/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at * trunk/opends/resource/legal-notices/OpenDS.LICENSE * or https://OpenDS.dev.java.net/OpenDS.LICENSE. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, * add the following below this CDDL HEADER, with the fields enclosed * by brackets "[]" replaced with your own identifying * information: * Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END * * * Portions Copyright 2006 Sun Microsystems, Inc. */ package org.opends.server.core; import java.util.ArrayList; import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.concurrent.ConcurrentHashMap; import org.opends.server.api.ConfigAddListener; import org.opends.server.api.ConfigChangeListener; import org.opends.server.api.ConfigDeleteListener; import org.opends.server.api.ConfigurableComponent; import org.opends.server.api.ConfigHandler; import org.opends.server.api.IdentityMapper; import org.opends.server.config.BooleanConfigAttribute; import org.opends.server.config.ConfigEntry; import org.opends.server.config.ConfigException; import org.opends.server.config.StringConfigAttribute; import org.opends.server.types.ConfigChangeResult; import org.opends.server.types.DN; import org.opends.server.types.ErrorLogCategory; import org.opends.server.types.ErrorLogSeverity; import org.opends.server.types.ResultCode; import static org.opends.server.config.ConfigConstants.*; import static org.opends.server.loggers.Debug.*; import static org.opends.server.loggers.Error.*; import static org.opends.server.messages.ConfigMessages.*; import static org.opends.server.messages.MessageHandler.*; import static org.opends.server.util.ServerConstants.*; import static org.opends.server.util.StaticUtils.*; /** * This class defines a utility that will be used to manage the set of identity * mappers defined in the Directory Server. It will initialize the identity * mappers when the server starts, and then will manage any additions, removals, * or modifications to any identity mappers while the server is running. */ public class IdentityMapperConfigManager implements ConfigChangeListener, ConfigAddListener, ConfigDeleteListener { /** * The fully-qualified name of this class for debugging purposes. */ private static final String CLASS_NAME = "org.opends.server.core.IdentityMapperConfigManager"; // A mapping between the DNs of the config entries and the associated identity // mappers. private ConcurrentHashMap identityMappers; // The configuration handler for the Directory Server. private ConfigHandler configHandler; /** * Creates a new instance of this identity mapper config manager. */ public IdentityMapperConfigManager() { assert debugConstructor(CLASS_NAME); configHandler = DirectoryServer.getConfigHandler(); identityMappers = new ConcurrentHashMap(); } /** * Initializes all identity mappers currently defined in the Directory Server * configuration. This should only be called at Directory Server startup. * * @throws ConfigException If a configuration problem causes the identity * mapper initialization process to fail. * * @throws InitializationException If a problem occurs while initializing * the identity mappers that is not related * to the server configuration. */ public void initializeIdentityMappers() throws ConfigException, InitializationException { assert debugEnter(CLASS_NAME, "initializeIdentityMappers"); // First, get the configuration base entry. ConfigEntry baseEntry; try { DN mapperBase = DN.decode(DN_IDMAPPER_CONFIG_BASE); baseEntry = configHandler.getConfigEntry(mapperBase); } catch (Exception e) { assert debugException(CLASS_NAME, "initializeIdentityMappers", e); int msgID = MSGID_CONFIG_IDMAPPER_CANNOT_GET_BASE; String message = getMessage(msgID, String.valueOf(e)); throw new ConfigException(msgID, message, e); } if (baseEntry == null) { // The identity mapper base entry does not exist. This is not acceptable, // so throw an exception. int msgID = MSGID_CONFIG_IDMAPPER_BASE_DOES_NOT_EXIST; String message = getMessage(msgID); throw new ConfigException(msgID, message); } // Register add and delete listeners with the identity mapper base entry. // We don't care about modifications to it. baseEntry.registerAddListener(this); baseEntry.registerDeleteListener(this); // See if the base entry has any children. If not, then we don't need to do // anything else. if (! baseEntry.hasChildren()) { return; } // Iterate through the child entries and process them as identity mapper // configuration entries. for (ConfigEntry childEntry : baseEntry.getChildren().values()) { childEntry.registerChangeListener(this); StringBuilder unacceptableReason = new StringBuilder(); if (! configAddIsAcceptable(childEntry, unacceptableReason)) { logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.SEVERE_ERROR, MSGID_CONFIG_IDMAPPER_ENTRY_UNACCEPTABLE, childEntry.getDN().toString(), unacceptableReason.toString()); continue; } try { ConfigChangeResult result = applyConfigurationAdd(childEntry); if (result.getResultCode() != ResultCode.SUCCESS) { StringBuilder buffer = new StringBuilder(); List resultMessages = result.getMessages(); if ((resultMessages == null) || (resultMessages.isEmpty())) { buffer.append(getMessage(MSGID_CONFIG_UNKNOWN_UNACCEPTABLE_REASON)); } else { Iterator iterator = resultMessages.iterator(); buffer.append(iterator.next()); while (iterator.hasNext()) { buffer.append(EOL); buffer.append(iterator.next()); } } logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.SEVERE_ERROR, MSGID_CONFIG_IDMAPPER_CANNOT_CREATE_MAPPER, childEntry.getDN().toString(), buffer.toString()); } } catch (Exception e) { logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.SEVERE_ERROR, MSGID_CONFIG_IDMAPPER_CANNOT_CREATE_MAPPER, childEntry.getDN().toString(), String.valueOf(e)); } } // Now that all of the identity mappers are defined, see if the Directory // Server's proxied auth mapper is valid. If not, then log a warning // message. DN mapperDN = DirectoryServer.getProxiedAuthorizationIdentityMapperDN(); if (mapperDN == null) { logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.MILD_WARNING, MSGID_CONFIG_IDMAPPER_NO_PROXY_MAPPER_DN); } else if (! identityMappers.containsKey(mapperDN)) { logError(ErrorLogCategory.CONFIGURATION, ErrorLogSeverity.SEVERE_WARNING, MSGID_CONFIG_IDMAPPER_INVALID_PROXY_MAPPER_DN, String.valueOf(mapperDN)); } } /** * Indicates whether the configuration entry that will result from a proposed * modification is acceptable to this change listener. * * @param configEntry The configuration entry that will result from * the requested update. * @param unacceptableReason A buffer to which this method can append a * human-readable message explaining why the * proposed change is not acceptable. * * @return true if the proposed entry contains an acceptable * configuration, or false if it does not. */ public boolean configChangeIsAcceptable(ConfigEntry configEntry, StringBuilder unacceptableReason) { assert debugEnter(CLASS_NAME, "configChangeIsAcceptable", String.valueOf(configEntry), "java.lang.StringBuilder"); // Make sure that the entry has an appropriate objectclass for an identity // mapper. if (! configEntry.hasObjectClass(OC_IDENTITY_MAPPER)) { int msgID = MSGID_CONFIG_IDMAPPER_INVALID_OBJECTCLASS; String message = getMessage(msgID, configEntry.getDN().toString()); unacceptableReason.append(message); return false; } // Make sure that the entry specifies the identity mapper class name. StringConfigAttribute classNameAttr; try { StringConfigAttribute classStub = new StringConfigAttribute(ATTR_IDMAPPER_CLASS, getMessage(MSGID_CONFIG_IDMAPPER_DESCRIPTION_CLASS_NAME), true, false, true); classNameAttr = (StringConfigAttribute) configEntry.getConfigAttribute(classStub); if (classNameAttr == null) { int msgID = MSGID_CONFIG_IDMAPPER_NO_CLASS_NAME; String message = getMessage(msgID, configEntry.getDN().toString()); unacceptableReason.append(message); return false; } } catch (Exception e) { assert debugException(CLASS_NAME, "configChangeIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS_NAME; String message = getMessage(msgID, configEntry.getDN().toString(), String.valueOf(e)); unacceptableReason.append(message); return false; } Class mapperClass; try { // FIXME -- Should this be done with a custom class loader? mapperClass = Class.forName(classNameAttr.pendingValue()); } catch (Exception e) { assert debugException(CLASS_NAME, "configChangeIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS_NAME; String message = getMessage(msgID, configEntry.getDN().toString(), String.valueOf(e)); unacceptableReason.append(message); return false; } try { IdentityMapper mapper = (IdentityMapper) mapperClass.newInstance(); } catch(Exception e) { assert