Example 31 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class ActivateUserUtils method validateParamsAgainstLDAP.
static void validateParamsAgainstLDAP(final PwmRequest pwmRequest, final Map<FormConfiguration, String> formValues, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmDataValidationException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final String searchFilter = figureLdapSearchFilter(pwmRequest);
final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formItem = entry.getKey();
final String attrName = formItem.getName();
final String tokenizedAttrName = "%" + attrName + "%";
if (searchFilter.contains(tokenizedAttrName)) {
LOGGER.trace(pwmSession, "skipping validation of ldap value for '" + attrName + "' because it is in search filter");
} else {
final String value = entry.getValue();
try {
if (!chaiUser.compareStringAttribute(attrName, value)) {
final String errorMsg = "incorrect value for '" + attrName + "'";
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_ACTIVATION_VALIDATIONFAIL, errorMsg, new String[] { attrName });
LOGGER.debug(pwmSession.getLabel(), errorInfo.toDebugStr());
throw new PwmDataValidationException(errorInfo);
}
LOGGER.trace(pwmSession.getLabel(), "successful validation of ldap value for '" + attrName + "'");
} catch (ChaiOperationException e) {
LOGGER.error(pwmSession.getLabel(), "error during param validation of '" + attrName + "', error: " + e.getMessage());
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_ACTIVATION_VALIDATIONFAIL, "ldap error testing value for '" + attrName + "'", new String[] { attrName }));
}
}
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmDataValidationException(password.pwm.error.PwmDataValidationException)
PwmApplication(password.pwm.PwmApplication)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiUser(com.novell.ldapchai.ChaiUser)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
PwmSession(password.pwm.http.PwmSession)
Map(java.util.Map)
Example 32 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class NewUserUtils method createUser.
@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final long startTime = System.currentTimeMillis();
// re-perform verification before proceeding
{
final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
passwordCheckInfoToException(passwordCheckInfo);
}
NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
final PasswordData userPassword;
if (promptForPassword) {
userPassword = newUserForm.getNewUserPassword();
} else {
final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
}
// set up the user creation attributes
final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
// read the creation object classes from configuration
final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
// add the auto-add object classes
{
final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
}
final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
try {
// create the ldap entry
chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
final boolean useTempPw;
{
final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
if ("auto".equalsIgnoreCase(settingValue)) {
useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
} else {
useTempPw = Boolean.parseBoolean(settingValue);
}
}
if (useTempPw) {
NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
final PasswordData temporaryPassword;
{
final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
}
final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
try {
// set password as admin
proxiedUser.setPassword(temporaryPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
try {
// bind as user
NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
bindAsProvider.close();
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
} else {
try {
// set password
theUser.setPassword(userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
}
NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
// write data to remote web service
remoteWriteFormData(pwmRequest, newUserForm);
// authenticate the user to pwm
final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
sessionAuthenticator.authenticateUser(userIdentity, userPassword);
{
// execute configured actions
final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
if (actions != null && !actions.isEmpty()) {
NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
// send user email
sendNewUserEmailConfirmation(pwmRequest);
// add audit record
pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
// increment the new user creation statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
PasswordData(password.pwm.util.PasswordData)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
List(java.util.List)
ArrayList(java.util.ArrayList)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ActionExecutor(password.pwm.util.operations.ActionExecutor)
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
LdapProfile(password.pwm.config.profile.LdapProfile)
ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmSession(password.pwm.http.PwmSession)
Example 33 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class PeopleSearchDataReader method readUserMultiAttributeValues.
private List<String> readUserMultiAttributeValues(final PwmRequest pwmRequest, final UserIdentity userIdentity, final String attributeName) throws PwmUnrecoverableException {
final List<String> returnObj = new ArrayList<>();
final int maxValues = Integer.parseInt(pwmRequest.getConfig().readAppProperty(AppProperty.PEOPLESEARCH_VALUE_MAXCOUNT));
final ChaiUser chaiUser = getChaiUser(userIdentity);
try {
final Set<String> ldapValues = chaiUser.readMultiStringAttribute(attributeName);
if (ldapValues != null) {
returnObj.addAll(ldapValues);
}
while (returnObj.size() > maxValues) {
returnObj.remove(returnObj.size() - 1);
}
return Collections.unmodifiableList(returnObj);
} catch (ChaiOperationException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, "error reading attribute value '" + attributeName + "', error:" + e.getMessage()));
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ChaiUser(com.novell.ldapchai.ChaiUser)
ArrayList(java.util.ArrayList)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 34 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class PeopleSearchDataReader method readUserDNAttributeValues.
