Package com.isode.dsapi

Class DirectorySession

java.lang.Object

com.isode.dsapi.DirectorySession

All Implemented Interfaces:

SWIG_DSAPIConstants

Direct Known Subclasses:

IsodeDirectorySession

public class DirectorySession
extends Object
implements SWIG_DSAPIConstants

Each DirectorySession object represents a connection to a particular directory.

To use a DirectorySession object, callers typically use code of the form:

    DirectorySession sess = new DirectorySession(presaddr);
    .
    .
    sess.bind(bindDN, password, null); // simple bind; no common args
 

that is, specify an address when constructing the object (which will validate the address format), and then attempt to bind as a separate operation.

Note that re-binding is not currently supported; that is, once a successful bind operation has been performed, a subsequent attempt to perform another bind on the same session will result in a NotImplementedException being thrown. This restriction also applies to sessions which have been bound and then unbound.

With some exceptions that are noted in the documentation, DirectorySession objects may be safely shared between multiple threads. So, for example, several separate threads may use the same DirectorySession to perform reads and writes to a given directory. Note that there is no explicit guarantee, in the case of multiple outstanding operations, as to the ordering of operations.

In the case that an application wishes to execute a series of discrete directory operations in a single transaction, without risking another thread performing operations that might invalidate the transaction, callers should synchronize on the DirectorySession object. For example:

   synchronize(session) {
          session.delete(oldDN, null);
          session.rename(newDN, oldDN, null);
   }
 

Obviously, such synchronization cannot protect against problems caused by other directory clients which may be accessing the directory.

Note this class can only be used after a successful call has been made to DSapi.initialize().

See Also:

• DSapi.initialize()

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	DirectorySession.ConnectionState	Used to report the state of a session: whether and how it is bound.
static class	DirectorySession.PendingOperation	A PendingOperation object keeps track of an asynchronous directory operation.
static class	DirectorySession.SessionCertificates	A SessionCertificates object is used to return information about the certificates presented by a server during a strong bind (either DAP or LDAP/TLS negotiation).

Field Summary

Fields

Modifier and Type	Field	Description
protected DN	baseDN	Base DN.
static final int	BIND_ANONYMOUS	Bind type: anonymous bind.
static final int	BIND_NONE	Bind type: no bind.
static final int	BIND_SIMPLE	Bind type: simple bind
static final int	BIND_STRONG	Bind type: strong bind.
CommonArgs	defaultCommonArgs	Default common arguments for directory operations.
static final String	MATCHALL	Filter string which matches all entries: "(objectclass=*)".
static final int	SCOPE_BASE	Used to request a search of just the base object.
static final int	SCOPE_ONELEVEL	Used to request a search of entries immediately beneath the base object.
static final int	SCOPE_SUBTREE	Used to request a search of entries in the entire tree below the base object.

Fields inherited from interface com.isode.dsapi.SWIG_DSAPIConstants

DS_BOOL_TYPE, DS_BYTES_TYPE, DS_E_AB_CANNOTABANDON, DS_E_AB_NOSUCHOPERATION, DS_E_AB_TOOLATE, DS_E_ABANDONED, DS_E_ABANDONFAILED, DS_E_ABORTED, DS_E_AT_CONSTRAINTVIOLATION, DS_E_AT_INAPPROPRIATEMATCHING, DS_E_AT_INVALIDATTRIBUTESYNTAX, DS_E_AT_NOSUCHATTRIBUTE, DS_E_AT_TYPEORVALUEEXISTS, DS_E_AT_UNDEFINEDATTRIBUTETYPE, DS_E_ATTRIBUTE, DS_E_BADADDR, DS_E_BADATTRSYNTAX, DS_E_BADATTRTYPE, DS_E_BADATTRVALUE, DS_E_BADDN, DS_E_BADENTRY, DS_E_BADFILTER, DS_E_BADPARAM, DS_E_CONNECTIONLOST, DS_E_DSAREFERRAL, DS_E_DSOPFAILED, DS_E_INTERNAL, DS_E_LOCAL, DS_E_NAME, DS_E_NAME_ALIASDEREFERENCE, DS_E_NAME_ALIASPROBLEM, DS_E_NAME_INVALIDATTRIBUTESYNTAX, DS_E_NAME_NOSUCHOBJECT, DS_E_NOERROR, DS_E_NOINFO, DS_E_NOMEMORY, DS_E_NOSPACE, DS_E_NOTBOUND, DS_E_NOTFOUND, DS_E_NOTIMPLEMENTED, DS_E_OPFAILED, DS_E_REFERRAL, DS_E_REMOTE, DS_E_SEC_ACCESSRIGHTS, DS_E_SEC_AUTHENTICATION, DS_E_SEC_INVALIDCREDENTIALS, DS_E_SEC_INVALIDSIGNATURE, DS_E_SEC_NOINFORMATION, DS_E_SEC_PROTECTIONREQUIRED, DS_E_SECURITY, DS_E_SERVICE, DS_E_SIGNEDOPFAILED, DS_E_SUCCESS, DS_E_SVC_ADMINISTRATIVELIMITEXCEEDED, DS_E_SVC_BUSY, DS_E_SVC_CHAININGREQUIRED, DS_E_SVC_DITERROR, DS_E_SVC_INVALIDQUERYREFERENCE, DS_E_SVC_INVALIDREFERENCE, DS_E_SVC_LOOPDETECTED, DS_E_SVC_OUTOFSCOPE, DS_E_SVC_TIMELIMITEXCEEDED, DS_E_SVC_UNABLETOPROCEED, DS_E_SVC_UNAVAILABLE, DS_E_SVC_UNAVAILABLECRITICALEXTENSION, DS_E_SVC_UNWILLINGTOPERFORM, DS_E_UNKNOWN, DS_E_UPD_AFFECTSMULTIPLEDSAS, DS_E_UPD_ALREADYEXISTS, DS_E_UPD_NAMINGVIOLATION, DS_E_UPD_NOOBJECTCLASSMODS, DS_E_UPD_NOTONNONLEAF, DS_E_UPD_NOTONRDN, DS_E_UPD_OBJECTCLASSVIOLATION, DS_E_UPDATE, DS_E_X509, DS_E_X509_RESULTSDISCARDED, DS_EXT_OPT_MANAGEDSAIT, DS_EXT_OPT_USEALIASONUPDATE, DS_INT_TYPE, DS_PARAM_TYPE_MASK, DS_PP_ACCOUNT_LOCKED, DS_PP_CHANGE_AFTER_RESET, DS_PP_INSUFFICIENT_PASSWORD_QUALITY, DS_PP_MUST_SUPPLY_OLD_PASSWORD, DS_PP_NO_ERROR, DS_PP_PASSWORD_EXPIRED, DS_PP_PASSWORD_IN_HISTORY, DS_PP_PASSWORD_MOD_NOT_ALLOWED, DS_PP_PASSWORD_TOO_SHORT, DS_PP_PASSWORD_TOO_YOUNG, DS_SASL_BEST_SSF, DS_SEC_DISABLEVERIFICATION, DS_SEC_ENCRYPTED, DS_SEC_SIGNED, DS_STR_TYPE, DS_SVC_OPT_ATTRSONLY, DS_SVC_OPT_CHAININGPROHIBIT, DS_SVC_OPT_COPYSHALLDO, DS_SVC_OPT_DONTDEREFALIAS, DS_SVC_OPT_DONTUSECOPY, DS_SVC_OPT_LOCALSCOPE, DS_SVC_OPT_PAGESIZE, DS_SVC_OPT_PREFERCHAIN, DS_SVC_OPT_SEARCHALIASES, DS_SVC_OPT_SUBENTRIES, DS_SVC_OPT_TXNID, DS_SVC_PASSWORDPOLICY, DS_SVC_PRIORITY, DS_SVC_SIZELIMIT, DS_SVC_TIMELIMIT, DSActionAbort, DSActionContinue, DSAnonymous, DSAPI_VERSION, DSConnectionAnonymous, DSConnectionBound, DSConnectionLost, DSConnectionSasl, DSConnectionSimple, DSConnectionStrong, DSEntryAdd, DSEntryDelete, DSEntryModify, DSEntryNormal, DSEntryRename, DSLimitAdminLimitExceeded, DSLimitNoProblem, DSLimitSizeExceeded, DSLimitTimeExceeded, DSModAdd, DSModDelete, DSModReplace, DSNotYetConnected, DSSASL, DSScopeBaseObject, DSScopeOneLevel, DSScopeSubtree, DSSimple, DSStrong, DSUnbound, DSVerificationFailed, JAVADSAPI_VERSION