debugException(CLASS_NAME, "configChangeIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS; String message = getMessage(msgID, mapperClass.getName(), String.valueOf(configEntry.getDN()), String.valueOf(e)); unacceptableReason.append(message); return false; } // See if this identity mapper should be enabled. BooleanConfigAttribute enabledAttr; try { BooleanConfigAttribute enabledStub = new BooleanConfigAttribute(ATTR_IDMAPPER_ENABLED, getMessage(MSGID_CONFIG_IDMAPPER_DESCRIPTION_ENABLED), false); enabledAttr = (BooleanConfigAttribute) configEntry.getConfigAttribute(enabledStub); if (enabledAttr == null) { int msgID = MSGID_CONFIG_IDMAPPER_NO_ENABLED_ATTR; String message = getMessage(msgID, configEntry.getDN().toString()); unacceptableReason.append(message); return false; } } catch (Exception e) { assert debugException(CLASS_NAME, "configChangeIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_ENABLED_VALUE; String message = getMessage(msgID, configEntry.getDN().toString(), String.valueOf(e)); unacceptableReason.append(message); return false; } // If we've gotten here then the identity mapper entry appears to be // acceptable. return true; } /** * Attempts to apply a new configuration to this Directory Server component * based on the provided changed entry. * * @param configEntry The configuration entry that containing the updated * configuration for this component. * * @return Information about the result of processing the configuration * change. */ public ConfigChangeResult applyConfigurationChange(ConfigEntry configEntry) { assert debugEnter(CLASS_NAME, "applyConfigurationChange", String.valueOf(configEntry)); DN configEntryDN = configEntry.getDN(); ResultCode resultCode = ResultCode.SUCCESS; boolean adminActionRequired = false; ArrayList messages = new ArrayList(); // Make sure that the entry has an appropriate objectclass for an identity // mapper. if (! configEntry.hasObjectClass(OC_IDENTITY_MAPPER)) { int msgID = MSGID_CONFIG_IDMAPPER_INVALID_OBJECTCLASS; messages.add(getMessage(msgID, String.valueOf(configEntryDN))); resultCode = ResultCode.UNWILLING_TO_PERFORM; return new ConfigChangeResult(resultCode, adminActionRequired, messages); } // Get the corresponding identity mapper if it is active. IdentityMapper mapper = identityMappers.get(configEntryDN); // See if this identity mapper should be enabled or disabled. boolean needsEnabled = false; BooleanConfigAttribute enabledAttr; try { BooleanConfigAttribute enabledStub = new BooleanConfigAttribute(ATTR_IDMAPPER_ENABLED, getMessage(MSGID_CONFIG_IDMAPPER_DESCRIPTION_ENABLED), false); enabledAttr = (BooleanConfigAttribute) configEntry.getConfigAttribute(enabledStub); if (enabledAttr == null) { int msgID = MSGID_CONFIG_IDMAPPER_NO_ENABLED_ATTR; messages.add(getMessage(msgID, String.valueOf(configEntryDN))); resultCode = ResultCode.UNWILLING_TO_PERFORM; return new ConfigChangeResult(resultCode, adminActionRequired, messages); } if (enabledAttr.activeValue()) { if (mapper == null) { needsEnabled = true; } else { // The identity mapper is already active, so no action is required. } } else { if (mapper == null) { // The identity mapper is already disabled, so no action is required // and we can short-circuit out of this processing. return new ConfigChangeResult(resultCode, adminActionRequired, messages); } else { // The identity mapper is active, so it needs to be disabled. Do this // and return that we were successful. identityMappers.remove(configEntryDN); mapper.finalizeIdentityManager(); DirectoryServer.deregisterIdentityMapper(configEntryDN); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } } } catch (Exception e) { assert debugException(CLASS_NAME, "configChangeIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_ENABLED_VALUE; messages.add(getMessage(msgID, String.valueOf(configEntryDN), String.valueOf(e))); resultCode = DirectoryServer.getServerErrorResultCode(); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } // Make sure that the entry specifies the identity mapper class name. If it // has changed, then we will not try to dynamically apply it. String className; try { StringConfigAttribute classStub = new StringConfigAttribute(ATTR_IDMAPPER_CLASS, getMessage(MSGID_CONFIG_IDMAPPER_DESCRIPTION_CLASS_NAME), true, false, true); StringConfigAttribute classNameAttr = (StringConfigAttribute) configEntry.getConfigAttribute(classStub); if (classNameAttr == null) { int msgID = MSGID_CONFIG_IDMAPPER_NO_CLASS_NAME; messages.add(getMessage(msgID, String.valueOf(configEntryDN))); resultCode = ResultCode.OBJECTCLASS_VIOLATION; return new ConfigChangeResult(resultCode, adminActionRequired, messages); } className = classNameAttr.pendingValue(); } catch (Exception e) { assert debugException(CLASS_NAME, "configChangeIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS_NAME; messages.add(getMessage(msgID, String.valueOf(configEntryDN), String.valueOf(e))); resultCode = DirectoryServer.getServerErrorResultCode(); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } boolean classChanged = false; String oldClassName = null; if (mapper != null) { oldClassName = mapper.getClass().getName(); classChanged = (! className.equals(oldClassName)); } if (classChanged) { // This will not be applied dynamically. Add a message to the response // and indicate that admin action is required. adminActionRequired = true; messages.add(getMessage(MSGID_CONFIG_IDMAPPER_CLASS_ACTION_REQUIRED, String.valueOf(oldClassName), String.valueOf(className), String.valueOf(configEntryDN))); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } if (needsEnabled) { try { // FIXME -- Should this be done with a dynamic class loader? Class mapperClass = Class.forName(className); mapper = (IdentityMapper) mapperClass.newInstance(); } catch (Exception e) { assert debugException(CLASS_NAME, "applyConfigurationChange", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS; messages.add(getMessage(msgID, className, String.valueOf(configEntryDN), String.valueOf(e))); resultCode = DirectoryServer.getServerErrorResultCode(); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } try { mapper.initializeIdentityMapper(configEntry); } catch (Exception e) { assert debugException(CLASS_NAME, "applyConfigurationChange", e); int msgID = MSGID_CONFIG_IDMAPPER_INITIALIZATION_FAILED; messages.add(getMessage(msgID, className, String.valueOf(configEntryDN), String.valueOf(e))); resultCode = DirectoryServer.getServerErrorResultCode(); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } identityMappers.put(configEntryDN, mapper); DirectoryServer.registerIdentityMapper(configEntryDN, mapper); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } // If we've gotten here, then there haven't been any changes to anything // that we care about. return new ConfigChangeResult(resultCode, adminActionRequired, messages); } /** * Indicates whether the configuration entry that will result from a proposed * add is acceptable to this add listener. * * @param configEntry The configuration entry that will result from * the requested add. * @param unacceptableReason A buffer to which this method can append a * human-readable message explaining why the * proposed entry is not acceptable. * * @return true if the proposed entry contains an acceptable * configuration, or false if it does not. */ public boolean configAddIsAcceptable(ConfigEntry configEntry, StringBuilder unacceptableReason) { assert debugEnter(CLASS_NAME, "configAddIsAcceptable", String.valueOf(configEntry), "java.lang.StringBuilder"); // Make sure that no entry already exists with the specified DN. DN configEntryDN = configEntry.getDN(); if (identityMappers.containsKey(configEntryDN)) { int msgID = MSGID_CONFIG_IDMAPPER_EXISTS; String message = getMessage(msgID, String.valueOf(configEntryDN)); unacceptableReason.append(message); return false; } // Make sure that the entry has an appropriate objectclass for an identity // mapper. if (! configEntry.hasObjectClass(OC_IDENTITY_MAPPER)) { int msgID = MSGID_CONFIG_IDMAPPER_INVALID_OBJECTCLASS; String message = getMessage(msgID, configEntry.getDN().toString()); unacceptableReason.append(message); return false; } // Make sure that the entry specifies the identity mapper class. StringConfigAttribute classNameAttr; try { StringConfigAttribute classStub = new StringConfigAttribute(ATTR_IDMAPPER_CLASS, getMessage(MSGID_CONFIG_IDMAPPER_DESCRIPTION_CLASS_NAME), true, false, true); classNameAttr = (StringConfigAttribute) configEntry.getConfigAttribute(classStub); if (classNameAttr == null) { int msgID = MSGID_CONFIG_IDMAPPER_NO_CLASS_NAME; String message = getMessage(msgID, configEntry.getDN().toString()); unacceptableReason.append(message); return false; } } catch (Exception e) { assert