Search in sources :

Example 6 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project pwm by pwm-project.

the class PasswordUtility method readIndividualReplicaLastPasswordTimes.

public static Map<String, Instant> readIndividualReplicaLastPasswordTimes(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws PwmUnrecoverableException {
    final Map<String, Instant> returnValue = new LinkedHashMap<>();
    final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
    final Collection<ChaiConfiguration> perReplicaConfigs = ChaiUtility.splitConfigurationPerReplica(chaiProvider.getChaiConfiguration(), Collections.singletonMap(ChaiSetting.FAILOVER_CONNECT_RETRIES, "1"));
    for (final ChaiConfiguration loopConfiguration : perReplicaConfigs) {
        final String loopReplicaUrl = loopConfiguration.getSetting(ChaiSetting.BIND_DN);
        ChaiProvider loopProvider = null;
        try {
            loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(loopConfiguration);
            final Instant lastModifiedDate = determinePwdLastModified(pwmApplication, sessionLabel, userIdentity);
            returnValue.put(loopReplicaUrl, lastModifiedDate);
        } catch (ChaiUnavailableException e) {
            LOGGER.error(sessionLabel, "unreachable server during replica password sync check");
            e.printStackTrace();
        } finally {
            if (loopProvider != null) {
                try {
                    loopProvider.close();
                } catch (Exception e) {
                    final String errorMsg = "error closing loopProvider to " + loopReplicaUrl + " while checking individual password sync status";
                    LOGGER.error(sessionLabel, errorMsg);
                }
            }
        }
    }
    return returnValue;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) Instant(java.time.Instant) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmDataValidationException(password.pwm.error.PwmDataValidationException) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmOperationalException(password.pwm.error.PwmOperationalException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) PwmException(password.pwm.error.PwmException) LinkedHashMap(java.util.LinkedHashMap)

Example 7 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project pwm by pwm-project.

the class ConfigGuideUtils method extendSchema.

public static SchemaOperationResult extendSchema(final PwmApplication pwmApplication, final ConfigGuideBean configGuideBean, final boolean doSchemaExtension) {
    final Map<ConfigGuideFormField, String> form = configGuideBean.getFormData();
    final boolean ldapServerSecure = "true".equalsIgnoreCase(form.get(ConfigGuideFormField.PARAM_LDAP_SECURE));
    final String ldapUrl = "ldap" + (ldapServerSecure ? "s" : "") + "://" + form.get(ConfigGuideFormField.PARAM_LDAP_HOST) + ":" + form.get(ConfigGuideFormField.PARAM_LDAP_PORT);
    try {
        final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(ldapUrl, form.get(ConfigGuideFormField.PARAM_LDAP_PROXY_DN), form.get(ConfigGuideFormField.PARAM_LDAP_PROXY_PW)).setSetting(ChaiSetting.PROMISCUOUS_SSL, "true").build();
        final ChaiProvider chaiProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
        if (doSchemaExtension) {
            return SchemaManager.extendSchema(chaiProvider);
        } else {
            return SchemaManager.checkExistingSchema(chaiProvider);
        }
    } catch (Exception e) {
        LOGGER.error("unable to create schema extender object: " + e.getMessage());
        return null;
    }
}
Also used : ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ServletException(javax.servlet.ServletException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmException(password.pwm.error.PwmException) PwmOperationalException(password.pwm.error.PwmOperationalException) IOException(java.io.IOException)

Example 8 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project pwm by pwm-project.

the class NewUserUtils method createUser.

@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final long startTime = System.currentTimeMillis();
    // re-perform verification before proceeding
    {
        final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
        passwordCheckInfoToException(passwordCheckInfo);
    }
    NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
    final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
    final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
    final PasswordData userPassword;
    if (promptForPassword) {
        userPassword = newUserForm.getNewUserPassword();
    } else {
        final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
        userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
    }
    // set up the user creation attributes
    final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
    // read the creation object classes from configuration
    final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
    // add the auto-add object classes
    {
        final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
        createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
    }
    final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
    try {
        // create the ldap entry
        chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
        NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
    } catch (ChaiOperationException e) {
        final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
        throw new PwmOperationalException(errorInformation);
    }
    final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
    final boolean useTempPw;
    {
        final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
        if ("auto".equalsIgnoreCase(settingValue)) {
            useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
        } else {
            useTempPw = Boolean.parseBoolean(settingValue);
        }
    }
    if (useTempPw) {
        NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
        final PasswordData temporaryPassword;
        {
            final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
            temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
        }
        final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
        try {
            // set password as admin
            proxiedUser.setPassword(temporaryPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
        // add AD-specific attributes
        if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
            try {
                NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
                theUser.writeStringAttribute("userAccountControl", "512");
            } catch (ChaiOperationException e) {
                final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
                throw new PwmOperationalException(errorInformation);
            }
        }
        try {
            // bind as user
            NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
            final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
            final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
            final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
            bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
            bindAsProvider.close();
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
    } else {
        try {
            // set password
            theUser.setPassword(userPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
        // add AD-specific attributes
        if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
            try {
                theUser.writeStringAttribute("userAccountControl", "512");
            } catch (ChaiOperationException e) {
                final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
                throw new PwmOperationalException(errorInformation);
            }
        }
    }
    NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
    // write data to remote web service
    remoteWriteFormData(pwmRequest, newUserForm);
    // authenticate the user to pwm
    final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
    final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
    sessionAuthenticator.authenticateUser(userIdentity, userPassword);
    {
        // execute configured actions
        final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
        if (actions != null && !actions.isEmpty()) {
            NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
            actionExecutor.executeActions(actions, pwmSession.getLabel());
        }
    }
    // send user email
    sendNewUserEmailConfirmation(pwmRequest);
    // add audit record
    pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
    // increment the new user creation statistics
    pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
    NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
Also used : LinkedHashSet(java.util.LinkedHashSet) SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) PasswordData(password.pwm.util.PasswordData) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) List(java.util.List) ArrayList(java.util.ArrayList) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ActionExecutor(password.pwm.util.operations.ActionExecutor) PwmApplication(password.pwm.PwmApplication) UserIdentity(password.pwm.bean.UserIdentity) NewUserProfile(password.pwm.config.profile.NewUserProfile) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiUser(com.novell.ldapchai.ChaiUser) PwmSession(password.pwm.http.PwmSession)

