mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/experimental/build.xml
@@ -23,6 +23,7 @@ ! ! ! Copyright 2010 Sun Microsystems, Inc. ! Portions Copyright 2010 ForgeRock AS. ! --> <project name="extension" basedir="." default="package"> @@ -34,8 +35,23 @@ <!-- OpenDS base directory --> <dirname property="extension.basedir" file="${ant.file.extension}" /> <property name="base.dir" location="${extension.basedir}/.." /> <property file="${base.dir}/PRODUCT" /> <!-- Construct the version number string --> <taskdef name="getversionnumber" classname="org.opends.build.tools.CreateVersionString"> <classpath> <fileset dir="${base.dir}/build/build-tools"> <include name="*.jar" /> </fileset> </classpath> </taskdef> <getversionnumber property="VERSION_NUMBER_STRING" /> <property name="opends.install.dir" location="${base.dir}/build/package/OpenDS-2.3.0" /> location="${base.dir}/build/package/${SHORT_NAME}-${VERSION_NUMBER_STRING}" /> <!-- Source paths relative to extension --> <property name="src.dir" location="src" /> @@ -132,14 +148,14 @@ depends="init,compileadmin,generate-messages" description="Compile the Directory Server extension source files."> <mkdir dir="${classes.dir}" /> <javac srcdir="${src.dir}:${src.gen.dir}" <javac srcdir="${src.gen.dir}:${src.dir}" destdir="${classes.dir}" optimize="true" excludes="**/package-info.java" debug="on" debuglevel="lines,source" source="1.5" target="1.5" source="1.6" target="1.6" deprecation="true" fork="true" memoryInitialSize="${MEM}" @@ -155,7 +171,7 @@ description="Generate JavaDoc documentation."> <mkdir dir="${javadoc.dir}" /> <javadoc destdir="${javadoc.dir}" source="1.5" source="1.6" additionalparam="-quiet" linksource="yes" windowtitle="${extension.description} API Documentation" opends/experimental/openidm-pwsync-plugin/README
New file @@ -0,0 +1,51 @@ This folder contains source code for the OpenIDM password synchronization extension to OpenDJ. This extensions implements a password capture feature leveraging the Account Status Notification Handler interface, and OpenIDM specific transport to communicate the password changes to OpenIDM for synchronization with other systems. In order to build and use this extension, perform the following steps (presumably you are already at step 3): 1. In the top-level source folder for OpenDJ, first build and package OpenDJ: ./build.sh 2. Next go into the openidm-pwsync-plugin folder: cd experimental/openidm-pwsync-plugin 3. Retrieve the jars required to build this extension: // TBD 4. And build the plugin (this requires Ant version 7 or higher in your path): ant install 6. This will copy the following files into the parent OpenDJ default installation (build/package/OpenDJ-X.Y.Z): INSTANCE_ROOT/lib/extensions/openidm-pwsync-plugin.jar INSTANCE_ROOT/config/openidm-pwsync-plugin-config.ldif INSTANCE_ROOT/config/schema/90-openidm-pwsync-plugin.ldif 7. Add the plugin's config to the server configuration. The following instruction assumes usage of the Unix 'cat' command, but obviously ldapadd (ldapmodify -a) can be used: cd INSTANCE_ROOT/config cat openidm-pwsync-plugin-config.ldif >> config.ldif 8. Start the server and look for the "openidm-account-status-notification-handler" notice in the start up log: cd INSTANCE_ROOT ./bin/start-ds [03/Dec/2010:19:42:17 +0100] category=EXTENSIONS severity=INFORMATION msgID=1049147 msg=Loaded extension from file '/Volumes/Space/Tests/ODJidm/lib/extensions/ openidm-account-status-notification-handler.jar' (build <unknown>, revision <unknown>) opends/experimental/openidm-pwsync-plugin/build.xml
New file @@ -0,0 +1,39 @@ <!-- ! CDDL HEADER START ! ! The contents of this file are subject to the terms of the ! Common Development and Distribution License, Version 1.0 only ! (the "License"). You may not use this file except in compliance ! with the License. ! ! You can obtain a copy of the license at ! trunk/opends/resource/legal-notices/CDDLv1_0.txt ! or http://forgerock.org/license/CDDLv1.0.html. ! See the License for the specific language governing permissions ! and limitations under the License. ! ! When distributing Covered Code, include this CDDL HEADER in each ! file and include the License file at ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable, ! add the following below this CDDL HEADER, with the fields enclosed ! by brackets "[]" replaced with your own identifying information: ! Portions Copyright [yyyy] [name of copyright owner] ! ! CDDL HEADER END ! ! ! Copyright 2010 ForgeRock AS. ! --> <project name="Openidm Password Sync" basedir="." default="package"> <description> This is the build script for the OpenIDM password sync notification handler. </description> <property name="extension.name" value="openidm-account-status-notification-handler" /> <property name="extension.description" value="OpenIDM Password Sync" /> <!-- Use common extension targets --> <import file="../build.xml" /> </project> opends/experimental/openidm-pwsync-plugin/config/openidm-pwsync-plugin-config.ldif
