Examples of org.apache.directory.api.ldap.model.message.ModifyRequest

• org.apache.directory.api.ldap.model.message.ModifyRequest
  Modify request protocol message used to alter the attributes and values of an existing entry. Here's what RFC 2255 says about it:

   4.6. Modify Operation The Modify Operation allows a client to request that a modification of an entry be performed on its behalf by a server.  The Modify Request is defined as follows: ModifyRequest ::= [APPLICATION 6] SEQUENCE { object          LDAPDN, modification    SEQUENCE OF SEQUENCE { operation       ENUMERATED { add     (0), delete  (1), replace (2) }, modification    AttributeTypeAndValues } } AttributeTypeAndValues ::= SEQUENCE { type    AttributeDescription, vals    SET OF AttributeValue } Parameters of the Modify Request are: - object: The object to be modified. The value of this field contains the Dn of the entry to be modified.  The server will not perform any alias dereferencing in determining the object to be modified. - modification: A list of modifications to be performed on the entry. The entire list of entry modifications MUST be performed in the order they are listed, as a single atomic operation.  While individual modifications may violate the directory schema, the resulting entry after the entire list of modifications is performed MUST conform to the requirements of the directory schema. The values that may be taken on by the 'operation' field in each modification construct have the following semantics respectively: add: add values listed to the given attribute, creating the attribute if necessary; delete: delete values listed from the given attribute, removing the entire attribute if no values are listed, or if all current values of the attribute are listed for deletion; replace: replace all existing values of the given attribute with the new values listed, creating the attribute if it did not already exist.  A replace with no value will delete the entire attribute if it exists, and is ignored if the attribute does not exist. 

  Notice that we tried to leverage as much as we already can from the JNDI. Both the Names and ModificationItems are used here to make the API as easy as possible to understand. We do not attempt here to write a JNDI provider which losses the explicit request type usage that we are looking for. Also note that this library is both for the client side as well as the server side unlike the JNDI which is strictly for the client side. From the JNDI we borrow good ideas and familiar signatures, interfaces and classes where we can. @author Apache Directory Project

     * @throws Exception if there is a problem adding the attribute
     */
    public static void removeEntryACI( Dn dn ) throws Exception
    {
        // modify the entry relative to ou=system to include the aciItem
        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( dn );
        modReq.remove( new DefaultAttribute( "entryACI" ) );

        getAdminConnection().modify( modReq );
    }

     * @throws Exception if there is a problem adding the attribute
     */
    public static void addSubentryACI( String aciItem ) throws Exception
    {
        // modify the entry relative to ou=system to include the aciItem
        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( new Dn( "ou=system" ) );
        modReq.add( "subentryACI", aciItem );
        getAdminConnection().modify( modReq );
    }

     * @param aciItem the new value for the ACI item
     * @throws Exception if the modify fails
     */
    public static void changePresciptiveACI( String cn, String aciItem ) throws Exception
    {
        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( new Dn( "cn=" + cn + ",ou=system" ) );
        modReq.replace( "prescriptiveACI", aciItem );
        getAdminConnection().modify( modReq );
    }

    }


    public static void addPrescriptiveACI( String cn, String aciItem ) throws Exception
    {
        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( new Dn( "cn=" + cn + ",ou=system" ) );
        modReq.add( "prescriptiveACI", aciItem );
        getAdminConnection().modify( modReq );
    }

            hostName = "localhost";
        }
        String servicePrincipal = "ldap/" + hostName + "@EXAMPLE.COM";
        getLdapServer().setSaslPrincipal( servicePrincipal );

        ModifyRequest modifyRequest = new ModifyRequestImpl();
        modifyRequest.setName( new Dn( "uid=ldap,ou=users,dc=example,dc=com" ) );
        modifyRequest.replace( "userPassword", "randall" );
        modifyRequest.replace( "krb5PrincipalName", servicePrincipal );
        getService().getAdminSession().modify( modifyRequest );
    }

        userConnection.close();

        // test deleting the password, it should clear all the ppolicy related attributes except the ppolicy subentry

        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        modReq.addControl( PP_REQ_CTRL );
        modReq.remove( userEntry.get( SchemaConstants.USER_PASSWORD_AT ) );

        ModifyResponse modResp = adminConnection.modify( modReq );
        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );

        userEntry = adminConnection.lookup( userDn, "+" );

        assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() );

        PasswordPolicy respCtrl = getPwdRespCtrl( addResp );
        assertNull( respCtrl );

        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        modReq.addControl( PP_REQ_CTRL );
        modReq.replace( SchemaConstants.USER_PASSWORD_AT, "123456" );

        ModifyResponse modResp = connection.modify( modReq );
        assertEquals( ResultCodeEnum.CONSTRAINT_VIOLATION, modResp.getLdapResult().getResultCode() );

        respCtrl = getPwdRespCtrl( modResp );

        Attribute pwdHistAt = entry.get( PasswordPolicySchemaConstants.PWD_HISTORY_AT );
        assertNotNull( pwdHistAt );
        assertEquals( 1, pwdHistAt.size() );

        Thread.sleep( 1000 );// to avoid creating a history value with the same timestamp
        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        modReq.addControl( PP_REQ_CTRL );
        modReq.replace( SchemaConstants.USER_PASSWORD_AT, "67891" );

        connection.modify( modReq );

        entry = connection.lookup( userDn, "*", "+" );

        pwdHistAt = entry.get( PasswordPolicySchemaConstants.PWD_HISTORY_AT );
        assertNotNull( pwdHistAt );
        assertEquals( 2, pwdHistAt.size() );

        Thread.sleep( 1000 );// to avoid creating a history value with the same timestamp
        modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        modReq.addControl( PP_REQ_CTRL );
        modReq.replace( SchemaConstants.USER_PASSWORD_AT, "abcde" );

        ModifyResponse modResp = connection.modify( modReq );
        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );

        entry = connection.lookup( userDn, "*", "+" );

        assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() );

        userEntry = connection.lookup( userDn, "*", "+" );
        assertEquals( userDn.getName(), userEntry.get( "pwdPolicySubEntry" ).getString() );

        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        String modSubEntryDn = "cn=policy,ou=system";
        modReq.replace( "pwdPolicySubEntry", modSubEntryDn );
        ModifyResponse modResp = connection.modify( modReq );
        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );

        userEntry = connection.lookup( userDn, "*", "+" );
        assertEquals( modSubEntryDn, userEntry.get( "pwdPolicySubEntry" ).getString() );

        // try to modify the subentry as a non-admin
        connection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
        connection.bind( userDn.getName(), password );

        modResp = connection.modify( modReq );
        modReq.replace( "pwdPolicySubEntry", userDn.getName() );
        assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, modResp.getLdapResult().getResultCode() );
    }

        Attribute pwdGraceAuthUseTime = userEntry.get( PasswordPolicySchemaConstants.PWD_GRACE_USE_TIME_AT );
        assertNotNull( pwdGraceAuthUseTime );

        Attribute pwdChangedTime = userEntry.get( PasswordPolicySchemaConstants.PWD_CHANGED_TIME_AT );

        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        modReq.replace( SchemaConstants.USER_PASSWORD_AT, "secret1" );
        ModifyResponse modResp = userConnection.modify( modReq );
        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );

        userEntry = adminConnection.lookup( userDn, "+" );
        pwdGraceAuthUseTime = userEntry.get( PasswordPolicySchemaConstants.PWD_GRACE_USE_TIME_AT );