Search in sources :

Example 11 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project pwm by pwm-project.

the class LDAPStatusChecker method checkVendorSameness.

private List<HealthRecord> checkVendorSameness(final PwmApplication pwmApplication) {
    final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
    if (healthProperties.containsKey(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck)) {
        return (List<HealthRecord>) healthProperties.get(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck);
    }
    LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning check for replica vendor sameness");
    boolean errorReachingServer = false;
    final Map<String, DirectoryVendor> replicaVendorMap = new HashMap<>();
    try {
        for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
            final ChaiConfiguration profileChaiConfiguration = LdapOperationsHelper.createChaiConfiguration(pwmApplication.getConfig(), ldapProfile);
            final Collection<ChaiConfiguration> replicaConfigs = ChaiUtility.splitConfigurationPerReplica(profileChaiConfiguration, Collections.emptyMap());
            for (final ChaiConfiguration chaiConfiguration : replicaConfigs) {
                final ChaiProvider loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
                replicaVendorMap.put(chaiConfiguration.getSetting(ChaiSetting.BIND_URLS), loopProvider.getDirectoryVendor());
            }
        }
    } catch (Exception e) {
        errorReachingServer = true;
        LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error during replica vendor sameness check: " + e.getMessage());
    }
    final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
    final Set<DirectoryVendor> discoveredVendors = new HashSet<>(replicaVendorMap.values());
    if (discoveredVendors.size() >= 2) {
        final StringBuilder vendorMsg = new StringBuilder();
        for (final Iterator<Map.Entry<String, DirectoryVendor>> iterator = replicaVendorMap.entrySet().iterator(); iterator.hasNext(); ) {
            final Map.Entry<String, DirectoryVendor> entry = iterator.next();
            final String key = entry.getKey();
            vendorMsg.append(key).append("=").append(entry.getValue().toString());
            if (iterator.hasNext()) {
                vendorMsg.append(", ");
            }
        }
        healthRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_VendorsNotSame, vendorMsg.toString()));
        // cache the error
        healthProperties.put(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck, healthRecords);
        LOGGER.warn(SessionLabel.HEALTH_SESSION_LABEL, "multiple ldap vendors found: " + vendorMsg.toString());
    } else if (discoveredVendors.size() == 1) {
        if (!errorReachingServer) {
            // cache the no errors
            healthProperties.put(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck, healthRecords);
        }
    }
    return healthRecords;
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ChaiEntry(com.novell.ldapchai.ChaiEntry) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) List(java.util.List) ArrayList(java.util.ArrayList) DirectoryVendor(com.novell.ldapchai.provider.DirectoryVendor) Map(java.util.Map) HashMap(java.util.HashMap) HashSet(java.util.HashSet)

Example 12 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project pwm by pwm-project.

the class LDAPStatusChecker method checkAdPasswordPolicyApi.

private static List<HealthRecord> checkAdPasswordPolicyApi(final PwmApplication pwmApplication) {
    final boolean passwordPolicyApiEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.AD_ENFORCE_PW_HISTORY_ON_SET);
    if (!passwordPolicyApiEnabled) {
        return Collections.emptyList();
    }
    if (pwmApplication.getHealthMonitor() != null) {
        final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
        if (healthProperties.containsKey(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck)) {
            final List<HealthRecord> healthRecords = (List<HealthRecord>) healthProperties.get(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck);
            return healthRecords;
        }
    }
    LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning check for ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") support");
    boolean errorReachingServer = false;
    final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
    try {
        for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
            final ChaiConfiguration profileChaiConfiguration = LdapOperationsHelper.createChaiConfiguration(pwmApplication.getConfig(), ldapProfile);
            final Collection<ChaiConfiguration> replicaConfigs = ChaiUtility.splitConfigurationPerReplica(profileChaiConfiguration, Collections.emptyMap());
            for (final ChaiConfiguration chaiConfiguration : replicaConfigs) {
                final ChaiProvider loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
                final ChaiEntry rootDSE = ChaiUtility.getRootDSE(loopProvider);
                final Set<String> controls = rootDSE.readMultiStringAttribute("supportedControl");
                final boolean asnSupported = controls.contains(PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN);
                if (!asnSupported) {
                    final String url = chaiConfiguration.getSetting(ChaiSetting.BIND_URLS);
                    final HealthRecord record = HealthRecord.forMessage(HealthMessage.LDAP_Ad_History_Asn_Missing, PwmSetting.AD_ENFORCE_PW_HISTORY_ON_SET.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE), url);
                    healthRecords.add(record);
                    LOGGER.warn(record.toDebugString(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig()));
                }
            }
        }
    } catch (Exception e) {
        errorReachingServer = true;
        LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error during ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") check: " + e.getMessage());
    }
    if (!errorReachingServer && pwmApplication.getHealthMonitor() != null) {
        final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
        healthProperties.put(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck, healthRecords);
    }
    return healthRecords;
}
Also used : Serializable(java.io.Serializable) ArrayList(java.util.ArrayList) ChaiEntry(com.novell.ldapchai.ChaiEntry) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) List(java.util.List) ArrayList(java.util.ArrayList)

