=-Xms8m -client
99 | restore.offline.java-args=-server
100 | manage-account.java-args=-Xms8m -client
101 | import-ldif.offline.java-args=-server
102 | verify-index.java-args=-server
103 | ldappasswordmodify.java-args=-Xms8m -client
104 | uninstall.java-args=-Xms8m -client
105 | dbtest.java-args=-server
106 | start-ds.java-args=-server
107 | setup.java-args=-Xms8m -client
108 | ldif-diff.java-args=-server
109 | export-ldif.online.java-args=-Xms8m -client
110 | ldifsearch.java-args=-server
111 | ldapmodify.java-args=-Xms8m -client
112 | ldifmodify.java-args=-server
113 | stop-ds.java-args=-Xms8m -client
114 | ldapsearch.java-args=-Xms8m -client
115 | status.java-args=-Xms8m -client
116 | manage-tasks.java-args=-Xms8m -client
117 | list-backends.java-args=-Xms8m -client
118 | upgrade.java-args=-server
119 | control-panel.java-args=-Xms64m -Xmx128m -client
120 | base64.java-args=-Xms8m -client
121 | encode-password.java-args=-server
122 | create-rc-script.java-args=-Xms8m -client
123 | backup.offline.java-args=-server
124 | make-ldif.java-args=-server
125 | export-ldif.offline.java-args=-server
126 | import-ldif.online.java-args=-Xms8m -client
127 | dsreplication.java-args=-Xms8m -client
128 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/account-disabled.template:
--------------------------------------------------------------------------------
1 | Your directory account has been disabled.
2 |
3 | For further assistance, please contact a server administrator.
4 |
5 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/account-enabled.template:
--------------------------------------------------------------------------------
1 | Your directory account has been re-enabled.
2 |
3 | For further assistance, please contact a server administrator.
4 |
5 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/account-expired.template:
--------------------------------------------------------------------------------
1 | Your directory account has expired and may no longer be used.
2 |
3 | For further assistance, please contact a server administrator.
4 |
5 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/account-idle-locked.template:
--------------------------------------------------------------------------------
1 | Your directory account has been locked because it has remained idle for
2 | too long.
3 |
4 | For further assistance, please contact a server administrator.
5 |
6 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/account-permanently-locked.template:
--------------------------------------------------------------------------------
1 | Your directory account has been locked as a result of too many failed
2 | authentication attempts.
3 |
4 | Please contact an administrator to have your password reset.
5 |
6 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/account-reset-locked.template:
--------------------------------------------------------------------------------
1 | Your directory account has been locked because you did not change your
2 | password in a timely manner after it was reset by an administrator.
3 |
4 | Please contact a server administrator to have the password reset again.
5 |
6 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/account-temporarily-locked.template:
--------------------------------------------------------------------------------
1 | Your directory account has been temporarily locked as a result of too many
2 | failed authentication attempts. It will automatically be unlocked in
3 | %%notification-property:time-until-unlock%%.
4 |
5 | For further assistance, please contact a server administrator.
6 |
7 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/account-unlocked.template:
--------------------------------------------------------------------------------
1 | Your directory account has been unlocked by a server administrator. If
2 | you have any further questions, please contact an administrator.
3 |
4 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/password-changed.template:
--------------------------------------------------------------------------------
1 | Your directory password has been successfully updated.
2 |
3 | If you did not request that your password be changed, then contact a
4 | server administrator for further assistance.
5 |
6 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/password-expired.template:
--------------------------------------------------------------------------------
1 | Your directory password has expired. Please contact a server
2 | administrator to have your password reset.
3 |
4 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/password-expiring.template:
--------------------------------------------------------------------------------
1 | Your directory password will expire in %%notification-property:time-until-expiration%%.
2 |
3 | Please change your password before %%notification-property:password-expiration-time%%
4 | so that it does not expire.
5 |
6 | For further assistance, please contact a directory administrator.
7 |
8 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/messages/password-reset.template:
--------------------------------------------------------------------------------
1 | Your directory password has been successfully reset by an administrator.
2 | If you need further assistance, please contact a server administrator.
3 |
4 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/01-pwpolicy.ldif:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | #
24 | # Copyright 2006-2010 Sun Microsystems, Inc.
25 | #
26 | #
27 | # This file contains schema definitions from draft-behera-ldap-password-policy,
28 | # which defines a mechanism for storing password policy information in an LDAP
29 | # directory server.
30 | dn: cn=schema
31 | objectClass: top
32 | objectClass: ldapSubentry
33 | objectClass: subschema
34 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute'
35 | EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
36 | X-ORIGIN 'draft-behera-ldap-password-policy' )
37 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge'
38 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
39 | X-ORIGIN 'draft-behera-ldap-password-policy' )
40 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge'
41 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
42 | X-ORIGIN 'draft-behera-ldap-password-policy' )
43 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory'
44 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
45 | X-ORIGIN 'draft-behera-ldap-password-policy' )
46 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality'
47 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
48 | X-ORIGIN 'draft-behera-ldap-password-policy' )
49 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength'
50 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
51 | X-ORIGIN 'draft-behera-ldap-password-policy' )
52 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning'
53 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
54 | X-ORIGIN 'draft-behera-ldap-password-policy' )
55 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit'
56 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
57 | X-ORIGIN 'draft-behera-ldap-password-policy' )
58 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout'
59 | EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE
60 | X-ORIGIN 'draft-behera-ldap-password-policy' )
61 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration'
62 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
63 | X-ORIGIN 'draft-behera-ldap-password-policy' )
64 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure'
65 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
66 | X-ORIGIN 'draft-behera-ldap-password-policy' )
67 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInterval'
68 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
69 | X-ORIGIN 'draft-behera-ldap-password-policy' )
70 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange'
71 | EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE
72 | X-ORIGIN 'draft-behera-ldap-password-policy' )
73 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange'
74 | EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE
75 | X-ORIGIN 'draft-behera-ldap-password-policy' )
76 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify'
77 | EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE
78 | X-ORIGIN 'draft-behera-ldap-password-policy' )
79 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime'
80 | DESC 'The time the password was last changed' EQUALITY generalizedTimeMatch
81 | ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
82 | SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation
83 | X-ORIGIN 'draft-behera-ldap-password-policy' )
84 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime'
85 | DESC 'The time an user account was locked' EQUALITY generalizedTimeMatch
86 | ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
87 | SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation
88 | X-ORIGIN 'draft-behera-ldap-password-policy' )
89 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime'
90 | DESC 'The timestamps of the last consecutive authentication failures'
91 | EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch
92 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION
93 | USAGE directoryOperation X-ORIGIN 'draft-behera-ldap-password-policy' )
94 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory'
95 | DESC 'The history of user s passwords' EQUALITY octetStringMatch
96 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 NO-USER-MODIFICATION
97 | USAGE directoryOperation X-ORIGIN 'draft-behera-ldap-password-policy' )
98 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.21 NAME 'pwdGraceUseTime'
99 | DESC 'The timestamps of the grace authentication after the password has
100 | expired' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
101 | NO-USER-MODIFICATION USAGE directoryOperation
102 | X-ORIGIN 'draft-behera-ldap-password-policy' )
103 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.22 NAME 'pwdReset'
104 | DESC 'The indication that the password has been reset' EQUALITY booleanMatch
105 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation
106 | X-ORIGIN 'draft-behera-ldap-password-policy' )
107 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry'
108 | DESC 'The pwdPolicy subentry in effect for this object'
109 | EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
110 | SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation
111 | X-ORIGIN 'draft-behera-ldap-password-policy' )
112 | objectClasses: ( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXILIARY
113 | MUST ( pwdAttribute ) MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $
114 | pwdCheckQuality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $
115 | pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
116 | pwdMustChange $ pwdAllowUserChange $ pwdSafeModify )
117 | X-ORIGIN 'draft-behera-ldap-password-policy' )
118 |
119 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/03-changelog.ldif:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | #
24 | # Copyright 2006-2009 Sun Microsystems, Inc.
25 | # Portions Copyright 2011 ForgeRock AS
26 | #
27 | #
28 | # This file contains schema definitions from draft-good-ldap-changelog, which
29 | # defines a mechanism for storing informmation about changes to Directory
30 | # Server data.
