com.iplanet.am.sdk
Class AMStoreConnection

java.lang.Object
  |
  +--com.iplanet.am.sdk.AMStoreConnection

All Implemented Interfaces:

AMConstants

public final class AMStoreConnection

extends java.lang.Object

implements AMConstants

The AMStoreConnection class represents a connection to the Sun ONE Identity Server datastore. It provides methods to create, remove and get different type of Sun ONE Identity Server SDK objects in the datatore. AMStoreConnection controls and manages access to the datastore.

An instance of AMStoreConnection object should always be obtained by anyone using the AM SDK since this object is the entry point to all other AM SDK managed objects. The constructor takes the SSO token of the user. Here is some sample code on how to get a user's attributes, using AM SDK:

      AMStoreConnection amsc = new AMStoreConnection(ssotoken);
      AMUser user = amsc.getUser(ssotoken.getPrincipal());
      Map attributes = user.getAttributes();
 

AMStoreConnection also has other helper methods which are very useful. Some examples below:

      int otype = amsc.getAMObjectType(fullDN);
 

otype returned is one of the managed AMObject types, like AMObject.USER, AMObject.ROLE, AMObject.ORGANIZATION. If the entry being checked in not of the type managed by AM SDK, then an AMException is thrown.

      boolean exists = amsc.isValidEntry(fullDN);
 

If there is a fullDN that you want to know if it exists or not in the data store, then use the above method. The typical use of this method is in the case when you know that you need to get a managed object from amsc, but you want to verify that it exists before you create the managed object instance:

      if (amsc.isValidEntry(userDN)) {
             AMUser user = amsc.getUser(userDN);
              - More code here -
      }
 

Helper method getOrganizationDN(): Use this method to perform a subtree scoped search for organization,based on various attribute values.

      String orgDN = amsc.getOrganizationDN("sun.com", null);
 

The above method will return the DN of a organization, which matches the search criters of having either domain name of "sun.com", Domain alias name of "sun.com" or it's naming attribute value is "sun.com". More examples of how to use this method are provided in the Javadocs of the method below.

Fields inherited from interface com.iplanet.am.sdk.AMConstants

ADD_MEMBER, ADMIN_GROUPS_ENABLED_ATTR, ADMIN_ROLE_ATTR, ADMINISTRATION_SERVICE, CACHE_ENABLED_DISABLED_KEY, CACHE_MAX_SIZE_KEY, COMPLIANCE_SPECIAL_FILTER_ATTR, COMPLIANCE_USER_DELETION_ATTR, CONTAINER_DEFAULT_TEMPLATE_ROLE, DCT_ATTRIBUTE_LIST_ATTR, DCT_ENABLED_ATTR, DOMAIN_ADMINISTRATORS, DOMAIN_HELP_DESK_ADMINISTRATORS, EMAIL_ATTRIBUTE, INET_ADMIN_OBJECT_CLASS, INET_DOMAIN_STATUS_ATTR, INET_DOMAIN_STATUS_ATTRIBUTE, OTHER_COSATTR_TYPE, POLICY_COSATTR_TYPE, POLICY_SUFFIX, PRE_POST_PROCESSING_MODULES_ATTR, REMOVE_MEMBER, REQUIRED_SERVICES_ATTR, ROLE_MANAGED_CONTAINER_DN_ATTRIBUTE, SCOPE_BASE, SCOPE_ONE, SCOPE_SUB, SERVICE_STATUS_ATTRIBUTE, STATIC_GROUP_DN_ATTRIBUTE, SUBSCRIBABLE_ATTRIBUTE, UNIQUE_ATTRIBUTE_LIST_ATTRIBUTE, UNIQUE_MEMBER_ATTRIBUTE, USER_CREATE_NOTIFICATION_LIST, USER_DELETE_NOTIFICATION_LIST, USER_ENCRYPTED_PASSWORD_ATTRIBUTE, USER_ENTRY_PROCESSING_IMPL, USER_MODIFY_NOTIFICATION_LIST, USER_PASSWORD_ATTRIBUTE, USER_SEARCH_RETURN_ATTR, USERID_PASSWORD_VALIDATION_CLASS

Constructor Summary

AMStoreConnection(SSOToken ssoToken)
Gets the connection to the Sun ONE Identity Server datastore if the Session is valid.

