Example 41 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class UserSearchEngine method executeSearch.
private Map<UserIdentity, Map<String, String>> executeSearch(final UserSearchJob userSearchJob, final SessionLabel sessionLabel, final int searchID, final int jobID) throws PwmOperationalException, PwmUnrecoverableException {
debugOutputTask.conditionallyExecuteTask();
final SearchHelper searchHelper = new SearchHelper();
searchHelper.setMaxResults(userSearchJob.getMaxResults());
searchHelper.setFilter(userSearchJob.getSearchFilter());
searchHelper.setAttributes(userSearchJob.getReturnAttributes());
searchHelper.setTimeLimit((int) userSearchJob.getTimeoutMs());
final String debugInfo;
{
final Map<String, String> props = new LinkedHashMap<>();
props.put("profile", userSearchJob.getLdapProfile().getIdentifier());
props.put("base", userSearchJob.getContext());
props.put("maxCount", String.valueOf(searchHelper.getMaxResults()));
debugInfo = "[" + StringUtil.mapToString(props) + "]";
}
log(PwmLogLevel.TRACE, sessionLabel, searchID, jobID, "performing ldap search for user; " + debugInfo);
final Instant startTime = Instant.now();
final Map<String, Map<String, String>> results;
try {
results = userSearchJob.getChaiProvider().search(userSearchJob.getContext(), searchHelper);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
} catch (ChaiOperationException e) {
throw new PwmOperationalException(PwmError.forChaiError(e.getErrorCode()), "ldap error during searchID=" + searchID + ", error=" + e.getMessage());
}
final TimeDuration searchDuration = TimeDuration.fromCurrent(startTime);
if (pwmApplication.getStatisticsManager() != null && pwmApplication.getStatisticsManager().status() == PwmService.STATUS.OPEN) {
pwmApplication.getStatisticsManager().updateAverageValue(Statistic.AVG_LDAP_SEARCH_TIME, searchDuration.getTotalMilliseconds());
}
if (results.isEmpty()) {
log(PwmLogLevel.TRACE, sessionLabel, searchID, jobID, "no matches from search (" + searchDuration.asCompactString() + "); " + debugInfo);
return Collections.emptyMap();
}
log(PwmLogLevel.TRACE, sessionLabel, searchID, jobID, "found " + results.size() + " results in " + searchDuration.asCompactString() + "; " + debugInfo);
final Map<UserIdentity, Map<String, String>> returnMap = new LinkedHashMap<>();
for (final Map.Entry<String, Map<String, String>> entry : results.entrySet()) {
final String userDN = entry.getKey();
final Map<String, String> attributeMap = entry.getValue();
final UserIdentity userIdentity = new UserIdentity(userDN, userSearchJob.getLdapProfile().getIdentifier());
returnMap.put(userIdentity, attributeMap);
}
return returnMap;
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Instant(java.time.Instant)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
SearchHelper(com.novell.ldapchai.util.SearchHelper)
PwmOperationalException(password.pwm.error.PwmOperationalException)
LinkedHashMap(java.util.LinkedHashMap)
ErrorInformation(password.pwm.error.ErrorInformation)
TimeDuration(password.pwm.util.java.TimeDuration)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Map(java.util.Map)
LinkedHashMap(java.util.LinkedHashMap)
TreeMap(java.util.TreeMap)
Example 42 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class LdapBrowser method getChildEntries.
