Search in sources :

Example 26 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LdapConnectionService method getNewProxyChaiProvider.

private ChaiProvider getNewProxyChaiProvider(final LdapProfile ldapProfile) throws PwmUnrecoverableException {
    if (ldapProfile == null) {
        throw new NullPointerException("ldapProfile must not be null");
    }
    final int slot = slotIncrementer.next();
    final ChaiProvider proxyChaiProvider = proxyChaiProviders.get(ldapProfile).get(slot);
    if (proxyChaiProvider != null) {
        return proxyChaiProvider;
    }
    try {
        final ChaiProvider newProvider = LdapOperationsHelper.openProxyChaiProvider(pwmApplication, null, ldapProfile, pwmApplication.getConfig(), pwmApplication.getStatisticsManager());
        proxyChaiProviders.get(ldapProfile).put(slot, newProvider);
        return newProvider;
    } catch (PwmUnrecoverableException e) {
        setLastLdapFailure(ldapProfile, e.getErrorInformation());
        throw e;
    } catch (Exception e) {
        final String errorMsg = "unexpected error creating new proxy ldap connection: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        LOGGER.error(errorInformation);
        throw new PwmUnrecoverableException(errorInformation);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmException(password.pwm.error.PwmException)

Example 27 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LdapConnectionService method getProxyChaiProvider.

public ChaiProvider getProxyChaiProvider(final LdapProfile ldapProfile) throws PwmUnrecoverableException {
    final LdapProfile effectiveProfile = ldapProfile == null ? pwmApplication.getConfig().getDefaultLdapProfile() : ldapProfile;
    if (threadLocalProvider.get() != null && threadLocalProvider.get().containsKey(effectiveProfile)) {
        return threadLocalProvider.get().get(effectiveProfile);
    }
    final ChaiProvider chaiProvider = getNewProxyChaiProvider(effectiveProfile);
    if (threadLocalProvider.get() == null) {
        threadLocalProvider.set(new ConcurrentHashMap<>());
    }
    threadLocalProvider.get().put(effectiveProfile, chaiProvider);
    return chaiProvider;
}
Also used : ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) LdapProfile(password.pwm.config.profile.LdapProfile)

Example 28 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class SessionAuthenticator method simulateBadPassword.

public void simulateBadPassword(final UserIdentity userIdentity) throws PwmUnrecoverableException {
    if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.SECURITY_SIMULATE_LDAP_BAD_PASSWORD)) {
        return;
    } else {
        LOGGER.trace(sessionLabel, "performing bad-password login attempt against ldap directory as a result of " + "forgotten password recovery invalid attempt against " + userIdentity);
    }
    if (userIdentity == null || userIdentity.getUserDN() == null || userIdentity.getUserDN().length() < 1) {
        LOGGER.error(sessionLabel, "attempt to simulateBadPassword with null userDN");
        return;
    }
    LOGGER.trace(sessionLabel, "beginning simulateBadPassword process");
    final PasswordData bogusPassword = new PasswordData(PwmConstants.DEFAULT_BAD_PASSWORD_ATTEMPT);
    // try authenticating the user using a normal ldap BIND operation.
    LOGGER.trace(sessionLabel, "attempting authentication using ldap BIND");
    ChaiProvider provider = null;
    try {
        // read a provider using the user's DN and password.
        provider = LdapOperationsHelper.createChaiProvider(pwmApplication, sessionLabel, userIdentity.getLdapProfile(pwmApplication.getConfig()), pwmApplication.getConfig(), userIdentity.getUserDN(), bogusPassword);
        // issue a read operation to trigger a bind.
        provider.readStringAttribute(userIdentity.getUserDN(), ChaiConstant.ATTR_LDAP_OBJECTCLASS);
        LOGGER.debug(sessionLabel, "bad-password login attempt succeeded for " + userIdentity);
    } catch (ChaiException e) {
        if (e.getErrorCode() == ChaiError.PASSWORD_BADPASSWORD) {
            LOGGER.trace(sessionLabel, "bad-password login simulation succeeded for; " + userIdentity + " result: " + e.getMessage());
        } else {
            LOGGER.debug(sessionLabel, "unexpected error during simulated bad-password login attempt for " + userIdentity + "; result: " + e.getMessage());
        }
    } finally {
        if (provider != null) {
            try {
                provider.close();
            } catch (Throwable e) {
                LOGGER.error(sessionLabel, "unexpected error closing invalid ldap connection after simulated bad-password failed login attempt: " + e.getMessage());
            }
        }
    }
}
Also used : ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) PasswordData(password.pwm.util.PasswordData) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 29 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class UserSearchEngine method makeSearchJobs.

