use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class LdapConnectionService method getNewProxyChaiProvider.
private ChaiProvider getNewProxyChaiProvider(final LdapProfile ldapProfile) throws PwmUnrecoverableException {
if (ldapProfile == null) {
throw new NullPointerException("ldapProfile must not be null");
}
final int slot = slotIncrementer.next();
final ChaiProvider proxyChaiProvider = proxyChaiProviders.get(ldapProfile).get(slot);
if (proxyChaiProvider != null) {
return proxyChaiProvider;
}
try {
final ChaiProvider newProvider = LdapOperationsHelper.openProxyChaiProvider(pwmApplication, null, ldapProfile, pwmApplication.getConfig(), pwmApplication.getStatisticsManager());
proxyChaiProviders.get(ldapProfile).put(slot, newProvider);
return newProvider;
} catch (PwmUnrecoverableException e) {
setLastLdapFailure(ldapProfile, e.getErrorInformation());
throw e;
} catch (Exception e) {
final String errorMsg = "unexpected error creating new proxy ldap connection: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
LOGGER.error(errorInformation);
throw new PwmUnrecoverableException(errorInformation);
}
}
use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class LdapConnectionService method getProxyChaiProvider.
public ChaiProvider getProxyChaiProvider(final LdapProfile ldapProfile) throws PwmUnrecoverableException {
final LdapProfile effectiveProfile = ldapProfile == null ? pwmApplication.getConfig().getDefaultLdapProfile() : ldapProfile;
if (threadLocalProvider.get() != null && threadLocalProvider.get().containsKey(effectiveProfile)) {
return threadLocalProvider.get().get(effectiveProfile);
}
final ChaiProvider chaiProvider = getNewProxyChaiProvider(effectiveProfile);
if (threadLocalProvider.get() == null) {
threadLocalProvider.set(new ConcurrentHashMap<>());
}
threadLocalProvider.get().put(effectiveProfile, chaiProvider);
return chaiProvider;
}
use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class SessionAuthenticator method simulateBadPassword.
public void simulateBadPassword(final UserIdentity userIdentity) throws PwmUnrecoverableException {
if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.SECURITY_SIMULATE_LDAP_BAD_PASSWORD)) {
return;
} else {
LOGGER.trace(sessionLabel, "performing bad-password login attempt against ldap directory as a result of " + "forgotten password recovery invalid attempt against " + userIdentity);
}
if (userIdentity == null || userIdentity.getUserDN() == null || userIdentity.getUserDN().length() < 1) {
LOGGER.error(sessionLabel, "attempt to simulateBadPassword with null userDN");
return;
}
LOGGER.trace(sessionLabel, "beginning simulateBadPassword process");
final PasswordData bogusPassword = new PasswordData(PwmConstants.DEFAULT_BAD_PASSWORD_ATTEMPT);
// try authenticating the user using a normal ldap BIND operation.
LOGGER.trace(sessionLabel, "attempting authentication using ldap BIND");
ChaiProvider provider = null;
try {
// read a provider using the user's DN and password.
provider = LdapOperationsHelper.createChaiProvider(pwmApplication, sessionLabel, userIdentity.getLdapProfile(pwmApplication.getConfig()), pwmApplication.getConfig(), userIdentity.getUserDN(), bogusPassword);
// issue a read operation to trigger a bind.
provider.readStringAttribute(userIdentity.getUserDN(), ChaiConstant.ATTR_LDAP_OBJECTCLASS);
LOGGER.debug(sessionLabel, "bad-password login attempt succeeded for " + userIdentity);
} catch (ChaiException e) {
if (e.getErrorCode() == ChaiError.PASSWORD_BADPASSWORD) {
LOGGER.trace(sessionLabel, "bad-password login simulation succeeded for; " + userIdentity + " result: " + e.getMessage());
} else {
LOGGER.debug(sessionLabel, "unexpected error during simulated bad-password login attempt for " + userIdentity + "; result: " + e.getMessage());
}
} finally {
if (provider != null) {
try {
provider.close();
} catch (Throwable e) {
LOGGER.error(sessionLabel, "unexpected error closing invalid ldap connection after simulated bad-password failed login attempt: " + e.getMessage());
}
}
}
}
use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class UserSearchEngine method makeSearchJobs.