31 | dn: cn=schema
32 | objectClass: top
33 | objectClass: ldapSubentry
34 | objectClass: subschema
35 | attributeTypes: ( 2.16.840.1.113730.3.1.5 NAME 'changeNumber'
36 | DESC 'a number which uniquely identifies a change made to a directory entry'
37 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 EQUALITY integerMatch
38 | ORDERING integerOrderingMatch SINGLE-VALUE
39 | X-ORIGIN 'draft-good-ldap-changelog' )
40 | attributeTypes: ( 2.16.840.1.113730.3.1.6 NAME 'targetDN'
41 | DESC 'the DN of the entry which was modified' EQUALITY distinguishedNameMatch
42 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE
43 | X-ORIGIN 'draft-good-ldap-changelog' )
44 | attributeTypes: ( 2.16.840.1.113730.3.1.7 NAME 'changeType'
45 | DESC 'the type of change made to an entry' EQUALITY caseIgnoreMatch
46 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
47 | X-ORIGIN 'draft-good-ldap-changelog' )
48 | attributeTypes: ( 2.16.840.1.113730.3.1.8 NAME 'changes'
49 | DESC 'a set of changes to apply to an entry'
50 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'draft-good-ldap-changelog' )
51 | attributeTypes: ( 2.16.840.1.113730.3.1.9 NAME 'newRDN'
52 | DESC 'the new RDN of an entry which is the target of a modrdn operation'
53 | EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
54 | SINGLE-VALUE X-ORIGIN 'draft-good-ldap-changelog' )
55 | attributeTypes: ( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRDN'
56 | DESC 'a flag which indicates if the old RDN should be retained as an
57 | attribute of the entry' EQUALITY booleanMatch
58 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE
59 | X-ORIGIN 'draft-good-ldap-changelog' )
60 | attributeTypes: ( 2.16.840.1.113730.3.1.11 NAME 'newSuperior'
61 | DESC 'the new parent of an entry which is the target of a moddn operation'
62 | EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
63 | SINGLE-VALUE X-ORIGIN 'draft-good-ldap-changelog' )
64 | attributeTypes: ( 2.16.840.1.113730.3.1.77 NAME 'changeTime'
65 | DESC 'the time when the change was processed'
66 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
67 | SINGLE-VALUE
68 | X-ORIGIN 'Sun Directory Server' )
69 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.724 NAME 'replicaIdentifier'
70 | DESC 'the OpenDS replication domain server identifier for the change'
71 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
72 | SINGLE-VALUE
73 | USAGE directoryOperation
74 | X-ORIGIN 'OpenDS Directory Server' )
75 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.725 NAME 'replicationCSN'
76 | DESC 'The OpenDS replication change number for the change'
77 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
78 | SINGLE-VALUE
79 | USAGE directoryOperation
80 | X-ORIGIN 'OpenDS Directory Server' )
81 | attributeTypes: ( 1.3.6.1.4.1.26027.1.1.590
82 | NAME ( 'targetEntryUUID' 'targetUniqueID' )
83 | DESC 'The OpenDS unique id of the entry targeted by the change'
84 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
85 | SINGLE-VALUE
86 | USAGE directoryOperation
87 | X-ORIGIN 'OpenDS Directory Server' )
88 | attributeTypes: ( 1.3.6.1.4.1.26027.1.1.591 NAME 'changeLogCookie'
89 | DESC 'The OpenDS opaque cookie for the External Changelog'
90 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
91 | SINGLE-VALUE
92 | USAGE directoryOperation
93 | X-ORIGIN 'OpenDS Directory Server' )
94 | attributeTypes: ( 1.3.6.1.4.1.26027.1.1.604 NAME 'changeInitiatorsName'
95 | DESC 'The initiator user of the change'
96 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
97 | SINGLE-VALUE
98 | USAGE directoryOperation
99 | X-ORIGIN 'OpenDS Directory Server' )
100 | attributeTypes: ( 1.3.6.1.4.1.36733.2.1.1.6 NAME 'includedAttributes'
101 | DESC 'A set of attributes which were part of the entry before the changes were applied'
102 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
103 | SINGLE-VALUE
104 | USAGE directoryOperation
105 | X-ORIGIN 'OpenDJ Directory Server' )
106 | objectClasses: ( 2.16.840.1.113730.3.2.1 NAME 'changeLogEntry' SUP top
107 | STRUCTURAL
108 | MUST ( changeNumber $ targetDN $ changeType $ changeTime )
109 | MAY ( changes $ newRDN $ deleteOldRDN $ newSuperior )
110 | X-ORIGIN 'draft-good-ldap-changelog' )
111 | objectClasses: ( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL
112 | MUST cn X-ORIGIN 'Microsoft Active Directory' )
113 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/03-pwpolicyextension.ldif:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
9 | # or http://forgerock.org/license/CDDLv1.0.html.
10 | # See the License for the specific language governing permissions
11 | # and limitations under the License.
12 | #
13 | # When distributing Covered Code, include this CDDL HEADER in each
14 | # file and include the License file at legal-notices/CDDLv1_0.txt.
15 | # If applicable, add the following below this CDDL HEADER, with the
16 | # fields enclosed by brackets "[]" replaced with your own identifying
17 | # information:
18 | # Portions Copyright [yyyy] [name of copyright owner]
19 | #
20 | # CDDL HEADER END
21 | #
22 | #
23 | # Copyright 2014 ForgeRock AS.
24 | #
25 | #
26 | # This file contains the attribute type and objectclass definitions for use
27 | # with the Directory Server configuration.
28 | dn: cn=schema
29 | objectClass: top
30 | objectClass: ldapSubentry
31 | objectClass: subschema
32 | objectClasses: ( 1.3.6.1.4.1.36733.2.1.2.18 NAME 'pwdValidatorPolicy' SUP top AUXILIARY
33 | MUST (ds-cfg-password-validator) X-ORIGIN 'OpenDJ Directory Server' )
34 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/03-rfc2713.ldif:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | #
24 | # Copyright 2006-2008 Sun Microsystems, Inc.
25 | #
26 | #
27 | # This file contains schema definitions from RFC 2713, which defines a
28 | # mechanism for storing serialized Java objects in the Directory Server.
29 | dn: cn=schema
30 | objectClass: top
31 | objectClass: ldapSubentry
32 | objectClass: subschema
33 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName'
34 | DESC 'Fully qualified name of distinguished Java class or interface'
35 | EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
36 | X-ORIGIN 'RFC 2713' )
37 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase'
38 | DESC 'URL(s) specifying the location of class definition'
39 | EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
40 | X-ORIGIN 'RFC 2713' )
41 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames'
42 | DESC 'Fully qualified Java class or interface name' EQUALITY caseExactMatch
43 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' )
44 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData'
45 | DESC 'Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
46 | SINGLE-VALUE X-ORIGIN 'RFC 2713' )
47 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory'
48 | DESC 'Fully qualified Java class name of a JNDI object factory'
49 | EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
50 | X-ORIGIN 'RFC 2713' )
51 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress'
52 | DESC 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch
53 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' )
54 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc'
55 | DESC 'The Java documentation for the class' EQUALITY caseExactIA5Match
56 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2713' )
57 | objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer'
58 | DESC 'Container for a Java object' SUP top STRUCTURAL MUST ( cn )
59 | X-ORIGIN 'RFC 2713' )
60 | objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject'
61 | DESC 'Java object representation' SUP top ABSTRACT MUST ( javaClassName )
62 | MAY ( javaClassNames $ javaCodebase $ javaDoc $ description )
63 | X-ORIGIN 'RFC 2713' )
64 | objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject'
65 | DESC 'Java serialized object' SUP javaObject AUXILIARY
66 | MUST ( javaSerializedData ) X-ORIGIN 'RFC 2713' )
67 | objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject'
68 | DESC 'Java marshalled object' SUP javaObject AUXILIARY
69 | MUST ( javaSerializedData ) X-ORIGIN 'RFC 2713' )
70 | objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference'
71 | DESC 'JNDI reference' SUP javaObject AUXILIARY
72 | MAY ( javaReferenceAddress $ javaFactory ) X-ORIGIN 'RFC 2713' )
73 |
74 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/03-rfc2714.ldif:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | #
24 | # Copyright 2006-2008 Sun Microsystems, Inc.
25 | #
26 | #
27 | # This file contains schema definitions from RFC 2714, which defines a
28 | # mechanism for storing CORBA objects in the Directory Server.