Method Summary

AMOrganization	createTopOrganization(java.lang.String orgName, java.util.Map avPairs) Bootstraps the Organization tree by creating the Top Organization tree.
int	getAMObjectType(java.lang.String dn) Gets the type of the object given its DN.
AMAssignableDynamicGroup	getAssignableDynamicGroup(java.lang.String assignableDynamicGroupDN) Gets the handle to the AMAssignableDynamicGroup object represented by DN.
java.util.Set	getAttributeNames(java.lang.String serviceName, AMSchema.Type schemaType) Gets the service attribute names for a given service name and schema type
AMDynamicGroup	getDynamicGroup(java.lang.String dynamicGroupDN) Gets the handle to the AMDynamicGroup object represented by DN.
AMFilteredRole	getFilteredRole(java.lang.String roleDN) Gets the handle to the AMFilteredRole object represented by DN.
static java.lang.String	getFilteredRoleNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
AMGroupContainer	getGroupContainer(java.lang.String groupContainerDN) Gets the handle to the AMGroupContainer object represented by DN.
static java.lang.String	getGroupContainerNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
static java.lang.String	getGroupNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
java.lang.String	getI18NPropertiesFileName(java.lang.String serviceName) Gets the I18N properties file name that contains the internationalized messages.
static java.lang.String	getNamingAttribute(int objectType) Gets the naming attribute of an object type
AMOrganization	getOrganization(java.lang.String orgDN) Gets the handle to the AMOrganization object represented by DN.
AMOrganizationalUnit	getOrganizationalUnit(java.lang.String orgUnitDN) Gets the handle to the AMOrganizationalUnit object represented by DN.
static java.lang.String	getOrganizationalUnitNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
java.lang.String	getOrganizationDN(java.lang.String domainname, java.lang.String orgSearchTemplate) Gets the DN of the organization, using the domainname provided and the searchTemplate (if provided).
static java.lang.String	getOrganizationNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
AMPeopleContainer	getPeopleContainer(java.lang.String peopleContainerDN) Gets the handle to the AMPeopleContainer object represented by DN.
static java.lang.String	getPeopleContainerNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
AMTemplate	getPolicyTemplate(java.lang.String templateDN) Gets the handle to the AMTemplate object represented by DN.
java.lang.String	getPropertiesViewBeanURL(java.lang.String serviceName) Gets the URL of the view bean for the service
AMResource	getResource(java.lang.String resourceDN) Gets the handle to the AMResource object represented by DN.
AMRole	getRole(java.lang.String roleDN) Gets the handle to the AMRole object represented by DN.
static java.lang.String	getRoleNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
AMSchema	getSchema(java.lang.String serviceName, AMSchema.Type schemaType) Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchema().
java.util.Set	getSchemaTypes(java.lang.String serviceName) Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchemaTypes().
java.util.Set	getServiceHierarchy() Gets the service hiearchy for all registered services
java.util.Set	getServiceNames() Gets the set of names of services that have been loaded to the datastore
AMStaticGroup	getStaticGroup(java.lang.String groupDN) Gets the handle to the AMStaticGroup object represented by DN.
java.util.Set	getTopLevelContainers() Gets the top level containers (Organizations, PeopleContainers, Roles, etc) for the particular user based on ssoToken as the starting point in the tree.
java.util.Set	getTopLevelOrganizations() Gets the "real" or "physical" top level organizations as the starting point in the tree.
AMUser	getUser(java.lang.String userDN) Gets the handle to the AMUser object represented by DN.
static java.lang.String	getUserNamingAttribute() Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)
boolean	isValidEntry(java.lang.String dn) Checks if the entry exists in the directory or not.
void	purge(java.lang.String domainName, int graceperiod) This method takes an organization DN and purges all objects marked for deletion.
void	purgeGroup(java.lang.String gid, java.lang.String domainName, int graceperiod) This method takes a group name and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Groups as defined in the Administration Service of IS.
void	purgeResource(java.lang.String rid, java.lang.String domainName, int graceperiod) This method takes a resource ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Resources as defined in the Administration Service of IS.
void	purgeUser(java.lang.String uid, java.lang.String domainName, int graceperiod) This method takes a user ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Users as defined in the Administration Service of IS.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AMStoreConnection

public AMStoreConnection(SSOToken ssoToken)
                  throws SSOException

Gets the connection to the Sun ONE Identity Server datastore if the Session is valid.

Parameters:

SSOToken - a valid SSO token object to authenticate before getting the connection

Throws:

SSOException - if ssoToken is invalid or expired.

Method Detail

getFilteredRoleNamingAttribute

public static java.lang.String getFilteredRoleNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Gets the filtered role naming attribute.

