use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class LDAPStatusChecker method checkVendorSameness.
private List<HealthRecord> checkVendorSameness(final PwmApplication pwmApplication) {
final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
if (healthProperties.containsKey(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck)) {
return (List<HealthRecord>) healthProperties.get(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck);
}
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning check for replica vendor sameness");
boolean errorReachingServer = false;
final Map<String, DirectoryVendor> replicaVendorMap = new HashMap<>();
try {
for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
final ChaiConfiguration profileChaiConfiguration = LdapOperationsHelper.createChaiConfiguration(pwmApplication.getConfig(), ldapProfile);
final Collection<ChaiConfiguration> replicaConfigs = ChaiUtility.splitConfigurationPerReplica(profileChaiConfiguration, Collections.emptyMap());
for (final ChaiConfiguration chaiConfiguration : replicaConfigs) {
final ChaiProvider loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
replicaVendorMap.put(chaiConfiguration.getSetting(ChaiSetting.BIND_URLS), loopProvider.getDirectoryVendor());
}
}
} catch (Exception e) {
errorReachingServer = true;
LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error during replica vendor sameness check: " + e.getMessage());
}
final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
final Set<DirectoryVendor> discoveredVendors = new HashSet<>(replicaVendorMap.values());
if (discoveredVendors.size() >= 2) {
final StringBuilder vendorMsg = new StringBuilder();
for (final Iterator<Map.Entry<String, DirectoryVendor>> iterator = replicaVendorMap.entrySet().iterator(); iterator.hasNext(); ) {
final Map.Entry<String, DirectoryVendor> entry = iterator.next();
final String key = entry.getKey();
vendorMsg.append(key).append("=").append(entry.getValue().toString());
if (iterator.hasNext()) {
vendorMsg.append(", ");
}
}
healthRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_VendorsNotSame, vendorMsg.toString()));
// cache the error
healthProperties.put(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck, healthRecords);
LOGGER.warn(SessionLabel.HEALTH_SESSION_LABEL, "multiple ldap vendors found: " + vendorMsg.toString());
} else if (discoveredVendors.size() == 1) {
if (!errorReachingServer) {
// cache the no errors
healthProperties.put(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck, healthRecords);
}
}
return healthRecords;
}
use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class LDAPStatusChecker method checkAdPasswordPolicyApi.
private static List<HealthRecord> checkAdPasswordPolicyApi(final PwmApplication pwmApplication) {
final boolean passwordPolicyApiEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.AD_ENFORCE_PW_HISTORY_ON_SET);
if (!passwordPolicyApiEnabled) {
return Collections.emptyList();
}
if (pwmApplication.getHealthMonitor() != null) {
final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
if (healthProperties.containsKey(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck)) {
final List<HealthRecord> healthRecords = (List<HealthRecord>) healthProperties.get(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck);
return healthRecords;
}
}
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning check for ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") support");
boolean errorReachingServer = false;
final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
try {
for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
final ChaiConfiguration profileChaiConfiguration = LdapOperationsHelper.createChaiConfiguration(pwmApplication.getConfig(), ldapProfile);
final Collection<ChaiConfiguration> replicaConfigs = ChaiUtility.splitConfigurationPerReplica(profileChaiConfiguration, Collections.emptyMap());
for (final ChaiConfiguration chaiConfiguration : replicaConfigs) {
final ChaiProvider loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
final ChaiEntry rootDSE = ChaiUtility.getRootDSE(loopProvider);
final Set<String> controls = rootDSE.readMultiStringAttribute("supportedControl");
final boolean asnSupported = controls.contains(PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN);
if (!asnSupported) {
final String url = chaiConfiguration.getSetting(ChaiSetting.BIND_URLS);
final HealthRecord record = HealthRecord.forMessage(HealthMessage.LDAP_Ad_History_Asn_Missing, PwmSetting.AD_ENFORCE_PW_HISTORY_ON_SET.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE), url);
healthRecords.add(record);
LOGGER.warn(record.toDebugString(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig()));
}
}
}
} catch (Exception e) {
errorReachingServer = true;
LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error during ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") check: " + e.getMessage());
}
if (!errorReachingServer && pwmApplication.getHealthMonitor() != null) {
final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
healthProperties.put(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck, healthRecords);
}
return healthRecords;
}
use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class LDAPStatusChecker method checkLdapServerUrls.
public List<HealthRecord> checkLdapServerUrls(final PwmApplication pwmApplication, final Configuration config, final LdapProfile ldapProfile) {
final List<HealthRecord> returnRecords = new ArrayList<>();
final List<String> serverURLs = ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_SERVER_URLS);
for (final String loopURL : serverURLs) {
final String proxyDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
ChaiProvider chaiProvider = null;
try {
chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, config, ldapProfile, Collections.singletonList(loopURL), proxyDN, ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD));
final ChaiUser proxyUser = chaiProvider.getEntryFactory().newChaiUser(proxyDN);
proxyUser.exists();
} catch (Exception e) {
final String errorString = "error connecting to ldap server '" + loopURL + "': " + e.getMessage();
returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
} finally {
if (chaiProvider != null) {
try {
chaiProvider.close();
} catch (Exception e) {
/* ignore */
}
}
}
}
return returnRecords;
}
use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class LDAPStatusChecker method checkBasicLdapConnectivity.