debugException(CLASS_NAME, "configAddIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS_NAME; String message = getMessage(msgID, configEntry.getDN().toString(), String.valueOf(e)); unacceptableReason.append(message); return false; } Class mapperClass; try { // FIXME -- Should this be done with a custom class loader? mapperClass = Class.forName(classNameAttr.pendingValue()); } catch (Exception e) { assert debugException(CLASS_NAME, "configAddIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS_NAME; String message = getMessage(msgID, configEntry.getDN().toString(), String.valueOf(e)); unacceptableReason.append(message); return false; } IdentityMapper identityMapper; try { identityMapper = (IdentityMapper) mapperClass.newInstance(); } catch (Exception e) { assert debugException(CLASS_NAME, "configAddIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS; String message = getMessage(msgID, mapperClass.getName(), String.valueOf(configEntryDN), String.valueOf(e)); unacceptableReason.append(message); return false; } // If the identity mapper is a configurable component, then make sure that // its configuration is valid. if (identityMapper instanceof ConfigurableComponent) { ConfigurableComponent cc = (ConfigurableComponent) identityMapper; LinkedList errorMessages = new LinkedList(); if (! cc.hasAcceptableConfiguration(configEntry, errorMessages)) { if (errorMessages.isEmpty()) { int msgID = MSGID_CONFIG_IDMAPPER_UNACCEPTABLE_CONFIG; unacceptableReason.append(getMessage(msgID, String.valueOf(configEntryDN))); } else { Iterator iterator = errorMessages.iterator(); unacceptableReason.append(iterator.next()); while (iterator.hasNext()) { unacceptableReason.append(" "); unacceptableReason.append(iterator.next()); } } return false; } } // See if this identity mapper should be enabled. BooleanConfigAttribute enabledAttr; try { BooleanConfigAttribute enabledStub = new BooleanConfigAttribute(ATTR_IDMAPPER_ENABLED, getMessage(MSGID_CONFIG_IDMAPPER_DESCRIPTION_ENABLED), false); enabledAttr = (BooleanConfigAttribute) configEntry.getConfigAttribute(enabledStub); if (enabledAttr == null) { int msgID = MSGID_CONFIG_IDMAPPER_NO_ENABLED_ATTR; String message = getMessage(msgID, configEntry.getDN().toString()); unacceptableReason.append(message); return false; } } catch (Exception e) { assert debugException(CLASS_NAME, "configAddIsAcceptable", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_ENABLED_VALUE; String message = getMessage(msgID, configEntry.getDN().toString(), String.valueOf(e)); unacceptableReason.append(message); return false; } // If we've gotten here then the identity mapper entry appears to be // acceptable. return true; } /** * Attempts to apply a new configuration based on the provided added entry. * * @param configEntry The new configuration entry that contains the * configuration to apply. * * @return Information about the result of processing the configuration * change. */ public ConfigChangeResult applyConfigurationAdd(ConfigEntry configEntry) { assert debugEnter(CLASS_NAME, "applyConfigurationAdd", String.valueOf(configEntry)); DN configEntryDN = configEntry.getDN(); ResultCode resultCode = ResultCode.SUCCESS; boolean adminActionRequired = false; ArrayList messages = new ArrayList(); // Make sure that the entry has an appropriate objectclass for an identity // mapper. if (! configEntry.hasObjectClass(OC_IDENTITY_MAPPER)) { int msgID = MSGID_CONFIG_IDMAPPER_INVALID_OBJECTCLASS; messages.add(getMessage(msgID, String.valueOf(configEntryDN))); resultCode = ResultCode.UNWILLING_TO_PERFORM; return new ConfigChangeResult(resultCode, adminActionRequired, messages); } // See if this identity mapper should be enabled or disabled. BooleanConfigAttribute enabledAttr; try { BooleanConfigAttribute enabledStub = new BooleanConfigAttribute(ATTR_IDMAPPER_ENABLED, getMessage(MSGID_CONFIG_IDMAPPER_DESCRIPTION_ENABLED), false); enabledAttr = (BooleanConfigAttribute) configEntry.getConfigAttribute(enabledStub); if (enabledAttr == null) { // The attribute doesn't exist, so it will be disabled by default. int msgID = MSGID_CONFIG_IDMAPPER_NO_ENABLED_ATTR; messages.add(getMessage(msgID, String.valueOf(configEntryDN))); resultCode = ResultCode.SUCCESS; return new ConfigChangeResult(resultCode, adminActionRequired, messages); } else if (! enabledAttr.activeValue()) { // It is explicitly