Search in sources :

Example 1 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project ldapchai by ldapchai.

the class ChaiProviderFactory method newProviderImpl.

ChaiProviderImplementor newProviderImpl(final ChaiConfiguration chaiConfiguration, final boolean failOverWrapperChild) throws ChaiUnavailableException {
    checkStatus();
    ChaiProviderImplementor providerImpl;
    try {
        final boolean enableFailover = "true".equalsIgnoreCase(chaiConfiguration.getSetting(ChaiSetting.FAILOVER_ENABLE));
        if (enableFailover && !failOverWrapperChild) {
            providerImpl = FailOverWrapper.forConfiguration(this, chaiConfiguration);
        } else {
            if (LOGGER.isTraceEnabled()) {
                final String debugMsg = "creating new jndi ldap connection to " + chaiConfiguration.getSetting(ChaiSetting.BIND_URLS) + " as " + chaiConfiguration.getSetting(ChaiSetting.BIND_DN);
                LOGGER.trace(debugMsg);
            }
            providerImpl = createConcreteProvider(this, chaiConfiguration, true);
        }
    } catch (Exception e) {
        final String errorMsg = "unable to create connection: " + e.getClass().getName() + ":" + e.getMessage();
        if (e instanceof ChaiException || e instanceof IOException) {
            LOGGER.debug(errorMsg);
        } else {
            LOGGER.debug(errorMsg, e);
        }
        throw new ChaiUnavailableException("unable to create connection: " + e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
    }
    if (!failOverWrapperChild) {
        providerImpl = addProviderWrappers(providerImpl);
        getCentralService().registerProvider(providerImpl);
    }
    return providerImpl;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) IOException(java.io.IOException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiException(com.novell.ldapchai.exception.ChaiException) IOException(java.io.IOException) InvocationTargetException(java.lang.reflect.InvocationTargetException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)

Example 2 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project ldapchai by ldapchai.

the class WatchdogWrapper method checkForPwExpiration.

private boolean checkForPwExpiration(final ChaiProviderImplementor chaiProvider) {
    final boolean doPwExpCheck = chaiProvider.getChaiConfiguration().getBooleanSetting(ChaiSetting.WATCHDOG_DISABLE_IF_PW_EXPIRED);
    if (!doPwExpCheck) {
        return false;
    }
    LOGGER.trace("checking for user password expiration to adjust watchdog timeout id=" + getIdentifier());
    boolean userPwExpired;
    try {
        final String bindUserDN = chaiProvider.getChaiConfiguration().getSetting(ChaiSetting.BIND_DN);
        final ChaiUser bindUser = chaiProvider.getEntryFactory().newChaiUser(bindUserDN);
        userPwExpired = bindUser.isPasswordExpired();
    } catch (ChaiException e) {
        LOGGER.error("unexpected error attempting to read user password expiration value during" + " watchdog initialization, will assume expiration, id=" + this.getIdentifier() + ", error: " + e.getMessage());
        userPwExpired = true;
    }
    if (userPwExpired) {
        LOGGER.info("connection user account password is currently expired.  Disabling watchdog timeout. id=" + this.getIdentifier());
        return true;
    }
    return false;
}
Also used : ChaiUser(com.novell.ldapchai.ChaiUser) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 3 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project ldapchai by ldapchai.

the class TestHelper method createNewTestUser.

public static ChaiUser createNewTestUser(final ChaiEntry testContainer) throws Exception {
    final String createDN = "cn=testUser," + testContainer.getEntryDN();
    final String createClass = "inetOrgPerson";
    final Map<String, String> createAttributes = new HashMap<String, String>();
    createAttributes.put("givenName", "Test");
    createAttributes.put("sn", "User");
    createAttributes.put("title", "TestUser");
    createAttributes.put("mail", "test@test.test");
    // perform the create operation in eDirectory
    try {
        testContainer.getChaiProvider().createEntry(createDN, createClass, createAttributes);
    } catch (ChaiException e) {
        throw new Exception("error creating test user", e);
    }
    return ChaiFactory.createChaiUser(createDN, testContainer.getChaiProvider());
}
Also used : ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 4 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project ldapchai by ldapchai.