Returns:

filtered role naming attribute

getGroupContainerNamingAttribute

public static java.lang.String getGroupContainerNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Gets the group container naming attribute.

Returns:

group container naming attribute

getGroupNamingAttribute

public static java.lang.String getGroupNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Gets the group naming attribute.

Returns:

group naming attribute

getNamingAttribute

public static java.lang.String getNamingAttribute(int objectType)
                                           throws AMException

Gets the naming attribute of an object type

Parameters:

the - objectType. Object type can be one of the following:

• AMObject.USER
• AMObject.ROLE
• AMObject.FILTERED_ROLE
• AMObject.ORGANIZATION
• AMObject.ORGANIZATIONAL_UNIT
• AMObject.GROUP
• AMObject.DYNAMIC_GROUP
• AMObject.ASSIGNABLE_DYNAMIC_GROUP
• AMObject.PEOPLE_CONTAINER
• AMObject.GROUP_CONTAINER

Returns:

the naming attribute corresponding to the objectType

Throws:

AMException - if an error occured in obtaining the naming attribute

getOrganizationNamingAttribute

public static java.lang.String getOrganizationNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Gets the org naming attribute.

Returns:

org naming attribute

getOrganizationalUnitNamingAttribute

public static java.lang.String getOrganizationalUnitNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Gets the organizationalUnit naming attribute.

Returns:

organizationalUnit naming attribute

getPeopleContainerNamingAttribute

public static java.lang.String getPeopleContainerNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Gets the people container naming attribute.

Returns:

people container naming attribute

getRoleNamingAttribute

public static java.lang.String getRoleNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Gets the role naming attribute.

Returns:

role naming attribute

getUserNamingAttribute

public static java.lang.String getUserNamingAttribute()

Deprecated. This method is deprecated. Use getNamingAttribute(int objectType)

Gets the user naming attribute.

Returns:

user naming attribute

getAMObjectType

public int getAMObjectType(java.lang.String dn)
                    throws AMException,
                           SSOException

Gets the type of the object given its DN.

Parameters:

dn - DN of the object whose type is to be known.

Throws:

AMException - if the data store is unavailable or if the object type is unknown

SSOException - if ssoToken is invalid or expired.

getAssignableDynamicGroup

public AMAssignableDynamicGroup getAssignableDynamicGroup(java.lang.String assignableDynamicGroupDN)
                                                   throws SSOException

Gets the handle to the AMAssignableDynamicGroup object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMAssignableDynamicGroup returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

assignableDynamicGroupDN - assignable dynamic group DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getAttributeNames

public java.util.Set getAttributeNames(java.lang.String serviceName,
                                       AMSchema.Type schemaType)
                                throws AMException

Gets the service attribute names for a given service name and schema type

Parameters:

serviceName - the name of the service

the - type of service schema

Returns:

Set Set of service attribute names

getDynamicGroup

public AMDynamicGroup getDynamicGroup(java.lang.String dynamicGroupDN)
                               throws SSOException

Gets the handle to the AMDynamicGroup object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMDynamicGroup returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

dynamicGroupDN - group DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getFilteredRole

public AMFilteredRole getFilteredRole(java.lang.String roleDN)
                               throws SSOException

Gets the handle to the AMFilteredRole object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMFilteredRole returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

roleDN - role DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getGroupContainer

public AMGroupContainer getGroupContainer(java.lang.String groupContainerDN)
                                   throws SSOException

Gets the handle to the AMGroupContainer object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMGroupContainer returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

groupContainerDN - groupContainer DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getI18NPropertiesFileName

public java.lang.String getI18NPropertiesFileName(java.lang.String serviceName)
                                           throws AMException

Gets the I18N properties file name that contains the internationalized messages.

Parameters:

serviceName - the service name

Returns:

String String representing i18N properties file name

Throws:

AMException - if an error is encountered while retrieving information

getOrganization

public AMOrganization getOrganization(java.lang.String orgDN)
                               throws SSOException

Gets the handle to the AMOrganization object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMOrganization returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

orgDN - organization DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getOrganizationDN

public java.lang.String getOrganizationDN(java.lang.String domainname,
                                          java.lang.String orgSearchTemplate)
                                   throws AMException,
                                          SSOException

Gets the DN of the organization, using the domainname provided and the searchTemplate (if provided). If searchTemplate is null, SDK uses the default searchTemplate to perform the orgDN search. If the DC tree global flag is enabled, the DC tree is used to obtain the org DN, otherwise an LDAP search is conducted using the searchfilter in the searchtemplate. All %V in the filter are replaced with "domainname". If the search returns more than one entries, then an Exception is thrown. Otherwise the DN obtained is returned.

