Examples with ChaiProvider com.novell.ldapchai.provider.ChaiProvider used on opensource projects

Example 31 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LdapBrowser method getChildEntries.

private Map<String, Boolean> getChildEntries(final String profile, final String dn) throws ChaiUnavailableException, PwmUnrecoverableException, ChaiOperationException {
    final HashMap<String, Boolean> returnMap = new HashMap<>();
    final ChaiProvider chaiProvider = getChaiProvider(profile);
    if ((dn == null || dn.isEmpty()) && chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY) {
        final Set<String> adRootDNList = adRootDNList(profile);
        for (final String rootDN : adRootDNList) {
            returnMap.put(rootDN, true);
        }
    } else {
        final Map<String, Map<String, List<String>>> results;
        {
            final SearchHelper searchHelper = new SearchHelper();
            searchHelper.setFilter("(objectclass=*)");
            searchHelper.setMaxResults(getMaxSizeLimit());
            searchHelper.setAttributes("subordinateCount");
            searchHelper.setSearchScope(SearchScope.ONE);
            results = chaiProvider.searchMultiValues(dn, searchHelper);
        }
        for (final Map.Entry<String, Map<String, List<String>>> entry : results.entrySet()) {
            final String resultDN = entry.getKey();
            final Map<String, List<String>> attributeResults = entry.getValue();
            boolean hasSubs = false;
            if (attributeResults.containsKey("subordinateCount")) {
                // only eDir actually returns this operational attribute
                final Integer subordinateCount = Integer.parseInt(attributeResults.get("subordinateCount").iterator().next());
                hasSubs = subordinateCount > 0;
            } else {
                final SearchHelper searchHelper = new SearchHelper();
                searchHelper.setFilter("(objectclass=*)");
                searchHelper.setMaxResults(1);
                searchHelper.setAttributes(Collections.emptyList());
                searchHelper.setSearchScope(SearchScope.ONE);
                try {
                    final Map<String, Map<String, String>> subSearchResults = chaiProvider.search(resultDN, searchHelper);
                    hasSubs = !subSearchResults.isEmpty();
                } catch (Exception e) {
                    LOGGER.debug("error during subordinate entry count of " + dn + ", error: " + e.getMessage());
                }
            }
            returnMap.put(resultDN, hasSubs);
        }
    }
    return returnMap;
}

Example 32 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LdapDebugDataGenerator method makeLdapDebugInfos.

public static List<LdapDebugInfo> makeLdapDebugInfos(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final Configuration configuration, final Locale locale) {
    final List<LdapDebugInfo> returnList = new ArrayList<>();
    for (final LdapProfile ldapProfile : configuration.getLdapProfiles().values()) {
        final LdapDebugInfo ldapDebugInfo = new LdapDebugInfo();
        ldapDebugInfo.setProfileName(ldapProfile.getIdentifier());
        ldapDebugInfo.setDisplayName(ldapProfile.getDisplayName(locale));
        try {
            final ChaiProvider chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, null, ldapProfile, configuration, ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN), ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD));
            final Collection<ChaiConfiguration> chaiConfigurations = ChaiUtility.splitConfigurationPerReplica(chaiProvider.getChaiConfiguration(), null);
            final List<LdapDebugServerInfo> ldapDebugServerInfos = new ArrayList<>();
            for (final ChaiConfiguration chaiConfiguration : chaiConfigurations) {
                final LdapDebugServerInfo ldapDebugServerInfo = new LdapDebugServerInfo();
                ldapDebugServerInfo.setLdapServerlUrl(chaiConfiguration.getSetting(ChaiSetting.BIND_URLS));
                final ChaiProvider loopProvider = chaiProvider.getProviderFactory().newProvider(chaiConfiguration);
                {
                    final ChaiEntry rootDSEentry = ChaiUtility.getRootDSE(loopProvider);
                    final Map<String, List<String>> rootDSEdata = LdapOperationsHelper.readAllEntryAttributeValues(rootDSEentry);
                    ldapDebugServerInfo.setRootDseAttributes(rootDSEdata);
                }
                {
                    final String proxyUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
                    if (proxyUserDN != null) {
                        ldapDebugServerInfo.setProxyDN(proxyUserDN);
                        final ChaiEntry proxyUserEntry = chaiProvider.getEntryFactory().newChaiEntry(proxyUserDN);
                        if (proxyUserEntry.exists()) {
                            final Map<String, List<String>> proxyUserData = LdapOperationsHelper.readAllEntryAttributeValues(proxyUserEntry);
                            ldapDebugServerInfo.setProxyUserAttributes(proxyUserData);
                        }
                    }
                }
                {
                    final String testUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
                    if (testUserDN != null) {
                        ldapDebugServerInfo.setTestUserDN(testUserDN);
                        final ChaiEntry testUserEntry = chaiProvider.getEntryFactory().newChaiEntry(testUserDN);
                        if (testUserEntry.exists()) {
                            final Map<String, List<String>> testUserdata = LdapOperationsHelper.readAllEntryAttributeValues(testUserEntry);
                            ldapDebugServerInfo.setTestUserAttributes(testUserdata);
                        }
                    }
                }
                ldapDebugServerInfos.add(ldapDebugServerInfo);
            }
            ldapDebugInfo.setServerInfo(ldapDebugServerInfos);
            returnList.add(ldapDebugInfo);
        } catch (Exception e) {
            LOGGER.error("error during output of ldap profile debug data profile: " + ldapProfile + ", error: " + e.getMessage());
        }
    }
    return returnList;
}