Example 13 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project ldapchai by ldapchai.

the class ChaiUtility method getRootDSE.

public static ChaiEntry getRootDSE(final ChaiProvider provider) throws ChaiUnavailableException {
    final List<String> splitUrls = provider.getChaiConfiguration().bindURLsAsList();
    final StringBuilder newUrlConfig = new StringBuilder();
    boolean currentURLsHavePath = false;
    for (final String splitUrl : splitUrls) {
        final URI uri = URI.create(splitUrl);
        final String newURI = uri.getScheme() + "://" + uri.getHost() + ":" + uri.getPort();
        newUrlConfig.append(newURI);
        if (uri.getPath() != null && uri.getPath().length() > 0) {
            currentURLsHavePath = true;
        }
        newUrlConfig.append(",");
    }
    final ChaiConfiguration rootDSEChaiConfig = ChaiConfiguration.builder(provider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_URLS, newUrlConfig.toString()).build();
    final ChaiProvider rootDseProvider = currentURLsHavePath ? provider.getProviderFactory().newProvider(rootDSEChaiConfig) : provider;
    // can not call the VendorFactory here, because VendorFactory in turn calls this method to get the
    // directory vendor.  Instead, we will go directly to the Generic VendorFactory
    final GenericEntryFactory genericEntryFactory = new GenericEntryFactory();
    return genericEntryFactory.newChaiEntry("", rootDseProvider);
}
Also used : ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) GenericEntryFactory(com.novell.ldapchai.impl.generic.entry.GenericEntryFactory) URI(java.net.URI) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration)

Example 14 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project ldapchai by ldapchai.

the class ChaiTester method testClosedProvider.

public void testClosedProvider() throws Exception {
    final ChaiConfiguration testConfig = new ChaiConfiguration(TestHelper.bindURL, TestHelper.bindDN, TestHelper.bindPW);
    testConfig.setSetting(ChaiSetting.PROMISCUOUS_SSL, "true");
    testConfig.setSetting(ChaiSetting.WATCHDOG_ENABLE, "true");
    testConfig.setSetting(ChaiSetting.STATISTICS_ENABLE, "true");
    testConfig.setSetting(ChaiSetting.FAILOVER_ENABLE, "true");
    final ChaiProvider testProvider = ChaiProviderFactory.createProvider(testConfig);
    final ChaiEntry testContainer = TestHelper.createTestContainer(testProvider);
    final ChaiUser testUser = TestHelper.createNewTestUser(testContainer);
    TestHelper.doBasicNonDestructiveUserTest(testUser);
    testProvider.close();
    {
        boolean gotError = false;
        try {
            TestHelper.doBasicNonDestructiveUserTest(testUser);
        } catch (IllegalStateException e) {
            gotError = true;
        }
        Assert.assertTrue(gotError);
    }
    // all should be able to be called on a closed provider.
    testProvider.close();
    testProvider.getProviderStatistics();
}
Also used : ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiUser(com.novell.ldapchai.ChaiUser) ChaiEntry(com.novell.ldapchai.ChaiEntry) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration)

Example 15 with ChaiConfiguration

use of com.novell.ldapchai.provider.ChaiConfiguration in project ldapchai by ldapchai.

the class ChaiTester method testChaiResponseSet.