29 | dn: cn=schema
30 | objectClass: top
31 | objectClass: ldapSubentry
32 | objectClass: subschema
33 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor'
34 | DESC 'Stringified interoperable object reference of a CORBA object'
35 | EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
36 | SINGLE-VALUE X-ORIGIN 'RFC 2714' )
37 | attributeTypes: ( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId'
38 | DESC 'Repository ids of interfaces implemented by a CORBA object'
39 | EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
40 | X-ORIGIN 'RFC 2714' )
41 | objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.9 NAME 'corbaObject'
42 | DESC 'CORBA object representation' SUP top ABSTRACT
43 | MAY ( corbaRepositoryId $ description ) X-ORIGIN 'RFC 2714' )
44 | objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.10 NAME 'corbaContainer'
45 | DESC 'Container for a CORBA object' SUP top STRUCTURAL MUST ( cn )
46 | X-ORIGIN 'RFC 2714' )
47 | objectClasses: ( 1.3.6.1.4.1.42.2.27.4.2.11 NAME 'corbaObjectReference'
48 | DESC 'CORBA interoperable object reference' SUP corbaObject AUXILIARY
49 | MUST ( corbaIor ) X-ORIGIN 'RFC 2714' )
50 |
51 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/03-rfc2739.ldif:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | #
24 | # Copyright 2006-2008 Sun Microsystems, Inc.
25 | #
26 | #
27 | # This file contains schema definitions from RFC 2739, which defines a
28 | # mechanism for storing calendar and vCard objects in the Directory Server.
29 | # Note that the definition in RFC 2739 contains a number of errors, and this
30 | # schema file has been altered from the standard definition in order to fix
31 | # a number of those problems.
32 | dn: cn=schema
33 | objectClass: top
34 | objectClass: ldapSubentry
35 | objectClass: subschema
36 | attributeTypes: ( 1.2.840.113556.1.4.478 NAME 'calCalURI'
37 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
38 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications
39 | X-ORIGIN 'RFC 2739' )
40 | attributeTypes: ( 1.2.840.113556.1.4.479 NAME 'calFBURL'
41 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
42 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications
43 | X-ORIGIN 'RFC 2739' )
44 | attributeTypes: ( 1.2.840.113556.1.4.480 NAME 'calCAPURI'
45 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
46 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications
47 | X-ORIGIN 'RFC 2739' )
48 | attributeTypes: ( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI'
49 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
50 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications
51 | X-ORIGIN 'RFC 2739' )
52 | attributeTypes: ( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs'
53 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
54 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications
55 | X-ORIGIN 'RFC 2739' )
56 | attributeTypes: ( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs'
57 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
58 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications
59 | X-ORIGIN 'RFC 2739' )
60 | attributeTypes: ( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs'
61 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
62 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications
63 | X-ORIGIN 'RFC 2739' )
64 | attributeTypes: ( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs'
65 | EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
66 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications
67 | X-ORIGIN 'RFC 2739' )
68 | objectClasses: ( 1.2.840.113556.1.5.87 NAME 'calEntry' SUP top AUXILIARY
69 | MAY ( calCalURI $ calFBURL $ calOtherCalURIs $ calOtherFBURLs $ calCAPURI $
70 | calOtherCAPURIs $ calCalAdrURI $ calOtherCalAdrURIs )
71 | X-ORIGIN 'RFC 2739' )
72 |
73 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/03-rfc2926.ldif:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | #
24 | # Copyright 2006-2010 Sun Microsystems, Inc.
25 | #
26 | #
27 | # This file contains schema definitions from RFC 2926, which defines a
28 | # mechanism for mapping between Service Location Protocol (SLP) advertisements
29 | # and LDAP.
30 | dn: cn=schema
31 | objectClass: top
32 | objectClass: ldapSubentry
33 | objectClass: subschema
34 | attributeTypes: ( 1.3.6.1.4.1.6252.2.27.6.1.1
35 | NAME 'template-major-version-number'
36 | DESC 'The major version number of the service type template'
37 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
38 | X-ORIGIN 'RFC 2926' )
39 | attributeTypes: ( 1.3.6.1.4.1.6252.2.27.6.1.2
40 | NAME 'template-minor-version-number'
41 | DESC 'The minor version number of the service type template'
42 | EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
43 | X-ORIGIN 'RFC 2926' )
44 | attributeTypes: ( 1.3.6.1.4.1.6252.2.27.6.1.3 NAME 'template-url-syntax'
45 | DESC 'An ABNF grammar describing the service type specific part of the
46 | service URL' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
47 | SINGLE-VALUE X-ORIGIN 'RFC 2926' )
48 | attributeTypes: ( 1.3.6.1.4.1.6252.2.27.6.1.4
49 | NAME 'service-advert-service-type'
50 | DESC 'The service type of the service advertisement, including the
51 | "service:" prefix.' EQUALITY caseExactIA5Match
52 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2926' )
53 | attributeTypes: ( 1.3.6.1.4.1.6252.2.27.6.1.5 NAME 'service-advert-scopes'
54 | DESC 'A list of scopes for a service advertisement.'
55 | EQUALITY caseExactIA5Match
56 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2926' )
57 | attributeTypes: ( 1.3.6.1.4.1.6252.2.27.6.1.6
58 | NAME 'service-advert-url-authenticator'
59 | DESC 'The authenticator for the URL, null if none.'
60 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2926' )
61 | attributeTypes: ( 1.3.6.1.4.1.6252.2.27.6.1.7
62 | NAME 'service-advert-attribute-authenticator'
63 | DESC 'The authenticator for the attribute list, null if none.'
64 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2926' )
65 | objectClasses: ( 1.3.6.1.4.1.6252.2.27.6.2.1 NAME 'slpService'
66 | DESC 'parent superclass for SLP services' SUP top ABSTRACT
67 | MUST ( template-major-version-number $ template-minor-version-number $
68 | description $ template-url-syntax $ service-advert-service-type $
69 | service-advert-scopes ) MAY ( service-advert-url-authenticator $
70 | service-advert-attribute-authenticator ) X-ORIGIN 'RFC 2926' )
71 |
72 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/03-rfc3112.ldif:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | #
24 | # Copyright 2006-2008 Sun Microsystems, Inc.
25 | #
26 | #
27 | # This file contains schema definitions from RFC 3112, which defines the
28 | # authentication password schema.
29 | dn: cn=schema
30 | objectClass: top
31 | objectClass: ldapSubentry
32 | objectClass: subschema
33 | attributeTypes: ( 1.3.6.1.4.1.4203.1.3.3 NAME 'supportedAuthPasswordSchemes'
34 | DESC 'supported password storage schemes' EQUALITY caseExactIA5Match
35 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} USAGE dSAOperation
36 | X-ORIGIN 'RFC 3112' )
37 | attributeTypes: ( 1.3.6.1.4.1.4203.1.3.4 NAME 'authPassword'
38 | DESC 'password authentication information' EQUALITY 1.3.6.1.4.1.4203.1.2.2
39 | SYNTAX 1.3.6.1.4.1.4203.1.1.2 X-ORIGIN 'RFC 3112' )
40 | objectClasses: ( 1.3.6.1.4.1.4203.1.4.7 NAME 'authPasswordObject'
41 | DESC 'authentication password mix in class' MAY authPassword AUXILIARY
42 | X-ORIGIN 'RFC 3112' )
43 |
44 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/05-rfc4876.ldif:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | #
24 | # Copyright 2008 Sun Microsystems, Inc.
25 | #
26 | #
27 | # This file contains schema definitions from RFC 4876, which defines a schema # for storing Directory User Agent (DUA) profiles and preferences in the
28 | # Directory Server.