Constructor Summary

Constructors

Constructor	Description
DirectorySession(String addr)	Constructs a new object and verifies with that the specified address is valid.
DirectorySession(String addr, boolean startTLS)	Constructs a new object and verifies with that the specified address is valid.

Method Summary

Modifier and Type	Method	Description
Indication	add(AddEntry entry, CommonArgs cargs)	Add an entry synchronously
Indication	apply(ChangeEntry entry, CommonArgs cargs)	Apply any one of the four types of ChangeEntry to the directory: ModifyEntry, AddEntry, DeleteEntry or RenameEntry.
Indication	bind(BindParams bindParams, CommonArgs cargs)	Bind using a BindParams object.
Indication	bind(CommonArgs cargs)	Perform a synchronous anonymous bind.
Indication	bind(DN dsaDN, DN userDN, String passphrase, CommonArgs cargs)	Perform a strong bind.
Indication	bind(DN bindDN, String password, CommonArgs cargs)	Perform a synchronous simple bind.
Indication	compare(DN dn, Attribute attr, CommonArgs cargs)	Perform a comparison of a particular attribute value for an entry in the directory.
Indication	delete(DN dn, CommonArgs cargs)	Remove an entry synchronously.
static String	filterString(String filter)	LDAP-style encoding of values used in search filter definition.
protected void	finalize()	Releases any native structures associated with this object.
boolean	getAllowUnknownAttrs()	Get the 'allow unknown attributes' flag.
int	getBindType()	Deprecated. callers should use getConnectionState(), which returns more comprehensive and accurate information about current connection state.
String	getBoundAddress()	Return the presentation address that we last successfully bound to, or null if not bound.
CommonArgs	getCommonArgsWithTransaction(CommonArgs user_args, byte[] transactionID)	This call returns a set of common arguments in the same way as getCommonArgs, but adds the given transactionID.
DirectorySession.ConnectionState	getConnectionState()	Determine the connection state of the DirectorySession following the most recent directory operation.
String	getPresentationAddress()	Return the presentation address specified when this object was constructed.
DirectorySession.SessionCertificates	getSessionCertificates()	Retrieve information about the certificates that were presented by directory server during a strong bind connection (either DAP or LDAP).
boolean	isBound()	Determine whether the session is bound.
Indication	modify(ModifyEntry updatedEntry, CommonArgs cargs)	Modify an entry synchronously.
protected void	postBindHook()	This method allows subclasses the opportunity to perform operations after a successful bind operation: it will be called after a directory session is bound.
protected void	postUnbindHook()	This method allows subclasses the opportunity to perform any post-unbind cleanup; it will be called after each unbind operation.
protected void	preBindHook()	This method allows subclasses the opportunity to perform any pre-unbind cleanup; it will be called before each unbind operation.
protected void	preUnbindHook()	This method allows subclasses the opportunity to perform any pre-unbind cleanup; it will be called before each unbind operation.
Indication	read(DN dn, Selection sel, CommonArgs cargs)	Perform a synchronous read of a directory entry.
DirectorySession.PendingOperation	readAsync(DN dn, Selection sel, CommonArgs cargs)	Initiate an asynchronous read of a directory entry.
Entry	readEntry(DN dn, Selection sel, CommonArgs cargs)	Perform a synchronous read of a specific directory entry and return an Entry object if the entry exists, and null if the entry does not exist (rather than a NoSuchEntryException.
Indication	rename(DN originalDN, DN newSuperior, RDN newRDN, CommonArgs cargs)	Synchronous rename of an entry.
Indication	search(DN baseDN, String filter, int scope, Selection sel, CommonArgs cargs)	Perform a synchronous directory search.
Indication	search(DN baseDN, String filter, int scope, Selection sel, CommonArgs cargs, int pageSize)	Perform a search, requesting paged results from the server.
Indication	searchOneLevel(DN baseDN, String filter, Selection selection)	Perform a search of entries directly below a specified entry in the directory.
Indication	searchOneLevel(DN baseDN, String filter, Selection selection, CommonArgs cargs)	Perform a search of entries directly below a specified entry in the directory.
Indication	searchSubTree(DN baseDN, String filter, Selection selection)	Perform a search of the tree of entries specified entry in the directory.
void	setAllowUnknownAttrs(boolean flag)	Set or clear the 'allow unknown attributes' flag.
SigVerifyFailHandler	setSigVerifyFailHandler(SigVerifyFailHandler handler)	Set the handler called for signature verification failures.
String	toString()	Returns a String representation of this object
Indication	txnend(byte[] txn_id, boolean commit)	Start transaction.
Indication	txnstart()	Start transaction.
void	unbind()	Unbind from the directory.