Parameters:

domainname - Organization identifier passed. It can be a domain name (eg: sun.com) or it could be a full DN or it could be null or "/". A full DN is verified to be an organization and returned as is. A "/" is assumed to be a request for the root DN and the root DN is returned. A "/" separated string is assumed to represent an existing org DN in the DIT. For example: /iplanet/sun is converted to a DN (o=iplanet,o=sun,) and the validity of this DN is checked and returned. Any other string is assumed to be either a domain or an associated domain or the organization name. The search filter is created accordingly.

orgSearchTemplate - - template to use for the search.

Returns:

The full organization DN

Throws:

AMException - If there is a problem connecting or searching the data store.

SSOException - If the user has an invalid SSO token.

getOrganizationalUnit

public AMOrganizationalUnit getOrganizationalUnit(java.lang.String orgUnitDN)
                                           throws SSOException

Gets the handle to the AMOrganizationalUnit object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMOrganizationialUnit returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

orgUnitDN - organizational unit DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getPeopleContainer

public AMPeopleContainer getPeopleContainer(java.lang.String peopleContainerDN)
                                     throws SSOException

Gets the handle to the AMPeopleContainer object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMPeopleContainer returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

peopleContainerDN - peopleContainer DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getPolicyTemplate

public AMTemplate getPolicyTemplate(java.lang.String templateDN)
                             throws AMException,
                                    SSOException

Gets the handle to the AMTemplate object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMTemplate returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

templatDN - a policy template DN

Throws:

AMException - if the DN does not represent a Policy template DN

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getPropertiesViewBeanURL

public java.lang.String getPropertiesViewBeanURL(java.lang.String serviceName)
                                          throws AMException

Gets the URL of the view bean for the service

Parameters:

serviceName - the service name

Returns:

String URL of the view bean for the service

Throws:

AMException - if an error is encountered while retrieving information

getResource

public AMResource getResource(java.lang.String resourceDN)
                       throws SSOException

Gets the handle to the AMResource object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMResource returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

resourceDN - resource DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getRole

public AMRole getRole(java.lang.String roleDN)
               throws SSOException

Gets the handle to the AMRole object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMRole returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

roleDN - role DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getSchema

public AMSchema getSchema(java.lang.String serviceName,
                          AMSchema.Type schemaType)
                   throws AMException

Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchema().

Gets the AMSchema for the given service name and service type

Parameters:

serviceName - the name of the service

the - type of service schema that needs to be retrieved

Returns:

AMSchema the AMSchema corresponding to the given service name and schema type.

Throws:

AMException - if an error is encountered in retrieving the AMSchema

getSchemaTypes

public java.util.Set getSchemaTypes(java.lang.String serviceName)
                             throws AMException

Deprecated. This method has been deprecated. Please use com.sun.identity.sm.ServiceSchemaManager.getSchemaTypes().

Gets the SchemaTypes available for a particular service

Parameters:

serviceName - the name of the service whose schema types needs to be retrieved

Returns:

Set of AMSchema.Type objects

Throws:

AMException - if an error is encountered in retrieving the schemaTypes

getServiceHierarchy

public java.util.Set getServiceHierarchy()
                                  throws AMException

Gets the service hiearchy for all registered services

Throws:

AMException - if an error is encountered in retrieving the service hierarchy. The return value is a Set of strings in slash format.

getServiceNames

public java.util.Set getServiceNames()
                              throws AMException

Gets the set of names of services that have been loaded to the datastore

Throws:

AMException - if an error is encountered in retrieving the names of the services

getStaticGroup

public AMStaticGroup getStaticGroup(java.lang.String groupDN)
                             throws SSOException

Gets the handle to the AMStaticGroup object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMStaticGroup returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

groupDN - group DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

getTopLevelContainers

public java.util.Set getTopLevelContainers()
                                    throws AMException,
                                           SSOException

Gets the top level containers (Organizations, PeopleContainers, Roles, etc) for the particular user based on ssoToken as the starting point in the tree.

Returns:

Set Set of DBObjects that are top level containers for the singed in user.

Throws:

AMException - if an error occured when retrieving the information from the data store.

SSOException - if ssoToken is invalid or expired.

getTopLevelOrganizations

public java.util.Set getTopLevelOrganizations()
                                       throws AMException,
                                              SSOException

Gets the "real" or "physical" top level organizations as the starting point in the tree.

