Examples with FailoverServerSet com.unboundid.ldap.sdk.FailoverServerSet used on opensource projects

Example 1 with FailoverServerSet

use of com.unboundid.ldap.sdk.FailoverServerSet in project oxCore by GluuFederation.

the class LDAPConnectionProvider method createSSLConnectionPoolWithPreviousProtocols.

private LDAPConnectionPool createSSLConnectionPoolWithPreviousProtocols(SSLUtil sslUtil, BindRequest bindRequest, LDAPConnectionOptions connectionOptions, int maxConnections) throws LDAPException {
    for (int i = 1; i < SSL_PROTOCOLS.length; i++) {
        String protocol = SSL_PROTOCOLS[i];
        try {
            FailoverServerSet failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(protocol), connectionOptions);
            LDAPConnectionPool connectionPool = new LDAPConnectionPool(failoverSet, bindRequest, maxConnections);
            log.info("Server supports: '" + protocol + "'");
            return connectionPool;
        } catch (GeneralSecurityException ex) {
            log.debug("Server not supports: '" + protocol + "'", ex);
        } catch (LDAPException ex) {
            // Error when LDAP server not supports specified encryption
            if (ex.getResultCode() != ResultCode.SERVER_DOWN) {
                throw ex;
            }
            log.debug("Server not supports: '" + protocol + "'", ex);
        }
    }
    return null;
}

Example 2 with FailoverServerSet

use of com.unboundid.ldap.sdk.FailoverServerSet in project oxCore by GluuFederation.

the class LdapConnectionProvider method createSSLConnectionPoolWithPreviousProtocols.

private LDAPConnectionPool createSSLConnectionPoolWithPreviousProtocols(SSLUtil sslUtil, BindRequest bindRequest, LDAPConnectionOptions connectionOptions, int maxConnections) throws LDAPException {
    for (int i = 1; i < SSL_PROTOCOLS.length; i++) {
        String protocol = SSL_PROTOCOLS[i];
        try {
            FailoverServerSet failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(protocol), connectionOptions);
            LDAPConnectionPool connectionPool = new LDAPConnectionPool(failoverSet, bindRequest, maxConnections);
            LOG.info("Server supports: '" + protocol + "'");
            return connectionPool;
        } catch (GeneralSecurityException ex) {
            LOG.debug("Server not supports: '" + protocol + "'", ex);
        } catch (LDAPException ex) {
            // Error when LDAP server not supports specified encryption
            if (ex.getResultCode() != ResultCode.SERVER_DOWN) {
                throw ex;
            }
            LOG.debug("Server not supports: '" + protocol + "'", ex);
        }
    }
    return null;
}

Example 3 with FailoverServerSet

use of com.unboundid.ldap.sdk.FailoverServerSet in project graylog2-server by Graylog2.

the class UnboundLDAPConnector method connect.

public LDAPConnection connect(LDAPConnectorConfig ldapConfig) throws GeneralSecurityException, LDAPException {
    if (ldapConfig.serverList().isEmpty()) {
        LOG.warn("Cannot connect with empty server list");
        return null;
    }
    final String[] addresses = ldapConfig.serverList().stream().map(LDAPConnectorConfig.LDAPServer::hostname).toArray(String[]::new);
    final int[] ports = ldapConfig.serverList().stream().mapToInt(LDAPConnectorConfig.LDAPServer::port).toArray();
    final LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setUseReuseAddress(true);
    connectionOptions.setConnectTimeoutMillis(connectionTimeout);
    StartTLSExtendedRequest startTLSRequest = null;
    SocketFactory socketFactory = null;
    if (ldapConfig.transportSecurity() != LDAPTransportSecurity.NONE) {
        SSLUtil.setEnabledSSLProtocols(tlsConfiguration.getEnabledTlsProtocols());
        final SSLUtil sslUtil;
        if (ldapConfig.verifyCertificates()) {
            sslUtil = new SSLUtil(trustManagerProvider.create(Arrays.asList(addresses)));
        } else {
            sslUtil = new SSLUtil(new TrustAllX509TrustManager());
        }
        if (ldapConfig.transportSecurity() == LDAPTransportSecurity.START_TLS) {
            // Use the StartTLS extended operation to secure the connection.
            startTLSRequest = new StartTLSExtendedRequest(sslUtil.createSSLContext());
        } else if (ldapConfig.transportSecurity() == LDAPTransportSecurity.TLS) {
            socketFactory = sslUtil.createSSLSocketFactory();
        }
    }
    final FailoverServerSet serverSet = new FailoverServerSet(addresses, ports, socketFactory, connectionOptions, null, null);
    final LDAPConnection connection = serverSet.getConnection();
    if (startTLSRequest != null) {
        final ExtendedResult startTLSResult = connection.processExtendedOperation(startTLSRequest);
        LDAPTestUtils.assertResultCodeEquals(startTLSResult, ResultCode.SUCCESS);
    }
    if (ldapConfig.systemUsername().isPresent()) {
        if (ldapConfig.systemPassword().isSet()) {
            final String systemPassword = encryptedValueService.decrypt(ldapConfig.systemPassword());
            final BindRequest bindRequest = new SimpleBindRequest(ldapConfig.systemUsername().get(), systemPassword);
            connection.bind(bindRequest);
        } else {
            LOG.warn("System username has been set to <{}> but no system password has been set. Skipping bind request.", ldapConfig.systemUsername().get());
        }
    }
    return connection;
}

Example 4 with FailoverServerSet

use of com.unboundid.ldap.sdk.FailoverServerSet in project oxCore by GluuFederation.

the class LDAPConnectionProvider method init.