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

SCOPE_BASE

public static final int SCOPE_BASE

Used to request a search of just the base object.

See Also:

• Constant Field Values

SCOPE_ONELEVEL

public static final int SCOPE_ONELEVEL

Used to request a search of entries immediately beneath the base object.

See Also:

• Constant Field Values

SCOPE_SUBTREE

public static final int SCOPE_SUBTREE

Used to request a search of entries in the entire tree below the base object.

See Also:

• Constant Field Values

MATCHALL

public static final String MATCHALL

Filter string which matches all entries: "(objectclass=*)".

See Also:

• Constant Field Values

BIND_NONE

public static final int BIND_NONE

Bind type: no bind.

See Also:

• Constant Field Values

BIND_ANONYMOUS

public static final int BIND_ANONYMOUS

Bind type: anonymous bind.

See Also:

• Constant Field Values

BIND_SIMPLE

public static final int BIND_SIMPLE

Bind type: simple bind

See Also:

• Constant Field Values

BIND_STRONG

public static final int BIND_STRONG

Bind type: strong bind.

See Also:

• Constant Field Values

defaultCommonArgs

public CommonArgs defaultCommonArgs

Default common arguments for directory operations. In all cases where a CommonArgs is required, this object contains a set of default common arguments which are used in the absence of any user specified argument. For example:

   DirectorySession ds = new DirectorySession(presAddr);
   .
   .
   // This search will have a size limit of 20, and will be a signed
   // operation. Other common arguments will be as defined in
   // the CommonArgs.setDefaults() method.
   ds.defaultCommonArgs.setSizeLimit(20);
   ds.defaultCommonArgs.setSigned(true);

   Indication ind = ds.search(baseDN,filter,scope,sel, null);

   // This search will have a size limit of 30, with all other arguments
   // default according to CommonArgs.setDefault(). The size limit and
   // signed option previously changed in the session defaultCommonArgs
   // are *not* used because the caller has specified their own set of
   // common arguments.
   CommonArgs myca = new CommonArgs();
   myca.setSizeLimit(30);

   Indication ind = ds.search(baseDN,filter,scope,sel,myca);
 

Note that changing this variable changes the default CommonArgs for all users of this DirectorySession. If you wish to make a temporary change to this variable for a series of operations, you can make sure that it does not affect other users of the DirectorySession by surrounding the code with a synchronized block, e.g.

  synchronized(session) {
     CommonArgs oldCA = session.defaultCommonArgs;
     session.defaultCommonArgs = ...;
     // do directory operations
     session.defaultCommonArgs = oldCA;
  }
 

While one thread is executing in such a synchronized block, any other threads which wish to perform operations on the same DirectorySession will be blocked.

baseDN

protected DN baseDN

Base DN. For use by Isode software only.

Constructor Details

DirectorySession

public DirectorySession(String addr,
 boolean startTLS)
                 throws BadAddressException,
NativeLibraryException

Constructs a new object and verifies with that the specified address is valid.

Parameters:

addr - the presentation address of the remote DSA, which must not be null.

startTLS - true to force plain LDAP connections to use the startTLS extension (ignored for LDAPS and DAP connections)

Throws:

BadAddressException - if addr is null or is not a valid presentation address.

NativeLibraryException - if an unrecoverable error was detected by the native library

See Also:

• anonymous bind
• simple bind
• strong bind
• bind with BindParams (allows SASL bind)

DirectorySession

public DirectorySession(String addr)
                 throws BadAddressException,
NativeLibraryException

Constructs a new object and verifies with that the specified address is valid.

Parameters:

addr - the presentation address of the remote DSA, which must not be null.

Throws:

BadAddressException - if addr is null or is not a valid presentation address.

NativeLibraryException - if an unrecoverable error was detected by the native library

See Also:

• anonymous bind
• simple bind
• strong bind
• bind with BindParams (allows SASL bind)

Method Details

setAllowUnknownAttrs

public void setAllowUnknownAttrs(boolean flag)

Set or clear the 'allow unknown attributes' flag. Normally, an attempt to read data from a directory that is operating with an incompatible schema may result in exceptions such as BadAttributeTypeException. In the case of LDAP directories, this flag may be used to prevent such exceptions being thrown: instead of an exception, any attribute-types which are unknown to the local schema will be returned as 'unknown' attributes with an 'octetstring' syntax. Such attributes may subsequently be used in another LDAP operation, or written to an LDIF file, but not send over DAP.

This method has no effect for DAP connections.

Parameters:

flag - true to allow unknown attributes, false not to allow (which is the default behaviour).

getAllowUnknownAttrs

public boolean getAllowUnknownAttrs()

Get the 'allow unknown attributes' flag.

