Search in sources :

Example 21 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class RestStatusServer method doGetStatusData.

@RestMethodHandler(method = HttpMethod.GET, produces = HttpContentType.json, consumes = HttpContentType.json)
public RestResultBean doGetStatusData(final RestRequest restRequest) throws PwmUnrecoverableException {
    final Instant startTime = Instant.now();
    final String username = restRequest.readParameterAsString("username");
    final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, username);
    try {
        final ChaiProvider chaiProvider = targetUserIdentity.getChaiProvider();
        final UserInfo userInfo = UserInfoFactory.newUserInfo(restRequest.getPwmApplication(), restRequest.getSessionLabel(), restRequest.getLocale(), targetUserIdentity.getUserIdentity(), chaiProvider);
        final MacroMachine macroMachine = MacroMachine.forUser(restRequest.getPwmApplication(), restRequest.getLocale(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity());
        final PublicUserInfoBean publicUserInfoBean = PublicUserInfoBean.fromUserInfoBean(userInfo, restRequest.getPwmApplication().getConfig(), restRequest.getLocale(), macroMachine);
        StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_STATUS);
        final RestResultBean restResultBean = RestResultBean.withData(publicUserInfoBean);
        LOGGER.debug(restRequest.getSessionLabel(), "completed REST status request in " + TimeDuration.compactFromCurrent(startTime) + ", result=" + JsonUtil.serialize(restResultBean));
        return restResultBean;
    } catch (PwmException e) {
        return RestResultBean.fromError(e.getErrorInformation());
    } catch (Exception e) {
        final String errorMsg = "unexpected error building json response: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        return RestResultBean.fromError(restRequest, errorInformation);
    }
}
Also used : PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) Instant(java.time.Instant) MacroMachine(password.pwm.util.macro.MacroMachine) UserInfo(password.pwm.ldap.UserInfo) PublicUserInfoBean(password.pwm.bean.pub.PublicUserInfoBean) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmException(password.pwm.error.PwmException) RestResultBean(password.pwm.ws.server.RestResultBean) RestMethodHandler(password.pwm.ws.server.RestMethodHandler)

Example 22 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class NewUserProfile method getNewUserPasswordPolicy.

public PwmPasswordPolicy getNewUserPasswordPolicy(final PwmApplication pwmApplication, final Locale userLocale) throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final long maxNewUserCacheMS = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.CONFIG_NEWUSER_PASSWORD_POLICY_CACHE_MS));
    if (newUserPasswordPolicyCacheTime != null && TimeDuration.fromCurrent(newUserPasswordPolicyCacheTime).isLongerThan(maxNewUserCacheMS)) {
        newUserPasswordPolicyCacheTime = Instant.now();
        newUserPasswordPolicyCache.clear();
    }
    final PwmPasswordPolicy cachedPolicy = newUserPasswordPolicyCache.get(userLocale);
    if (cachedPolicy != null) {
        return cachedPolicy;
    }
    final PwmPasswordPolicy thePolicy;
    final LdapProfile defaultLdapProfile = config.getDefaultLdapProfile();
    final String configuredNewUserPasswordDN = readSettingAsString(PwmSetting.NEWUSER_PASSWORD_POLICY_USER);
    if (configuredNewUserPasswordDN == null || configuredNewUserPasswordDN.length() < 1) {
        final String errorMsg = "the setting " + PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug(this.getIdentifier(), PwmConstants.DEFAULT_LOCALE) + " must have a value";
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg));
    } else {
        final String lookupDN;
        if ("TESTUSER".equalsIgnoreCase(configuredNewUserPasswordDN)) {
            lookupDN = defaultLdapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
            if (lookupDN == null || lookupDN.isEmpty()) {
                final String errorMsg = "setting " + PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(defaultLdapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE) + " must be configured since setting " + PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug(this.getIdentifier(), PwmConstants.DEFAULT_LOCALE) + " is set to TESTUSER";
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg));
            }
        } else {
            lookupDN = configuredNewUserPasswordDN;
        }
        if (lookupDN.isEmpty()) {
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "user ldap dn in setting " + PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE) + " can not be resolved"));
        } else {
            try {
                final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(defaultLdapProfile.getIdentifier());
                final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser(lookupDN);
                final UserIdentity userIdentity = new UserIdentity(lookupDN, defaultLdapProfile.getIdentifier());
                thePolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, null, userIdentity, chaiUser, userLocale);
            } catch (ChaiUnavailableException e) {
                throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
            }
        }
    }
    newUserPasswordPolicyCache.put(userLocale, thePolicy);
    return thePolicy;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) Configuration(password.pwm.config.Configuration) StoredConfiguration(password.pwm.config.stored.StoredConfiguration) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiUser(com.novell.ldapchai.ChaiUser) UserIdentity(password.pwm.bean.UserIdentity) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)

Example 23 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class NewUserUtils method createUser.