private Map<String, Boolean> getChildEntries(final String profile, final String dn) throws ChaiUnavailableException, PwmUnrecoverableException, ChaiOperationException {
final HashMap<String, Boolean> returnMap = new HashMap<>();
final ChaiProvider chaiProvider = getChaiProvider(profile);
if ((dn == null || dn.isEmpty()) && chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY) {
final Set<String> adRootDNList = adRootDNList(profile);
for (final String rootDN : adRootDNList) {
returnMap.put(rootDN, true);
}
} else {
final Map<String, Map<String, List<String>>> results;
{
final SearchHelper searchHelper = new SearchHelper();
searchHelper.setFilter("(objectclass=*)");
searchHelper.setMaxResults(getMaxSizeLimit());
searchHelper.setAttributes("subordinateCount");
searchHelper.setSearchScope(SearchScope.ONE);
results = chaiProvider.searchMultiValues(dn, searchHelper);
}
for (final Map.Entry<String, Map<String, List<String>>> entry : results.entrySet()) {
final String resultDN = entry.getKey();
final Map<String, List<String>> attributeResults = entry.getValue();
boolean hasSubs = false;
if (attributeResults.containsKey("subordinateCount")) {
// only eDir actually returns this operational attribute
final Integer subordinateCount = Integer.parseInt(attributeResults.get("subordinateCount").iterator().next());
hasSubs = subordinateCount > 0;
} else {
final SearchHelper searchHelper = new SearchHelper();
searchHelper.setFilter("(objectclass=*)");
searchHelper.setMaxResults(1);
searchHelper.setAttributes(Collections.emptyList());
searchHelper.setSearchScope(SearchScope.ONE);
try {
final Map<String, Map<String, String>> subSearchResults = chaiProvider.search(resultDN, searchHelper);
hasSubs = !subSearchResults.isEmpty();
} catch (Exception e) {
LOGGER.debug("error during subordinate entry count of " + dn + ", error: " + e.getMessage());
}
}
returnMap.put(resultDN, hasSubs);
}
}
return returnMap;
}
Also used :
HashMap(java.util.HashMap)
SearchHelper(com.novell.ldapchai.util.SearchHelper)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
Example 43 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class LdapXmlUserHistory method readUserHistory.
private StoredHistory readUserHistory(final PwmApplication pwmApplication, final UserIdentity userIdentity, final ChaiUser chaiUser) throws ChaiUnavailableException, PwmUnrecoverableException {
final LdapProfile ldapProfile = userIdentity.getLdapProfile(pwmApplication.getConfig());
final String corAttribute = ldapProfile.readSettingAsString(PwmSetting.EVENTS_LDAP_ATTRIBUTE);
if (corAttribute == null || corAttribute.length() < 1) {
LOGGER.trace("no user event log attribute configured, skipping read of log data");
return new StoredHistory();
}
try {
final List corList = ConfigObjectRecord.readRecordFromLDAP(chaiUser, corAttribute, COR_RECORD_ID, null, null);
if (!corList.isEmpty()) {
final ConfigObjectRecord theCor = (ConfigObjectRecord) corList.get(0);
return StoredHistory.fromXml(theCor.getPayload());
}
} catch (ChaiOperationException e) {
LOGGER.error("ldap error reading user event log: " + e.getMessage());
}
return new StoredHistory();
}
Also used :
LinkedList(java.util.LinkedList)
List(java.util.List)
ConfigObjectRecord(com.novell.ldapchai.util.ConfigObjectRecord)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
LdapProfile(password.pwm.config.profile.LdapProfile)
Example 44 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class FormUtility method validateFormValueUniqueness.
@SuppressWarnings("checkstyle:MethodLength")
public static void validateFormValueUniqueness(final PwmApplication pwmApplication, final Map<FormConfiguration, String> formValues, final Locale locale, final Collection<UserIdentity> excludeDN, final ValidationFlag... validationFlags) throws PwmDataValidationException, PwmUnrecoverableException {
final boolean allowResultCaching = JavaHelper.enumArrayContainsValue(validationFlags, ValidationFlag.allowResultCaching);
final boolean checkReadOnlyAndHidden = JavaHelper.enumArrayContainsValue(validationFlags, ValidationFlag.checkReadOnlyAndHidden);
final Map<String, String> filterClauses = new HashMap<>();
final Map<String, String> labelMap = new HashMap<>();
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formItem = entry.getKey();
if (formItem.isUnique()) {
if (checkReadOnlyAndHidden || formItem.isReadonly()) {
if (checkReadOnlyAndHidden || (formItem.getType() != FormConfiguration.Type.hidden)) {
final String value = entry.getValue();
if (value != null && value.length() > 0) {
filterClauses.put(formItem.getName(), value);
labelMap.put(formItem.getName(), formItem.getLabel(locale));
}
}
}
}
}
if (filterClauses.isEmpty()) {
// nothing to search
return;
}
final StringBuilder filter = new StringBuilder();
{
// outer;