Returns:

true if unknown attributes are allowed, false otherwise.

bind

public Indication bind(CommonArgs cargs)
                throws NotBoundException,
IndicationException,
NotImplementedException,
NativeLibraryException

Perform a synchronous anonymous bind.

Parameters:

cargs - CommonArgs; may be null.

Returns:

an Indication containing the result of the bind.

Throws:

IndicationException - the bind failed but threw an IndicationException that provides additional information about the failure.

NotBoundException - if the connection attempt to the server failed.

NotImplementedException - the session has previously been bound, and cannot be re-bound. The session will remain in its previous state.

NativeLibraryException - if an unrecoverable error was detected by the native library

bind

public Indication bind(DN bindDN,
 String password,
 CommonArgs cargs)
                throws NotBoundException,
NativeLibraryException,
NullPointerException,
NotImplementedException,
IndicationException

Perform a synchronous simple bind.

Parameters:

bindDN - The bind DN. This may not be null.

password - The bind password. This may not be null.

cargs - CommonArgs; may be null.

Returns:

an Indication containing the result of the bind

Throws:

IndicationException - the bind failed but threw an IndicationException that provides additional information about the failure.

NullPointerException - if addr, bindDN, or password is null.

NotBoundException - if the connection attempt to the server failed.

NotImplementedException - if this session has already been bound (in which case the session will remain in its previous state).

NativeLibraryException - if an unrecoverable error was detected by the native library

bind

public Indication bind(DN dsaDN,
 DN userDN,
 String passphrase,
 CommonArgs cargs)
                throws NotBoundException,
NotImplementedException,
NativeLibraryException,
IndicationException,
NullPointerException

Perform a strong bind. The supplied passphrase is used to decrypt X.509 identities in a search for one matching userDN. This identity is then used to establish a strongly authenticated connection to the DSA. The dsaDN is required in order to be able to verify the identity of the DSA.

Note that this method only supports a "strong" bind for DAP connections (not LDAP). An attempt to perform a strong bind on an LDAP session will result in a NotImplementedException

Before using this method, the caller must already have initialized the X.509 libraries using DSapi.initializeSecurity(String). Failure to do so will result in this method throwing a NotImplementedException

Parameters:

dsaDN - the DN of the DSA to bind to (must not be null).

userDN - the user to connect as (may be null, in which case the first identity to match passphrase will be used).

passphrase - passphrase used to decrypt the user's identity. This must not be null.

cargs - CommonArgs; may be null.

Returns:

an Indication containing the result of the bind

Throws:

IndicationException - the bind failed but threw an IndicationException that provides additional information about the failure.

NotBoundException - if the connection attempt to the server failed.

NotImplementedException - if strong authentication is not available for this session, or if the session has previously been bound.

NullPointerException - if dsaDN, addr or passphrase is null.

NativeLibraryException - if an unrecoverable error was detected by the native library

unbind

public void unbind()
            throws NativeLibraryException

Unbind from the directory. It is safe to call this on a session which is already unbound, or not bound at all.

Throws:

NativeLibraryException - if an unrecoverable error was detected by the native library

txnstart

public Indication txnstart()
                    throws NativeLibraryException

Start transaction.

Throws:

NativeLibraryException - if an unrecoverable error was detected by the native library

txnend

public Indication txnend(byte[] txn_id,
 boolean commit)
                  throws NativeLibraryException

Start transaction.

Throws:

NativeLibraryException - if an unrecoverable error was detected by the native library

getBindType

public int getBindType()

Deprecated.

callers should use getConnectionState(), which returns more comprehensive and accurate information about current connection state.

Get bind type of current session, one of the BIND_* constants. The value returned by this method reflects the type of bind operation that was requested when the session was bound, but may not correspond with the actual state of the underlying connection. Callers should use getConnectionState() to obtain more accurate information.

Returns:

Bind type: BIND_NONE, BIND_ANONYMOUS, BIND_SIMPLE or BIND_STRONG.

read

public Indication read(DN dn,
 Selection sel,
 CommonArgs cargs)
                throws NativeLibraryException,
NoSuchAttributeException,
NoSuchEntryException,
NotBoundException,
NotImplementedException,
NullPointerException,
IndicationException,
SignedOpFailedException,
DirectoryOperationFailedException

Perform a synchronous read of a directory entry. For LDAP connections, this operation is equivalent to a search with SCOPE_BASE. Use sel to determine which attributes of the entry will be read.

Parameters:

dn - DN of the entry to read. Must not be null.

sel - Selection representing the required selection. Must not be null.

cargs - Common arguments, null indicates defaults.

Returns:

Result of the operation.

Throws:

NoSuchEntryException - if dn does not exist in the directory.

IndicationException - if the underlying layer returned an Indication that represents a failure status from the DSA.

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

NullPointerException - if dn or sel is null.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

SignedOpFailedException - if for a signed read, an error occurred when attempting to sign the read request.

NoSuchAttributeException - if sel names attributes which this entry does not contain.

NativeLibraryException - if an unrecoverable error was detected by the native library

readAsync

public DirectorySession.PendingOperation readAsync(DN dn,
 Selection sel,
 CommonArgs cargs)
                                            throws NativeLibraryException,
NotBoundException,
NotImplementedException,
NullPointerException,
DirectoryOperationFailedException

Initiate an asynchronous read of a directory entry. Use sel to determine which attributes of the entry will be read. Once the read operation has been issued, control is returned to the caller, who should use the returned PendingOperation object to check on the operation's progress, or to cancel it.

NOTE: this function is currently only supported for DAP connections.

Parameters:

dn - DN of the entry to read. Must not be null.

sel - Selection representing the required selection. Must not be null.

cargs - Common arguments, null indicates defaults.

Returns:

a PendingOperation object representing the read operation.

Throws:

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

NativeLibraryException - if an unrecoverable error was detected by the native library

NullPointerException - if dn or sel is null.