@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final long startTime = System.currentTimeMillis();
    // re-perform verification before proceeding
    {
        final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
        passwordCheckInfoToException(passwordCheckInfo);
    }
    NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
    final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
    final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
    final PasswordData userPassword;
    if (promptForPassword) {
        userPassword = newUserForm.getNewUserPassword();
    } else {
        final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
        userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
    }
    // set up the user creation attributes
    final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
    // read the creation object classes from configuration
    final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
    // add the auto-add object classes
    {
        final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
        createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
    }
    final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
    try {
        // create the ldap entry
        chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
        NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
    } catch (ChaiOperationException e) {
        final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
        throw new PwmOperationalException(errorInformation);
    }
    final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
    final boolean useTempPw;
    {
        final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
        if ("auto".equalsIgnoreCase(settingValue)) {
            useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
        } else {
            useTempPw = Boolean.parseBoolean(settingValue);
        }
    }
    if (useTempPw) {
        NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
        final PasswordData temporaryPassword;
        {
            final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
            temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
        }
        final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
        try {
            // set password as admin
            proxiedUser.setPassword(temporaryPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
        // add AD-specific attributes
        if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
            try {
                NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
                theUser.writeStringAttribute("userAccountControl", "512");
            } catch (ChaiOperationException e) {
                final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
                throw new PwmOperationalException(errorInformation);
            }
        }
        try {
            // bind as user
            NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
            final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
            final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
            final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
            bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
            bindAsProvider.close();
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
    } else {
        try {
            // set password
            theUser.setPassword(userPassword.getStringValue());
            NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
        } catch (ChaiOperationException e) {
            final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
            throw new PwmOperationalException(errorInformation);
        }
        // add AD-specific attributes
        if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
            try {
                theUser.writeStringAttribute("userAccountControl", "512");
            } catch (ChaiOperationException e) {
                final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
                final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
                throw new PwmOperationalException(errorInformation);
            }
        }
    }
    NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
    // write data to remote web service
    remoteWriteFormData(pwmRequest, newUserForm);
    // authenticate the user to pwm
    final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
    final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
    sessionAuthenticator.authenticateUser(userIdentity, userPassword);
    {
        // execute configured actions
        final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
        if (actions != null && !actions.isEmpty()) {
            NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
            actionExecutor.executeActions(actions, pwmSession.getLabel());
        }
    }
    // send user email
    sendNewUserEmailConfirmation(pwmRequest);
    // add audit record
    pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
    // increment the new user creation statistics
    pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
    NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
Also used : LinkedHashSet(java.util.LinkedHashSet) SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) PasswordData(password.pwm.util.PasswordData) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) List(java.util.List) ArrayList(java.util.ArrayList) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ActionExecutor(password.pwm.util.operations.ActionExecutor) PwmApplication(password.pwm.PwmApplication) UserIdentity(password.pwm.bean.UserIdentity) NewUserProfile(password.pwm.config.profile.NewUserProfile) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiUser(com.novell.ldapchai.ChaiUser) PwmSession(password.pwm.http.PwmSession)

Example 24 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LdapConnectionService method connectionDebugInfo.

private Map<String, String> connectionDebugInfo() {
    int allocatedConnections = 0;
    int activeConnections = 0;
    int idleConnections = 0;
    if (chaiProviderFactory != null) {
        for (final ChaiProvider chaiProvider : chaiProviderFactory.activeProviders()) {
            allocatedConnections++;
            if (chaiProvider.isConnected()) {
                activeConnections++;
            } else {
                idleConnections++;
            }
        }
    }
    final Map<String, String> debugInfo = new HashMap<>();
    debugInfo.put(DebugKey.ALLOCATED_CONNECTIONS.name(), String.valueOf(allocatedConnections));
    debugInfo.put(DebugKey.ACTIVE_CONNECTIONS.name(), String.valueOf(activeConnections));
    debugInfo.put(DebugKey.IDLE_CONNECTIONS.name(), String.valueOf(idleConnections));
    return Collections.unmodifiableMap(debugInfo);
}
Also used : ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Example 25 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class PeopleSearchDataReader method getMacroMachine.

private MacroMachine getMacroMachine(final UserIdentity userIdentity) throws PwmUnrecoverableException {
    final Locale locale = pwmRequest.getLocale();
    final ChaiProvider chaiProvider = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity).getChaiProvider();
    final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), locale, userIdentity, chaiProvider);
    return MacroMachine.forUser(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userInfo, null);
}
Also used : Locale(java.util.Locale) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) UserInfo(password.pwm.ldap.UserInfo)

Aggregations

ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)51 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)19 ChaiUser (com.novell.ldapchai.ChaiUser)18 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)18 ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)16 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)15 ErrorInformation (password.pwm.error.ErrorInformation)15 ChaiEntry (com.novell.ldapchai.ChaiEntry)13 ChaiException (com.novell.ldapchai.exception.ChaiException)10 ArrayList (java.util.ArrayList)10 PwmOperationalException (password.pwm.error.PwmOperationalException)10 UserIdentity (password.pwm.bean.UserIdentity)9 LdapProfile (password.pwm.config.profile.LdapProfile)8 PasswordData (password.pwm.util.PasswordData)8 HashSet (java.util.HashSet)7 List (java.util.List)6 ChaiProviderFactory (com.novell.ldapchai.provider.ChaiProviderFactory)5 Instant (java.time.Instant)5 HashMap (java.util.HashMap)5 Map (java.util.Map)5