filter.append("(&");
// object classes;
filter.append("(|");
for (final String objectClass : pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES)) {
filter.append("(objectClass=").append(objectClass).append(")");
}
filter.append(")");
// attributes
filter.append("(|");
for (final Map.Entry<String, String> entry : filterClauses.entrySet()) {
final String name = entry.getKey();
final String value = entry.getValue();
filter.append("(").append(name).append("=").append(StringUtil.escapeLdapFilter(value)).append(")");
}
filter.append(")");
filter.append(")");
}
final CacheService cacheService = pwmApplication.getCacheService();
final CacheKey cacheKey = CacheKey.makeCacheKey(Validator.class, null, "attr_unique_check_" + filter.toString());
if (allowResultCaching && cacheService != null) {
final String cacheValue = cacheService.get(cacheKey);
if (cacheValue != null) {
if (NEGATIVE_CACHE_HIT.equals(cacheValue)) {
return;
} else {
final ErrorInformation errorInformation = JsonUtil.deserialize(cacheValue, ErrorInformation.class);
throw new PwmDataValidationException(errorInformation);
}
}
}
final SearchHelper searchHelper = new SearchHelper();
searchHelper.setFilterAnd(filterClauses);
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().filter(filter.toString()).build();
final int resultSearchSizeLimit = 1 + (excludeDN == null ? 0 : excludeDN.size());
final long cacheLifetimeMS = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.CACHE_FORM_UNIQUE_VALUE_LIFETIME_MS));
final CachePolicy cachePolicy = CachePolicy.makePolicyWithExpirationMS(cacheLifetimeMS);
try {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final Map<UserIdentity, Map<String, String>> results = new LinkedHashMap<>(userSearchEngine.performMultiUserSearch(searchConfiguration, resultSearchSizeLimit, Collections.emptyList(), SessionLabel.SYSTEM_LABEL));
if (excludeDN != null && !excludeDN.isEmpty()) {
for (final UserIdentity loopIgnoreIdentity : excludeDN) {
results.keySet().removeIf(loopIgnoreIdentity::equals);
}
}
if (!results.isEmpty()) {
final UserIdentity userIdentity = results.keySet().iterator().next();
if (labelMap.size() == 1) {
// since only one value searched, it must be that one value
final String attributeName = labelMap.values().iterator().next();
LOGGER.trace("found duplicate value for attribute '" + attributeName + "' on entry " + userIdentity);
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null, new String[] { attributeName });
throw new PwmDataValidationException(error);
}
// do a compare on a user values to find one that matches.
for (final Map.Entry<String, String> entry : filterClauses.entrySet()) {
final String name = entry.getKey();
final String value = entry.getValue();
final boolean compareResult;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
compareResult = theUser.compareStringAttribute(name, value);
} catch (ChaiOperationException | ChaiUnavailableException e) {
final PwmError error = PwmError.forChaiError(e.getErrorCode());
throw new PwmUnrecoverableException(error.toInfo());
}
if (compareResult) {
final String label = labelMap.get(name);
LOGGER.trace("found duplicate value for attribute '" + label + "' on entry " + userIdentity);
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null, new String[] { label });
throw new PwmDataValidationException(error);
}
}
// user didn't match on the compare.. shouldn't read here but just in case
final ErrorInformation error = new ErrorInformation(PwmError.ERROR_FIELD_DUPLICATE, null);
throw new PwmDataValidationException(error);
}
} catch (PwmOperationalException e) {
if (cacheService != null) {
final String jsonPayload = JsonUtil.serialize(e.getErrorInformation());
cacheService.put(cacheKey, cachePolicy, jsonPayload);
}
throw new PwmDataValidationException(e.getErrorInformation());
}
if (allowResultCaching && cacheService != null) {
cacheService.put(cacheKey, cachePolicy, NEGATIVE_CACHE_HIT);
}
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
UserSearchEngine(password.pwm.ldap.search.UserSearchEngine)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
SearchHelper(com.novell.ldapchai.util.SearchHelper)
LinkedHashMap(java.util.LinkedHashMap)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
CacheKey(password.pwm.svc.cache.CacheKey)
CacheService(password.pwm.svc.cache.CacheService)
UserIdentity(password.pwm.bean.UserIdentity)
PwmError(password.pwm.error.PwmError)
SearchConfiguration(password.pwm.ldap.search.SearchConfiguration)
PwmDataValidationException(password.pwm.error.PwmDataValidationException)
CachePolicy(password.pwm.svc.cache.CachePolicy)
ChaiUser(com.novell.ldapchai.ChaiUser)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 45 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class PasswordUtility method setPassword.