See Also:

• PendingOperation.poll()
• PendingOperation.cancel()

search

public Indication search(DN baseDN,
 String filter,
 int scope,
 Selection sel,
 CommonArgs cargs)
                  throws NotBoundException,
NoSuchEntryException,
NotImplementedException,
NativeLibraryException,
NullPointerException,
IndicationException,
BadFilterException,
DirectoryOperationFailedException,
SignedOpFailedException

Perform a synchronous directory search.

Parameters:

baseDN - The search base object. Must not be null.

filter - LDAP format string search filter, (which can be MATCHALL to match all entries). Must not be null.

scope - One of SCOPE_BASE, SCOPE_ONELEVEL or SCOPE_SUBTREE.

sel - Attribute selection. Must not be null.

cargs - Common arguments, null indicates defaults.

Returns:

An Indication containing the entries returned by the search. If no entries were found, then an Indication will be returned, but its entry count will be zero.

Throws:

NoSuchEntryException - if baseDN does not exist in the directory.

IndicationException - if the underlying layer returned an Indication that represents a failure status from the DSA.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

BadFilterException - if filter is not a valid search filter.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

NotBoundException - if this DirectorySession is not currently bound.

SignedOpFailedException - if for a signed search, an error occurred when attempting to sign the search request.

NullPointerException - if baseDN or filter or sel is null.

NativeLibraryException - if an unrecoverable error was detected by the native library

See Also:

• defaultCommonArgs

searchOneLevel

public Indication searchOneLevel(DN baseDN,
 String filter,
 Selection selection,
 CommonArgs cargs)
                          throws NotBoundException,
NoSuchEntryException,
NotImplementedException,
NativeLibraryException,
NullPointerException,
IndicationException,
BadFilterException,
DirectoryOperationFailedException,
SignedOpFailedException

Perform a search of entries directly below a specified entry in the directory.

This is a convenience method which calls search() using SCOPE_ONELEVEL.

Parameters:

baseDN - the object to search below

selection - a Selection representing the attributes to be returned

filter - a search filter, (which can be MATCHALL to match all entries).

cargs - Common arguments, null indicates defaults.

Returns:

an Indication containing the result of the search. This will contain no entries if no entries exist below baseDN.

Throws:

NoSuchEntryException - if baseDN does not exist in the directory.

IndicationException - if the underlying layer returned an Indication that represents a failure status from the DSA.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

SignedOpFailedException - if for a signed search, an error occurred when attempting to sign the search request.

BadFilterException - if filter is not a valid search filter.

NullPointerException - if baseDN or filter or sel is null.

NativeLibraryException - if an unrecoverable error was detected by the native library

See Also:

• defaultCommonArgs

searchOneLevel

public Indication searchOneLevel(DN baseDN,
 String filter,
 Selection selection)
                          throws NotBoundException,
NoSuchEntryException,
NotImplementedException,
NativeLibraryException,
NullPointerException,
IndicationException,
BadFilterException,
DirectoryOperationFailedException,
SignedOpFailedException

Perform a search of entries directly below a specified entry in the directory.

This is a convenience method which calls search() using SCOPE_ONELEVEL and defaultCommonArgs.

Parameters:

baseDN - the object to search below

selection - a Selection representing the attributes to be returned

filter - a search filter (which can be MATCHALL to match all entries).

Returns:

an Indication containing the result of the search. This will contain no entries if no entries exist below baseDN.

Throws:

NoSuchEntryException - if baseDN does not exist in the directory.

IndicationException - if the underlying layer returned an Indication that represents a failure status from the DSA.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

BadFilterException - if filter is not a valid search filter.

NullPointerException - if baseDN or filter or sel is null.

NativeLibraryException - if an unrecoverable error was detected by the native library

SignedOpFailedException - if for a signed search, an error occurred when attempting to sign the search request.

See Also:

• defaultCommonArgs

searchSubTree

public Indication searchSubTree(DN baseDN,
 String filter,
 Selection selection)
                         throws NotBoundException,
NoSuchEntryException,
NotImplementedException,
NativeLibraryException,
NullPointerException,
IndicationException,
BadFilterException,
DirectoryOperationFailedException,
SignedOpFailedException

Perform a search of the tree of entries specified entry in the directory. This is a convenience method which calls search() using SCOPE_SUBTREE and defaultCommonArgs.

Parameters:

baseDN - the object to search below

selection - a Selection representing the attributes to be returned

filter - a search filter (which can be MATCHALL to match all entries).

Returns:

an Indication containing the result of the search. This will contain no entries if no entries exist below baseDN.

Throws:

NoSuchEntryException - if baseDN does not exist in the directory.

IndicationException - if the underlying layer returned an Indication that represents a failure status from the DSA.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

BadFilterException - if filter is not a valid search filter.

NullPointerException - if baseDN or filter or sel is null.

NativeLibraryException - if an unrecoverable error was detected by the native library

SignedOpFailedException - if for a signed search, an error occurred when attempting to sign the search request.

See Also:

• defaultCommonArgs

add

public Indication add(AddEntry entry,
 CommonArgs cargs)
               throws NullPointerException,
NotBoundException,
DirectoryOperationFailedException,
NotImplementedException,
IndicationException,
BadValueException,
NoSuchEntryException,
SignedOpFailedException,
ReferralException,
NativeLibraryException,
BadAttributeTypeException,
BadSyntaxException

Add an entry synchronously

Parameters:

entry - AddEntry containing information to add. Must not be null, and must contain at least one change.

cargs - Common arguments, null indicates defaults.

Returns:

an Indication containing the result of the add.

Throws:

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

IndicationException - - the DSA returned an error status as well as an indication which contained supplementary information.

BadValueException - - entry contained no values, or if it contained one or more attributes that contained values which were illegal for their syntax.

BadSyntaxException - - entry contained one or more attributes that were of a type for which no syntax handler was available.

NoSuchEntryException - the parent of entry does not exist.

NullPointerException - if entry is null.