29 | #
30 | # Example profile
31 | # dn: ou=profile,dc=example,dc=com
32 | # objectClass: top
33 | # objectClass: organizationalUnit
34 | # ou: profile
35 | #
36 | # dn: cn=Solaris,ou=profile,dc=example,dc=com
37 | # objectClass: top
38 | # objectClass: DUAConfigProfile
39 | # cn: Solaris
40 | # defaultServerList: ldap1.example.com ldap2.example.com
41 | # defaultSearchBase: dc=example,dc=com
42 | # defaultSearchScope: one
43 | # searchTimeLimit: 30
44 | # bindTimeLimit: 2
45 | # credentialLevel: anonymous
46 | # authenticationMethod: simple
47 | # followReferrals: TRUE
48 | # profileTTL: 43200
49 | #
50 | dn: cn=schema
51 | objectClass: top
52 | objectClass: ldapSubentry
53 | objectClass: subschema
54 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList'
55 | DESC 'List of default servers' EQUALITY caseIgnoreMatch
56 | SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
57 | SINGLE-VALUE X-ORIGIN 'RFC 4876' )
58 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase'
59 | DESC 'Default base for searches' EQUALITY distinguishedNameMatch
60 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'RFC 4876' )
61 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList'
62 | DESC 'List of preferred servers' EQUALITY caseIgnoreMatch
63 | SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
64 | SINGLE-VALUE X-ORIGIN 'RFC 4876' )
65 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit'
66 | DESC 'Maximum time an agent or service allows for a search to complete'
67 | EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX
68 | 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 4876' )
69 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit'
70 | DESC 'Maximum time an agent or service allows for a bind operation to
71 | complete' EQUALITY integerMatch ORDERING integerOrderingMatch
72 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 4876' )
73 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals'
74 | DESC 'An agent or service does or should follow referrals' EQUALITY
75 | booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN
76 | 'RFC 4876' )
77 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod'
78 | DESC 'Identifies the types of authentication methods either used,
79 | required, or provided by a service or peer' EQUALITY caseIgnoreMatch
80 | SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
81 | SINGLE-VALUE X-ORIGIN 'RFC 4876' )
82 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL'
83 | DESC 'Time to live, in seconds, before a profile is considered stale'
84 | EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX
85 | 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 4876' )
86 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap'
87 | DESC 'Attribute mappings used, required, or supported by an agent or
88 | service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
89 | X-ORIGIN 'RFC 4876' )
90 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel'
91 | DESC 'Identifies type of credentials either used, required, or supported
92 | by an agent or service' EQUALITY caseIgnoreIA5Match SYNTAX
93 | 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 4876' )
94 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap'
95 | DESC 'Object class mappings used, required, or supported by an agent or
96 | service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
97 | X-ORIGIN 'RFC 4876' )
98 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope'
99 | DESC 'Default scope used when performing a search' EQUALITY
100 | caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
101 | X-ORIGIN 'RFC 4876' )
102 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel'
103 | DESC 'Specifies the type of credentials either used, required, or
104 | supported by a specific service' EQUALITY caseIgnoreIA5Match SYNTAX
105 | 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 4876' )
106 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor'
107 | DESC 'Specifies search descriptors required, used, or supported by a
108 | particular service or agent' EQUALITY caseExactMatch SUBSTR
109 | caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN
110 | 'RFC 4876' )
111 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod'
112 | DESC 'Specifies types authentication methods either used, required, or
113 | supported by a particular service' EQUALITY caseIgnoreMatch SUBSTR
114 | caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN
115 | 'RFC 4876' )
116 | attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.16 NAME 'dereferenceAliases'
117 | DESC 'Specifies if a service or agent either requires, supports, or uses
118 | dereferencing of aliases.' EQUALITY booleanMatch SYNTAX
119 | 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'RFC 4876' )
120 | objectClasses: ( 1.3.6.1.4.1.11.1.3.1.2.5 NAME 'DUAConfigProfile'
121 | SUP top STRUCTURAL DESC 'Abstraction of a base configuration for a DUA'
122 | MUST ( cn ) MAY ( defaultServerList $ preferredServerList $
123 | defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $
124 | credentialLevel $ authenticationMethod $ followReferrals $
125 | dereferenceAliases $ serviceSearchDescriptor $ serviceCredentialLevel $
126 | serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL )
127 | X-ORIGIN 'RFC 4876' )
128 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/06-compat.ldif:
--------------------------------------------------------------------------------
1 | # You can obtain a copy of the license at
2 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
3 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
4 | # See the License for the specific language governing permissions
5 | # and limitations under the License.
6 | #
7 | # When distributing Covered Code, include this CDDL HEADER in each
8 | # file and include the License file at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
10 | # add the following below this CDDL HEADER, with the fields enclosed
11 | # by brackets "[]" replaced with your own identifying information:
12 | # Portions Copyright [yyyy] [name of copyright owner]
13 | #
14 | # CDDL HEADER END
15 | #
16 | #
17 | # Copyright 2009 Sun Microsystems, Inc.
18 | #
19 | #
20 | # This file contains the attribute type and objectclass definitions for use
21 | # with the Directory Server configuration.
22 | dn: cn=schema
23 | objectClass: top
24 | objectClass: ldapSubentry
25 | objectClass: subschema
26 | objectClasses: ( 2.16.840.1.113730.3.2.30 NAME 'glue' SUP top X-ORIGIN
27 | 'Sun Directory Server' )
28 | attributeTypes: ( 2.16.840.1.113730.3.1.587 NAME 'nsds50ruv'
29 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun Directory Server' )
30 |
31 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/schema/99-user.ldif:
--------------------------------------------------------------------------------
1 | dn: cn=schema
2 | objectClass: top
3 | objectClass: ldapSubentry
4 | objectClass: subschema
5 | cn: schema
6 | attributeTypes: ( 2.25.81407072025111374527560065493494091452 NAME 'uuidIdentifiedAttribute' DESC 'Test attribute identified by UUID-based OID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user-defined')
7 | objectClasses: ( 2.25.134951510715688957323197151744826468655 NAME 'uuidIdentifiedObjectClass' DESC 'Test auxiliary objectclass identified by UUID-based OID' SUP top AUXILIARY MAY ( uuidIdentifiedAttribute) X-ORIGIN 'user-defined' )
8 | objectClasses: ( 1.3.6.1.4.1.45689.1.4.100 NAME 'normalTestingObjectClass' DESC 'Test auxiliary objectclass with normal attributes' SUP top AUXILIARY MAY ( cn $ uid $ description ) X-ORIGIN 'user-defined' )
9 | objectClasses: ( 1.3.6.1.4.1.45689.1.4.110 NAME 'hybridTestingObjectClass' DESC 'Test auxiliary objectclass with a mix of strange attributes' SUP top AUXILIARY MAY ( cn $ uuidIdentifiedAttribute) X-ORIGIN 'user-defined' )
10 | ds-sync-state: 0000015611f11bf3441e00000001
11 | ds-sync-generation-id: 8408
12 |
13 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/tasks.ldif:
--------------------------------------------------------------------------------
1 | # This file contains the data used by the Directory Server task scheduler
2 | # backend. Do not edit this file directly, as there is a risk that those
3 | # changes will be lost. Scheduled and recurring task definitions should only
4 | # be edited using the administration utilities provided with the Directory
5 | # Server
6 | dn: cn=tasks
7 | objectClass: top
8 | objectClass: untypedObject
9 | cn: tasks
10 |
11 | dn: cn=Scheduled Tasks,cn=tasks
12 | objectClass: top
13 | objectClass: untypedObject
14 | cn: Scheduled Tasks
15 |
16 | dn: cn=Recurring Tasks,cn=tasks
17 | objectClass: top
18 | objectClass: untypedObject
19 | cn: Recurring Tasks
20 |
21 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/tasks.ldif.save:
--------------------------------------------------------------------------------
1 | # This file contains the data used by the Directory Server task scheduler
2 | # backend. Do not edit this file directly, as there is a risk that those
3 | # changes will be lost. Scheduled and recurring task definitions should only
4 | # be edited using the administration utilities provided with the Directory
5 | # Server
6 | dn: cn=tasks
7 | objectClass: top
8 | objectClass: untypedObject
9 | cn: tasks
10 |
11 | dn: cn=Scheduled Tasks,cn=tasks
12 | objectClass: top