configured as disabled, so we don't need to do // anything. return new ConfigChangeResult(resultCode, adminActionRequired, messages); } } catch (Exception e) { assert debugException(CLASS_NAME, "applyConfigurationAdd", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_ENABLED_VALUE; messages.add(getMessage(msgID, String.valueOf(configEntryDN), String.valueOf(e))); resultCode = DirectoryServer.getServerErrorResultCode(); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } // Make sure that the entry specifies the identity mapper class name. String className; try { StringConfigAttribute classStub = new StringConfigAttribute(ATTR_IDMAPPER_CLASS, getMessage(MSGID_CONFIG_IDMAPPER_DESCRIPTION_CLASS_NAME), true, false, true); StringConfigAttribute classNameAttr = (StringConfigAttribute) configEntry.getConfigAttribute(classStub); if (classNameAttr == null) { int msgID = MSGID_CONFIG_IDMAPPER_NO_CLASS_NAME; messages.add(getMessage(msgID, String.valueOf(configEntryDN))); resultCode = ResultCode.OBJECTCLASS_VIOLATION; return new ConfigChangeResult(resultCode, adminActionRequired, messages); } className = classNameAttr.pendingValue(); } catch (Exception e) { assert debugException(CLASS_NAME, "applyConfigurationAdd", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS_NAME; messages.add(getMessage(msgID, String.valueOf(configEntryDN), String.valueOf(e))); resultCode = DirectoryServer.getServerErrorResultCode(); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } // Load and initialize the identity mapper class, and register it with the // Directory Server. IdentityMapper identityMapper; try { // FIXME -- Should this be done with a dynamic class loader? Class mapperClass = Class.forName(className); identityMapper = (IdentityMapper) mapperClass.newInstance(); } catch (Exception e) { assert debugException(CLASS_NAME, "applyConfigurationAdd", e); int msgID = MSGID_CONFIG_IDMAPPER_INVALID_CLASS; messages.add(getMessage(msgID, className, String.valueOf(configEntryDN), String.valueOf(e))); resultCode = DirectoryServer.getServerErrorResultCode(); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } try { identityMapper.initializeIdentityMapper(configEntry); } catch (Exception e) { assert debugException(CLASS_NAME, "applyConfigurationAdd", e); int msgID = MSGID_CONFIG_IDMAPPER_INITIALIZATION_FAILED; messages.add(getMessage(msgID, className, String.valueOf(configEntryDN), String.valueOf(e))); resultCode = DirectoryServer.getServerErrorResultCode(); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } identityMappers.put(configEntryDN, identityMapper); DirectoryServer.registerIdentityMapper(configEntryDN, identityMapper); return new ConfigChangeResult(resultCode, adminActionRequired, messages); } /** * Indicates whether it is acceptable to remove the provided configuration * entry. * * @param configEntry The configuration entry that will be removed * from the configuration. * @param unacceptableReason A buffer to which this method can append a * human-readable message explaining why the * proposed delete is not acceptable. * * @return true if the proposed entry may be removed from the * configuration, or false if not. */ public boolean configDeleteIsAcceptable(ConfigEntry configEntry, StringBuilder unacceptableReason) { assert debugEnter(CLASS_NAME, "configDeleteIsAcceptable", String.valueOf(configEntry), "java.lang.StringBuilder"); // A delete should always be acceptable, so just return true. return true; } /** * Attempts to apply a new configuration based on the provided deleted entry. * * @param configEntry The new configuration entry that has been deleted. * * @return Information about the result of processing the configuration * change. */ public ConfigChangeResult applyConfigurationDelete(ConfigEntry configEntry) { assert debugEnter(CLASS_NAME, "applyConfigurationDelete", String.valueOf(configEntry)); DN configEntryDN = configEntry.getDN(); ResultCode resultCode = ResultCode.SUCCESS; boolean adminActionRequired = false; // See if the entry is registered as an identity mapper. If so, deregister // it and stop the mapper. DirectoryServer.deregisterIdentityMapper(configEntryDN); IdentityMapper identityMapper = identityMappers.remove(configEntryDN); if (identityMapper != null) { identityMapper.finalizeIdentityManager(); } return new ConfigChangeResult(resultCode, adminActionRequired); } }