public static void setPassword(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final ChaiProvider chaiProvider, final UserInfo userInfo, final PasswordData oldPassword, final PasswordData newPassword) throws PwmUnrecoverableException, PwmOperationalException {
final UserIdentity userIdentity = userInfo.getUserIdentity();
final Instant startTime = Instant.now();
final boolean bindIsSelf;
final String bindDN;
try {
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
final Locale locale = PwmConstants.DEFAULT_LOCALE;
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, sessionLabel, userIdentity, theUser, locale);
final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, passwordPolicy);
pwmPasswordRuleValidator.testPassword(newPassword, null, userInfo, theUser);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
} catch (PwmException e) {
throw new PwmUnrecoverableException(e.getErrorInformation());
}
try {
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
bindDN = chaiProvider.getChaiConfiguration().getSetting(ChaiSetting.BIND_DN);
bindIsSelf = userIdentity.canonicalEquals(new UserIdentity(bindDN, userIdentity.getLdapProfileID()), pwmApplication);
LOGGER.trace(sessionLabel, "preparing to setActorPassword for '" + theUser.getEntryDN() + "', using bind DN: " + bindDN);
final boolean settingEnableChange = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE));
if (settingEnableChange) {
if (oldPassword == null) {
theUser.setPassword(newPassword.getStringValue(), true);
} else {
theUser.changePassword(oldPassword.getStringValue(), newPassword.getStringValue());
}
} else {
LOGGER.debug(sessionLabel, "skipping actual ldap password change operation due to app property " + AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE.getKey() + "=false");
}
} catch (ChaiPasswordPolicyException e) {
final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.toString();
final PwmError pwmError = PwmError.forChaiError(e.getErrorCode());
final ErrorInformation error = new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError, errorMsg);
throw new PwmOperationalException(error);
} catch (ChaiOperationException e) {
final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.getMessage();
final PwmError pwmError = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
final ErrorInformation error = new ErrorInformation(pwmError, errorMsg);
throw new PwmOperationalException(error);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
// add the old password to the global history list (if the old password is known)
if (oldPassword != null && pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PASSWORD_SHAREDHISTORY_ENABLE)) {
pwmApplication.getSharedHistoryManager().addWord(sessionLabel, oldPassword.getStringValue());
}
// update stats
pwmApplication.getStatisticsManager().updateEps(EpsStatistic.PASSWORD_CHANGES, 1);
final int passwordStrength = PasswordUtility.judgePasswordStrength(pwmApplication.getConfig(), newPassword.getStringValue());
pwmApplication.getStatisticsManager().updateAverageValue(Statistic.AVG_PASSWORD_STRENGTH, passwordStrength);
// at this point the password has been changed, so log it.
final String msg = (bindIsSelf ? "user " + userIdentity.toDisplayString() + " has changed own password" : "password for user '" + userIdentity.toDisplayString() + "' has been changed by " + bindDN) + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")";
LOGGER.info(sessionLabel, msg);
}
Also used :
Locale(java.util.Locale)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
UserIdentity(password.pwm.bean.UserIdentity)
Instant(java.time.Instant)
PwmError(password.pwm.error.PwmError)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmException(password.pwm.error.PwmException)
PwmPasswordRuleValidator(password.pwm.util.PwmPasswordRuleValidator)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Aggregations
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)66
ErrorInformation (password.pwm.error.ErrorInformation)31
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)28
ChaiUser (com.novell.ldapchai.ChaiUser)24
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)21
UserIdentity (password.pwm.bean.UserIdentity)16
PwmOperationalException (password.pwm.error.PwmOperationalException)15
Map (java.util.Map)12
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)11
IOException (java.io.IOException)10
HashMap (java.util.HashMap)10
LinkedHashMap (java.util.LinkedHashMap)10
PwmApplication (password.pwm.PwmApplication)10
LdapProfile (password.pwm.config.profile.LdapProfile)10
FormConfiguration (password.pwm.config.value.data.FormConfiguration)9
List (java.util.List)8
PwmSession (password.pwm.http.PwmSession)8
UnsupportedEncodingException (java.io.UnsupportedEncodingException)7
ChaiPasswordPolicyException (com.novell.ldapchai.exception.ChaiPasswordPolicyException)6
Instant (java.time.Instant)6