New file @@ -0,0 +1,12 @@ dn: cn=OpenIDM Notification Handler,cn=Account Status Notification Handlers,cn=config objectClass: top objectClass: ds-cfg-account-status-notification-handler objectClass: ds-cfg-openidm-account-status-notification-handler cn: SMTP Handler ds-cfg-java-class: com.forgerock.openidm.pwsync.OpenidmAccountStatusNotificationHandler ds-cfg-enabled: true ds-cfg-attribute-type: mail ds-cfg-attribute-type: uid ds-cfg-log-file: logs/pwsync ds-cfg-asynchronous: true
New file @@ -0,0 +1,39 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License, Version 1.0 only # (the "License"). You may not use this file except in compliance # with the License. # # You can obtain a copy of the license at # trunk/opends/resource/legal-notices/CDDLv1_0.txt # or http://forgerock.org/license/CDDLv1.0.html. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at # trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable, # add the following below this CDDL HEADER, with the fields enclosed # by brackets "[]" replaced with your own identifying information: # Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # # Copyright 2010 ForgeRock AS. # # # This file contains the attribute type and objectclass definitions for use # with the Directory Server configuration. # OIDs in this schema are allocated under the ForgeRock OID arc dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema objectClasses: ( 1.3.6.1.4.1.36733.2.1.2.1 NAME 'ds-cfg-openidm-account-status-notification-handler' SUP ds-cfg-account-status-notification-handler STRUCTURAL MUST ( ds-cfg-asynchronous $ ds-cfg-log-file ) MAY ( ds-cfg-attribute-type ) X-ORIGIN 'OpenIDM OpenDJ plugin' ) opends/experimental/openidm-pwsync-plugin/src/com/forgerock/openidm/pwsync/OpenidmAccountStatusNotificationHandler.java
New file @@ -0,0 +1,336 @@ /* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at * trunk/opends/resource/legal-notices/CDDLv1_0.txt * or http://forgerock.org/license/CDDLv1.0.html. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at * trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable, * add the following below this CDDL HEADER, with the fields enclosed * by brackets "[]" replaced with your own identifying information: * Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END * * * Copyright 2010 ForgeRock AS. */ package com.forgerock.openidm.pwsync; import org.opends.messages.Message; import java.util.ArrayList; import java.util.List; import java.util.Set; import java.util.HashMap; import java.util.Map; import java.io.File; import java.io.IOException; import org.opends.server.admin.server.ConfigurationChangeListener; import org.opends.server.admin.std.server.AccountStatusNotificationHandlerCfg; import com.forgerock.openidm.pwsync.server.OpenidmAccountStatusNotificationHandlerCfg; import org.opends.server.api.AccountStatusNotificationHandler; import org.opends.server.loggers.debug.DebugTracer; import org.opends.server.config.ConfigException; import org.opends.server.types.AccountStatusNotification; import org.opends.server.types.Attribute; import org.opends.server.types.AttributeType; import org.opends.server.types.AttributeValue; import org.opends.server.types.ConfigChangeResult; import org.opends.server.types.Entry; import org.opends.server.types.InitializationException; import org.opends.server.types.ResultCode; import static org.opends.server.types.AccountStatusNotificationProperty.*; import static org.opends.server.loggers.debug.DebugLogger.*; import static org.opends.server.util.StaticUtils.