Search in sources :

Example 36 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LDAPStatusChecker method checkVendorSameness.

private List<HealthRecord> checkVendorSameness(final PwmApplication pwmApplication) {
    final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
    if (healthProperties.containsKey(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck)) {
        return (List<HealthRecord>) healthProperties.get(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck);
    }
    LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning check for replica vendor sameness");
    boolean errorReachingServer = false;
    final Map<String, DirectoryVendor> replicaVendorMap = new HashMap<>();
    try {
        for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
            final ChaiConfiguration profileChaiConfiguration = LdapOperationsHelper.createChaiConfiguration(pwmApplication.getConfig(), ldapProfile);
            final Collection<ChaiConfiguration> replicaConfigs = ChaiUtility.splitConfigurationPerReplica(profileChaiConfiguration, Collections.emptyMap());
            for (final ChaiConfiguration chaiConfiguration : replicaConfigs) {
                final ChaiProvider loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
                replicaVendorMap.put(chaiConfiguration.getSetting(ChaiSetting.BIND_URLS), loopProvider.getDirectoryVendor());
            }
        }
    } catch (Exception e) {
        errorReachingServer = true;
        LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error during replica vendor sameness check: " + e.getMessage());
    }
    final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
    final Set<DirectoryVendor> discoveredVendors = new HashSet<>(replicaVendorMap.values());
    if (discoveredVendors.size() >= 2) {
        final StringBuilder vendorMsg = new StringBuilder();
        for (final Iterator<Map.Entry<String, DirectoryVendor>> iterator = replicaVendorMap.entrySet().iterator(); iterator.hasNext(); ) {
            final Map.Entry<String, DirectoryVendor> entry = iterator.next();
            final String key = entry.getKey();
            vendorMsg.append(key).append("=").append(entry.getValue().toString());
            if (iterator.hasNext()) {
                vendorMsg.append(", ");
            }
        }
        healthRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_VendorsNotSame, vendorMsg.toString()));
        // cache the error
        healthProperties.put(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck, healthRecords);
        LOGGER.warn(SessionLabel.HEALTH_SESSION_LABEL, "multiple ldap vendors found: " + vendorMsg.toString());
    } else if (discoveredVendors.size() == 1) {
        if (!errorReachingServer) {
            // cache the no errors
            healthProperties.put(HealthMonitor.HealthMonitorFlag.LdapVendorSameCheck, healthRecords);
        }
    }
    return healthRecords;
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ChaiEntry(com.novell.ldapchai.ChaiEntry) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) List(java.util.List) ArrayList(java.util.ArrayList) DirectoryVendor(com.novell.ldapchai.provider.DirectoryVendor) Map(java.util.Map) HashMap(java.util.HashMap) HashSet(java.util.HashSet)

Example 37 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LDAPStatusChecker method checkAdPasswordPolicyApi.

private static List<HealthRecord> checkAdPasswordPolicyApi(final PwmApplication pwmApplication) {
    final boolean passwordPolicyApiEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.AD_ENFORCE_PW_HISTORY_ON_SET);
    if (!passwordPolicyApiEnabled) {
        return Collections.emptyList();
    }
    if (pwmApplication.getHealthMonitor() != null) {
        final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
        if (healthProperties.containsKey(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck)) {
            final List<HealthRecord> healthRecords = (List<HealthRecord>) healthProperties.get(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck);
            return healthRecords;
        }
    }
    LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "beginning check for ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") support");
    boolean errorReachingServer = false;
    final ArrayList<HealthRecord> healthRecords = new ArrayList<>();
    try {
        for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
            final ChaiConfiguration profileChaiConfiguration = LdapOperationsHelper.createChaiConfiguration(pwmApplication.getConfig(), ldapProfile);
            final Collection<ChaiConfiguration> replicaConfigs = ChaiUtility.splitConfigurationPerReplica(profileChaiConfiguration, Collections.emptyMap());
            for (final ChaiConfiguration chaiConfiguration : replicaConfigs) {
                final ChaiProvider loopProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
                final ChaiEntry rootDSE = ChaiUtility.getRootDSE(loopProvider);
                final Set<String> controls = rootDSE.readMultiStringAttribute("supportedControl");
                final boolean asnSupported = controls.contains(PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN);
                if (!asnSupported) {
                    final String url = chaiConfiguration.getSetting(ChaiSetting.BIND_URLS);
                    final HealthRecord record = HealthRecord.forMessage(HealthMessage.LDAP_Ad_History_Asn_Missing, PwmSetting.AD_ENFORCE_PW_HISTORY_ON_SET.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE), url);
                    healthRecords.add(record);
                    LOGGER.warn(record.toDebugString(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig()));
                }
            }
        }
    } catch (Exception e) {
        errorReachingServer = true;
        LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error during ad api password policy (asn " + PwmConstants.LDAP_AD_PASSWORD_POLICY_CONTROL_ASN + ") check: " + e.getMessage());
    }
    if (!errorReachingServer && pwmApplication.getHealthMonitor() != null) {
        final Map<HealthMonitor.HealthMonitorFlag, Serializable> healthProperties = pwmApplication.getHealthMonitor().getHealthProperties();
        healthProperties.put(HealthMonitor.HealthMonitorFlag.AdPasswordPolicyApiCheck, healthRecords);
    }
    return healthRecords;
}
Also used : Serializable(java.io.Serializable) ArrayList(java.util.ArrayList) ChaiEntry(com.novell.ldapchai.ChaiEntry) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) List(java.util.List) ArrayList(java.util.ArrayList)