13 | objectClass: untypedObject
14 | cn: Scheduled Tasks
15 |
16 | dn: cn=Recurring Tasks,cn=tasks
17 | objectClass: top
18 | objectClass: untypedObject
19 | cn: Recurring Tasks
20 |
21 | dn: ds-task-id=dsreplication-reset-generation-id-1,cn=Scheduled Tasks,cn=Tasks
22 | objectClass: ds-task-reset-generation-id
23 | objectClass: ds-task
24 | objectClass: top
25 | ds-task-log-message: [06/Mar/2015:19:15:10 +0100] severity="NOTICE" msgCount=0 msgID=9896349 message="Set Generation ID task dsreplication-reset-generation-id-1 started execution"
26 | ds-task-log-message: [06/Mar/2015:19:15:10 +0100] severity="NOTICE" msgCount=1 msgID=9896350 message="Set Generation ID task dsreplication-reset-generation-id-1 finished execution"
27 | ds-task-id: dsreplication-reset-generation-id-1
28 | ds-task-actual-start-time: 20150306181510Z
29 | ds-task-completion-time: 20150306181510Z
30 | ds-task-state: COMPLETED_SUCCESSFULLY
31 | ds-task-class-name: org.opends.server.tasks.SetGenerationIdTask
32 | ds-task-reset-generation-id-domain-base-dn: dc=example,dc=com
33 | creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
34 | createTimestamp: 20150306181510Z
35 | entryUUID: 7368a070-50c1-408d-9540-e69ab901884f
36 |
37 | dn: ds-task-id=20150306191505950,cn=Scheduled Tasks,cn=Tasks
38 | objectClass: ds-task-import
39 | objectClass: ds-task
40 | objectClass: top
41 | ds-task-import-backend-id: userRoot
42 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="NOTICE" msgCount=0 msgID=9896349 message="Import task 20150306191505950 started execution"
43 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="INFORMATION" msgCount=1 msgID=9437595 message="Local DB backend userRoot does not specify the number of lock tables: defaulting to 97"
44 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="INFORMATION" msgCount=2 msgID=9437594 message="Local DB backend userRoot does not specify the number of cleaner threads: defaulting to 24 threads"
45 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="NOTICE" msgCount=3 msgID=9896306 message="The backend userRoot is now taken offline"
46 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="NOTICE" msgCount=4 msgID=20381717 message="Installation Directory: /opt/opendj-2.6.2"
47 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="NOTICE" msgCount=5 msgID=20381719 message="Instance Directory: /opt/opendj-2.6.2"
48 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="NOTICE" msgCount=6 msgID=20381713 message="JVM Information: 1.7.0_75-b13 by Oracle Corporation, 64-bit architecture, 1862270976 bytes heap size"
49 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="NOTICE" msgCount=7 msgID=20381714 message="JVM Host: triglav.nlight.eu, running Linux 3.16.0-30-generic amd64, 8372068352 bytes physical memory size, number of processors available 4"
50 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="NOTICE" msgCount=8 msgID=20381715 message="JVM Arguments: "-Dorg.opends.server.scriptName=start-ds""
51 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="NOTICE" msgCount=9 msgID=8847546 message="The amount of free memory available to the import task is 628135236 bytes. The number of phase one buffers required is 320 buffers"
52 | ds-task-log-message: [06/Mar/2015:19:15:05 +0100] severity="NOTICE" msgCount=10 msgID=8847568 message="The amount memory available to the temporary DN cache environment is 414461121 bytes"
53 | ds-task-log-message: [06/Mar/2015:19:15:06 +0100] severity="NOTICE" msgCount=11 msgID=8847545 message="Setting DB cache size to 8388608 bytes and phase one buffer size to to 512804 bytes"
54 | ds-task-log-message: [06/Mar/2015:19:15:06 +0100] severity="NOTICE" msgCount=12 msgID=8847533 message="OpenDJ 2.6.2 starting import (build 20150306161742Z, R-1)"
55 | ds-task-log-message: [06/Mar/2015:19:15:06 +0100] severity="NOTICE" msgCount=13 msgID=8847449 message="Import Thread Count: 8 threads"
56 | ds-task-log-message: [06/Mar/2015:19:15:07 +0100] severity="NOTICE" msgCount=14 msgID=8847556 message="The available memory for phase two processing is 628135236 bytes. The read ahead cache size is 512804 bytes calculated using 25 buffers"
57 | ds-task-log-message: [06/Mar/2015:19:15:07 +0100] severity="NOTICE" msgCount=15 msgID=8847569 message="Total import time was 0 seconds. Phase one processing completed in 0 seconds, phase two processing completed in 0 seconds"
58 | ds-task-log-message: [06/Mar/2015:19:15:07 +0100] severity="NOTICE" msgCount=16 msgID=8847454 message="Processed 9 entries, imported 9, skipped 0, rejected 0 and migrated 0 in 0 seconds (average rate 15.0/sec)"
59 | ds-task-log-message: [06/Mar/2015:19:15:07 +0100] severity="NOTICE" msgCount=17 msgID=8847536 message="Import LDIF environment close took 0 seconds"
60 | ds-task-log-message: [06/Mar/2015:19:15:07 +0100] severity="INFORMATION" msgCount=18 msgID=9437595 message="Local DB backend userRoot does not specify the number of lock tables: defaulting to 97"
61 | ds-task-log-message: [06/Mar/2015:19:15:07 +0100] severity="INFORMATION" msgCount=19 msgID=9437594 message="Local DB backend userRoot does not specify the number of cleaner threads: defaulting to 24 threads"
62 | ds-task-log-message: [06/Mar/2015:19:15:08 +0100] severity="NOTICE" msgCount=20 msgID=8847402 message="The database backend userRoot containing 9 entries has started"
63 | ds-task-log-message: [06/Mar/2015:19:15:08 +0100] severity="INFORMATION" msgCount=21 msgID=12582962 message="Added 1 Access Control Instruction (ACI) attribute types found in context "dc=example,dc=com" to the access control evaluation engine"
64 | ds-task-log-message: [06/Mar/2015:19:15:08 +0100] severity="NOTICE" msgCount=22 msgID=8847447 message="Exported 9 entries and skipped 0 in 0 seconds (average rate 4500.0/sec)"
65 | ds-task-log-message: [06/Mar/2015:19:15:08 +0100] severity="NOTICE" msgCount=23 msgID=15138878 message="Directory server DS(161) has connected to replication server RS(9664) for domain "dc=example,dc=com" at localhost/127.0.0.1:10989 with generation ID 135297"
66 | ds-task-log-message: [06/Mar/2015:19:15:08 +0100] severity="NOTICE" msgCount=24 msgID=9896350 message="Import task 20150306191505950 finished execution"
67 | ds-task-log-message: [06/Mar/2015:19:15:10 +0100] severity="MILD_ERROR" msgCount=25 msgID=14876751 message="The following error has been received : Domain dc=example,dc=com: the server with serverId=-2 is unreachable In Replication Server=Replication Server 10989 9664 unroutable message =DoneMsg Details:routing table is empty"
68 | ds-task-import-thread-count: 0
69 | ds-task-id: 20150306191505950
70 | ds-task-actual-start-time: 20150306181505Z
71 | ds-task-import-random-seed: 0
72 | ds-task-completion-time: 20150306181508Z
73 | ds-task-state: COMPLETED_SUCCESSFULLY
74 | ds-task-class-name: org.opends.server.tasks.ImportTask
75 | ds-task-import-ldif-file: /home/semancik/projects/evolveum/midpoint/git/infra/test-util/src/main/resources/test-data/ldif/example.ldif
76 | ds-task-import-clear-backend: true
77 | creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
78 | createTimestamp: 20150306181505Z
79 | entryUUID: 1e11d235-dc20-4374-87d9-bd6ee027d58c
80 |
81 | dn: ds-task-id=dsreplication-initialize1,cn=Scheduled Tasks,cn=Tasks
82 | objectClass: ds-task
83 | objectClass: ds-task-initialize-remote-replica
84 | objectClass: top
85 | ds-task-log-message: [06/Mar/2015:19:15:10 +0100] severity="NOTICE" msgCount=0 msgID=9896349 message="Initialize Backend task dsreplication-initialize1 started execution"
86 | ds-task-log-message: [06/Mar/2015:19:15:10 +0100] severity="NOTICE" msgCount=1 msgID=15139025 message="Starting total update: exporting 9 entries in domain "dc=example,dc=com" from this directory server DS(161) to all remote directory servers"
87 | ds-task-log-message: [06/Mar/2015:19:15:10 +0100] severity="NOTICE" msgCount=2 msgID=8847447 message="Exported 9 entries and skipped 0 in 0 seconds (average rate 4500.0/sec)"
88 | ds-task-log-message: [06/Mar/2015:19:15:10 +0100] severity="NOTICE" msgCount=3 msgID=15139026 message="Finished total update: exported domain "dc=example,dc=com" from this directory server DS(161) to all remote directory servers. "
89 | ds-task-log-message: [06/Mar/2015:19:15:10 +0100] severity="NOTICE" msgCount=4 msgID=9896350 message="Initialize Backend task dsreplication-initialize1 finished execution"
90 | ds-task-id: dsreplication-initialize1
91 | ds-task-actual-start-time: 20150306181510Z
92 | ds-task-completion-time: 20150306181510Z
93 | ds-task-state: COMPLETED_SUCCESSFULLY
94 | ds-task-class-name: org.opends.server.tasks.InitializeTargetTask
95 | ds-task-initialize-replica-server-id: all
96 | ds-task-initialize-domain-dn: dc=example,dc=com
97 | ds-task-processed-entry-count: 0
98 | ds-task-unprocessed-entry-count: 9
99 | creatorsName: cn=Directory Manager,cn=Root DNs,cn=config
100 | createTimestamp: 20150306181510Z
101 | entryUUID: 4457c541-2665-411b-b2c3-35ede5a074e7
102 |
103 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/config/tools.properties:
--------------------------------------------------------------------------------
1 | # CDDL HEADER START
2 | #
3 | # The contents of this file are subject to the terms of the
4 | # Common Development and Distribution License, Version 1.0 only
5 | # (the "License"). You may not use this file except in compliance
6 | # with the License.