private List<UserIdentity> readUserDNAttributeValues(final UserIdentity userIdentity, final String attributeName) throws PwmUnrecoverableException {
final List<UserIdentity> returnObj = new ArrayList<>();
final int maxValues = Integer.parseInt(pwmRequest.getConfig().readAppProperty(AppProperty.PEOPLESEARCH_VALUE_MAXCOUNT));
final ChaiUser chaiUser = getChaiUser(userIdentity);
final Set<String> ldapValues;
try {
ldapValues = chaiUser.readMultiStringAttribute(attributeName);
} catch (ChaiOperationException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, "error reading attribute value '" + attributeName + "', error:" + e.getMessage()));
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
}
final boolean checkUserDNValues = Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.PEOPLESEARCH_MAX_VALUE_VERIFYUSERDN));
for (final String userDN : ldapValues) {
final UserIdentity loopIdentity = new UserIdentity(userDN, userIdentity.getLdapProfileID());
if (returnObj.size() < maxValues) {
try {
if (checkUserDNValues) {
checkIfUserIdentityViewable(loopIdentity);
}
returnObj.add(loopIdentity);
} catch (PwmOperationalException e) {
LOGGER.debug(pwmRequest, "discarding userDN " + userDN + " from attribute " + attributeName + " because it does not match search filter");
}
} else {
LOGGER.trace(pwmRequest, "discarding userDN " + userDN + " from attribute " + attributeName + " because maximum value count has been reached");
}
}
return returnObj;
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
UserIdentity(password.pwm.bean.UserIdentity)
ArrayList(java.util.ArrayList)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 35 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class LdapOperationsHelper method writeMapToLdap.
/**
* Writes a Map of values to ldap onto the supplied user object.
* The map key must be a string of attribute names.
* <p/>
* Any ldap operation exceptions are not reported (but logged).
*
* @param theUser User to write to
* @param valueMap A map with String keys and String values.
* @throws ChaiUnavailableException if the directory is unavailable
* @throws PwmOperationalException if their is an unexpected ldap problem
*/
public static void writeMapToLdap(final ChaiUser theUser, final Map<String, String> valueMap, final MacroMachine macroMachine, final boolean expandMacros) throws PwmOperationalException, ChaiUnavailableException {
final Map<String, String> currentValues;
try {
currentValues = theUser.readStringAttributes(valueMap.keySet());
} catch (ChaiOperationException e) {
final String errorMsg = "error reading existing values on user " + theUser.getEntryDN() + " prior to replacing values, error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
final PwmOperationalException newException = new PwmOperationalException(errorInformation);
newException.initCause(e);
throw newException;
}
for (final Map.Entry<String, String> entry : valueMap.entrySet()) {
final String attrName = entry.getKey();
final String value = entry.getValue();
String attrValue = value != null ? value : "";
if (expandMacros) {
attrValue = macroMachine.expandMacros(attrValue);
}
if (!attrValue.equals(currentValues.get(attrName))) {
if (attrValue.length() > 0) {
try {
theUser.writeStringAttribute(attrName, attrValue);
LOGGER.info("set attribute on user " + theUser.getEntryDN() + " (" + attrName + "=" + attrValue + ")");
} catch (ChaiOperationException e) {
final String errorMsg = "error setting '" + attrName + "' attribute on user " + theUser.getEntryDN() + ", error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
final PwmOperationalException newException = new PwmOperationalException(errorInformation);
newException.initCause(e);
throw newException;
}
} else {
if (currentValues.get(attrName) != null && currentValues.get(attrName).length() > 0) {
try {
theUser.deleteAttribute(attrName, null);
LOGGER.info("deleted attribute value on user " + theUser.getEntryDN() + " (" + attrName + ")");
} catch (ChaiOperationException e) {
final String errorMsg = "error removing '" + attrName + "' attribute value on user " + theUser.getEntryDN() + ", error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
final PwmOperationalException newException = new PwmOperationalException(errorInformation);
newException.initCause(e);
throw newException;
}
}
}
} else {
LOGGER.debug("skipping attribute modify for attribute '" + attrName + "', no change in value");
}
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Map(java.util.Map)
HashMap(java.util.HashMap)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Aggregations
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)66
ErrorInformation (password.pwm.error.ErrorInformation)31
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)28
ChaiUser (com.novell.ldapchai.ChaiUser)24
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)21
UserIdentity (password.pwm.bean.UserIdentity)16
PwmOperationalException (password.pwm.error.PwmOperationalException)15
Map (java.util.Map)12
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)11
IOException (java.io.IOException)10
HashMap (java.util.HashMap)10
LinkedHashMap (java.util.LinkedHashMap)10
PwmApplication (password.pwm.PwmApplication)10
LdapProfile (password.pwm.config.profile.LdapProfile)10
FormConfiguration (password.pwm.config.value.data.FormConfiguration)9
List (java.util.List)8
PwmSession (password.pwm.http.PwmSession)8
UnsupportedEncodingException (java.io.UnsupportedEncodingException)7
ChaiPasswordPolicyException (com.novell.ldapchai.exception.ChaiPasswordPolicyException)6
Instant (java.time.Instant)6
