Friday, July 24, 2020

Adding Entitlements to Account

Adding Entitlements to Account

import java.util.*;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import Thor.API.tcResultSet;
import Thor.API.Exceptions.tcAPIException;
import Thor.API.Exceptions.tcColumnNotFoundException;
import Thor.API.Exceptions.tcITResourceNotFoundException;
import Thor.API.Operations.tcITResourceInstanceOperationsIntf;
import Thor.API.Operations.tcLookupOperationsIntf;
import oracle.core.ojdl.logging.ODLLogger;
import oracle.iam.identity.exception.NoSuchUserException;
import oracle.iam.identity.exception.UserLookupException;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.platform.Platform;
import oracle.iam.provisioning.api.EntitlementService;
import oracle.iam.provisioning.api.ProvisioningService;
import oracle.iam.provisioning.exception.GenericProvisioningException;
import oracle.iam.provisioning.exception.UserNotFoundException;


public class EntitlementsOfServiceAccount {

private static final ODLLogger logger = ODLLogger.getODLLogger(EntitlementsOfServiceAccount.class.getName());
private final String adGroupNames = "Lookup.XYZ.ServiceAccounts.ADGroups";
private final String adGroupCongifuration = "Lookup.XYZ.ServiceAccounts.Configuration";

String userDN = null;
String groupDN = null;
LdapContext adConnection = null;
Map<String, String> AD_IT_RESOURSE_PARAMETERS = null;
HashMap<String, String> adGroups = new HashMap<String, String>();
HashMap<String, String> adConfigurations = new HashMap<String, String>();

    // OIM API's
 UserManager userManager = Platform.getService(UserManager.class);
 ProvisioningService provisioningService = Platform.getService(ProvisioningService.class);
 EntitlementService entitlementService = Platform.getService(EntitlementService.class);

// taking input from adapter as user i.e., common name
public void addEntitlementsToUser(String user) {

adGroups = getLookupEntries(adGroupNames);
adConfigurations = getLookupEntries(adGroupCongifuration);
userDN = adConfigurations.get("GroupDN");
groupDN = adConfigurations.get("UserDN");

for (String key : adGroups.keySet()) {
provisionEntitlementsToServiceAccount(user, key, adConnection);
    }

}

// Getting AD connection and IT Resource details
public void addADGroupsToSeriveAccounts(String itReourceName) throws NamingException, NoSuchUserException,
UserLookupException, UserNotFoundException, GenericProvisioningException {

AD_IT_RESOURSE_PARAMETERS = getITResourcesProperties(itReourceName);
adConnection = getADConnection(itReourceName, AD_IT_RESOURSE_PARAMETERS);
addEntitlementsToUser("SRC-ACCTEST");

}

// Testing purpose passing IT Resource from main method
public static void main(String[] args) throws Exception {

String itResourceName = "Active Directory";
EntitlementsOfServiceAccount eOfServiceAccount = new EntitlementsOfServiceAccount();
eOfServiceAccount.addADGroupsToSeriveAccounts(itResourceName);
}

// AD Connection
private LdapContext getADConnection(final String itResource, Map<String, String> TEST_AD_IT_RESOURSE_PARAMETERS) {

logger.info("Entering into getADConnection method : ");

String adminName = null;
String adminPassword = null;
String hostName = null;
String userName = null;
String containerDN = null;
InitialLdapContext ctx = null;
TEST_AD_IT_RESOURSE_PARAMETERS = getITResourcesProperties(itResource);

if (null != TEST_AD_IT_RESOURSE_PARAMETERS && !TEST_AD_IT_RESOURSE_PARAMETERS.isEmpty()) {
hostName = TEST_AD_IT_RESOURSE_PARAMETERS.get("LDAPHostName");
userName = TEST_AD_IT_RESOURSE_PARAMETERS.get("DirectoryAdminName");
containerDN = TEST_AD_IT_RESOURSE_PARAMETERS.get("Container");