7 | #
8 | # You can obtain a copy of the license at
9 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE
10 | # or https://OpenDS.dev.java.net/OpenDS.LICENSE.
11 | # See the License for the specific language governing permissions
12 | # and limitations under the License.
13 | #
14 | # When distributing Covered Code, include this CDDL HEADER in each
15 | # file and include the License file at
16 | # trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
17 | # add the following below this CDDL HEADER, with the fields enclosed
18 | # by brackets "[]" replaced with your own identifying information:
19 | # Portions Copyright [yyyy] [name of copyright owner]
20 | #
21 | # CDDL HEADER END
22 | #
23 | # Copyright 2008 Sun Microsystems, Inc.
24 | #
25 | #
26 | # Default argument values. These arguments will be the
27 | # default values for all OpenDS client tools. Defaults
28 | # can be overridden on a per-client basis by prefixing
29 | # the argument name with the name of the client.
30 | # hostname=localhost
31 | # port=4444
32 | # bindDN=cn=directory manager
33 |
34 | # Default ldapcompare argument values. This overrides the
35 | # default value for the "port" argument defined above.
36 | # ldapcompare.port=389
37 |
38 | # Default ldapdelete argument values. This overrides the
39 | # default value for the "port" argument defined above.
40 | # ldapdelete.port=389
41 |
42 | # Default ldapmodify argument values. This overrides the
43 | # default value for the "port" argument defined above.
44 | # ldapmodify.port=389
45 |
46 | # Default ldappasswordmodify argument values. This overrides the
47 | # default value for the "port" argument defined above.
48 | # ldappasswordmodify.port=389
49 |
50 | # Default ldapsearch argument values. This overrides the
51 | # default value for the "port" argument defined above.
52 | # ldapsearch.port=389
53 |
54 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/db/userRoot/00000000.jdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/db/userRoot/00000000.jdb
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/db/userRoot/je.config.csv:
--------------------------------------------------------------------------------
1 | time,envcfg:com.sleepycat.je.util.ConsoleHandler.level,envcfg:com.sleepycat.je.util.FileHandler.level,envcfg:je.adler32.chunkSize,envcfg:je.checkpointer.bytesInterval,envcfg:je.checkpointer.deadlockRetry,envcfg:je.checkpointer.highPriority,envcfg:je.checkpointer.wakeupInterval,envcfg:je.cleaner.adjustUtilization,envcfg:je.cleaner.backgroundProactiveMigration,envcfg:je.cleaner.bytesInterval,envcfg:je.cleaner.calc.initialAdjustments,envcfg:je.cleaner.calc.maxProbeSkipFiles,envcfg:je.cleaner.calc.minProbeSkipFiles,envcfg:je.cleaner.calc.minUncountedLNs,envcfg:je.cleaner.calc.recentLNSizes,envcfg:je.cleaner.cluster,envcfg:je.cleaner.clusterAll,envcfg:je.cleaner.deadlockRetry,envcfg:je.cleaner.detailMaxMemoryPercentage,envcfg:je.cleaner.expunge,envcfg:je.cleaner.fetchObsoleteSize,envcfg:je.cleaner.forceCleanFiles,envcfg:je.cleaner.foregroundProactiveMigration,envcfg:je.cleaner.lazyMigration,envcfg:je.cleaner.lockTimeout,envcfg:je.cleaner.lookAheadCacheSize,envcfg:je.cleaner.maxBatchFiles,envcfg:je.cleaner.minAge,envcfg:je.cleaner.minFileUtilization,envcfg:je.cleaner.minFilesToDelete,envcfg:je.cleaner.minUtilization,envcfg:je.cleaner.readSize,envcfg:je.cleaner.restartRetries,envcfg:je.cleaner.retries,envcfg:je.cleaner.rmwFix,envcfg:je.cleaner.threads,envcfg:je.cleaner.trackDetail,envcfg:je.cleaner.upgradeToLogVersion,envcfg:je.compressor.deadlockRetry,envcfg:je.compressor.lockTimeout,envcfg:je.compressor.wakeupInterval,envcfg:je.deferredWrite.temp,envcfg:je.env.backgroundReadLimit,envcfg:je.env.backgroundSleepInterval,envcfg:je.env.backgroundWriteLimit,envcfg:je.env.checkLeaks,envcfg:je.env.comparatorsRequired,envcfg:je.env.dbCacheClearCount,envcfg:je.env.dbEviction,envcfg:je.env.diskOrderedScanLockTimeout,envcfg:je.env.dupConvertPreloadAll,envcfg:je.env.fairLatches,envcfg:je.env.forcedYield,envcfg:je.env.isLocking,envcfg:je.env.isReadOnly,envcfg:je.env.isTransactional,envcfg:je.env.logTrace,envcfg:je.env.recovery,envcfg:je.env.recoveryForceCheckpoint,envcfg:je.env.recoveryForceNewFile,envcfg:je.env.runCheckpointer,envcfg:je.env.runCleaner,envcfg:je.env.runEvictor,envcfg:je.env.runINCompressor,envcfg:je.env.sharedLatches,envcfg:je.env.startupThreshold,envcfg:je.env.terminateTimeout,envcfg:je.evictor.allowBinDeltas,envcfg:je.evictor.coreThreads,envcfg:je.evictor.criticalPercentage,envcfg:je.evictor.deadlockRetry,envcfg:je.evictor.evictBytes,envcfg:je.evictor.evictionBatchPercentage,envcfg:je.evictor.forcedYield,envcfg:je.evictor.keepAlive,envcfg:je.evictor.lruOnly,envcfg:je.evictor.maxThreads,envcfg:je.evictor.nodeScanPercentage,envcfg:je.evictor.nodesPerScan,envcfg:je.evictor.useMemoryFloor,envcfg:je.evictor.wakeupInterval,envcfg:je.haltOnCommitAfterChecksumException,envcfg:je.lock.nLockTables,envcfg:je.lock.oldLockExceptions,envcfg:je.lock.timeout,envcfg:je.log.bufferSize,envcfg:je.log.checksumRead,envcfg:je.log.chunkedNIO,envcfg:je.log.directNIO,envcfg:je.log.faultReadSize,envcfg:je.log.fileCacheSize,envcfg:je.log.fileMax,envcfg:je.log.fsyncTimeout,envcfg:je.log.groupCommitInterval,envcfg:je.log.groupCommitThreshold,envcfg:je.log.iteratorMaxSize,envcfg:je.log.iteratorReadSize,envcfg:je.log.memOnly,envcfg:je.log.nDataDirectories,envcfg:je.log.numBuffers,envcfg:je.log.totalBufferBytes,envcfg:je.log.useNIO,envcfg:je.log.useODSYNC,envcfg:je.log.useWriteQueue,envcfg:je.log.verifyChecksums,envcfg:je.log.writeQueueSize,envcfg:je.maxMemory,envcfg:je.maxMemoryPercent,envcfg:je.nodeDupTreeMaxEntries,envcfg:je.nodeMaxEntries,envcfg:je.sharedCache,envcfg:je.stats.collect,envcfg:je.stats.collect.interval,envcfg:je.stats.file.directory,envcfg:je.stats.file.row.count,envcfg:je.stats.max.files,envcfg:je.tree.binDelta,envcfg:je.tree.compactMaxKeyLength,envcfg:je.tree.maxDelta,envcfg:je.tree.minMemory,envcfg:je.txn.deadlockStackTrace,envcfg:je.txn.dumpLocks,envcfg:je.txn.durability,envcfg:je.txn.serializableIsolation,envcfg:je.txn.timeout,java:args,java:maxMemory,java:minMemory,java:vendor,java:version,je:version,mc:arch,mc:processors,os:name,os:version
2 | 2015-03-06 18:15:06.591 UTC,"OFF","INFO","0","20000000","3","false","0","true","false","0","5","20","5","1000","10","false","false","3","2","true","false","","false","false","500 ms","8192","0","2","50","5","50","0","5","10","true","1","true","0","3","500 ms","5 s","false","0","1 ms","0","true","false","100","true","10 seconds","true","false","false","true","false","false","true","true","false","false","true","true","true","true","true","5 min","10 s","true","1","0","3","524288","10","false","10 min","true","10","10","10","95","5 s","false","1","false","0 SECONDS","1048576","true","0","false","2048","100","100000000","500 ms","0 ns","0","16777216","8192","false","0","3","0","false","false","true","false","1048576","8388608","60","128","128","false","true","1 min","","1440","10","25","16","10","512000","false","false","NO_SYNC,NO_SYNC,SIMPLE_MAJORITY","false","0 SECONDS"," -Dorg.opends.server.scriptName=start-ds","1862270976","130813568","Oracle Corporation","1.7.0_75","5.0.104","amd64","4","Linux","3.16.0-30-generic"
3 | 2015-03-06 18:15:08.086 UTC,"OFF","ALL","0","500000000","3","true","30000000","true","false","0","5","20","5","1000","10","false","false","3","2","true","false","","false","false","500 ms","2097152","0","2","5","5","50","0","5","10","true","24","true","0","3","500 ms","5 s","false","0","1 ms","0","true","false","100","true","10 seconds","true","false","false","true","false","true","true","true","false","false","true","true","true","true","true","5 min","10 s","true","1","0","3","524288","10","false","600000000","false","10","10","10","95","5 s","false","97","false","0 MICROSECONDS","1048576","true","0","false","4096","100","100000000","500 ms","0 ns","0","16777216","2097152","false","0","3","0","false","false","true","false","1048576","0","50","128","128","false","true","1 min","","1440","10","25","16","10","512000","false","false","WRITE_NO_SYNC,NO_SYNC,SIMPLE_MAJORITY","false","0"," -Dorg.opends.server.scriptName=start-ds","1862270976","130813568","Oracle Corporation","1.7.0_75","5.0.104","amd64","4","Linux","3.16.0-30-generic"