private Collection<UserSearchJob> makeSearchJobs(final LdapProfile ldapProfile, final SearchConfiguration searchConfiguration, final int maxResults, final Collection<String> returnAttributes) throws PwmUnrecoverableException, PwmOperationalException {
// check the search configuration data params
searchConfiguration.validate();
final String inputSearchFilter = searchConfiguration.getFilter() != null && searchConfiguration.getFilter().length() > 1 ? searchConfiguration.getFilter() : ldapProfile.readSettingAsString(PwmSetting.LDAP_USERNAME_SEARCH_FILTER);
final String searchFilter;
if (searchConfiguration.getUsername() != null) {
final String inputQuery = searchConfiguration.isEnableValueEscaping() ? StringUtil.escapeLdapFilter(searchConfiguration.getUsername()) : searchConfiguration.getUsername();
if (searchConfiguration.isEnableSplitWhitespace() && (searchConfiguration.getUsername().split("\\s").length > 1)) {
// split on all whitespace chars
final StringBuilder multiSearchFilter = new StringBuilder();
multiSearchFilter.append("(&");
for (final String queryPart : searchConfiguration.getUsername().split(" ")) {
multiSearchFilter.append("(");
multiSearchFilter.append(inputSearchFilter.replace(PwmConstants.VALUE_REPLACEMENT_USERNAME, queryPart));
multiSearchFilter.append(")");
}
multiSearchFilter.append(")");
searchFilter = multiSearchFilter.toString();
} else {
searchFilter = inputSearchFilter.replace(PwmConstants.VALUE_REPLACEMENT_USERNAME, inputQuery.trim());
}
} else if (searchConfiguration.getGroupDN() != null) {
final String groupAttr = ldapProfile.readSettingAsString(PwmSetting.LDAP_USER_GROUP_ATTRIBUTE);
searchFilter = "(" + groupAttr + "=" + searchConfiguration.getGroupDN() + ")";
} else if (searchConfiguration.getFormValues() != null) {
searchFilter = figureSearchFilterForParams(searchConfiguration.getFormValues(), inputSearchFilter, searchConfiguration.isEnableValueEscaping());
} else {
searchFilter = inputSearchFilter;
}
final List<String> searchContexts;
if (searchConfiguration.getContexts() != null && !searchConfiguration.getContexts().isEmpty() && searchConfiguration.getContexts().iterator().next() != null && searchConfiguration.getContexts().iterator().next().length() > 0) {
searchContexts = searchConfiguration.getContexts();
if (searchConfiguration.isEnableContextValidation()) {
for (final String searchContext : searchContexts) {
validateSpecifiedContext(ldapProfile, searchContext);
}
}
} else {
searchContexts = ldapProfile.getRootContexts(pwmApplication);
}
final long timeLimitMS = searchConfiguration.getSearchTimeout() != 0 ? searchConfiguration.getSearchTimeout() : (ldapProfile.readSettingAsLong(PwmSetting.LDAP_SEARCH_TIMEOUT) * 1000);
final ChaiProvider chaiProvider = searchConfiguration.getChaiProvider() == null ? pwmApplication.getProxyChaiProvider(ldapProfile.getIdentifier()) : searchConfiguration.getChaiProvider();
final List<UserSearchJob> returnMap = new ArrayList<>();
for (final String loopContext : searchContexts) {
final UserSearchJob userSearchJob = UserSearchJob.builder().ldapProfile(ldapProfile).searchFilter(searchFilter).context(loopContext).returnAttributes(returnAttributes).maxResults(maxResults).chaiProvider(chaiProvider).timeoutMs(timeLimitMS).build();
returnMap.add(userSearchJob);
}
return returnMap;
}
use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class UserSearchEngine method resolveUserDN.
private UserIdentity resolveUserDN(final String userDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final Collection<LdapProfile> ldapProfiles = pwmApplication.getConfig().getLdapProfiles().values();
for (final LdapProfile ldapProfile : ldapProfiles) {
final ChaiProvider provider = pwmApplication.getProxyChaiProvider(ldapProfile.getIdentifier());
final ChaiUser user = provider.getEntryFactory().newChaiUser(userDN);
if (user.exists()) {
try {
return new UserIdentity(user.readCanonicalDN(), ldapProfile.getIdentifier());
} catch (ChaiOperationException e) {
LOGGER.error("unexpected error reading canonical userDN for '" + userDN + "', error: " + e.getMessage());
}
}
}
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_CANT_MATCH_USER));
}
Aggregations