Examples with ChaiUser com.novell.ldapchai.ChaiUser used on opensource projects

Example 6 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class LdapOperationsHelper method readLdapPassword.

public static PasswordData readLdapPassword(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmUnrecoverableException {
    if (userIdentity == null || userIdentity.getUserDN() == null || userIdentity.getUserDN().length() < 1) {
        throw new NullPointerException("invalid user (null)");
    }
    final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
    final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
    // use chai (nmas) to retrieve user password
    if (pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_USER_PWD)) {
        String currentPass = null;
        try {
            final String readPassword = chaiUser.readPassword();
            if (readPassword != null && readPassword.length() > 0) {
                currentPass = readPassword;
                LOGGER.debug(sessionLabel, "successfully retrieved user's current password from ldap, now conducting standard authentication");
            }
        } catch (Exception e) {
            LOGGER.debug(sessionLabel, "unable to retrieve user password from ldap: " + e.getMessage());
        }
        // actually do the authentication since we have user pw.
        if (currentPass != null && currentPass.length() > 0) {
            return new PasswordData(currentPass);
        }
    } else {
        LOGGER.trace(sessionLabel, "skipping attempt to read user password, option disabled");
    }
    return null;
}

Example 7 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class LdapOperationsHelper method addConfiguredUserObjectClass.

public static void addConfiguredUserObjectClass(final SessionLabel sessionLabel, final UserIdentity userIdentity, final PwmApplication pwmApplication) throws ChaiUnavailableException, PwmUnrecoverableException {
    final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get(userIdentity.getLdapProfileID());
    final Set<String> newObjClasses = new HashSet<>(ldapProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
    if (newObjClasses.isEmpty()) {
        return;
    }
    final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
    final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
    addUserObjectClass(sessionLabel, theUser, newObjClasses);
}

Example 8 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class LdapOperationsHelper method updateLastPasswordUpdateAttribute.

/**
 * Update the user's "lastUpdated" attribute. By default this is
 * "pwmLastUpdate" attribute
 *
 * @param userIdentity ldap user to operate on
 * @return true if successful;
 * @throws com.novell.ldapchai.exception.ChaiUnavailableException if the
 *                                                                directory is unavailable
 */
public static boolean updateLastPasswordUpdateAttribute(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmUnrecoverableException {
    final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
    boolean success = false;
    final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get(userIdentity.getLdapProfileID());
    final String updateAttribute = ldapProfile.readSettingAsString(PwmSetting.PASSWORD_LAST_UPDATE_ATTRIBUTE);
    if (updateAttribute != null && updateAttribute.length() > 0) {
        try {
            theUser.writeDateAttribute(updateAttribute, Instant.now());
            LOGGER.debug(sessionLabel, "wrote pwdLastModified update attribute for " + theUser.getEntryDN());
            success = true;
        } catch (ChaiOperationException e) {
            LOGGER.debug(sessionLabel, "error writing update attribute for user '" + theUser.getEntryDN() + "' " + e.getMessage());
        }
    }
    return success;
}

Example 9 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class LDAPAuthenticationRequest method setTempUserPassword.

private PasswordData setTempUserPassword() throws ChaiUnavailableException, ImpossiblePasswordPolicyException, PwmUnrecoverableException {
    final boolean configAlwaysUseProxy = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.AD_USE_PROXY_FOR_FORGOTTEN);
    final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
    final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
    // try setting a random password on the account to authenticate.
    if (!configAlwaysUseProxy && requestedAuthType == AuthenticationType.AUTH_FROM_PUBLIC_MODULE) {
        log(PwmLogLevel.DEBUG, "attempting to set temporary random password");
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, sessionLabel, userIdentity, chaiUser, PwmConstants.DEFAULT_LOCALE);
        // create random password for user
        final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().seedlistPhrases(RandomPasswordGenerator.DEFAULT_SEED_PHRASES).passwordPolicy(passwordPolicy).build();
        final PasswordData currentPass = RandomPasswordGenerator.createRandomPassword(sessionLabel, randomGeneratorConfig, pwmApplication);
        try {
            final String oracleDSPrePasswordAllowChangeTime = oraclePreTemporaryPwHandler(chaiProvider, chaiUser);
            // write the random password for the user.
            chaiUser.setPassword(currentPass.getStringValue());
            oraclePostTemporaryPwHandler(chaiProvider, chaiUser, oracleDSPrePasswordAllowChangeTime);
            log(PwmLogLevel.INFO, "user " + userIdentity + " password has been set to random value to use for user authentication");
        } catch (ChaiOperationException e) {
            final String errorStr = "error setting random password for user " + userIdentity + " " + e.getMessage();
            log(PwmLogLevel.ERROR, errorStr);
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_BAD_SESSION_PASSWORD, errorStr));
        }
        return currentPass;
    }
    return null;
}

Example 10 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class LdapXmlUserHistory method updateUserHistoryImpl.

private void updateUserHistoryImpl(final UserAuditRecord auditRecord) throws PwmUnrecoverableException, ChaiUnavailableException {
    // user info
    final UserIdentity userIdentity;
    if (auditRecord instanceof HelpdeskAuditRecord && auditRecord.getType() == AuditEvent.Type.HELPDESK) {
        final HelpdeskAuditRecord helpdeskAuditRecord = (HelpdeskAuditRecord) auditRecord;
        userIdentity = new UserIdentity(helpdeskAuditRecord.getTargetDN(), helpdeskAuditRecord.getTargetLdapProfile());
    } else {
        userIdentity = new UserIdentity(auditRecord.getPerpetratorDN(), auditRecord.getPerpetratorLdapProfile());
    }
    final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
    // settings
    final String corRecordIdentifer = COR_RECORD_ID;
    final LdapProfile ldapProfile = userIdentity.getLdapProfile(pwmApplication.getConfig());
    final String corAttribute = ldapProfile.readSettingAsString(PwmSetting.EVENTS_LDAP_ATTRIBUTE);
    // quit if settings no good;
    if (corAttribute == null || corAttribute.length() < 1) {
        LOGGER.debug("no user event log attribute configured, skipping write of log data");
        return;
    }
    // read current value;
    final StoredHistory storedHistory;
    final ConfigObjectRecord theCor;
    final List corList;
    try {
        corList = ConfigObjectRecord.readRecordFromLDAP(theUser, corAttribute, corRecordIdentifer, null, null);
    } catch (Exception e) {
        final String errorMsg = "error reading LDAP user event history for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        LOGGER.error(errorInformation.toDebugStr(), e);
        throw new PwmUnrecoverableException(errorInformation, e);
    }
    try {
        if (!corList.isEmpty()) {
            theCor = (ConfigObjectRecord) corList.get(0);
        } else {
            theCor = ConfigObjectRecord.createNew(theUser, corAttribute, corRecordIdentifer, null, null);
        }
        storedHistory = StoredHistory.fromXml(theCor.getPayload());
    } catch (Exception e) {
        LOGGER.error("ldap error writing user event log: " + e.getMessage());
        return;
    }
    // add next record to blob
    final StoredEvent storedEvent = StoredEvent.fromAuditRecord(auditRecord);
    storedHistory.addEvent(storedEvent);
    // trim the blob.
    final int maxUserEvents = (int) pwmApplication.getConfig().readSettingAsLong(PwmSetting.EVENTS_LDAP_MAX_EVENTS);
    storedHistory.trim(maxUserEvents);
    // write the blob.
    try {
        theCor.updatePayload(storedHistory.toXml());
    } catch (ChaiOperationException e) {
        LOGGER.error("ldap error writing user event log: " + e.getMessage());
    }
}