4 | 2015-07-07 08:51:55.739 UTC,"OFF","ALL","0","500000000","3","true","30000000","true","false","0","5","20","5","1000","10","false","false","3","2","true","false","","false","false","500 ms","2097152","0","2","5","5","50","0","5","10","true","24","true","0","3","500 ms","5 s","false","0","1 ms","0","true","false","100","true","10 seconds","true","false","false","true","false","true","true","true","false","false","true","false","true","true","true","5 min","10 s","true","1","0","3","524288","10","false","600000000","false","2","10","10","95","5 s","false","97","false","0 MICROSECONDS","1048576","true","0","false","4096","100","100000000","500 ms","0 ns","0","16777216","2097152","false","0","3","0","false","false","true","false","1048576","5000000","1","128","128","false","true","1 min","","1440","10","25","16","10","512000","false","false","WRITE_NO_SYNC,NO_SYNC,SIMPLE_MAJORITY","false","0"," -Dorg.opends.server.scriptName=start-ds","1862270976","130813568","Oracle Corporation","1.7.0_79","5.0.104","amd64","4","Linux","3.16.0-30-generic"
5 | 2016-07-22 09:30:28.719 UTC,"OFF","ALL","0","500000000","3","true","30000000","true","false","0","5","20","5","1000","10","false","false","3","2","true","false","","false","false","500 ms","2097152","0","2","5","5","50","0","5","10","true","24","true","0","3","500 ms","5 s","false","0","1 ms","0","true","false","100","true","10 seconds","true","false","false","true","false","true","true","true","false","false","true","false","true","true","true","5 min","10 s","true","1","0","3","524288","10","false","600000000","false","2","10","10","95","5 s","false","97","false","0 MICROSECONDS","1048576","true","0","false","4096","100","100000000","500 ms","0 ns","0","16777216","2097152","false","0","3","0","false","false","true","false","1048576","5000000","1","128","128","false","true","1 min","","1440","10","25","16","10","512000","false","false","WRITE_NO_SYNC,NO_SYNC,SIMPLE_MAJORITY","false","0"," -Dorg.opends.server.scriptName=start-ds","3711959040","262144000","Oracle Corporation","1.8.0_91","5.0.104","amd64","8","Linux","4.4.0-24-generic"
6 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/db/userRoot/je.lck:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/db/userRoot/je.lck
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/locks/backend-adminRoot.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/locks/backend-adminRoot.lock
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/locks/backend-ads-truststore.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/locks/backend-ads-truststore.lock
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/locks/backend-backup.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/locks/backend-backup.lock
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/locks/backend-monitor.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/locks/backend-monitor.lock
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/locks/backend-replicationChanges.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/locks/backend-replicationChanges.lock
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/locks/backend-schema.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/locks/backend-schema.lock
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/locks/backend-tasks.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/locks/backend-tasks.lock
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/locks/backend-userRoot.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/locks/backend-userRoot.lock
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/locks/server.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Evolveum/connector-ldap/6a1d9cc31943529e701939398963da3308b43803/src/test/resources/opendj-template/locks/server.lock
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/logs/replication:
--------------------------------------------------------------------------------
1 | [06/Mar/2015:19:08:47 +0100] category=SYNC severity=NOTICE msgID=15139020 msg=Replication server RS(9664) started listening for new connections on address 0.0.0.0 port 10989
2 | [06/Mar/2015:19:08:47 +0100] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(23955) has connected to replication server RS(9664) for domain "cn=admin data" at localhost/127.0.0.1:10989 with generation ID 113844
3 | [06/Mar/2015:19:08:47 +0100] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(23955) for domain "cn=admin data" at localhost/127.0.0.1:51609
4 | [06/Mar/2015:19:08:47 +0100] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(161) for domain "dc=example,dc=com" at localhost/127.0.0.1:51611
5 | [06/Mar/2015:19:08:47 +0100] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(161) has connected to replication server RS(9664) for domain "dc=example,dc=com" at localhost/127.0.0.1:10989 with generation ID 48
6 | [06/Mar/2015:19:08:48 +0100] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(17438) for domain "cn=schema" at localhost/127.0.0.1:51613
7 | [06/Mar/2015:19:08:48 +0100] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(17438) has connected to replication server RS(9664) for domain "cn=schema" at localhost/127.0.0.1:10989 with generation ID 8408
8 | [06/Mar/2015:19:09:26 +0100] category=SYNC severity=MILD_WARNING msgID=14745663 msg=Replication server RS(9664) at localhost/127.0.0.1:10989 has closed the connection to this directory server DS(17438). This directory server will now try to connect to another replication server in order to receive changes for the domain "cn=schema"
9 | [06/Mar/2015:19:09:26 +0100] category=SYNC severity=MILD_WARNING msgID=14745663 msg=Replication server RS(9664) at localhost/127.0.0.1:10989 has closed the connection to this directory server DS(23955). This directory server will now try to connect to another replication server in order to receive changes for the domain "cn=admin data"
10 | [06/Mar/2015:19:12:08 +0100] category=SYNC severity=NOTICE msgID=15139020 msg=Replication server RS(9664) started listening for new connections on address 0.0.0.0 port 10989
11 | [06/Mar/2015:19:12:08 +0100] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(23955) for domain "cn=admin data" at localhost/127.0.0.1:51666
12 | [06/Mar/2015:19:12:08 +0100] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(23955) has connected to replication server RS(9664) for domain "cn=admin data" at localhost/127.0.0.1:10989 with generation ID 113844
13 | [06/Mar/2015:19:12:08 +0100] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(17438) for domain "cn=schema" at localhost/127.0.0.1:51668
14 | [06/Mar/2015:19:12:08 +0100] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(17438) has connected to replication server RS(9664) for domain "cn=schema" at localhost/127.0.0.1:10989 with generation ID 8408
15 | [06/Mar/2015:19:12:08 +0100] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(161) for domain "dc=example,dc=com" at localhost/127.0.0.1:51670
16 | [06/Mar/2015:19:12:08 +0100] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(161) has connected to replication server RS(9664) for domain "dc=example,dc=com" at localhost/127.0.0.1:10989 with generation ID 48
17 | [06/Mar/2015:19:15:05 +0100] category=SYNC severity=MILD_WARNING msgID=14745663 msg=Replication server RS(9664) at localhost/127.0.0.1:10989 has closed the connection to this directory server DS(161). This directory server will now try to connect to another replication server in order to receive changes for the domain "dc=example,dc=com"
18 | [06/Mar/2015:19:15:08 +0100] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(161) for domain "dc=example,dc=com" at localhost/127.0.0.1:51702
19 | [06/Mar/2015:19:15:08 +0100] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(161) has connected to replication server RS(9664) for domain "dc=example,dc=com" at localhost/127.0.0.1:10989 with generation ID 135297
20 | [06/Mar/2015:19:15:10 +0100] category=SYNC severity=NOTICE msgID=15139025 msg=Starting total update: exporting 9 entries in domain "dc=example,dc=com" from this directory server DS(161) to all remote directory servers
21 | [06/Mar/2015:19:15:10 +0100] category=SYNC severity=NOTICE msgID=15139026 msg=Finished total update: exported domain "dc=example,dc=com" from this directory server DS(161) to all remote directory servers.
