X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FIpaUtils.java;h=e1c8136f515685ff21e1b9c1999f0bf130b1374a;hb=4672ec9d1071dffc7c591f623898d32a31637d04;hp=d56c06ac0964b8295fcfc655c4dc15ba0cf478a6;hpb=9f729eeb8255a9d800ad2506735dda8cc215a135;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.util/src/org/argeo/osgi/useradmin/IpaUtils.java b/org.argeo.util/src/org/argeo/osgi/useradmin/IpaUtils.java
index d56c06ac0..e1c8136f5 100644
--- a/org.argeo.util/src/org/argeo/osgi/useradmin/IpaUtils.java
+++ b/org.argeo.util/src/org/argeo/osgi/useradmin/IpaUtils.java
@@ -13,13 +13,14 @@ import javax.naming.InvalidNameException;
 import javax.naming.NamingException;
 import javax.naming.ldap.LdapName;
 
-import org.argeo.naming.DnsBrowser;
-import org.argeo.naming.LdapAttrs;
+import org.argeo.util.naming.LdapAttrs;
+import org.argeo.util.naming.dns.DnsBrowser;
 
 /** Free IPA specific conventions. */
 public class IpaUtils {
 	public final static String IPA_USER_BASE = "cn=users,cn=accounts";
 	public final static String IPA_GROUP_BASE = "cn=groups,cn=accounts";
+	public final static String IPA_ROLE_BASE = "cn=roles,cn=accounts";
 	public final static String IPA_SERVICE_BASE = "cn=services,cn=accounts";
 
 	private final static String KRB_PRINCIPAL_NAME = LdapAttrs.krbPrincipalName.name().toLowerCase();
@@ -37,6 +38,7 @@ public class IpaUtils {
 		properties.put(UserAdminConf.realm.name(), realm);
 		properties.put(UserAdminConf.userBase.name(), IPA_USER_BASE);
 		properties.put(UserAdminConf.groupBase.name(), IPA_GROUP_BASE);
+		properties.put(UserAdminConf.systemRoleBase.name(), IPA_ROLE_BASE);
 		properties.put(UserAdminConf.readOnly.name(), Boolean.TRUE.toString());
 	}
 
@@ -80,8 +82,8 @@ public class IpaUtils {
 			String dnsZone = hostname.substring(hostname.indexOf('.') + 1);
 			kerberosDomain = dnsBrowser.getRecord("_kerberos." + dnsZone, "TXT");
 			return kerberosDomain;
-		} catch (Exception e) {
-			throw new UserDirectoryException("Cannot determine Kerberos domain from DNS", e);
+		} catch (NamingException | IOException e) {
+			throw new IllegalStateException("Cannot determine Kerberos domain from DNS", e);
 		}
 
 	}
@@ -96,7 +98,7 @@ public class IpaUtils {
 		}
 
 		if (kerberosRealm == null)
-			throw new UserDirectoryException("No Kerberos domain available for " + uri);
+			throw new IllegalStateException("No Kerberos domain available for " + uri);
 		// TODO intergrate CA certificate in truststore
 		// String schemeToUse = SCHEME_LDAPS;
 		String schemeToUse = UserAdminConf.SCHEME_LDAP;
@@ -107,12 +109,12 @@ public class IpaUtils {
 				ldapHosts = dnsBrowser.getSrvRecordsAsHosts("_ldap._tcp." + kerberosRealm.toLowerCase(),
 						schemeToUse.equals(UserAdminConf.SCHEME_LDAP) ? true : false);
 				if (ldapHosts == null || ldapHosts.size() == 0) {
-					throw new UserDirectoryException("Cannot configure LDAP for IPA " + uri);
+					throw new IllegalStateException("Cannot configure LDAP for IPA " + uri);
 				} else {
 					ldapHostsStr = ldapHosts.get(0);
 				}
 			} catch (NamingException | IOException e) {
-				throw new UserDirectoryException("cannot convert IPA uri " + uri, e);
+				throw new IllegalStateException("Cannot convert IPA uri " + uri, e);
 			}
 		} else {
 			ldapHosts = new ArrayList<>();
@@ -126,7 +128,7 @@ public class IpaUtils {
 				uriStr.append(convertedUri).append(' ');
 			}
 		} catch (URISyntaxException e) {
-			throw new UserDirectoryException("cannot convert IPA uri " + uri, e);
+			throw new IllegalStateException("Cannot convert IPA uri " + uri, e);
 		}
 
 		Hashtable<String, Object> res = new Hashtable<>();