use of com.novell.ldapchai.exception.ChaiException in project ldapchai by ldapchai.
the class ChaiProviderFactory method newProviderImpl.
ChaiProviderImplementor newProviderImpl(final ChaiConfiguration chaiConfiguration, final boolean failOverWrapperChild) throws ChaiUnavailableException {
checkStatus();
ChaiProviderImplementor providerImpl;
try {
final boolean enableFailover = "true".equalsIgnoreCase(chaiConfiguration.getSetting(ChaiSetting.FAILOVER_ENABLE));
if (enableFailover && !failOverWrapperChild) {
providerImpl = FailOverWrapper.forConfiguration(this, chaiConfiguration);
} else {
if (LOGGER.isTraceEnabled()) {
final String debugMsg = "creating new jndi ldap connection to " + chaiConfiguration.getSetting(ChaiSetting.BIND_URLS) + " as " + chaiConfiguration.getSetting(ChaiSetting.BIND_DN);
LOGGER.trace(debugMsg);
}
providerImpl = createConcreteProvider(this, chaiConfiguration, true);
}
} catch (Exception e) {
final String errorMsg = "unable to create connection: " + e.getClass().getName() + ":" + e.getMessage();
if (e instanceof ChaiException || e instanceof IOException) {
LOGGER.debug(errorMsg);
} else {
LOGGER.debug(errorMsg, e);
}
throw new ChaiUnavailableException("unable to create connection: " + e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
}
if (!failOverWrapperChild) {
providerImpl = addProviderWrappers(providerImpl);
getCentralService().registerProvider(providerImpl);
}
return providerImpl;
}
use of com.novell.ldapchai.exception.ChaiException in project ldapchai by ldapchai.
the class WatchdogWrapper method checkForPwExpiration.
private boolean checkForPwExpiration(final ChaiProviderImplementor chaiProvider) {
final boolean doPwExpCheck = chaiProvider.getChaiConfiguration().getBooleanSetting(ChaiSetting.WATCHDOG_DISABLE_IF_PW_EXPIRED);
if (!doPwExpCheck) {
return false;
}
LOGGER.trace("checking for user password expiration to adjust watchdog timeout id=" + getIdentifier());
boolean userPwExpired;
try {
final String bindUserDN = chaiProvider.getChaiConfiguration().getSetting(ChaiSetting.BIND_DN);
final ChaiUser bindUser = chaiProvider.getEntryFactory().newChaiUser(bindUserDN);
userPwExpired = bindUser.isPasswordExpired();
} catch (ChaiException e) {
LOGGER.error("unexpected error attempting to read user password expiration value during" + " watchdog initialization, will assume expiration, id=" + this.getIdentifier() + ", error: " + e.getMessage());
userPwExpired = true;
}
if (userPwExpired) {
LOGGER.info("connection user account password is currently expired. Disabling watchdog timeout. id=" + this.getIdentifier());
return true;
}
return false;
}
use of com.novell.ldapchai.exception.ChaiException in project ldapchai by ldapchai.
the class TestHelper method createNewTestUser.
public static ChaiUser createNewTestUser(final ChaiEntry testContainer) throws Exception {
final String createDN = "cn=testUser," + testContainer.getEntryDN();
final String createClass = "inetOrgPerson";
final Map<String, String> createAttributes = new HashMap<String, String>();
createAttributes.put("givenName", "Test");
createAttributes.put("sn", "User");
createAttributes.put("title", "TestUser");
createAttributes.put("mail", "test@test.test");
// perform the create operation in eDirectory
try {
testContainer.getChaiProvider().createEntry(createDN, createClass, createAttributes);
} catch (ChaiException e) {
throw new Exception("error creating test user", e);
}
return ChaiFactory.createChaiUser(createDN, testContainer.getChaiProvider());
}
use of com.novell.ldapchai.exception.ChaiException in project ldapchai by ldapchai.
the class CreateUser method main.
public static void main(final String[] args) {
String ldapURL = "ldap://ldaphost:389";
String ldapBindDN = "cn=admin,ou=ou,o=o";
String ldapBindPW = "password";
// create a provider using the standard JNDI factory.
ChaiProvider provider = null;
try {
final ChaiProviderFactory chaiProviderFactory = ChaiProviderFactory.newProviderFactory();
provider = chaiProviderFactory.newProvider(ldapURL, ldapBindDN, ldapBindPW);
} catch (ChaiUnavailableException e) {
System.out.println("LDAP error while connecting: " + e);
System.exit(-1);
}
// setup string values to use for the creation
String createDN = "cn=gwashington,ou=ou,o=o";
String createClass = "inetOrgPerson";
// create a Properties to set the initial attribute values for the new user.
Map<String, String> createAttributes = new HashMap<>();
createAttributes.put("givenName", "George");
createAttributes.put("sn", "Washingon");
createAttributes.put("title", "President");
createAttributes.put("mail", "president@whitehouse.gov");
try {
// perform the create operation
provider.createEntry(createDN, createClass, createAttributes);
System.out.println("created user " + createDN);
} catch (ChaiException e) {
System.out.println("error creating user: " + e.getMessage());
}
}
use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class LDAPStatusChecker method doLdapTestUserCheck.
