Examples of org.apache.directory.api.ldap.model.message.ModifyRequest

• org.apache.directory.api.ldap.model.message.ModifyRequest
  Modify request protocol message used to alter the attributes and values of an existing entry. Here's what RFC 2255 says about it:

   4.6. Modify Operation The Modify Operation allows a client to request that a modification of an entry be performed on its behalf by a server.  The Modify Request is defined as follows: ModifyRequest ::= [APPLICATION 6] SEQUENCE { object          LDAPDN, modification    SEQUENCE OF SEQUENCE { operation       ENUMERATED { add     (0), delete  (1), replace (2) }, modification    AttributeTypeAndValues } } AttributeTypeAndValues ::= SEQUENCE { type    AttributeDescription, vals    SET OF AttributeValue } Parameters of the Modify Request are: - object: The object to be modified. The value of this field contains the Dn of the entry to be modified.  The server will not perform any alias dereferencing in determining the object to be modified. - modification: A list of modifications to be performed on the entry. The entire list of entry modifications MUST be performed in the order they are listed, as a single atomic operation.  While individual modifications may violate the directory schema, the resulting entry after the entire list of modifications is performed MUST conform to the requirements of the directory schema. The values that may be taken on by the 'operation' field in each modification construct have the following semantics respectively: add: add values listed to the given attribute, creating the attribute if necessary; delete: delete values listed from the given attribute, removing the entire attribute if no values are listed, or if all current values of the attribute are listed for deletion; replace: replace all existing values of the given attribute with the new values listed, creating the attribute if it did not already exist.  A replace with no value will delete the entire attribute if it exists, and is ignored if the attribute does not exist. 

  Notice that we tried to leverage as much as we already can from the JNDI. Both the Names and ModificationItems are used here to make the API as easy as possible to understand. We do not attempt here to write a JNDI provider which losses the explicit request type usage that we are looking for. Also note that this library is both for the client side as well as the server side unlike the JNDI which is strictly for the client side. From the JNDI we borrow good ideas and familiar signatures, interfaces and classes where we can. @author Apache Directory Project

        assertTrue( providerSession.exists( provUser.getDn() ) );
        assertTrue( checkEntryReplicated( provUser.getDn() ) );

        // modify the entry and check it is replicated
        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( provUser.getDn() );
        modReq.add( "userPassword", "secret" );

        System.out.println( ">--------------------------------------- Modifying " + modReq );
        providerSession.modify( modReq );
        System.out.println( ">--------------------------------------- Modified " );

        userConnection.close();

        // test deleting the password, it should clear all the ppolicy related attributes except the ppolicy subentry

        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        modReq.addControl( PP_REQ_CTRL );
        modReq.remove( userEntry.get( SchemaConstants.USER_PASSWORD_AT ) );

        ModifyResponse modResp = adminConnection.modify( modReq );
        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );

        userEntry = adminConnection.lookup( userDn, "+" );

        assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() );

        userEntry = adminConnection.lookup( userDn, "*", "+" );
        assertEquals( userDn.getName(), userEntry.get( "pwdPolicySubEntry" ).getString() );

        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        String modSubEntryDn = "cn=policy,ou=system";
        modReq.replace( "pwdPolicySubEntry", modSubEntryDn );
        ModifyResponse modResp = adminConnection.modify( modReq );
        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );

        userEntry = adminConnection.lookup( userDn, "*", "+" );
        assertEquals( modSubEntryDn, userEntry.get( "pwdPolicySubEntry" ).getString() );

        // try to modify the subentry as a non-admin
        adminConnection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
        adminConnection.bind( userDn.getName(), password );

        modResp = adminConnection.modify( modReq );
        modReq.replace( "pwdPolicySubEntry", userDn.getName() );
        assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, modResp.getLdapResult().getResultCode() );
        adminConnection.close();
    }

        Attribute pwdGraceAuthUseTime = userEntry.get( PasswordPolicySchemaConstants.PWD_GRACE_USE_TIME_AT );
        assertNotNull( pwdGraceAuthUseTime );

        Attribute pwdChangedTime = userEntry.get( PasswordPolicySchemaConstants.PWD_CHANGED_TIME_AT );