SignedOpFailedException - if for a signed add, an error occurred when attempting to sign the add request.

ReferralException - if the directory server returned a referral because it was unwilling or unable to handle the operation.

BadAttributeTypeException - - an unknown attribute type cannot be sent over DAP.

NativeLibraryException - if an unrecoverable error was detected by the native library

See Also:

• defaultCommonArgs

modify

public Indication modify(ModifyEntry updatedEntry,
 CommonArgs cargs)
                  throws BadValueException,
NotBoundException,
DirectoryOperationFailedException,
NotImplementedException,
IndicationException,
NoSuchEntryException,
NullPointerException,
ReferralException,
SignedOpFailedException,
NativeLibraryException,
BadAttributeTypeException,
BadSyntaxException

Modify an entry synchronously.

Parameters:

updatedEntry - ModifyEntry containing updates.

cargs - Common arguments, null indicates defaults.

Returns:

an Indication containing the result of the modify.

Throws:

BadValueException - if updatedEentry contains no changes, or if it contained one or more attributes that contained values which were illegal for their syntax.

BadSyntaxException - - updatedEntry contained one or more attributes that were of a type for which no syntax handler was available.

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

NoSuchEntryException - if the entry represented by updatedEntry does not exist in the directory.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

IndicationException - - the DSA returned an error status as well as an indication which contained supplementary information.

SignedOpFailedException - if for a signed modify, an error occurred when attempting to sign the modify request.

NullPointerException - if updatedEntry is null.

BadAttributeTypeException - - an unknown attribute type cannot be sent over DAP.

ReferralException - if the directory server returned a referral because it was unwilling or unable to handle the operation.

NativeLibraryException - if an unrecoverable error was detected by the native library

See Also:

• defaultCommonArgs

rename

public Indication rename(DN originalDN,
 DN newSuperior,
 RDN newRDN,
 CommonArgs cargs)
                  throws BadDNException,
NotBoundException,
DirectoryOperationFailedException,
NotImplementedException,
NoSuchEntryException,
IndicationException,
SignedOpFailedException,
ReferralException,
NativeLibraryException

Synchronous rename of an entry. One of newSuperior and newRDN may be null, but not both.

Parameters:

originalDN - Original dn of entry. Must not be null.

newSuperior - new superior DN

newRDN - new RDN

cargs - Common arguments, null indicates defaults.

Returns:

an Indication containing the result of the rename.

Throws:

BadDNException - if originalDN represents the root entry

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

NoSuchEntryException - if the entry represented by oldDN does not exist in the directory.

IndicationException - - the DSA returned an error status as well as an indication which contained supplementary information.

NativeLibraryException - if an unrecoverable error was detected by the native library

ReferralException - if the directory server returned a referral because it was unwilling or unable to handle the operation.

SignedOpFailedException - if for a signed rename, an error occurred when attempting to sign the rename request.

NullPointerException - originalDN is null, or if both newSuperior and newRDN are null.

See Also:

• defaultCommonArgs

delete

public Indication delete(DN dn,
 CommonArgs cargs)
                  throws NotBoundException,
DirectoryOperationFailedException,
NotImplementedException,
NoSuchEntryException,
IndicationException,
NativeLibraryException,
SignedOpFailedException,
ReferralException,
NullPointerException

Remove an entry synchronously.

Parameters:

dn - DN of entry to remove. Must not be null.

cargs - Common arguments, null indicates defaults.

Returns:

an Indication containing the result of the delete.

Throws:

NullPointerException - if dn is null.

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

NoSuchEntryException - if the entry represented by dn does not exist in the directory.

IndicationException - - the DSA returned an error status as well as an indication which contained supplementary information.

SignedOpFailedException - if for a signed delete, an error occurred when attempting to sign the delete request.

ReferralException - if the directory server returned a referral because it was unwilling or unable to handle the operation.

NativeLibraryException - if an unrecoverable error was detected by the native library

See Also:

• defaultCommonArgs

compare

public Indication compare(DN dn,
 Attribute attr,
 CommonArgs cargs)
                   throws BadValueException,
NotBoundException,
DirectoryOperationFailedException,
NotImplementedException,
NoSuchEntryException,
IndicationException,
NullPointerException,
ReferralException,
SignedOpFailedException,
NativeLibraryException,
BadAttributeTypeException

Perform a comparison of a particular attribute value for an entry in the directory. This method allows a caller to perform a test on an attribute such as a password, where the directory may not allow the attribute value to be read, but is prepared to answer the question "does attribute x have value y?"

Parameters:

dn - The entry in the directory of interest. This must not be null

attr - The attribute type and value to compare. This must specify an attribute type and contain a single value

cargs - common arguments; null indicates defaults

Returns:

an Indication which will contain the result of the comparison. Use Indication.compareMatched() to determine whether the compare operation found a match.

Throws:

BadValueException - if attr does not contain a single value.

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

NoSuchEntryException - if the entry represented by dn does not exist in the directory.

IndicationException - - the DSA returned an error status as well as an indication which contained supplementary information.

NativeLibraryException - if an unrecoverable error was detected by the native library

ReferralException - if the directory server returned a referral because it was unwilling or unable to handle the operation.

BadAttributeTypeException - - an unknown attribute cannot be compared over DAP.

SignedOpFailedException - if for a signed compare, an error occurred when attempting to sign the compare request.

NullPointerException - if dn or attr is null.

See Also:

• Indication.compareMatched()

apply

public Indication apply(ChangeEntry entry,
 CommonArgs cargs)
                 throws BadValueException,
BadSyntaxException,
DirectoryOperationFailedException,
IndicationException,
NativeLibraryException,
NoSuchEntryException,
NotBoundException,
NotImplementedException,
BadAttributeTypeException,
NullPointerException,
ReferralException,
SignedOpFailedException

Apply any one of the four types of ChangeEntry to the directory: ModifyEntry, AddEntry, DeleteEntry or RenameEntry. This calls the appropriate operation-specific routine: modify(), add(), delete() or rename(). See the individual calls for the documentation of the exceptions thrown in each case, and so on.

