use of com.novell.ldapchai.provider.ChaiConfiguration in project pwm by pwm-project.
the class LDAPStatusChecker method checkVendorSameness.
private List<HealthRecord> checkVendorSameness(final PwmApplication pwmApplication) {
final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
if (healthProperties.containsKey(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck)) {
return (List<HealthRecord>) healthProperties.get(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck);
}
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning check for replica vendor sameness");
boolean errorReachingServer = false;
final Map<String, DirectoryVendor> replicaVendorMap = new HashMap<>();
try {
for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
final ChaiConfiguration profileChaiConfiguration = LdapOperationsHelper.createChaiConfiguration(pwmApplication.getConfig(), ldapProfile);
final Collection<ChaiConfiguration> replicaConfigs = ChaiUtility.splitConfigurationPerReplica(profileChaiConfiguration, Collections.emptyMap());
for (final ChaiConfiguration chaiConfiguration : replicaConfigs) {
final ChaiProvider loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
replicaVendorMap.put(chaiConfiguration.getSetting(ChaiSetting.BIND_URLS), loopProvider.getDirectoryVendor());
}
}
} catch (Exception e) {
errorReachingServer = true;
LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error during replica vendor sameness check: " + e.getMessage());
}
final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
final Set<DirectoryVendor> discoveredVendors = new HashSet<>(replicaVendorMap.values());
if (discoveredVendors.size() >= 2) {
final StringBuilder vendorMsg = new StringBuilder();
for (final Iterator<Map.Entry<String, DirectoryVendor>> iterator = replicaVendorMap.entrySet().iterator(); iterator.hasNext(); ) {
final Map.Entry<String, DirectoryVendor> entry = iterator.next();
final String key = entry.getKey();
vendorMsg.append(key).append("=").append(entry.getValue().toString());
if (iterator.hasNext()) {
vendorMsg.append(", ");
}
}
healthRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_VendorsNotSame, vendorMsg.toString()));
// cache the error
healthProperties.put(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck, healthRecords);
LOGGER.warn(SessionLabel.HEALTH_SESSION_LABEL, "multiple ldap vendors found: " + vendorMsg.toString());
} else if (discoveredVendors.size() == 1) {
if (!errorReachingServer) {
// cache the no errors
healthProperties.put(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck, healthRecords);
}
}
return healthRecords;
}
use of com.novell.ldapchai.provider.ChaiConfiguration in project pwm by pwm-project.
the class LDAPStatusChecker method checkAdPasswordPolicyApi.
private static List<HealthRecord> checkAdPasswordPolicyApi(final PwmApplication pwmApplication) {
final boolean passwordPolicyApiEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.AD_ENFORCE_PW_HISTORY_ON_SET);
if (!passwordPolicyApiEnabled) {
return Collections.emptyList();
}
if (pwmApplication.getHealthMonitor() != null) {
final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
if (healthProperties.containsKey(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck)) {
final List<HealthRecord> healthRecords = (List<HealthRecord>) healthProperties.get(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck);
return healthRecords;
}
}
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning check for ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") support");
boolean errorReachingServer = false;
final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
try {
for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
final ChaiConfiguration profileChaiConfiguration = LdapOperationsHelper.createChaiConfiguration(pwmApplication.getConfig(), ldapProfile);
final Collection<ChaiConfiguration> replicaConfigs = ChaiUtility.splitConfigurationPerReplica(profileChaiConfiguration, Collections.emptyMap());
for (final ChaiConfiguration chaiConfiguration : replicaConfigs) {
final ChaiProvider loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
final ChaiEntry rootDSE = ChaiUtility.getRootDSE(loopProvider);
final Set<String> controls = rootDSE.readMultiStringAttribute("supportedControl");
final boolean asnSupported = controls.contains(PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN);
if (!asnSupported) {
final String url = chaiConfiguration.getSetting(ChaiSetting.BIND_URLS);
final HealthRecord record = HealthRecord.forMessage(HealthMessage.LDAP_Ad_History_Asn_Missing, PwmSetting.AD_ENFORCE_PW_HISTORY_ON_SET.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE), url);
healthRecords.add(record);
LOGGER.warn(record.toDebugString(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig()));
}
}
}
} catch (Exception e) {
errorReachingServer = true;
LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error during ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") check: " + e.getMessage());
}
if (!errorReachingServer && pwmApplication.getHealthMonitor() != null) {
final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
healthProperties.put(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck, healthRecords);
}
return healthRecords;
}
use of com.novell.ldapchai.provider.ChaiConfiguration in project ldapchai by ldapchai.
the class ChaiUtility method getRootDSE.
public static ChaiEntry getRootDSE(final ChaiProvider provider) throws ChaiUnavailableException {
final List<String> splitUrls = provider.getChaiConfiguration().bindURLsAsList();
final StringBuilder newUrlConfig = new StringBuilder();
boolean currentURLsHavePath = false;
for (final String splitUrl : splitUrls) {
final URI uri = URI.create(splitUrl);
final String newURI = uri.getScheme() + "://" + uri.getHost() + ":" + uri.getPort();
newUrlConfig.append(newURI);
if (uri.getPath() != null && uri.getPath().length() > 0) {
currentURLsHavePath = true;
}
newUrlConfig.append(",");
}
final ChaiConfiguration rootDSEChaiConfig = ChaiConfiguration.builder(provider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_URLS, newUrlConfig.toString()).build();
final ChaiProvider rootDseProvider = currentURLsHavePath ? provider.getProviderFactory().newProvider(rootDSEChaiConfig) : provider;
// can not call the VendorFactory here, because VendorFactory in turn calls this method to get the
// directory vendor. Instead, we will go directly to the Generic VendorFactory
final GenericEntryFactory genericEntryFactory = new GenericEntryFactory();
return genericEntryFactory.newChaiEntry("", rootDseProvider);
}
use of com.novell.ldapchai.provider.ChaiConfiguration in project ldapchai by ldapchai.