22 | [06/Mar/2015:19:15:10 +0100] category=SYNC severity=MILD_ERROR msgID=14876751 msg=The following error has been received : Domain dc=example,dc=com: the server with serverId=-2 is unreachable In Replication Server=Replication Server 10989 9664 unroutable message =DoneMsg Details:routing table is empty
23 | [06/Mar/2015:19:15:10 +0100] category=SYNC severity=NOTICE msgID=15138894 msg=The generation ID for domain "dc=example,dc=com" has been reset to 135297
24 | [06/Mar/2015:19:18:45 +0100] category=SYNC severity=MILD_WARNING msgID=14745663 msg=Replication server RS(9664) at localhost/127.0.0.1:10989 has closed the connection to this directory server DS(161). This directory server will now try to connect to another replication server in order to receive changes for the domain "dc=example,dc=com"
25 | [06/Mar/2015:19:18:45 +0100] category=SYNC severity=MILD_WARNING msgID=14745663 msg=Replication server RS(9664) at localhost/127.0.0.1:10989 has closed the connection to this directory server DS(17438). This directory server will now try to connect to another replication server in order to receive changes for the domain "cn=schema"
26 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=NOTICE msgID=15139020 msg=Replication server RS(9664) started listening for new connections on address 0.0.0.0 port 10989
27 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(23955) for domain "cn=admin data" at localhost/127.0.0.1:36748
28 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(23955) has connected to replication server RS(9664) for domain "cn=admin data" at localhost/127.0.0.1:10989 with generation ID 113844
29 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=MILD_WARNING msgID=14745746 msg=Directory server DS(161) at localhost/127.0.0.1:36752 presented generation ID 135297 for domain "dc=example,dc=com", but the generation ID of this replication server RS(9664) is 19681402. This usually indicates that one or more directory servers in the replication topology have not been initialized with the same data, and re-initialization is required
30 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(161) for domain "dc=example,dc=com" at localhost/127.0.0.1:36752
31 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=INFORMATION msgID=14680271 msg=Replication server RS(9664) has accepted a connection from directory server DS(17438) for domain "cn=schema" at localhost/127.0.0.1:36756
32 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(17438) has connected to replication server RS(9664) for domain "cn=schema" at localhost/127.0.0.1:10989 with generation ID 8408
33 |
--------------------------------------------------------------------------------
/src/test/resources/opendj-template/logs/server.out:
--------------------------------------------------------------------------------
1 | [22/Jul/2016:11:30:27 +0200] category=CORE severity=NOTICE msgID=458886 msg=OpenDJ 2.6.2 (build 20150306161742Z, R-1) starting up
2 | [22/Jul/2016:11:30:28 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381717 msg=Installation Directory: /opt/opendj-2.6.2
3 | [22/Jul/2016:11:30:28 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381719 msg=Instance Directory: /opt/opendj-2.6.2
4 | [22/Jul/2016:11:30:28 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381713 msg=JVM Information: 1.8.0_91-8u91-b14-0ubuntu4~16.04.1-b14 by Oracle Corporation, 64-bit architecture, 3711959040 bytes heap size
5 | [22/Jul/2016:11:30:28 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381714 msg=JVM Host: triglav.nlight.eu, running Linux 4.4.0-24-generic amd64, 16696905728 bytes physical memory size, number of processors available 8
6 | [22/Jul/2016:11:30:28 +0200] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381715 msg=JVM Arguments: "-Dorg.opends.server.scriptName=start-ds"
7 | [22/Jul/2016:11:30:28 +0200] category=JEB severity=NOTICE msgID=8847402 msg=The database backend userRoot containing 9 entries has started
8 | [22/Jul/2016:11:30:29 +0200] category=EXTENSIONS severity=NOTICE msgID=1507549 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: localhost
9 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=NOTICE msgID=15139020 msg=Replication server RS(9664) started listening for new connections on address 0.0.0.0 port 10989
10 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(23955) has connected to replication server RS(9664) for domain "cn=admin data" at localhost/127.0.0.1:10989 with generation ID 113844
11 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=SEVERE_WARNING msgID=14811232 msg=Directory server DS(161) has connected to replication server RS(9664) for domain "dc=example,dc=com" at localhost/127.0.0.1:10989, but the generation IDs do not match, indicating that a full re-initialization is required. The local (DS) generation ID is 135297 and the remote (RS) generation ID is 19681402
12 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=SEVERE_WARNING msgID=14811272 msg=Replication server RS(9664) not sending update 00000153cc7cb24700a10000000a for domain "dc=example,dc=com" to directory server DS(161) at localhost/127.0.0.1:36752 because its generation ID 135297 is different to the local generation ID 19681402
13 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=SEVERE_WARNING msgID=14811272 msg=Replication server RS(9664) not sending update 0000015611dceaf500a10000000b for domain "dc=example,dc=com" to directory server DS(161) at localhost/127.0.0.1:36752 because its generation ID 135297 is different to the local generation ID 19681402
14 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=SEVERE_WARNING msgID=14811272 msg=Replication server RS(9664) not sending update 0000015611dd4a5300a10000000c for domain "dc=example,dc=com" to directory server DS(161) at localhost/127.0.0.1:36752 because its generation ID 135297 is different to the local generation ID 19681402
15 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=SEVERE_WARNING msgID=14811272 msg=Replication server RS(9664) not sending update 0000015611e4c6f300a10000000d for domain "dc=example,dc=com" to directory server DS(161) at localhost/127.0.0.1:36752 because its generation ID 135297 is different to the local generation ID 19681402
16 | [22/Jul/2016:11:30:29 +0200] category=SYNC severity=NOTICE msgID=15138878 msg=Directory server DS(17438) has connected to replication server RS(9664) for domain "cn=schema" at localhost/127.0.0.1:10989 with generation ID 8408
17 | [22/Jul/2016:11:30:29 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 10444
18 | [22/Jul/2016:11:30:29 +0200] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 10389
19 | [22/Jul/2016:11:30:29 +0200] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully
20 | [22/Jul/2016:11:30:29 +0200] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887): The Directory Server has started successfully
21 |
--------------------------------------------------------------------------------
/test.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -e
4 |
5 | #mvn clean package
6 |
7 | mvn -Dtest=TestAD \
8 | -Dtest.ad.host="ad2019.lab.evolveum.com" \
9 | -Dtest.ad.port=636 \
10 | -Dtest.ad.connectionSecurity="ssl" \
11 | -Dtest.ad.baseContext="CN=Users,DC=ad2019,DC=lab,DC=evolveum,DC=com" \
12 | -Dtest.ad.bindDn="CN=MidPoint,CN=Users,DC=ad2019,DC=lab,DC=evolveum,DC=com" \
13 | -Dtest.ad.bindPassword="qwe.123" test
14 |
15 |
--------------------------------------------------------------------------------