import javax.naming.NamingException;
import javax.naming.ldap.LdapName;
-import org.argeo.naming.DnsBrowser;
-import org.argeo.naming.LdapAttrs;
+import org.argeo.util.naming.LdapAttrs;
+import org.argeo.util.naming.dns.DnsBrowser;
/** Free IPA specific conventions. */
public class IpaUtils {
public final static String IPA_USER_BASE = "cn=users,cn=accounts";
public final static String IPA_GROUP_BASE = "cn=groups,cn=accounts";
+ public final static String IPA_ROLE_BASE = "cn=roles,cn=accounts";
public final static String IPA_SERVICE_BASE = "cn=services,cn=accounts";
private final static String KRB_PRINCIPAL_NAME = LdapAttrs.krbPrincipalName.name().toLowerCase();
properties.put(UserAdminConf.realm.name(), realm);
properties.put(UserAdminConf.userBase.name(), IPA_USER_BASE);
properties.put(UserAdminConf.groupBase.name(), IPA_GROUP_BASE);
+ properties.put(UserAdminConf.systemRoleBase.name(), IPA_ROLE_BASE);
properties.put(UserAdminConf.readOnly.name(), Boolean.TRUE.toString());
}
String dnsZone = hostname.substring(hostname.indexOf('.') + 1);
kerberosDomain = dnsBrowser.getRecord("_kerberos." + dnsZone, "TXT");
return kerberosDomain;
- } catch (Exception e) {
- throw new UserDirectoryException("Cannot determine Kerberos domain from DNS", e);
+ } catch (NamingException | IOException e) {
+ throw new IllegalStateException("Cannot determine Kerberos domain from DNS", e);
}
}
}
if (kerberosRealm == null)
- throw new UserDirectoryException("No Kerberos domain available for " + uri);
+ throw new IllegalStateException("No Kerberos domain available for " + uri);
// TODO intergrate CA certificate in truststore
// String schemeToUse = SCHEME_LDAPS;
String schemeToUse = UserAdminConf.SCHEME_LDAP;
ldapHosts = dnsBrowser.getSrvRecordsAsHosts("_ldap._tcp." + kerberosRealm.toLowerCase(),
schemeToUse.equals(UserAdminConf.SCHEME_LDAP) ? true : false);
if (ldapHosts == null || ldapHosts.size() == 0) {
- throw new UserDirectoryException("Cannot configure LDAP for IPA " + uri);
+ throw new IllegalStateException("Cannot configure LDAP for IPA " + uri);
} else {
ldapHostsStr = ldapHosts.get(0);
}
} catch (NamingException | IOException e) {
- throw new UserDirectoryException("cannot convert IPA uri " + uri, e);
+ throw new IllegalStateException("Cannot convert IPA uri " + uri, e);
}
} else {
ldapHosts = new ArrayList<>();
uriStr.append(convertedUri).append(' ');
}
} catch (URISyntaxException e) {
- throw new UserDirectoryException("cannot convert IPA uri " + uri, e);
+ throw new IllegalStateException("Cannot convert IPA uri " + uri, e);
}
Hashtable<String, Object> res = new Hashtable<>();