        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        modReq.replace( SchemaConstants.USER_PASSWORD_AT, "secret1" );
        ModifyResponse modResp = userConnection.modify( modReq );
        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );

        userEntry = adminConnection.lookup( userDn, "+" );
        pwdGraceAuthUseTime = userEntry.get( PasswordPolicySchemaConstants.PWD_GRACE_USE_TIME_AT );

        // We should be able to bind
        checkBindSuccess( userDn, "12345" );

        // Now, try to change the password
        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        modReq.addControl( PP_REQ_CTRL );
        modReq.replace( "userPassword", "67890" );

        userConnection = getNetworkConnectionAs( getLdapServer(), userDn.getName(), "12345" );
        userConnection.setTimeOut( 0L );

        ModifyResponse modifyResponse = userConnection.modify( modReq );

            throw new IllegalArgumentException( msg );
        }

        int newId = messageId.incrementAndGet();

        ModifyRequest modifyRequest = new ModifyRequestImpl();
        modifyRequest.setMessageId( newId );

        modifyRequest.setName( dn );

        for ( Modification modification : modifications )
        {
            modifyRequest.addModification( modification );
        }

        ModifyResponse modifyResponse = modify( modifyRequest );

        processResponse( modifyResponse );

            LOG.debug( "received a null entry for modification" );
            throw new IllegalArgumentException( "Entry to be modified cannot be null" );
        }

        int newId = messageId.incrementAndGet();
        ModifyRequest modifyRequest = new ModifyRequestImpl();
        modifyRequest.setMessageId( newId );

        modifyRequest.setName( entry.getDn() );

        Iterator<Attribute> itr = entry.iterator();

        while ( itr.hasNext() )
        {
            modifyRequest.addModification( new DefaultModification( modOp, itr.next() ) );
        }

        ModifyResponse modifyResponse = modify( modifyRequest );

        processResponse( modifyResponse );

            hostName = "localhost";
        }
        String servicePrincipal = "ldap/" + hostName + "@EXAMPLE.COM";
        getLdapServer().setSaslPrincipal( servicePrincipal );

        ModifyRequest modifyRequest = new ModifyRequestImpl();
        modifyRequest.setName( new Dn( "uid=ldap,ou=users,dc=example,dc=com" ) );
        modifyRequest.replace( "userPassword", "randall" );
        modifyRequest.replace( "krb5PrincipalName", servicePrincipal );
        getService().getAdminSession().modify( modifyRequest );
    }

        userConnection.close();

        // test deleting the password, it should clear all the ppolicy related attributes except the ppolicy subentry

        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        modReq.addControl( PP_REQ_CTRL );
        modReq.remove( userEntry.get( SchemaConstants.USER_PASSWORD_AT ) );

        ModifyResponse modResp = adminConnection.modify( modReq );
        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );

        userEntry = adminConnection.lookup( userDn, "+" );

        assertEquals( ResultCodeEnum.SUCCESS, addResp.getLdapResult().getResultCode() );

        userEntry = adminConnection.lookup( userDn, "*", "+" );
        assertEquals( userDn.getName(), userEntry.get( "pwdPolicySubEntry" ).getString() );

        ModifyRequest modReq = new ModifyRequestImpl();
        modReq.setName( userDn );
        String modSubEntryDn = "cn=policy,ou=system";
        modReq.replace( "pwdPolicySubEntry", modSubEntryDn );
        ModifyResponse modResp = adminConnection.modify( modReq );
        assertEquals( ResultCodeEnum.SUCCESS, modResp.getLdapResult().getResultCode() );

        userEntry = adminConnection.lookup( userDn, "*", "+" );
        assertEquals( modSubEntryDn, userEntry.get( "pwdPolicySubEntry" ).getString() );

        // try to modify the subentry as a non-admin
        adminConnection = new LdapNetworkConnection( "localhost", getLdapServer().getPort() );
        adminConnection.bind( userDn.getName(), password );

        modResp = adminConnection.modify( modReq );
        modReq.replace( "pwdPolicySubEntry", userDn.getName() );
        assertEquals( ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS, modResp.getLdapResult().getResultCode() );
        adminConnection.close();
    }