Example 33 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LdapSchemaExtendCommand method doCommand.

public void doCommand() throws Exception {
    final String ldapUrl = (String) cliEnvironment.getOptions().get(OPTION_LDAPURL);
    final String bindDN = (String) cliEnvironment.getOptions().get(OPTION_BIND_DN);
    final String bindPW;
    if (cliEnvironment.getOptions().containsKey(OPTION_BIND_PW)) {
        bindPW = (String) cliEnvironment.getOptions().get(OPTION_BIND_PW);
    } else {
        final Console console = System.console();
        console.writer().write("enter " + OPTION_BIND_PW + ":");
        console.writer().flush();
        bindPW = new String(console.readPassword());
    }
    final ChaiProviderFactory chaiProviderFactory = cliEnvironment.getPwmApplication().getLdapConnectionService().getChaiProviderFactory();
    final ChaiProvider chaiProvider = chaiProviderFactory.newProvider(ldapUrl, bindDN, bindPW);
    final SchemaOperationResult operationResult = SchemaManager.extendSchema(chaiProvider);
    final boolean checkOk = operationResult.isSuccess();
    if (checkOk) {
        out("schema extension complete.  all extensions in place = " + checkOk);
    } else {
        out("schema extension did not complete.\n" + operationResult.getOperationLog());
    }
}

Example 34 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class PasswordUtility method setActorPassword.

/**
 * This is the entry point under which all password changes are managed.
 * The following is the general procedure when this method is invoked.
 * <ul>
 * <li> password is checked against PWM password requirement </li>
 * <li> ldap password set is attempted<br/>
 * <br/>if successful:
 * <ul>
 * <li> uiBean is updated with old and new passwords </li>
 * <li> uiBean's password expire flag is set to false </li>
 * <li> any configured external methods are invoked </li>
 * <li> user email notification is sent </li>
 * <li> return true </li>
 * </ul>
 * <br/>if unsuccessful
 * <ul>
 * <li> ssBean is updated with appropriate error </li>
 * <li> return false </li>
 * </ul>
 * </li>
 * </ul>
 *
 * @param newPassword the new password that is being set.
 * @param pwmSession  beanmanager for config and user info lookup
 * @throws com.novell.ldapchai.exception.ChaiUnavailableException if the ldap directory is not unavailable
 * @throws password.pwm.error.PwmUnrecoverableException           if user is not authenticated
 */
public static void setActorPassword(final PwmSession pwmSession, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
    final UserInfo userInfo = pwmSession.getUserInfo();
    if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.CHANGE_PASSWORD)) {
        final String errorMsg = "attempt to setActorPassword, but user does not have password change permission";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    // but we do it just in case.
    try {
        final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, userInfo.getPasswordPolicy());
        pwmPasswordRuleValidator.testPassword(newPassword, null, userInfo, pwmSession.getSessionManager().getActor(pwmApplication));
    } catch (PwmDataValidationException e) {
        final String errorMsg = "attempt to setActorPassword, but password does not pass local policy validator";
        final ErrorInformation errorInformation = new ErrorInformation(e.getErrorInformation().getError(), errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    // retrieve the user's old password from the userInfoBean in the session
    final PasswordData oldPassword = pwmSession.getLoginInfoBean().getUserCurrentPassword();
    boolean setPasswordWithoutOld = false;
    if (oldPassword == null) {
        if (pwmSession.getSessionManager().getActor(pwmApplication).getChaiProvider().getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY) {
            setPasswordWithoutOld = true;
        }
    }
    if (!setPasswordWithoutOld) {
        // Check to make sure we actually have an old password
        if (oldPassword == null) {
            final String errorMsg = "cannot set password for user, old password is not available";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg);
            throw new PwmOperationalException(errorInformation);
        }
    }
    final ChaiProvider provider = pwmSession.getSessionManager().getChaiProvider();
    setPassword(pwmApplication, pwmSession.getLabel(), provider, userInfo, setPasswordWithoutOld ? null : oldPassword, newPassword);
    // update the session state bean's password modified flag
    pwmSession.getSessionStateBean().setPasswordModified(true);
    // update the login info bean with the user's new password
    pwmSession.getLoginInfoBean().setUserCurrentPassword(newPassword);
    // close any outstanding ldap connections (since they cache the old password)
    pwmSession.getSessionManager().updateUserPassword(pwmApplication, userInfo.getUserIdentity(), newPassword);
    // clear the "requires new password flag"
    pwmSession.getLoginInfoBean().getLoginFlags().remove(LoginInfoBean.LoginFlag.forcePwChange);
    // mark the auth type as authenticatePd now that we have the user's natural password.
    pwmSession.getLoginInfoBean().setType(AuthenticationType.AUTHENTICATED);
    // update the uibean's "password expired flag".
    pwmSession.reloadUserInfoBean(pwmApplication);
    // create a proxy user object for pwm to update/read the user.
    final ChaiUser proxiedUser = pwmSession.getSessionManager().getActor(pwmApplication);
    // update statistics
    {
        pwmApplication.getStatisticsManager().incrementValue(Statistic.PASSWORD_CHANGES);
    }
    // invoke post password change actions
    invokePostChangePasswordActions(pwmSession, newPassword.getStringValue());
    {
        // execute configured actions
        LOGGER.debug(pwmSession, "executing configured actions to user " + proxiedUser.getEntryDN());
        final List<ActionConfiguration> configValues = pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES);
        if (configValues != null && !configValues.isEmpty()) {
            final LoginInfoBean clonedLoginInfoBean = JsonUtil.cloneUsingJson(pwmSession.getLoginInfoBean(), LoginInfoBean.class);
            clonedLoginInfoBean.setUserCurrentPassword(newPassword);
            final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, pwmSession.getLabel(), pwmSession.getUserInfo(), clonedLoginInfoBean);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userInfo.getUserIdentity()).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
            actionExecutor.executeActions(configValues, pwmSession.getLabel());
        }
    }
    // update the current last password update field in ldap
    LdapOperationsHelper.updateLastPasswordUpdateAttribute(pwmApplication, pwmSession.getLabel(), userInfo.getUserIdentity());
}