*; /** * This class defines an account status notification handler that captures * information about account status notifications and forward them * to OpenIDM. The 2 events of interest are password reset and password * change, which will convey the new clear-text password. * */ public class OpenidmAccountStatusNotificationHandler extends AccountStatusNotificationHandler <OpenidmAccountStatusNotificationHandlerCfg> implements ConfigurationChangeListener <OpenidmAccountStatusNotificationHandlerCfg> { // The current configuration for this account status notification handler. private OpenidmAccountStatusNotificationHandlerCfg currentConfig; /** * The tracer object for the debug logger. */ private static final DebugTracer TRACER = getTracer(); private static final byte PWD_CHANGED = 1; private static final byte PWD_RESET = 2; //The name of the logfile that the update thread uses to process change //records. Defaults to "logs/referint", but can be changed in the //configuration. private String logFileName = null; //The File class that logfile corresponds to. private File logFile; /** * {@inheritDoc} */ public void initializeStatusNotificationHandler( OpenidmAccountStatusNotificationHandlerCfg configuration ) throws ConfigException, InitializationException { currentConfig = configuration; currentConfig.addOpenidmChangeListener(this); // Read configuration, check and initialize things here. logFileName = configuration.getLogFile(); setUpLogFile(logFileName); } /** * {@inheritDoc} */ public void handleStatusNotification( AccountStatusNotification notification) { OpenidmAccountStatusNotificationHandlerCfg config = currentConfig; List<String> newPasswords = null; HashMap<String, List<String>> returnedData = new HashMap<String, List<String>>(); Byte passwordEvent = 0; String userDN = String.valueOf(notification.getUserDN()); Entry userEntry = notification.getUserEntry(); Set<AttributeType> notificationAttrs = config.getAttributeType(); for (AttributeType t : notificationAttrs) { List<Attribute> attrList = userEntry.getAttribute(t); if (attrList != null) { for (Attribute a : attrList) { ArrayList<String> attrVals = new ArrayList<String>(); for (AttributeValue v : a) { if (debugEnabled()) { TRACER.debugInfo("Adding end user attribute value " + v.getValue().toString() + " from attr " + a.getNameWithOptions() + "to notification"); } // Add the value of this attribute to the Notif message attrVals.add(v.getValue().toString()); } returnedData.put(a.getName().toString(), attrVals); } } } switch (notification.getNotificationType()) { case PASSWORD_CHANGED: // Build the password changed message newPasswords = notification.getNotificationProperties().get(NEW_PASSWORD); passwordEvent = PWD_CHANGED; break; case PASSWORD_RESET: // Build the password reset message newPasswords = notification.getNotificationProperties().get(NEW_PASSWORD); passwordEvent = PWD_RESET; break; default: // We are not interest by other events, just return return; } // Process the notification ProcessOpenIDMNotification(passwordEvent, userDN, newPasswords, returnedData); } /** * {@inheritDoc} */ @Override() public boolean isConfigurationAcceptable( AccountStatusNotificationHandlerCfg configuration, List<Message> unacceptableReasons) { OpenidmAccountStatusNotificationHandlerCfg config = (OpenidmAccountStatusNotificationHandlerCfg) configuration; return isConfigurationChangeAcceptable(config, unacceptableReasons); } /** * {@inheritDoc} */ public boolean isConfigurationChangeAcceptable( OpenidmAccountStatusNotificationHandlerCfg configuration, List<Message> unacceptableReasons ) { boolean isAcceptable = true; // If additional parameters are added to the config, they should be // checked here. return isAcceptable; } /** * Makes a best-effort attempt to apply the configuration contained in the * provided entry. Information about the result of this processing should be * added to the provided message list. Information should always be added to * this list if a configuration change could not be applied. If detailed * results are requested, then information about the changes applied * successfully (and optionally about parameters that were not changed) should * also be included. * * @param configuration The entry containing the new configuration to * apply for this component. * @param detailedResults Indicates whether detailed information about the * processing should be added to the list. * * @return Information about the result of the configuration update. */ public ConfigChangeResult