the class CreateUser method main.

public static void main(final String[] args) {
    String ldapURL = "ldap://ldaphost:389";
    String ldapBindDN = "cn=admin,ou=ou,o=o";
    String ldapBindPW = "password";
    // create a provider using the standard JNDI factory.
    ChaiProvider provider = null;
    try {
        final ChaiProviderFactory chaiProviderFactory = ChaiProviderFactory.newProviderFactory();
        provider = chaiProviderFactory.newProvider(ldapURL, ldapBindDN, ldapBindPW);
    } catch (ChaiUnavailableException e) {
        System.out.println("LDAP error while connecting: " + e);
        System.exit(-1);
    }
    // setup string values to use for the creation
    String createDN = "cn=gwashington,ou=ou,o=o";
    String createClass = "inetOrgPerson";
    // create a Properties to set the initial attribute values for the new user.
    Map<String, String> createAttributes = new HashMap<>();
    createAttributes.put("givenName", "George");
    createAttributes.put("sn", "Washingon");
    createAttributes.put("title", "President");
    createAttributes.put("mail", "president@whitehouse.gov");
    try {
        // perform the create operation
        provider.createEntry(createDN, createClass, createAttributes);
        System.out.println("created user " + createDN);
    } catch (ChaiException e) {
        System.out.println("error creating user: " + e.getMessage());
    }
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) HashMap(java.util.HashMap) ChaiProviderFactory(com.novell.ldapchai.provider.ChaiProviderFactory) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 5 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class LDAPStatusChecker method doLdapTestUserCheck.