Parameters:

entry - ChangeEntry to apply to the directory

cargs - Common arguments, null indicates defaults.

Throws:

BadValueException

BadSyntaxException

DirectoryOperationFailedException

IndicationException

NativeLibraryException

NoSuchEntryException

NotBoundException

NotImplementedException

BadAttributeTypeException

NullPointerException

ReferralException

SignedOpFailedException

See Also:

• modify(ModifyEntry, CommonArgs)
• add(AddEntry, CommonArgs)
• delete(DN, CommonArgs)
• rename(DN, DN, RDN, CommonArgs)

finalize

protected void finalize()
                 throws Throwable

Releases any native structures associated with this object.

Overrides:

finalize in class Object

Throws:

Throwable

getCommonArgsWithTransaction

public CommonArgs getCommonArgsWithTransaction(CommonArgs user_args,
 byte[] transactionID)

This call returns a set of common arguments in the same way as getCommonArgs, but adds the given transactionID.

Parameters:

transactionID - transaction the operation is part of.

Returns:

A set of common arguments.

filterString

public static String filterString(String filter)

LDAP-style encoding of values used in search filter definition. (see RFC 2254) e.g.: ds.search(myDN, "cn~="+ds.filterString(myString), myScope, myAttrs);

Parameters:

filter - String to encode, e.g. "cn=Steve Kille (Isode)"

Returns:

Encoded string, e.g. "cn=Steve Kille \28Isode\29"

toString

public String toString()

Returns a String representation of this object

Overrides:

toString in class Object

preUnbindHook

protected void preUnbindHook()

This method allows subclasses the opportunity to perform any pre-unbind cleanup; it will be called before each unbind operation. The base class implementation does nothing.

See preBindHook() for notes on synchronization.

postUnbindHook

protected void postUnbindHook()

This method allows subclasses the opportunity to perform any post-unbind cleanup; it will be called after each unbind operation.

Note that this method will be called regardless of whether the session was actually bound. So implementors should not assume that the session has just been unbound, or that the method will only ever be called once for a given DirectorySession object.

The base class implementation does nothing.

See preBindHook() for notes on synchronization.

preBindHook

protected void preBindHook()
                    throws NotBoundException

This method allows subclasses the opportunity to perform any pre-unbind cleanup; it will be called before each unbind operation.

Note that this method will be called regardless of whether the session is actually bound. So implementors should not assume that the session is bound, or that the method will only ever be called once for a given DirectorySession object.

The base class implementation does nothing.

The hook methods are declared synchronized but any subclass which overrides them method should specifically declare itself as synchronized (the qualifier is not automatically inherited by subclasses).

Throws:

NotBoundException - Unable to bind to the directory

postBindHook

protected void postBindHook()

This method allows subclasses the opportunity to perform operations after a successful bind operation: it will be called after a directory session is bound. The base class implementation does nothing.

See preBindHook() for notes on synchronization.

getBoundAddress

public String getBoundAddress()

Return the presentation address that we last successfully bound to, or null if not bound.

Returns:

the presentation address, or null if not bound

See Also:

• getConnectionState()

getPresentationAddress

public String getPresentationAddress()

Return the presentation address specified when this object was constructed.

Returns:

the presentation address.

setSigVerifyFailHandler

public SigVerifyFailHandler setSigVerifyFailHandler(SigVerifyFailHandler handler)

Set the handler called for signature verification failures.

When performing signed operations (see CommonArgs.setSigned(boolean), a signature error will not cause the operation to fail: rather, you should check inside the Indication to tell whether a signature error occurred (see Indication.hasDSASignatureVerificationError() and Indication.hasDUASignatureVerificationError(). As an alternative to including such a test after each call to an operation which might result in a signature error, it is possible to specify a SigVerifyFailHandler which should be invoked whenever a signature error occurs.

Note that a single SigVerifyFailHandler exists at any one time for each DirectorySession object, and so altering its value from one thread while a second thread has outstanding operations may or may not cause the second thread to use the new handler.

If you wish to make a temporary change to the handler for a specific series of operations, you can make sure that it does not affect other users of the DirectorySession by surrounding the code with a synchronized block, e.g.

  synchronized(session) {

     SigVerifyHandler oldHandler = null;
     try {
       oldHandler = session.setSigVerifyHandler(new SigVerifyHandler() {
           public void failure(Indication ind, boolean dsa, boolean dua) {
              // take whatever action is required
           }
        });
        // Do directory operations, which will, in the event of a
        // signature verification failure, call the temporary handler
      }
      finally {
         // however the block exits, restore the original handler
         session.setSigVerifyHandler(oldHandler);
      }
   }
 

While one thread is executing in such a synchronized block, any other threads which wish to perform operations on the same DirectorySession will be blocked.

Parameters:

handler - SigVerifyFailHandler to use, or null to remove the current handler

Returns:

Previous handler, or null if there was no previous handler

getConnectionState

public DirectorySession.ConnectionState getConnectionState()

Determine the connection state of the DirectorySession following the most recent directory operation. This method may be used to determine if a previously connected session has been lost (in which case a value of CONNECTION_LOST is returned).

Note that if a network connection is lost, then the session state will not become CONNECTION_LOST until the next directory operation is attempted and the problem detected.

Returns:

an emum representing the connection state.

Throws:

NativeLibraryException - if an unrecoverable error was detected by the native library

Since:

14.4

See Also:

• isBound()

isBound

public boolean isBound()

Determine whether the session is bound. This method simply parses the value returned by getConnectionState() to return a simple yes/no answer to the question "is this session bound?"