applyConfigurationChange ( OpenidmAccountStatusNotificationHandlerCfg configuration, boolean detailedResults ) { ConfigChangeResult changeResult = applyConfigurationChange (configuration); return changeResult; } /** * {@inheritDoc} */ public ConfigChangeResult applyConfigurationChange ( OpenidmAccountStatusNotificationHandlerCfg configuration ) { ArrayList<Message> messages = new ArrayList<Message>(); Boolean adminActionRequired = false; //User is not allowed to change the logfile name, append a message that the //server needs restarting for change to take effect. String newLogFileName=configuration.getLogFile(); if(!logFileName.equals(newLogFileName)) { adminActionRequired=true; messages.add( OpenidmAccountStatusNotificationHandlerMessages. INFO_OPENIDM_PWSYNC_LOGFILE_CHANGE_REQUIRES_RESTART.get(logFileName, newLogFileName)); } currentConfig = configuration; return new ConfigChangeResult(ResultCode.SUCCESS, adminActionRequired, messages); } /** * * @return the current configuration of the plugin */ public OpenidmAccountStatusNotificationHandlerCfg getCurrentConfiguration() { return currentConfig; } /** * Process a password change notification and sends it to OpenIDM. * * @param passwordEvent A byte indicating if it's a change or reset. * * @param userDN The user distinguished name as a string. * * @param newPasswords the list of new passwords (there may be more than 1). * * @param returnedData the additional attributes and values of the user * entry. * */ void ProcessOpenIDMNotification(byte passwordEvent, String userDN, List<String>newPasswords, Map<String, List<String>>returnedData) { System.out.println("User " + userDN + " 's password " + (passwordEvent == PWD_CHANGED ? "changed" : "reset") + " to : " + newPasswords.toString() + " Additional data: " + returnedData.toString()); // For now do nothing } /** * Sets up the log file that the plugin can write update records to and * the background thread can use to read update records from. The specifed * log file name is the name to use for the file. If the file exists from * a previous run, use it. * * @param logFileName The name of the file to use, may be absolute. * * @throws ConfigException If a new file cannot be created if needed. * */ private void setUpLogFile(String logFileName) throws ConfigException { this.logFileName=logFileName; logFile=getFileForPath(logFileName); try { if(!logFile.exists()) { logFile.createNewFile(); } } catch (IOException io) { throw new ConfigException( OpenidmAccountStatusNotificationHandlerMessages. ERR_OPENIDM_PWSYNC_CREATE_LOGFILE.get( io.getMessage()), io); } } }
New file @@ -0,0 +1,116 @@ <?xml version="1.0" encoding="utf-8"?> <adm:managed-object name="openidm-account-status-notification-handler" plural-name="openidm-account-status-notification-handlers" extends="account-status-notification-handler" package="com.forgerock.openidm.pwsync" parent-package="org.opends.server.admin.std" xmlns:adm="http://www.opends.org/admin" xmlns:ldap="http://www.opends.org/admin-ldap"> <adm:synopsis> The <adm:user-friendly-name /> is an account status notification handler that post a message to OpenIDM whenever an account status notification is generated for password reset or changes. </adm:synopsis> <adm:profile name="ldap"> <ldap:object-class> <ldap:name> ds-cfg-openidm-account-status-notification-handler </ldap:name> <ldap:superior> ds-cfg-account-status-notification-handler </ldap:superior> </ldap:object-class> </adm:profile> <adm:property-override name="java-class" advanced="true"> <adm:default-behavior> <adm:defined> <adm:value>com.forgerock.openidm.pwsync.OpenidmAccountStatusNotificationHandler</adm:value> </adm:defined> </adm:default-behavior> </adm:property-override> <adm:property name="asynchronous" mandatory="true"> <adm:synopsis> Indicates whether the notification should be send asynchronously to OpenIDM. </adm:synopsis> <adm:description> When notifications are synchronous, the messages will be recorded and replay in case of failure. </adm:description> <adm:default-behavior> <adm:defined> <adm:value>true</adm:value> </adm:defined> </adm:default-behavior> <adm:syntax> <adm:boolean /> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:name> ds-cfg-asynchronous </ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="log-file" mandatory="true"> <adm:synopsis> Specifies the log file location where the changed passwords are written when the plug-in cannot contact OpenIDM. </adm:synopsis> <adm:description> The default location is the logs directory of the server instance, using the file name "pwsync". Passwords in this file will be encrypted. </adm:description> <adm:default-behavior> <adm:defined> <adm:value>logs/pwsync</adm:value> </adm:defined> </adm:default-behavior> <adm:syntax> <adm:string> <adm:pattern> <adm:regex>.