Example 9 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project pwm by pwm-project.

the class LdapOperationsHelper method createChaiProvider.

public static ChaiProvider createChaiProvider(final ChaiProviderFactory chaiProviderFactory, final SessionLabel sessionLabel, final LdapProfile ldapProfile, final Configuration config, final String userDN, final PasswordData userPassword) throws ChaiUnavailableException, PwmUnrecoverableException {
    final List<String> ldapURLs = ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_SERVER_URLS);
    final ChaiConfiguration chaiConfig = createChaiConfiguration(config, ldapProfile, ldapURLs, userDN, userPassword);
    LOGGER.trace(sessionLabel, "creating new ldap connection using config: " + chaiConfig.toString());
    return chaiProviderFactory.newProvider(chaiConfig);
}
Also used : ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration)

Example 10 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project pwm by pwm-project.

the class LdapDebugDataGenerator method makeLdapDebugInfos.

public static List<LdapDebugInfo> makeLdapDebugInfos(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final Configuration configuration, final Locale locale) {
    final List<LdapDebugInfo> returnList = new ArrayList<>();
    for (final LdapProfile ldapProfile : configuration.getLdapProfiles().values()) {
        final LdapDebugInfo ldapDebugInfo = new LdapDebugInfo();
        ldapDebugInfo.setProfileName(ldapProfile.getIdentifier());
        ldapDebugInfo.setDisplayName(ldapProfile.getDisplayName(locale));
        try {
            final ChaiProvider chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, null, ldapProfile, configuration, ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN), ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD));
            final Collection<ChaiConfiguration> chaiConfigurations = ChaiUtility.splitConfigurationPerReplica(chaiProvider.getChaiConfiguration(), null);
            final List<LdapDebugServerInfo> ldapDebugServerInfos = new ArrayList<>();
            for (final ChaiConfiguration chaiConfiguration : chaiConfigurations) {
                final LdapDebugServerInfo ldapDebugServerInfo = new LdapDebugServerInfo();
                ldapDebugServerInfo.setLdapServerlUrl(chaiConfiguration.getSetting(ChaiSetting.BIND_URLS));
                final ChaiProvider loopProvider = chaiProvider.getProviderFactory().newProvider(chaiConfiguration);
                {
                    final ChaiEntry rootDSEentry = ChaiUtility.getRootDSE(loopProvider);
                    final Map<String, List<String>> rootDSEdata = LdapOperationsHelper.readAllEntryAttributeValues(rootDSEentry);
                    ldapDebugServerInfo.setRootDseAttributes(rootDSEdata);
                }
                {
                    final String proxyUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
                    if (proxyUserDN != null) {
                        ldapDebugServerInfo.setProxyDN(proxyUserDN);
                        final ChaiEntry proxyUserEntry = chaiProvider.getEntryFactory().newChaiEntry(proxyUserDN);
                        if (proxyUserEntry.exists()) {
                            final Map<String, List<String>> proxyUserData = LdapOperationsHelper.readAllEntryAttributeValues(proxyUserEntry);
                            ldapDebugServerInfo.setProxyUserAttributes(proxyUserData);
                        }
                    }
                }
                {
                    final String testUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
                    if (testUserDN != null) {
                        ldapDebugServerInfo.setTestUserDN(testUserDN);
                        final ChaiEntry testUserEntry = chaiProvider.getEntryFactory().newChaiEntry(testUserDN);
                        if (testUserEntry.exists()) {
                            final Map<String, List<String>> testUserdata = LdapOperationsHelper.readAllEntryAttributeValues(testUserEntry);
                            ldapDebugServerInfo.setTestUserAttributes(testUserdata);
                        }
                    }
                }
                ldapDebugServerInfos.add(ldapDebugServerInfo);
            }
            ldapDebugInfo.setServerInfo(ldapDebugServerInfos);
            returnList.add(ldapDebugInfo);
        } catch (Exception e) {
            LOGGER.error("error during output of ldap profile debug data profile: " + ldapProfile + ", error: " + e.getMessage());
        }
    }
    return returnList;
}
Also used : ArrayList(java.util.ArrayList) ChaiEntry(com.novell.ldapchai.ChaiEntry) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Aggregations

ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)20 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)16 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)10 ChaiEntry (com.novell.ldapchai.ChaiEntry)9 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)7 ChaiUser (com.novell.ldapchai.ChaiUser)6 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)5 ChaiException (com.novell.ldapchai.exception.ChaiException)4 ArrayList (java.util.ArrayList)4 LdapProfile (password.pwm.config.profile.LdapProfile)4 PwmOperationalException (password.pwm.error.PwmOperationalException)4 List (java.util.List)3 Map (java.util.Map)3 TcpProxy (com.novell.ldapchai.tests.util.TcpProxy)2 IOException (java.io.IOException)2 Serializable (java.io.Serializable)2 InetSocketAddress (java.net.InetSocketAddress)2 MalformedURLException (java.net.MalformedURLException)2 UnknownHostException (java.net.UnknownHostException)2 HashMap (java.util.HashMap)2