Example 35 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class RestAuthenticationProcessor method readRestAuthentication.

public RestAuthentication readRestAuthentication() throws PwmUnrecoverableException {
    {
        // named secret auth
        final String namedSecretName = readNamedSecretName();
        if (namedSecretName != null) {
            LOGGER.trace(sessionLabel, "authenticating with named secret '" + namedSecretName + "'");
            final Set<WebServiceUsage> usages = new HashSet<>(JavaHelper.readEnumListFromStringCollection(WebServiceUsage.class, pwmApplication.getConfig().readSettingAsNamedPasswords(PwmSetting.WEBSERVICES_EXTERNAL_SECRET).get(namedSecretName).getUsage()));
            return new RestAuthentication(RestAuthenticationType.NAMED_SECRET, namedSecretName, null, Collections.unmodifiableSet(usages), true, null);
        }
    }
    {
        // ldap auth
        final UserIdentity userIdentity = readLdapUserIdentity();
        if (userIdentity != null) {
            {
                final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.WEBSERVICES_QUERY_MATCH);
                final boolean result = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
                if (!result) {
                    final String errorMsg = "user does not have webservice permission due to setting " + PwmSetting.WEBSERVICES_QUERY_MATCH.toMenuLocationDebug(null, httpServletRequest.getLocale());
                    throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg));
                }
            }
            final boolean thirdParty;
            {
                final List<UserPermission> userPermission = pwmApplication.getConfig().readSettingAsUserPermission(PwmSetting.WEBSERVICES_THIRDPARTY_QUERY_MATCH);
                thirdParty = LdapPermissionTester.testUserPermissions(pwmApplication, sessionLabel, userIdentity, userPermission);
            }
            final ChaiProvider chaiProvider = authenticateUser(userIdentity);
            verifyAuthUserIsNotSystemUser(userIdentity);
            return new RestAuthentication(RestAuthenticationType.LDAP, null, userIdentity, Collections.unmodifiableSet(new HashSet<>(Arrays.asList(WebServiceUsage.values()))), thirdParty, chaiProvider);
        }
    }
    final Set<WebServiceUsage> publicUsages;
    if (pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PUBLIC_HEALTH_STATS_WEBSERVICES)) {
        final WebServiceUsage[] usages = { WebServiceUsage.Health, WebServiceUsage.Statistics };
        publicUsages = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(usages)));
    } else {
        publicUsages = Collections.emptySet();
    }
    return new RestAuthentication(RestAuthenticationType.PUBLIC, null, null, publicUsages, false, null);
}