Returns:

Set Set of DN Strings for top level Organizations

Throws:

AMException - if an error occured when retrieving the information from the data store.

SSOException - if ssoToken is invalid or expired.

getUser

public AMUser getUser(java.lang.String userDN)
               throws SSOException

Gets the handle to the AMUser object represented by DN. However, the validity of the handle returned by this method cannot be guaranteed, since the object is created in memory, and not instantiated from the datastore. Using the AMUser returned from this method may result in exceptions thrown in the later part of the application, if the DN is not valid or represents an entry that does not exist.

Validity of the DN can be verified by using isValidEntry() method of the object returned.

Parameters:

userDN - user DN

Throws:

SSOException - if ssoToken is invalid or expired.

See Also:

isValidEntry(java.lang.String)

isValidEntry

public boolean isValidEntry(java.lang.String dn)
                     throws SSOException

Checks if the entry exists in the directory or not. First a syntax check is done on the DN string corresponding to the entry. If the DN syntax is valid, a directory call will be made to check for the existence of the entry.

NOTE: This method internally invokes a call to the directory to verify the existence of the entry. There could be a performance overhead. Hence, please use your discretion while using this method.

Parameters:

dn - DN of the entry that needs to be validated.

Returns:

false if the entry does not have a valid DN syntax or if the entry does not exists in the Directory. True otherwise.

Throws:

SSOException - if the sign-on is no longer valid.

createTopOrganization

public AMOrganization createTopOrganization(java.lang.String orgName,
                                            java.util.Map avPairs)
                                     throws AMException,
                                            SSOException

Bootstraps the Organization tree by creating the Top Organization tree.

Parameters:

orgName - name of the top organization

avPairs - Attribute-Value pairs for the top organization

Throws:

AMException - if an error occured during the process of creation.

SSOException - if ssoToken is invalid or expired.

purge

public void purge(java.lang.String domainName,
                  int graceperiod)
           throws AMException,
                  SSOException

This method takes an organization DN and purges all objects marked for deletion. If the organization itself is marked for deletion, then a recursive delete of everything under the organization is called, followed by the organization deletion. This method works in the mode where soft-delete option in IS is turned on. The Pre/Post callbacks for users are executed during this method.

Parameters:

domainName - domain to be purged

graceperiod - time in days which should have passed since the entry was last modified before it can be deleted from the system.

Throws:

AMException -

purgeUser

public void purgeUser(java.lang.String uid,
                      java.lang.String domainName,
                      int graceperiod)
               throws AMException,
                      SSOException

This method takes a user ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Users as defined in the Administration Service of IS. This filter is used to search for the deleted user under the organization. If the user is marked for deletion and the grace period is passed then the user is purged. The pre-delete call backs as listed in the Administration service, are called before the user is deleted. If any of the callbacks throw an exception the delete operation is aborted.

Parameters:

uid - user ID

domainName - domain in which the user belongs.

graceperiod - time in days which should have passed before this user can be deleted.

Throws:

AMException - if there is an error in deleting the user, or if the user callbacks thrown an exception

purgeResource

public void purgeResource(java.lang.String rid,
                          java.lang.String domainName,
                          int graceperiod)
                   throws AMException,
                          SSOException

This method takes a resource ID and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Resources as defined in the Administration Service of IS. This filter is used to search for the deleted resource under the organization. If the resource is marked for deletion and the grace period is passed then the resource is purged. The pre-delete call backs as listed in the Administration service, are called before the user is deleted. If any of the callbacks throw an exception the delete operation is aborted.

Parameters:

rid - resource ID

domainName - domain in which the user belongs.

graceperiod - time in days which should have passed before this user can be deleted.

Throws:

AMException - if there is an error in deleting the user, or if the user callbacks thrown an exception

purgeGroup

public void purgeGroup(java.lang.String gid,
                       java.lang.String domainName,
                       int graceperiod)
                throws AMException,
                       SSOException

This method takes a group name and a domain name, It uses default search templates to search for the organization and uses the deleted objects search filter for Groups as defined in the Administration Service of IS. This filter is used to search for the deleted user under the organization. If the group is marked for deletion and the grace period is passed then the group is purged. The pre-delete call backs as listed in the Administration service, are called before the group is deleted. If any of the callbacks throw an exception the delete operation is aborted.

Parameters:

gid - group name

domainName - domain in which the group belongs.

graceperiod - time in days which should have passed before this user can be deleted. If a -1 is passed, group is deleted right away without check on graceperiod.

Throws:

AMException - if there is an error in deleting the group, or if the callbacks thrown an exception