Returns:

true if the session is bound, false otherwise

Since:

15.0

See Also:

• getConnectionState()

readEntry

public Entry readEntry(DN dn,
 Selection sel,
 CommonArgs cargs)
                throws NativeLibraryException,
NoSuchAttributeException,
NotBoundException,
NotImplementedException,
NullPointerException,
IndicationException,
SignedOpFailedException,
DirectoryOperationFailedException,
IncompleteReadException

Perform a synchronous read of a specific directory entry and return an Entry object if the entry exists, and null if the entry does not exist (rather than a NoSuchEntryException. This avoids the need for callers to process an Indication.

This method is intended to allow callers to be certain whether or not the specified entry exists, so that a return of null means that the entry definitely does not exist. In situations where the existence of the entry cannot be conclusively determined, an exception will be thrown.

An IncompleteReadException will be thrown if the read completes but there is information in the exception which suggests that the operation was in some way compromised (e.g. a limit was exceeded). In this case, callers may choose to extract the Indication from the exception object and process any entry information which is present.

For LDAP connections, this operation is equivalent to a search with SCOPE_BASE. Use sel to determine which attributes of the entry will be read.

Parameters:

dn - DN of the entry to read. Must not be null.

sel - Selection representing the required selection. Must not be null.

cargs - Common arguments, null indicates defaults.

Returns:

The entry as read from the directory. A return value of null means that the entry was not present.

Throws:

IndicationException - if the underlying layer returned an Indication that represents a failure status from the DSA. This may include ReferralException.

NotBoundException - if this DirectorySession is not currently bound.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

NullPointerException - if dn or sel is null.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

SignedOpFailedException - if for a signed read, an error occurred when attempting to sign the read request.

NoSuchAttributeException - if sel names attributes which this entry does not contain.

IncompleteReadException - if the read operation completed, but information in the indication suggests that it is not possible to be certain whether the entry was successfully read. Callers may extract the Indication from the exception object in order to decide what action to take.

NativeLibraryException - if an unrecoverable error was detected by the native library

Since:

14.4

See Also:

• read(DN, Selection, CommonArgs)

getSessionCertificates

public DirectorySession.SessionCertificates getSessionCertificates()
                                                            throws NativeLibraryException,
NotBoundException,
OperationFailedException

Retrieve information about the certificates that were presented by directory server during a strong bind connection (either DAP or LDAP).

Following a bind operation, a client may wish to check the certificates presented by a server before allowing further operations to be performed, and may want to abandon the session if it determines that no trusted certificates were sent.

For a DAP session which is not strongly bound, or for an LDAP session, that has not initiated a TLS connection (either by using an LDAPS connection, or by using LDAP+startTLS), calling this method will result in an OperationFailedException.

Returns:

a SessionCertificates object, or null if no certificates were presented.

Throws:

OperationFailedException - if the session is not one that could have any certificates (e.g. LDAP not using TLS).

NotBoundException - if this DirectorySession is not currently bound.

NativeLibraryException - if an unrecoverable error was detected by the native library

Since:

14.4

search

public Indication search(DN baseDN,
 String filter,
 int scope,
 Selection sel,
 CommonArgs cargs,
 int pageSize)
                  throws NotBoundException,
NoSuchEntryException,
NotImplementedException,
NativeLibraryException,
NullPointerException,
IndicationException,
BadFilterException,
DirectoryOperationFailedException,
SignedOpFailedException

Perform a search, requesting paged results from the server.

A normal successful synchronous search operation will return a complete set of matching entries in its Indication. A search with paged results will return a series of Indications, each of which contains a subset of the total matching entries.

Clients may wish to use paged results either to overcome server imposed limits, or to make it easier to handle a large amount of data (a client may process one page of results before requesting that the server send the next page).

Note that not all servers will support paged results. An exception of UnavailableCriticalExtensionException will be thrown if the server is unable or unwilling to honour the request.

Parameters:

baseDN - The search base object. Must not be null.

filter - LDAP format string search filter, (which can be MATCHALL to match all entries). Must not be null.

scope - One of SCOPE_BASE, SCOPE_ONELEVEL or SCOPE_SUBTREE.

sel - Attribute selection. Must not be null.

cargs - Common arguments, null indicates defaults.

pageSize - the page size. This must be greater than zero.

Returns:

An Indication containing the first page of entries returned by the search. If no entries were found, then an Indication will be returned, but its entry count will be zero. Any indication returned by this method will be marked as a "paged results" Indication (see Indication.isPagedResultsIndication())

Throws:

NoSuchEntryException - if baseDN does not exist in the directory.

IndicationException - if the underlying layer returned an Indication that represents a failure status from the DSA.

DirectoryOperationFailedException - if the operation was sent to the directory, and the directory returned an "operation failed" status with no extra indication or information.

BadFilterException - if filter is not a valid search filter.

NotImplementedException - if an attempt was made to perform a signed operation on a session which has not been strongly authenticated.

NotBoundException - if this DirectorySession is not currently bound.

SignedOpFailedException - if for a signed search, an error occurred when attempting to sign the search request.

NullPointerException - if baseDN or filter or sel is null.

NativeLibraryException - if an unrecoverable error was detected by the native library

IllegalArgumentException - if pageSize is not greater than zero.

Since:

14.4

See Also:

• defaultCommonArgs
• Indication.hasMorePagedResults()
• Indication.nextPagedResultsPage()
• Indication.isPagedResultsIndication()

bind

public Indication bind(BindParams bindParams,
 CommonArgs cargs)
                throws NotBoundException,
NotImplementedException,
NativeLibraryException,
IndicationException,
NotBoundException

Bind using a BindParams object.

Parameters:

bindParams - BindParams to use (not null)

cargs - CommonArgs (null allowed)

Returns:

an Indication with the bind result

Throws:

IndicationException - the bind failed but threw an IndicationException that provides additional information about the failure.

NotBoundException - if the connection attempt to the server failed.

NotImplementedException - if this was a strong bind where strong authentication is not available, or if the session has previously been bound.

NotBoundException - if the connection attempt to the server failed.

NullPointerException - if bindParams is null.

NativeLibraryException - if an unrecoverable error was detected by the native library.

Since:

16.1

See Also:

• bind with BindParams (allows SASL bind)