/**
	 * This method is used to create LDAPConnectionPool
	 *
	 * @throws NumberFormatException
	 * @throws LDAPException
	 * @throws GeneralSecurityException
	 * @throws EncryptionException
	 * @throws EncryptionException
	 */
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
    String serverProp = props.getProperty("servers");
    this.servers = serverProp.split(",");
    this.addresses = new String[this.servers.length];
    this.ports = new int[this.servers.length];
    for (int i = 0; i < this.servers.length; i++) {
        String str = this.servers[i];
        this.addresses[i] = str.substring(0, str.indexOf(":")).trim();
        this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
    }
    BindRequest bindRequest = null;
    if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
        this.bindDn = null;
        this.bindPassword = null;
        bindRequest = new SimpleBindRequest();
    } else {
        this.bindDn = props.getProperty("bindDN");
        this.bindPassword = props.getProperty("bindPassword");
        bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
    }
    LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setConnectTimeoutMillis(100 * 1000);
    connectionOptions.setAutoReconnect(true);
    this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
    SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
    FailoverServerSet failoverSet;
    if (this.useSSL) {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
    } else {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
    }
    int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
    this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
    if (this.connectionPool != null) {
        this.connectionPool.setCreateIfNecessary(true);
        String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
        if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
            this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
        }
    }
    this.binaryAttributes = new ArrayList<String>();
    if (props.containsKey("binaryAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
        this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    log.debug("Using next binary attributes: " + this.binaryAttributes);
    this.supportedLDAPVersion = determineSupportedLdapVersion();
    this.subschemaSubentry = determineSubschemaSubentry();
    this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
    this.creationResultCode = ResultCode.SUCCESS;
}

Example 5 with FailoverServerSet

use of com.unboundid.ldap.sdk.FailoverServerSet in project oxCore by GluuFederation.

the class LdapConnectionProvider method init.

/**
 * This method is used to create LDAPConnectionPool
 *
 * @throws NumberFormatException
 * @throws LDAPException
 * @throws GeneralSecurityException
 * @throws EncryptionException
 * @throws EncryptionException
 */
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
    String serverProp = props.getProperty("servers");
    this.servers = serverProp.split(",");
    this.addresses = new String[this.servers.length];
    this.ports = new int[this.servers.length];
    for (int i = 0; i < this.servers.length; i++) {
        String str = this.servers[i];
        int idx = str.indexOf(":");
        if (idx == -1) {
            throw new InvalidConfigurationException("Ldap server settings should be in format server:port");
        }
        this.addresses[i] = str.substring(0, idx).trim();
        this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
    }
    BindRequest bindRequest = null;
    if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
        this.bindDn = null;
        this.bindPassword = null;
        bindRequest = new SimpleBindRequest();
    } else {
        this.bindDn = props.getProperty("bindDN");
        this.bindPassword = props.getProperty("bindPassword");
        bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
    }
    LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setConnectTimeoutMillis(100 * 1000);
    connectionOptions.setAutoReconnect(true);
    this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
    SSLUtil sslUtil = null;
    FailoverServerSet failoverSet;
    if (this.useSSL) {
        String sslTrustStoreFile = props.getProperty("ssl.trustStoreFile");
        String sslTrustStorePin = props.getProperty("ssl.trustStorePin");
        String sslTrustStoreFormat = props.getProperty("ssl.trustStoreFormat");
        if (StringHelper.isEmpty(sslTrustStoreFile) && StringHelper.isEmpty(sslTrustStorePin)) {
            sslUtil = new SSLUtil(new TrustAllTrustManager());
        } else {
            TrustStoreTrustManager trustStoreTrustManager = new TrustStoreTrustManager(sslTrustStoreFile, sslTrustStorePin.toCharArray(), sslTrustStoreFormat, true);
            sslUtil = new SSLUtil(trustStoreTrustManager);
        }
        failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
    } else {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
    }
    int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
    this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
    if (this.connectionPool != null) {
        this.connectionPool.setCreateIfNecessary(true);
        String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
        if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
            this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
        }
    }
    this.binaryAttributes = new ArrayList<String>();
    if (props.containsKey("binaryAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
        this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    LOG.debug("Using next binary attributes: " + this.binaryAttributes);
    this.certificateAttributes = new ArrayList<String>();
    if (props.containsKey("certificateAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("certificateAttributes").toString().toLowerCase(), ",");
        this.certificateAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    LOG.debug("Using next binary certificateAttributes: " + this.certificateAttributes);
    this.supportedLDAPVersion = determineSupportedLdapVersion();
    this.subschemaSubentry = determineSubschemaSubentry();
    this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
    this.creationResultCode = ResultCode.SUCCESS_INT_VALUE;
}