@SuppressWarnings("checkstyle:MethodLength")
public List<HealthRecord> doLdapTestUserCheck(final Configuration config, final LdapProfile ldapProfile, final PwmApplication pwmApplication) {
    String testUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
    String proxyUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
    final PasswordData proxyUserPW = ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD);
    final List<HealthRecord> returnRecords = new ArrayList<>();
    if (testUserDN == null || testUserDN.length() < 1) {
        return returnRecords;
    }
    try {
        testUserDN = ldapProfile.readCanonicalDN(pwmApplication, testUserDN);
        proxyUserDN = ldapProfile.readCanonicalDN(pwmApplication, proxyUserDN);
    } catch (PwmUnrecoverableException e) {
        final String msgString = e.getMessage();
        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
        returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
        return returnRecords;
    }
    if (proxyUserDN.equalsIgnoreCase(testUserDN)) {
        returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_ProxyTestSameUser, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_PROXY_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE)));
        return returnRecords;
    }
    ChaiUser theUser = null;
    ChaiProvider chaiProvider = null;
    try {
        try {
            chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, ldapProfile, config, proxyUserDN, proxyUserPW);
            theUser = chaiProvider.getEntryFactory().newChaiUser(testUserDN);
        } catch (ChaiUnavailableException e) {
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnavailable, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
            return returnRecords;
        } catch (Throwable e) {
            final String msgString = e.getMessage();
            LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
            return returnRecords;
        }
        try {
            theUser.readObjectClass();
        } catch (ChaiException e) {
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
            return returnRecords;
        }
        LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning process to check ldap test user password read/write operations for profile " + ldapProfile.getIdentifier());
        try {
            final boolean readPwdEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_USER_PWD) && theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY;
            if (readPwdEnabled) {
                try {
                    theUser.readPassword();
                } catch (Exception e) {
                    LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "error reading user password from directory " + e.getMessage());
                    returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserReadPwError, PwmSetting.EDIRECTORY_READ_USER_PWD.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
                    return returnRecords;
                }
            } else {
                final Locale locale = PwmConstants.DEFAULT_LOCALE;
                final UserIdentity userIdentity = new UserIdentity(testUserDN, ldapProfile.getIdentifier());
                final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, null, userIdentity, theUser, locale);
                boolean doPasswordChange = true;
                final int minLifetimeSeconds = passwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MinimumLifetime);
                if (minLifetimeSeconds > 0) {
                    final Instant pwdLastModified = PasswordUtility.determinePwdLastModified(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, userIdentity);
                    final PasswordStatus passwordStatus;
                    {
                        final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, locale, userIdentity, chaiProvider);
                        passwordStatus = userInfo.getPasswordStatus();
                    }
                    {
                        final boolean withinMinLifetime = PasswordUtility.isPasswordWithinMinimumLifetimeImpl(theUser, SessionLabel.HEALTH_SESSION_LABEL, passwordPolicy, pwdLastModified, passwordStatus);
                        if (withinMinLifetime) {
                            LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "skipping test user password set due to password being within minimum lifetime");
                            doPasswordChange = false;
                        }
                    }
                }
                if (doPasswordChange) {
                    final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(null, passwordPolicy, pwmApplication);
                    try {
                        theUser.setPassword(newPassword.getStringValue());
                        LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "set random password on test user " + userIdentity.toDisplayString());
                    } catch (ChaiException e) {
                        returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserWritePwError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
                        return returnRecords;
                    }
                }
            }
        } catch (Exception e) {
            final String msg = "error setting test user password: " + JavaHelper.readHostileExceptionMessage(e);
            LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, msg, e);
            returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msg));
            return returnRecords;
        }
        try {
            final UserIdentity userIdentity = new UserIdentity(theUser.getEntryDN(), ldapProfile.getIdentifier());
            final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, PwmConstants.DEFAULT_LOCALE, userIdentity, chaiProvider);
            userInfo.getPasswordStatus();
            userInfo.getAccountExpirationTime();
            userInfo.getResponseInfoBean();
            userInfo.getPasswordPolicy();
            userInfo.getChallengeProfile();
            userInfo.getProfileIDs();
            userInfo.getOtpUserRecord();
            userInfo.getUserGuid();
            userInfo.getUsername();
            userInfo.getUserEmailAddress();
            userInfo.getUserSmsNumber();
        } catch (PwmUnrecoverableException e) {
            returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), "unable to read test user data: " + e.getMessage()));
            return returnRecords;
        }
    } finally {
        if (chaiProvider != null) {
            try {
                chaiProvider.close();
            } catch (Exception e) {
            // ignore
            }
        }
    }
    returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserOK, ldapProfile.getDisplayName(PwmConstants.DEFAULT_LOCALE)));
    return returnRecords;
}
Also used : Locale(java.util.Locale) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) UserIdentity(password.pwm.bean.UserIdentity) Instant(java.time.Instant) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ChaiUser(com.novell.ldapchai.ChaiUser) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) PasswordData(password.pwm.util.PasswordData) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) PasswordStatus(password.pwm.bean.PasswordStatus) ChaiException(com.novell.ldapchai.exception.ChaiException)

Aggregations

ChaiException (com.novell.ldapchai.exception.ChaiException)33 ErrorInformation (password.pwm.error.ErrorInformation)18 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)16 ChaiUser (com.novell.ldapchai.ChaiUser)15 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)9 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)6 UserIdentity (password.pwm.bean.UserIdentity)6 PwmOperationalException (password.pwm.error.PwmOperationalException)6 Instant (java.time.Instant)5 ChaiResponseSet (com.novell.ldapchai.cr.ChaiResponseSet)4 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)4 ArrayList (java.util.ArrayList)4 FormConfiguration (password.pwm.config.value.data.FormConfiguration)4 PasswordData (password.pwm.util.PasswordData)4 ResponseSet (com.novell.ldapchai.cr.ResponseSet)3 List (java.util.List)3 Map (java.util.Map)3 PwmApplication (password.pwm.PwmApplication)3 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)2 NmasResponseSet (com.novell.ldapchai.impl.edir.NmasResponseSet)2