@SuppressWarnings("checkstyle:MethodLength")
public List<HealthRecord> doLdapTestUserCheck(final Configuration config, final LdapProfile ldapProfile, final PwmApplication pwmApplication) {
String testUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
String proxyUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
final PasswordData proxyUserPW = ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD);
final List<HealthRecord> returnRecords = new ArrayList<>();
if (testUserDN == null || testUserDN.length() < 1) {
return returnRecords;
}
try {
testUserDN = ldapProfile.readCanonicalDN(pwmApplication, testUserDN);
proxyUserDN = ldapProfile.readCanonicalDN(pwmApplication, proxyUserDN);
} catch (PwmUnrecoverableException e) {
final String msgString = e.getMessage();
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
return returnRecords;
}
if (proxyUserDN.equalsIgnoreCase(testUserDN)) {
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_ProxyTestSameUser, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_PROXY_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE)));
return returnRecords;
}
ChaiUser theUser = null;
ChaiProvider chaiProvider = null;
try {
try {
chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, ldapProfile, config, proxyUserDN, proxyUserPW);
theUser = chaiProvider.getEntryFactory().newChaiUser(testUserDN);
} catch (ChaiUnavailableException e) {
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnavailable, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
return returnRecords;
} catch (Throwable e) {
final String msgString = e.getMessage();
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "unexpected error while testing test user (during object creation): message=" + msgString + " debug info: " + JavaHelper.readHostileExceptionMessage(e));
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msgString));
return returnRecords;
}
try {
theUser.readObjectClass();
} catch (ChaiException e) {
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
return returnRecords;
}
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning process to check ldap test user password read/write operations for profile " + ldapProfile.getIdentifier());
try {
final boolean readPwdEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_USER_PWD) && theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY;
if (readPwdEnabled) {
try {
theUser.readPassword();
} catch (Exception e) {
LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "error reading user password from directory " + e.getMessage());
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserReadPwError, PwmSetting.EDIRECTORY_READ_USER_PWD.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE), PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
return returnRecords;
}
} else {
final Locale locale = PwmConstants.DEFAULT_LOCALE;
final UserIdentity userIdentity = new UserIdentity(testUserDN, ldapProfile.getIdentifier());
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, null, userIdentity, theUser, locale);
boolean doPasswordChange = true;
final int minLifetimeSeconds = passwordPolicy.getRuleHelper().readIntValue(PwmPasswordRule.MinimumLifetime);
if (minLifetimeSeconds > 0) {
final Instant pwdLastModified = PasswordUtility.determinePwdLastModified(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, userIdentity);
final PasswordStatus passwordStatus;
{
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, locale, userIdentity, chaiProvider);
passwordStatus = userInfo.getPasswordStatus();
}
{
final boolean withinMinLifetime = PasswordUtility.isPasswordWithinMinimumLifetimeImpl(theUser, SessionLabel.HEALTH_SESSION_LABEL, passwordPolicy, pwdLastModified, passwordStatus);
if (withinMinLifetime) {
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "skipping test user password set due to password being within minimum lifetime");
doPasswordChange = false;
}
}
}
if (doPasswordChange) {
final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(null, passwordPolicy, pwmApplication);
try {
theUser.setPassword(newPassword.getStringValue());
LOGGER.debug(SessionLabel.HEALTH_SESSION_LABEL, "set random password on test user " + userIdentity.toDisplayString());
} catch (ChaiException e) {
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserWritePwError, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), e.getMessage()));
return returnRecords;
}
}
}
} catch (Exception e) {
final String msg = "error setting test user password: " + JavaHelper.readHostileExceptionMessage(e);
LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, msg, e);
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserUnexpected, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE), msg));
return returnRecords;
}
try {
final UserIdentity userIdentity = new UserIdentity(theUser.getEntryDN(), ldapProfile.getIdentifier());
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, PwmConstants.DEFAULT_LOCALE, userIdentity, chaiProvider);
userInfo.getPasswordStatus();
userInfo.getAccountExpirationTime();
userInfo.getResponseInfoBean();
userInfo.getPasswordPolicy();
userInfo.getChallengeProfile();
userInfo.getProfileIDs();
userInfo.getOtpUserRecord();
userInfo.getUserGuid();
userInfo.getUsername();
userInfo.getUserEmailAddress();
userInfo.getUserSmsNumber();
} catch (PwmUnrecoverableException e) {
returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), "unable to read test user data: " + e.getMessage()));
return returnRecords;
}
} finally {
if (chaiProvider != null) {
try {
chaiProvider.close();
} catch (Exception e) {
// ignore
}
}
}
returnRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_TestUserOK, ldapProfile.getDisplayName(PwmConstants.DEFAULT_LOCALE)));
return returnRecords;
}
Aggregations