*</adm:regex> <adm:usage>FILE</adm:usage> <adm:synopsis> A path to an existing file that is readable by the server. </adm:synopsis> </adm:pattern> </adm:string> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:name>ds-cfg-log-file</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="attribute-type" multi-valued="true"> <adm:synopsis> Specifies the attribute types that this plug-in will send along with the password change. </adm:synopsis> <adm:description> Zero or more attribute type can be specified. </adm:description> <adm:default-behavior> <adm:alias> <adm:synopsis> If no attribute types are specified, only the DN and the new password of the user will be synchronized to OpenIDM. </adm:synopsis> </adm:alias> </adm:default-behavior> <adm:syntax> <adm:attribute-type /> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:name>ds-cfg-attribute-type</ldap:name> </ldap:attribute> </adm:profile> </adm:property> </adm:managed-object> opends/experimental/openidm-pwsync-plugin/src/com/forgerock/openidm/pwsync/Package.xml
New file @@ -0,0 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <adm:package name="com.forgerock.openidm.pwsync" xmlns:adm="http://www.opends.org/admin" xmlns:ldap="http://www.opends.org/admin-ldap"> <adm:synopsis>OpenIDM password synchronization extension to OpenDJ.</adm:synopsis> </adm:package> opends/experimental/openidm-pwsync-plugin/src/com/forgerock/openidm/pwsync/openidm-account-status-notification-handler.properties
New file @@ -0,0 +1,54 @@ # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License, Version 1.0 only # (the "License"). You may not use this file except in compliance # with the License. # # You can obtain a copy of the license at # trunk/opends/resource/legal-notices/CDDLv1_0.txt # or http://forgerock.org/license/CDDLv1.0.html. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at # trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable, # add the following below this CDDL HEADER, with the fields enclosed # by brackets "[]" replaced with your own identifying information: # Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # Copyright 2010 ForgeRock AS. # # Global directives # global.category=USER_DEFINED # # Format string definitions # # Keys must be formatted as follows: # # [SEVERITY]_[DESCRIPTION]_[ORDINAL] # # where: # # SEVERITY is one of: # [INFO, MILD_WARN, SEVERE_WARN, MILD_ERR, SEVERE_ERR, FATAL_ERR, DEBUG, NOTICE] # # DESCRIPTION is an upper case string providing a hint as to the context of # the message in upper case with the underscore ('_') character serving as # word separator # # ORDINAL is an integer unique among other ordinals in this file # SEVERE_ERR_OPENIDM_PWSYNC_CREATE_LOGFILE_1=An error occurred during \ OpenIDM Password Sync plugin initialization because log file creation \ failed: %s. INFO_OPENIDM_PWSYNC_LOGFILE_CHANGE_REQUIRES_RESTART_2=The file name that \ the OpenIDM Password Sync plugin logs changes has been changed from %s \ to %s, but this change will not take effect until the server is restarted opends/experimental/openidm-pwsync-plugin/src/com/forgerock/openidm/pwsync/package-info.java
New file @@ -0,0 +1,35 @@ /* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at * trunk/opends/resource/legal-notices/CDDLv1_0.txt * or http://forgerock.org/license/CDDLv1.0.html. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at * trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable, * add the following below this CDDL HEADER, with the fields enclosed * by brackets "[]" replaced with your own identifying information: * Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END * * * Copyright 2010 ForgeRock AS. */ /** * OpenIDM password synchronization extension's implementation classes. * <p> * This package contains the classes which implement OpenDJ extension to * support OpenIDM password synchronization. */ package com.forgerock.openidm.pwsync;
