use of com.novell.ldapchai.ChaiEntry in project ldapchai by ldapchai.
the class AbstractProvider method getDirectoryVendor.
public DirectoryVendor getDirectoryVendor() throws ChaiUnavailableException {
if (cachedDirectoryVendor == null) {
{
final DirectoryVendor centralCachedVendor = getProviderFactory().getCentralService().getVendorCache(this.chaiConfig);
if (centralCachedVendor != null) {
return centralCachedVendor;
}
}
final String defaultVendor = this.getChaiConfiguration().getSetting(ChaiSetting.DEFAULT_VENDOR);
if (defaultVendor != null) {
for (final DirectoryVendor vendor : DirectoryVendor.values()) {
if (vendor.toString().equals(defaultVendor)) {
cachedDirectoryVendor = vendor;
return vendor;
}
}
}
try {
final ChaiEntry rootDseEntry = ChaiUtility.getRootDSE(this);
cachedDirectoryVendor = ChaiUtility.determineDirectoryVendor(rootDseEntry);
getProviderFactory().getCentralService().addVendorCache(this.chaiConfig, cachedDirectoryVendor);
} catch (ChaiOperationException e) {
LOGGER.warn("error while attempting to determine directory vendor: " + e.getMessage());
cachedDirectoryVendor = DirectoryVendor.GENERIC;
}
}
return cachedDirectoryVendor;
}
use of com.novell.ldapchai.ChaiEntry in project ldapchai by ldapchai.
the class NmasCrFactory method readNmasAssignedChallengeSetPolicy.
private static ChallengeSet readNmasAssignedChallengeSetPolicy(final ChaiProvider provider, final String challengeSetDN, final Locale locale, final String identifer) throws ChaiUnavailableException, ChaiOperationException, ChaiValidationException {
if (challengeSetDN == null || challengeSetDN.length() < 1) {
LOGGER.trace("challengeSetDN is null, return null for readNmasAssignedChallengeSetPolicy()");
return null;
}
final List<Challenge> challenges = new ArrayList<>();
final ChaiEntry csSetEntry = provider.getEntryFactory().newChaiEntry(challengeSetDN);
final Map<String, String> allValues = csSetEntry.readStringAttributes(Collections.emptySet());
final String requiredQuestions = allValues.get("nsimRequiredQuestions");
final String randomQuestions = allValues.get("nsimRandomQuestions");
try {
if (requiredQuestions != null && requiredQuestions.length() > 0) {
challenges.addAll(NmasResponseSet.parseNmasPolicyXML(requiredQuestions, locale));
}
if (randomQuestions != null && randomQuestions.length() > 0) {
challenges.addAll(NmasResponseSet.parseNmasPolicyXML(randomQuestions, locale));
}
} catch (JDOMException e) {
LOGGER.debug(e);
} catch (IOException e) {
LOGGER.debug(e);
}
final int minRandQuestions = StringHelper.convertStrToInt(allValues.get("nsimNumberRandomQuestions"), 0);
return new ChaiChallengeSet(challenges, minRandQuestions, locale, identifer);
}
use of com.novell.ldapchai.ChaiEntry in project ldapchai by ldapchai.
the class EdirEntries method findPartitionRoot.
private static ChaiEntry findPartitionRoot(final ChaiEntry theEntry) throws ChaiUnavailableException, ChaiOperationException {
ChaiEntry loopEntry = theEntry;
while (loopEntry != null) {
final Set<String> objClasses = loopEntry.readMultiStringAttribute(ChaiConstant.ATTR_LDAP_OBJECTCLASS);
if (objClasses.contains(ChaiConstant.OBJECTCLASS_BASE_LDAP_PARTITION)) {
return loopEntry;
}
loopEntry = loopEntry.getParentEntry();
}
return null;
}
use of com.novell.ldapchai.ChaiEntry in project ldapchai by ldapchai.
the class UserImpl method isPasswordLocked.
public boolean isPasswordLocked() throws ChaiOperationException, ChaiUnavailableException {
// modern versions of ad have a (somewhat) sane way of checking account lockout; heaven forbid a boolean attribute.
final String computedBit = readStringAttribute("msDS-User-Account-Control-Computed");
if (computedBit != null && computedBit.length() > 0) {
final int intValue = Integer.parseInt(computedBit);
return ((intValue & COMPUTED_ACCOUNT_CONTROL_UC_LOCKOUT) == COMPUTED_ACCOUNT_CONTROL_UC_LOCKOUT);
}
// older ad versions have an insane way of checking account lockout. what could possibly go wrong?
// read lockout time of user.
final Instant lockoutTime = this.readDateAttribute("lockoutTime");
if (lockoutTime != null) {
ChaiEntry parentEntry = this.getParentEntry();
long lockoutDurationMs = 0;
// should never need this, but provided for sanity
int recursionCount = 0;
while (lockoutDurationMs == 0 && parentEntry != null && recursionCount < 50) {
if (parentEntry.compareStringAttribute("objectClass", "domainDNS")) {
// find the domain dns parent entry of the user
// read the duration of lockouts from the domainDNS entry
lockoutDurationMs = Long.parseLong(parentEntry.readStringAttribute("lockoutDuration"));
// why is it stored as a negative value? who knows.
lockoutDurationMs = Math.abs(lockoutDurationMs);
// convert from 100 nanosecond intervals to milliseconds. It's important that intruders don't sneak
// into the default 30 minute window a few nanoseconds early. Thanks again MS.
lockoutDurationMs = lockoutDurationMs / 10000;
}
parentEntry = parentEntry.getParentEntry();
recursionCount++;
}
final Instant futureUnlockTime = Instant.ofEpochMilli(lockoutTime.toEpochMilli() + lockoutDurationMs);
return System.currentTimeMillis() <= futureUnlockTime.toEpochMilli();
}
return false;
}
use of com.novell.ldapchai.ChaiEntry in project ldapchai by ldapchai.
the class UserImpl method readDomainValue.
private String readDomainValue(final String attribute) throws ChaiUnavailableException, ChaiOperationException {
ChaiEntry parentEntry = this.getParentEntry();
// should never need this, but provided for sanity
int recursionCount = 0;
while (parentEntry != null && recursionCount < 50) {
if (parentEntry.compareStringAttribute("objectClass", "domainDNS")) {
// read the desired attribute.
return parentEntry.readStringAttribute(attribute);
}
parentEntry = parentEntry.getParentEntry();
recursionCount++;
}
return null;
}
Aggregations