use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class LdapOperationsHelper method updateLastPasswordUpdateAttribute.
/**
* Update the user's "lastUpdated" attribute. By default this is
* "pwmLastUpdate" attribute
*
* @param userIdentity ldap user to operate on
* @return true if successful;
* @throws com.novell.ldapchai.exception.ChaiUnavailableException if the
* directory is unavailable
*/
public static boolean updateLastPasswordUpdateAttribute(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmUnrecoverableException {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
boolean success = false;
final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get(userIdentity.getLdapProfileID());
final String updateAttribute = ldapProfile.readSettingAsString(PwmSetting.PASSWORD_LAST_UPDATE_ATTRIBUTE);
if (updateAttribute != null && updateAttribute.length() > 0) {
try {
theUser.writeDateAttribute(updateAttribute, Instant.now());
LOGGER.debug(sessionLabel, "wrote pwdLastModified update attribute for " + theUser.getEntryDN());
success = true;
} catch (ChaiOperationException e) {
LOGGER.debug(sessionLabel, "error writing update attribute for user '" + theUser.getEntryDN() + "' " + e.getMessage());
}
}
return success;
}
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class LDAPAuthenticationRequest method setTempUserPassword.
private PasswordData setTempUserPassword() throws ChaiUnavailableException, ImpossiblePasswordPolicyException, PwmUnrecoverableException {
final boolean configAlwaysUseProxy = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.AD_USE_PROXY_FOR_FORGOTTEN);
final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
// try setting a random password on the account to authenticate.
if (!configAlwaysUseProxy && requestedAuthType == AuthenticationType.AUTH_FROM_PUBLIC_MODULE) {
log(PwmLogLevel.DEBUG, "attempting to set temporary random password");
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, sessionLabel, userIdentity, chaiUser, PwmConstants.DEFAULT_LOCALE);
// create random password for user
final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().seedlistPhrases(RandomPasswordGenerator.DEFAULT_SEED_PHRASES).passwordPolicy(passwordPolicy).build();
final PasswordData currentPass = RandomPasswordGenerator.createRandomPassword(sessionLabel, randomGeneratorConfig, pwmApplication);
try {
final String oracleDSPrePasswordAllowChangeTime = oraclePreTemporaryPwHandler(chaiProvider, chaiUser);
// write the random password for the user.
chaiUser.setPassword(currentPass.getStringValue());
oraclePostTemporaryPwHandler(chaiProvider, chaiUser, oracleDSPrePasswordAllowChangeTime);
log(PwmLogLevel.INFO, "user " + userIdentity + " password has been set to random value to use for user authentication");
} catch (ChaiOperationException e) {
final String errorStr = "error setting random password for user " + userIdentity + " " + e.getMessage();
log(PwmLogLevel.ERROR, errorStr);
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_BAD_SESSION_PASSWORD, errorStr));
}
return currentPass;
}
return null;
}
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class EdirSchemaExtender method readSchemaAttributes.
private Map<String, SchemaParser> readSchemaAttributes() throws ChaiUnavailableException, ChaiOperationException {
final Map<String, SchemaParser> returnObj = new LinkedHashMap<>();
final Set<String> valuesFromLdap = schemaEntry.readMultiStringAttribute(LDAP_SCHEMA_ATTR_ATTRS);
for (final String key : valuesFromLdap) {
SchemaParser schemaParser = null;
try {
schemaParser = new SchemaParser(key);
} catch (Exception e) {
LOGGER.error("error parsing schema attribute definition: " + e.getMessage());
}
if (schemaParser != null) {
for (final String attrName : schemaParser.getNames()) {
returnObj.put(attrName, schemaParser);
}
}
}
return returnObj;
}
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class EdirSchemaExtender method execute.
private void execute(final boolean readOnly) throws PwmUnrecoverableException {
activityLog.delete(0, activityLog.length());
logActivity("connecting to " + schemaEntry.getChaiProvider().getChaiConfiguration().bindURLsAsList().iterator().next());
stateMap.clear();
try {
final Map<String, SchemaParser> existingAttrs = readSchemaAttributes();
for (final SchemaDefinition schemaDefinition : SchemaDefinition.getPwmSchemaDefinitions()) {
if (schemaDefinition.getSchemaType() == SchemaDefinition.SchemaType.attribute) {
checkAttribute(readOnly, schemaDefinition, existingAttrs);
}
}
final Map<String, SchemaParser> existingObjectclasses = readSchemaObjectclasses();
for (final SchemaDefinition schemaDefinition : SchemaDefinition.getPwmSchemaDefinitions()) {
if (schemaDefinition.getSchemaType() == SchemaDefinition.SchemaType.objectclass) {
checkObjectclass(readOnly, schemaDefinition, existingObjectclasses);
}
}
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
} catch (ChaiOperationException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, e.getMessage()));
}
}
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class EdirSchemaExtender method checkObjectclass.
private void checkObjectclass(final boolean readOnly, final SchemaDefinition schemaDefinition, final Map<String, SchemaParser> existingAttrs) throws ChaiUnavailableException {
final String name = schemaDefinition.getName();
if (existingAttrs.containsKey(name)) {
final SchemaParser existingValue = existingAttrs.get(name);
logActivity("objectclass '" + name + "' exists");
final boolean objectclassIsCorrect = checkObjectclassCorrectness(schemaDefinition, existingValue);
stateMap.put(name, objectclassIsCorrect ? SchemaDefinition.State.correct : SchemaDefinition.State.incorrect);
if (!readOnly && !objectclassIsCorrect) {
logActivity("beginning update for objectclass '" + name + "'");
try {
schemaEntry.replaceAttribute(LDAP_SCHEMA_ATTR_CLASSES, existingValue.getRawString(), schemaDefinition.getDefinition());
logActivity("+ objectclass '" + name + "' has been modified");
stateMap.put(name, SchemaDefinition.State.correct);
} catch (ChaiOperationException e) {
logActivity("error while updating objectclass definition '" + name + "', error: " + e.getMessage());
}
}
} else {
logActivity("objectclass '" + name + "' does not exist");
stateMap.put(name, SchemaDefinition.State.missing);
if (!readOnly) {
logActivity("beginning add for objectclass '" + name + "'");
try {
schemaEntry.addAttribute(LDAP_SCHEMA_ATTR_CLASSES, schemaDefinition.getDefinition());
logActivity("+ objectclass '" + name + "' has been added");
stateMap.put(name, SchemaDefinition.State.correct);
} catch (ChaiOperationException e) {
logActivity("error while updating objectclass definition '" + name + "', error: " + e.getMessage());
}
}
}
}
Aggregations