Example 38 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LDAPStatusChecker method checkLdapServerUrls.

public List<HealthRecord> checkLdapServerUrls(final PwmApplication pwmApplication, final Configuration config, final LdapProfile ldapProfile) {
    final List<HealthRecord> returnRecords = new ArrayList<>();
    final List<String> serverURLs = ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_SERVER_URLS);
    for (final String loopURL : serverURLs) {
        final String proxyDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
        ChaiProvider chaiProvider = null;
        try {
            chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, config, ldapProfile, Collections.singletonList(loopURL), proxyDN, ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD));
            final ChaiUser proxyUser = chaiProvider.getEntryFactory().newChaiUser(proxyDN);
            proxyUser.exists();
        } catch (Exception e) {
            final String errorString = "error connecting to ldap server '" + loopURL + "': " + e.getMessage();
            returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
        } finally {
            if (chaiProvider != null) {
                try {
                    chaiProvider.close();
                } catch (Exception e) {
                /* ignore */
                }
            }
        }
    }
    return returnRecords;
}
Also used : ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiUser(com.novell.ldapchai.ChaiUser) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException)

Example 39 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class LDAPStatusChecker method checkBasicLdapConnectivity.

public List<HealthRecord> checkBasicLdapConnectivity(final PwmApplication pwmApplication, final Configuration config, final LdapProfile ldapProfile, final boolean testContextlessRoot) {
    final List<HealthRecord> returnRecords = new ArrayList<>();
    ChaiProvider chaiProvider = null;
    try {
        final DirectoryVendor directoryVendor;
        try {
            final String proxyDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
            final PasswordData proxyPW = ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD);
            if (proxyDN == null || proxyDN.length() < 1) {
                return Collections.singletonList(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Missing Proxy User DN"));
            }
            if (proxyPW == null) {
                return Collections.singletonList(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Missing Proxy User Password"));
            }
            chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, ldapProfile, config, proxyDN, proxyPW);
            final ChaiEntry adminEntry = chaiProvider.getEntryFactory().newChaiEntry(proxyDN);
            adminEntry.exists();
            directoryVendor = chaiProvider.getDirectoryVendor();
        } catch (ChaiException e) {
            final ChaiError chaiError = ChaiErrors.getErrorForMessage(e.getMessage());
            final PwmError pwmError = PwmError.forChaiError(chaiError);
            final StringBuilder errorString = new StringBuilder();
            final String profileName = ldapProfile.getIdentifier();
            errorString.append("error connecting to ldap directory (").append(profileName).append("), error: ").append(e.getMessage());
            if (chaiError != null && chaiError != ChaiError.UNKNOWN) {
                errorString.append(" (");
                errorString.append(chaiError.toString());
                if (pwmError != null && pwmError != PwmError.ERROR_UNKNOWN) {
                    errorString.append(" - ");
                    errorString.append(pwmError.getLocalizedMessage(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig()));
                }
                errorString.append(")");
            }
            returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString.toString()));
            pwmApplication.getLdapConnectionService().setLastLdapFailure(ldapProfile, new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, errorString.toString()));
            return returnRecords;
        } catch (Exception e) {
            final HealthRecord record = HealthRecord.forMessage(HealthMessage.LDAP_No_Connection, e.getMessage());
            returnRecords.add(record);
            pwmApplication.getLdapConnectionService().setLastLdapFailure(ldapProfile, new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, record.getDetail(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig())));
            return returnRecords;
        }
        if (directoryVendor != null && directoryVendor == DirectoryVendor.ACTIVE_DIRECTORY) {
            returnRecords.addAll(checkAd(pwmApplication, config, ldapProfile));
        }
        if (testContextlessRoot) {
            for (final String loopContext : ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_CONTEXTLESS_ROOT)) {
                try {
                    final ChaiEntry contextEntry = chaiProvider.getEntryFactory().newChaiEntry(loopContext);
                    final Set<String> objectClasses = contextEntry.readObjectClass();
                    if (objectClasses == null || objectClasses.isEmpty()) {
                        final String errorString = "ldap context setting '" + loopContext + "' is not valid";
                        returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
                    }
                } catch (Exception e) {
                    final String errorString = "ldap root context '" + loopContext + "' is not valid: " + e.getMessage();
                    returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
                }
            }
        }
    } finally {
        if (chaiProvider != null) {
            try {
                chaiProvider.close();
            } catch (Exception e) {
            /* ignore */
            }
        }
    }
    return returnRecords;
}
Also used : PwmError(password.pwm.error.PwmError) ArrayList(java.util.ArrayList) ChaiEntry(com.novell.ldapchai.ChaiEntry) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ErrorInformation(password.pwm.error.ErrorInformation) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) PasswordData(password.pwm.util.PasswordData) ChaiError(com.novell.ldapchai.exception.ChaiError) DirectoryVendor(com.novell.ldapchai.provider.DirectoryVendor) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 40 with ChaiProvider