public void testChaiResponseSet() throws Exception {
    final ChaiEntry testContainer = TestHelper.createTestContainer();
    final ChaiUser testUser;
    final ChaiConfiguration chaiConfig = new ChaiConfiguration("ldaps://ldaphost:636", "cn=admin,ou=ou,o=o", "password");
    {
        // create provider and test user.
        chaiConfig.setSetting(ChaiSetting.PROMISCUOUS_SSL, "true");
        final ChaiProvider provider = ChaiProviderFactory.createProvider(chaiConfig);
        testUser = ChaiUtility.createUser("cn=responseTestUser," + testContainer.getEntryDN(), "sn", provider);
    }
    // create challenges/responses
    final Map<Challenge, String> crMap;
    {
        final Map<Challenge, String> tempMap = new HashMap<Challenge, String>();
        tempMap.put(new ChaiChallenge(true, "c1", 5, 200, true), "response1");
        tempMap.put(new ChaiChallenge(true, "c2", 5, 200, true), "response2");
        tempMap.put(new ChaiChallenge(false, "c3", 5, 200, true), "response3");
        tempMap.put(new ChaiChallenge(false, "c4", 5, 200, true), "response4");
        crMap = Collections.unmodifiableMap(tempMap);
    }
    // write responses to user entry
    {
        final ChaiResponseSet responseSet = ChaiCrFactory.newChaiResponseSet(crMap, null, 0, chaiConfig, null);
        ChaiCrFactory.writeChaiResponseSet(responseSet, testUser);
    }
    // read responses from user entry
    final ResponseSet retreivedSet = ChaiCrFactory.readChaiResponseSet(testUser);
    Assert.assertTrue("error testing chai responses", retreivedSet.test(crMap));
    {
        final Map<Challenge, String> testMap = new HashMap<Challenge, String>(crMap);
        testMap.put(new ChaiChallenge(true, "c2", 5, 200, true), "response3");
        Assert.assertFalse("error testing chai responses, false positive", retreivedSet.test(testMap));
    }
    {
        final Map<Challenge, String> testMap = new HashMap<Challenge, String>(crMap);
        testMap.put(new ChaiChallenge(true, "c2", 50, 200, true), "response2");
        try {
            final ChaiResponseSet responseSet = ChaiCrFactory.newChaiResponseSet(testMap, null, 0, chaiConfig, null);
            ChaiCrFactory.writeChaiResponseSet(responseSet, testUser);
            Assert.fail("did not throw expected IllegalArgumentException due to response length being to short");
        } catch (ChaiValidationException e) {
        /* test should throw exception */
        }
    }
    {
        final ResponseSet testRs = ChaiCrFactory.newChaiResponseSet(crMap, null, 1, chaiConfig, null);
        final ChallengeSet testCs = new ChaiChallengeSet(crMap.keySet(), 1, null, null);
        Assert.assertTrue("meetsChallengeSetRequirements failed positive test", testRs.meetsChallengeSetRequirements(testCs));
    }
    {
        final Map<Challenge, String> testMap = new HashMap<Challenge, String>();
        testMap.put(new ChaiChallenge(true, "c1", 5, 200, true), "response1");
        testMap.put(new ChaiChallenge(true, "c2", 5, 200, true), "response2");
        final ResponseSet testRs = ChaiCrFactory.newChaiResponseSet(testMap, null, 1, chaiConfig, null);
        final ChallengeSet testCs = new ChaiChallengeSet(crMap.keySet(), 2, null, null);
        try {
            testRs.meetsChallengeSetRequirements(testCs);
            Assert.fail("meetsChallengeSetRequirements failed positive test");
        } catch (ChaiValidationException e) {
        /* test should throw exception */
        }
    }
}
Also used : ChaiEntry(com.novell.ldapchai.ChaiEntry) NmasResponseSet(com.novell.ldapchai.impl.edir.NmasResponseSet) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiUser(com.novell.ldapchai.ChaiUser) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)

Aggregations

ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)20 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)16 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)10 ChaiEntry (com.novell.ldapchai.ChaiEntry)9 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)7 ChaiUser (com.novell.ldapchai.ChaiUser)6 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)5 ChaiException (com.novell.ldapchai.exception.ChaiException)4 ArrayList (java.util.ArrayList)4 LdapProfile (password.pwm.config.profile.LdapProfile)4 PwmOperationalException (password.pwm.error.PwmOperationalException)4 List (java.util.List)3 Map (java.util.Map)3 TcpProxy (com.novell.ldapchai.tests.util.TcpProxy)2 IOException (java.io.IOException)2 Serializable (java.io.Serializable)2 InetSocketAddress (java.net.InetSocketAddress)2 MalformedURLException (java.net.MalformedURLException)2 UnknownHostException (java.net.UnknownHostException)2 HashMap (java.util.HashMap)2