the class ChaiTester method testClosedProvider.
public void testClosedProvider() throws Exception {
final ChaiConfiguration testConfig = new ChaiConfiguration(TestHelper.bindURL, TestHelper.bindDN, TestHelper.bindPW);
testConfig.setSetting(ChaiSetting.PROMISCUOUS_SSL, "true");
testConfig.setSetting(ChaiSetting.WATCHDOG_ENABLE, "true");
testConfig.setSetting(ChaiSetting.STATISTICS_ENABLE, "true");
testConfig.setSetting(ChaiSetting.FAILOVER_ENABLE, "true");
final ChaiProvider testProvider = ChaiProviderFactory.createProvider(testConfig);
final ChaiEntry testContainer = TestHelper.createTestContainer(testProvider);
final ChaiUser testUser = TestHelper.createNewTestUser(testContainer);
TestHelper.doBasicNonDestructiveUserTest(testUser);
testProvider.close();
{
boolean gotError = false;
try {
TestHelper.doBasicNonDestructiveUserTest(testUser);
} catch (IllegalStateException e) {
gotError = true;
}
Assert.assertTrue(gotError);
}
// all should be able to be called on a closed provider.
testProvider.close();
testProvider.getProviderStatistics();
}
use of com.novell.ldapchai.provider.ChaiConfiguration in project ldapchai by ldapchai.
the class ChaiTester method testChaiResponseSet.
public void testChaiResponseSet() throws Exception {
final ChaiEntry testContainer = TestHelper.createTestContainer();
final ChaiUser testUser;
final ChaiConfiguration chaiConfig = new ChaiConfiguration("ldaps://ldaphost:636", "cn=admin,ou=ou,o=o", "password");
{
// create provider and test user.
chaiConfig.setSetting(ChaiSetting.PROMISCUOUS_SSL, "true");
final ChaiProvider provider = ChaiProviderFactory.createProvider(chaiConfig);
testUser = ChaiUtility.createUser("cn=responseTestUser," + testContainer.getEntryDN(), "sn", provider);
}
// create challenges/responses
final Map<Challenge, String> crMap;
{
final Map<Challenge, String> tempMap = new HashMap<Challenge, String>();
tempMap.put(new ChaiChallenge(true, "c1", 5, 200, true), "response1");
tempMap.put(new ChaiChallenge(true, "c2", 5, 200, true), "response2");
tempMap.put(new ChaiChallenge(false, "c3", 5, 200, true), "response3");
tempMap.put(new ChaiChallenge(false, "c4", 5, 200, true), "response4");
crMap = Collections.unmodifiableMap(tempMap);
}
// write responses to user entry
{
final ChaiResponseSet responseSet = ChaiCrFactory.newChaiResponseSet(crMap, null, 0, chaiConfig, null);
ChaiCrFactory.writeChaiResponseSet(responseSet, testUser);
}
// read responses from user entry
final ResponseSet retreivedSet = ChaiCrFactory.readChaiResponseSet(testUser);
Assert.assertTrue("error testing chai responses", retreivedSet.test(crMap));
{
final Map<Challenge, String> testMap = new HashMap<Challenge, String>(crMap);
testMap.put(new ChaiChallenge(true, "c2", 5, 200, true), "response3");
Assert.assertFalse("error testing chai responses, false positive", retreivedSet.test(testMap));
}
{
final Map<Challenge, String> testMap = new HashMap<Challenge, String>(crMap);
testMap.put(new ChaiChallenge(true, "c2", 50, 200, true), "response2");
try {
final ChaiResponseSet responseSet = ChaiCrFactory.newChaiResponseSet(testMap, null, 0, chaiConfig, null);
ChaiCrFactory.writeChaiResponseSet(responseSet, testUser);
Assert.fail("did not throw expected IllegalArgumentException due to response length being to short");
} catch (ChaiValidationException e) {
/* test should throw exception */
}
}
{
final ResponseSet testRs = ChaiCrFactory.newChaiResponseSet(crMap, null, 1, chaiConfig, null);
final ChallengeSet testCs = new ChaiChallengeSet(crMap.keySet(), 1, null, null);
Assert.assertTrue("meetsChallengeSetRequirements failed positive test", testRs.meetsChallengeSetRequirements(testCs));
}
{
final Map<Challenge, String> testMap = new HashMap<Challenge, String>();
testMap.put(new ChaiChallenge(true, "c1", 5, 200, true), "response1");
testMap.put(new ChaiChallenge(true, "c2", 5, 200, true), "response2");
final ResponseSet testRs = ChaiCrFactory.newChaiResponseSet(testMap, null, 1, chaiConfig, null);
final ChallengeSet testCs = new ChaiChallengeSet(crMap.keySet(), 2, null, null);
try {
testRs.meetsChallengeSetRequirements(testCs);
Assert.fail("meetsChallengeSetRequirements failed positive test");
} catch (ChaiValidationException e) {
/* test should throw exception */
}
}
}
Aggregations