private Collection<UserSearchJob> makeSearchJobs(final LdapProfile ldapProfile, final SearchConfiguration searchConfiguration, final int maxResults, final Collection<String> returnAttributes) throws PwmUnrecoverableException, PwmOperationalException {
    // check the search configuration data params
    searchConfiguration.validate();
    final String inputSearchFilter = searchConfiguration.getFilter() != null && searchConfiguration.getFilter().length() > 1 ? searchConfiguration.getFilter() : ldapProfile.readSettingAsString(PwmSetting.LDAP_USERNAME_SEARCH_FILTER);
    final String searchFilter;
    if (searchConfiguration.getUsername() != null) {
        final String inputQuery = searchConfiguration.isEnableValueEscaping() ? StringUtil.escapeLdapFilter(searchConfiguration.getUsername()) : searchConfiguration.getUsername();
        if (searchConfiguration.isEnableSplitWhitespace() && (searchConfiguration.getUsername().split("\\s").length > 1)) {
            // split on all whitespace chars
            final StringBuilder multiSearchFilter = new StringBuilder();
            multiSearchFilter.append("(&");
            for (final String queryPart : searchConfiguration.getUsername().split(" ")) {
                multiSearchFilter.append("(");
                multiSearchFilter.append(inputSearchFilter.replace(PwmConstants.VALUE_REPLACEMENT_USERNAME, queryPart));
                multiSearchFilter.append(")");
            }
            multiSearchFilter.append(")");
            searchFilter = multiSearchFilter.toString();
        } else {
            searchFilter = inputSearchFilter.replace(PwmConstants.VALUE_REPLACEMENT_USERNAME, inputQuery.trim());
        }
    } else if (searchConfiguration.getGroupDN() != null) {
        final String groupAttr = ldapProfile.readSettingAsString(PwmSetting.LDAP_USER_GROUP_ATTRIBUTE);
        searchFilter = "(" + groupAttr + "=" + searchConfiguration.getGroupDN() + ")";
    } else if (searchConfiguration.getFormValues() != null) {
        searchFilter = figureSearchFilterForParams(searchConfiguration.getFormValues(), inputSearchFilter, searchConfiguration.isEnableValueEscaping());
    } else {
        searchFilter = inputSearchFilter;
    }
    final List<String> searchContexts;
    if (searchConfiguration.getContexts() != null && !searchConfiguration.getContexts().isEmpty() && searchConfiguration.getContexts().iterator().next() != null && searchConfiguration.getContexts().iterator().next().length() > 0) {
        searchContexts = searchConfiguration.getContexts();
        if (searchConfiguration.isEnableContextValidation()) {
            for (final String searchContext : searchContexts) {
                validateSpecifiedContext(ldapProfile, searchContext);
            }
        }
    } else {
        searchContexts = ldapProfile.getRootContexts(pwmApplication);
    }
    final long timeLimitMS = searchConfiguration.getSearchTimeout() != 0 ? searchConfiguration.getSearchTimeout() : (ldapProfile.readSettingAsLong(PwmSetting.LDAP_SEARCH_TIMEOUT) * 1000);
    final ChaiProvider chaiProvider = searchConfiguration.getChaiProvider() == null ? pwmApplication.getProxyChaiProvider(ldapProfile.getIdentifier()) : searchConfiguration.getChaiProvider();
    final List<UserSearchJob> returnMap = new ArrayList<>();
    for (final String loopContext : searchContexts) {
        final UserSearchJob userSearchJob = UserSearchJob.builder().ldapProfile(ldapProfile).searchFilter(searchFilter).context(loopContext).returnAttributes(returnAttributes).maxResults(maxResults).chaiProvider(chaiProvider).timeoutMs(timeLimitMS).build();
        returnMap.add(userSearchJob);
    }
    return returnMap;
}
Also used : ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ArrayList(java.util.ArrayList)

Example 30 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class UserSearchEngine method resolveUserDN.

private UserIdentity resolveUserDN(final String userDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
    final Collection<LdapProfile> ldapProfiles = pwmApplication.getConfig().getLdapProfiles().values();
    for (final LdapProfile ldapProfile : ldapProfiles) {
        final ChaiProvider provider = pwmApplication.getProxyChaiProvider(ldapProfile.getIdentifier());
        final ChaiUser user = provider.getEntryFactory().newChaiUser(userDN);
        if (user.exists()) {
            try {
                return new UserIdentity(user.readCanonicalDN(), ldapProfile.getIdentifier());
            } catch (ChaiOperationException e) {
                LOGGER.error("unexpected error reading canonical userDN for '" + userDN + "', error: " + e.getMessage());
            }
        }
    }
    throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_CANT_MATCH_USER));
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiUser(com.novell.ldapchai.ChaiUser) UserIdentity(password.pwm.bean.UserIdentity) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) LdapProfile(password.pwm.config.profile.LdapProfile) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)51 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)19 ChaiUser (com.novell.ldapchai.ChaiUser)18 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)18 ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)16 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)15 ErrorInformation (password.pwm.error.ErrorInformation)15 ChaiEntry (com.novell.ldapchai.ChaiEntry)13 ChaiException (com.novell.ldapchai.exception.ChaiException)10 ArrayList (java.util.ArrayList)10 PwmOperationalException (password.pwm.error.PwmOperationalException)10 UserIdentity (password.pwm.bean.UserIdentity)9 LdapProfile (password.pwm.config.profile.LdapProfile)8 PasswordData (password.pwm.util.PasswordData)8 HashSet (java.util.HashSet)7 List (java.util.List)6 ChaiProviderFactory (com.novell.ldapchai.provider.ChaiProviderFactory)5 Instant (java.time.Instant)5 HashMap (java.util.HashMap)5 Map (java.util.Map)5