public List<HealthRecord> checkBasicLdapConnectivity(final PwmApplication pwmApplication, final Configuration config, final LdapProfile ldapProfile, final boolean testContextlessRoot) {
final List<HealthRecord> returnRecords = new ArrayList<>();
ChaiProvider chaiProvider = null;
try {
final DirectoryVendor directoryVendor;
try {
final String proxyDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
final PasswordData proxyPW = ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD);
if (proxyDN == null || proxyDN.length() < 1) {
return Collections.singletonList(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Missing Proxy User DN"));
}
if (proxyPW == null) {
return Collections.singletonList(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Missing Proxy User Password"));
}
chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, ldapProfile, config, proxyDN, proxyPW);
final ChaiEntry adminEntry = chaiProvider.getEntryFactory().newChaiEntry(proxyDN);
adminEntry.exists();
directoryVendor = chaiProvider.getDirectoryVendor();
} catch (ChaiException e) {
final ChaiError chaiError = ChaiErrors.getErrorForMessage(e.getMessage());
final PwmError pwmError = PwmError.forChaiError(chaiError);
final StringBuilder errorString = new StringBuilder();
final String profileName = ldapProfile.getIdentifier();
errorString.append("error connecting to ldap directory (").append(profileName).append("), error: ").append(e.getMessage());
if (chaiError != null && chaiError != ChaiError.UNKNOWN) {
errorString.append(" (");
errorString.append(chaiError.toString());
if (pwmError != null && pwmError != PwmError.ERROR_UNKNOWN) {
errorString.append(" - ");
errorString.append(pwmError.getLocalizedMessage(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig()));
}
errorString.append(")");
}
returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString.toString()));
pwmApplication.getLdapConnectionService().setLastLdapFailure(ldapProfile, new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, errorString.toString()));
return returnRecords;
} catch (Exception e) {
final HealthRecord record = HealthRecord.forMessage(HealthMessage.LDAP_No_Connection, e.getMessage());
returnRecords.add(record);
pwmApplication.getLdapConnectionService().setLastLdapFailure(ldapProfile, new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, record.getDetail(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig())));
return returnRecords;
}
if (directoryVendor != null && directoryVendor == DirectoryVendor.ACTIVE_DIRECTORY) {
returnRecords.addAll(checkAd(pwmApplication, config, ldapProfile));
}
if (testContextlessRoot) {
for (final String loopContext : ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_CONTEXTLESS_ROOT)) {
try {
final ChaiEntry contextEntry = chaiProvider.getEntryFactory().newChaiEntry(loopContext);
final Set<String> objectClasses = contextEntry.readObjectClass();
if (objectClasses == null || objectClasses.isEmpty()) {
final String errorString = "ldap context setting '" + loopContext + "' is not valid";
returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
}
} catch (Exception e) {
final String errorString = "ldap root context '" + loopContext + "' is not valid: " + e.getMessage();
returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
}
}
}
} finally {
if (chaiProvider != null) {
try {
chaiProvider.close();
} catch (Exception e) {
/* ignore */
}
}
}
return returnRecords;
}
use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.
the class UserMatchViewerFunction method testIfLdapDNIsValid.
private void testIfLdapDNIsValid(final PwmApplication pwmApplication, final String baseDN, final String profileID) throws PwmOperationalException, PwmUnrecoverableException {
final Set<String> profileIDsToTest = new LinkedHashSet<>();
if (profileID == null || profileID.isEmpty()) {
profileIDsToTest.add(pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
} else if (profileID.equals(PwmConstants.PROFILE_ID_ALL)) {
profileIDsToTest.addAll(pwmApplication.getConfig().getLdapProfiles().keySet());
} else {
profileIDsToTest.add(profileID);
}
for (final String loopID : profileIDsToTest) {
ChaiEntry chaiEntry = null;
try {
final ChaiProvider proxiedProvider = pwmApplication.getProxyChaiProvider(loopID);
chaiEntry = proxiedProvider.getEntryFactory().newChaiEntry(baseDN);
} catch (Exception e) {
LOGGER.error("error while testing entry DN for profile '" + profileID + "', error:" + profileID);
}
try {
if (chaiEntry != null && !chaiEntry.exists()) {
final String errorMsg = "entry DN '" + baseDN + "' is not valid for profile " + loopID;
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_LDAP_DATA_ERROR, errorMsg));
}
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
}
}
Aggregations