use of com.novell.ldapchai.provider.ChaiProvider in project pwm by pwm-project.

the class UserMatchViewerFunction method testIfLdapDNIsValid.

private void testIfLdapDNIsValid(final PwmApplication pwmApplication, final String baseDN, final String profileID) throws PwmOperationalException, PwmUnrecoverableException {
    final Set<String> profileIDsToTest = new LinkedHashSet<>();
    if (profileID == null || profileID.isEmpty()) {
        profileIDsToTest.add(pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
    } else if (profileID.equals(PwmConstants.PROFILE_ID_ALL)) {
        profileIDsToTest.addAll(pwmApplication.getConfig().getLdapProfiles().keySet());
    } else {
        profileIDsToTest.add(profileID);
    }
    for (final String loopID : profileIDsToTest) {
        ChaiEntry chaiEntry = null;
        try {
            final ChaiProvider proxiedProvider = pwmApplication.getProxyChaiProvider(loopID);
            chaiEntry = proxiedProvider.getEntryFactory().newChaiEntry(baseDN);
        } catch (Exception e) {
            LOGGER.error("error while testing entry DN for profile '" + profileID + "', error:" + profileID);
        }
        try {
            if (chaiEntry != null && !chaiEntry.exists()) {
                final String errorMsg = "entry DN '" + baseDN + "' is not valid for profile " + loopID;
                throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_LDAP_DATA_ERROR, errorMsg));
            }
        } catch (ChaiUnavailableException e) {
            throw PwmUnrecoverableException.fromChaiException(e);
        }
    }
}
Also used : LinkedHashSet(java.util.LinkedHashSet) ErrorInformation(password.pwm.error.ErrorInformation) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiEntry(com.novell.ldapchai.ChaiEntry) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) PwmOperationalException(password.pwm.error.PwmOperationalException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)51 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)19 ChaiUser (com.novell.ldapchai.ChaiUser)18 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)18 ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)16 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)15 ErrorInformation (password.pwm.error.ErrorInformation)15 ChaiEntry (com.novell.ldapchai.ChaiEntry)13 ChaiException (com.novell.ldapchai.exception.ChaiException)10 ArrayList (java.util.ArrayList)10 PwmOperationalException (password.pwm.error.PwmOperationalException)10 UserIdentity (password.pwm.bean.UserIdentity)9 LdapProfile (password.pwm.config.profile.LdapProfile)8 PasswordData (password.pwm.util.PasswordData)8 HashSet (java.util.HashSet)7 List (java.util.List)6 ChaiProviderFactory (com.novell.ldapchai.provider.ChaiProviderFactory)5 Instant (java.time.Instant)5 HashMap (java.util.HashMap)5 Map (java.util.Map)5