log.debug("Removing user entry from ldap");
}
}
int ldapVersion = LDAPConnection.LDAP_V3;
LDAPConnection lc = createLdapConnection();
final String dn;
final String certdn;
try {
// Extract the users DN from the cert.
certdn = CertTools.getSubjectDN(cert);
dn = constructLDAPDN(certdn, userDN);
} catch (Exception e) {
String msg = intres.getLocalizedMessage("publisher.errorldapdecode", "certificate");
log.error(msg, e);
throw new PublisherException(msg);
}
// Extract the users email from the cert.
String email = CertTools.getEMailAddress(cert);
// Check if the entry is already present, we will update it with the new certificate.
LDAPEntry oldEntry = searchOldEntity(username, ldapVersion, lc, certdn, userDN, email);
ArrayList modSet = null;
if (!CertTools.isCA(cert)) {
if (log.isDebugEnabled()) {
log.debug("Removing end user certificate from first available server of " + getHostnames());
}
if (oldEntry != null) {
if (removecert) {
// Don't try to remove the cert if there does not exist any
LDAPAttribute oldAttr = oldEntry.getAttribute(getUserCertAttribute());
if (oldAttr != null) {
modSet = getModificationSet(oldEntry, certdn, null, false, true, null);
LDAPAttribute attr = new LDAPAttribute(getUserCertAttribute());
modSet.add(new LDAPModification(LDAPModification.DELETE, attr));
} else {
String msg = intres.getLocalizedMessage("publisher.inforevokenocert");
log.info(msg);
}
}
} else {
String msg = intres.getLocalizedMessage("publisher.errorrevokenoentry");
log.error(msg);
throw new PublisherException(msg);
}
} else {
// Removal of CA certificate isn't support because of object class restrictions
if (log.isDebugEnabled()) {
log.debug("Not removing CA certificate from first available server of " + getHostnames() + ", because of object class restrictions.");
}
}
// Try all the listed servers
Iterator servers = getHostnameList().iterator();
boolean connectionFailed;
do {
connectionFailed = false;
String currentServer =(String) servers.next();
if (log.isDebugEnabled()) {
log.debug("currentServer: "+currentServer);
}
try {
TCPTool.probeConnectionLDAP(currentServer, Integer.parseInt(getPort()), getConnectionTimeOut()); // Avoid waiting for halfdead-servers
lc.connect(currentServer, Integer.parseInt(getPort()));
// authenticate to the server
lc.bind(ldapVersion, getLoginDN(), getLoginPassword().getBytes("UTF8"), ldapBindConstraints);
// Add or modify the entry
if (oldEntry != null && modSet != null && getModifyExistingUsers()) {
if (removecert) {
LDAPModification[] mods = new LDAPModification[modSet.size()];
mods = (LDAPModification[])modSet.toArray(mods);
lc.modify(oldEntry.getDN(), mods, ldapStoreConstraints);
}
if (removeuser) {
lc.delete(oldEntry.getDN(), ldapStoreConstraints);
}
String msg = intres.getLocalizedMessage("publisher.ldapremove", dn);
log.info(msg);
} else {
if (log.isDebugEnabled()) {
if (oldEntry == null) {
log.debug("Not modifying LDAP entry because there is no existing entry.");
}
if (modSet == null) {
log.debug("Not modifying LDAP entry because we don't have anything to modify.");
}
if (!getModifyExistingUsers()) {
log.debug("Not modifying LDAP entry because we're not configured to do so.");
}
}
}
} catch (LDAPException e) {
connectionFailed = true;
if (servers.hasNext()) {
log.warn("Failed to publish to " + currentServer + ". Trying next in list.");
} else {
String msg = intres.getLocalizedMessage("publisher.errorldapremove", dn);
log.error(msg, e);
throw new PublisherException(msg);
}
} catch (UnsupportedEncodingException e) {
String msg = intres.getLocalizedMessage("publisher.errorpassword", getLoginPassword());
log.error(msg, e);
throw new PublisherException(msg);
} finally {
// disconnect with the server
try {
lc.disconnect(ldapDisconnectConstraints);
} catch (LDAPException e) {
String msg = intres.getLocalizedMessage("publisher.errordisconnect");
log.error(msg, e);
}
}