if (userName.contains("\\")) {
userName = userName.substring(userName.indexOf("\\") + 1);
userName = "cn=" + userName + ",cn=users," + containerDN;
}
adminName = userName;
adminPassword = TEST_AD_IT_RESOURSE_PARAMETERS.get("DirectoryAdminPassword");
}
if (adminPassword.equals("Null Password")) {
System.out.println("Null Password: Connection Failed");
return null;
}
Hashtable<String, Object> env = new Hashtable<String, Object>();
env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
env.put("java.naming.security.authentication", "simple");
env.put("java.naming.security.principal", adminName);
env.put("java.naming.security.credentials", adminPassword);
env.put("java.naming.provider.url", "ldap://" + hostName + ":389");

try {
ctx = new InitialLdapContext(env, null);
} catch (NamingException e) {
System.out.println("Error while getting the connection :  " + e.getMessage());
e.printStackTrace();
}
System.out.println("AD connection is success :  ");
return ctx;
}

// fetch Entitlements, userDN and groupDN from lookup
public HashMap<String, String> getLookupEntries(String lookupName) {

// tcLookupOperationsIntf lookupOperationsIntf = Platform.getService(tcLookupOperationsIntf.class);
logger.info("Entering into getLookupEntries method : ");
HashMap<String, String> lookupEntryMap = new HashMap<String, String>();

try {
tcResultSet result = lookupOperationsIntf.getLookupValues(lookupName);
for (int i = 0; i < result.getRowCount(); i++) {
result.goToRow(i);
lookupEntryMap.put(result.getStringValue("Lookup Definition.Lookup Code Information.Code Key"),
result.getStringValue("Lookup Definition.Lookup Code Information.Decode"));
}
} catch (Exception e) {
e.printStackTrace();
}
return lookupEntryMap;
}

// IT Resource
private Map<String, String> getITResourcesProperties(String itResourceName) {

System.out.println("Entering into the getITResourcesProperties method : ");
tcITResourceInstanceOperationsIntf resourceFactory = null;
long vdResourceKey = 0L;
Map<String, String> result = new HashMap<String, String>();

try {
resourceFactory = (tcITResourceInstanceOperationsIntf) Platform.getService(tcITResourceInstanceOperationsIntf.class);

Map<String, String> filter = new HashMap<String, String>();
filter.put("IT Resource.Name", itResourceName);
tcResultSet resources = resourceFactory.findITResourceInstances(filter);
vdResourceKey = resources.getLongValue("IT Resource.Key");
tcResultSet params = resourceFactory.getITResourceInstanceParameters(vdResourceKey);
int j = 0;
for (int objectRowCount = params.getRowCount(); j < objectRowCount; j++) {
params.goToRow(j);
result.put(params.getStringValue("IT Resources Type Parameter.Name"),
params.getStringValue("IT Resource.Parameter.Value"));
}
} catch (tcAPIException e) {
e.printStackTrace();
} catch (tcColumnNotFoundException e) {
e.printStackTrace();
} catch (tcITResourceNotFoundException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return result;
}


// add enetitlements to servieaccount
private String provisionEntitlementsToServiceAccount(String userID, String groupName, LdapContext context) {

System.out.println("Entering into the provisionUserToAD");
try {

String groupDN = adConfigurations.get("GroupDN");
String userDngroup = adConfigurations.get("UserDN");
String groupNameFullName = "CN=" + groupName + "," + groupDN;

String userDN = "CN=" + userID.toLowerCase() + "," + userDngroup;
ModificationItem[] modItem = new ModificationItem[1];
modItem[0] = new ModificationItem(1, new BasicAttribute("member", userDN));
context.modifyAttributes(groupNameFullName, modItem);
System.out.println("Addition completed");

} catch (Exception e) {
System.out.println("Error Message" + e.getMessage());
return "Failed";
}
return "Success";
}
}

at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Fetch Members from Workgroup

  import java.util.ArrayList;   import java.util.Iterator;   import java.util.List;   import sailpoint.api.ObjectUtil;   import sailpoint.ob...