Search in sources :

Example 1 with BindRequest

use of com.unboundid.ldap.sdk.BindRequest in project gitblit by gitblit.

the class LdapConnection method verifyCurrentBinding.

private boolean verifyCurrentBinding() {
    BindRequest lastBind = conn.getLastBindRequest();
    if (lastBind == currentBindRequest) {
        return true;
    }
    logger.debug("Unexpected binding in LdapConnection. {} != {}", lastBind, currentBindRequest);
    String lastBoundDN = ((SimpleBindRequest) lastBind).getBindDN();
    String boundDN = currentBindRequest.getBindDN();
    logger.debug("Currently bound as '{}', check authentication for '{}'", lastBoundDN, boundDN);
    if (boundDN != null && !boundDN.equals(lastBoundDN)) {
        logger.warn("Unexpected binding DN in LdapConnection. '{}' != '{}'.", lastBoundDN, boundDN);
        logger.warn("Updated binding information in LDAP connection.");
        currentBindRequest = (SimpleBindRequest) lastBind;
        return false;
    }
    return true;
}
Also used : SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)

Example 2 with BindRequest

use of com.unboundid.ldap.sdk.BindRequest in project graylog2-server by Graylog2.

the class UnboundLDAPConnector method connect.

public LDAPConnection connect(LDAPConnectorConfig ldapConfig) throws GeneralSecurityException, LDAPException {
    if (ldapConfig.serverList().isEmpty()) {
        LOG.warn("Cannot connect with empty server list");
        return null;
    }
    final String[] addresses = ldapConfig.serverList().stream().map(LDAPConnectorConfig.LDAPServer::hostname).toArray(String[]::new);
    final int[] ports = ldapConfig.serverList().stream().mapToInt(LDAPConnectorConfig.LDAPServer::port).toArray();
    final LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setUseReuseAddress(true);
    connectionOptions.setConnectTimeoutMillis(connectionTimeout);
    StartTLSExtendedRequest startTLSRequest = null;
    SocketFactory socketFactory = null;
    if (ldapConfig.transportSecurity() != LDAPTransportSecurity.NONE) {
        SSLUtil.setEnabledSSLProtocols(tlsConfiguration.getEnabledTlsProtocols());
        final SSLUtil sslUtil;
        if (ldapConfig.verifyCertificates()) {
            sslUtil = new SSLUtil(trustManagerProvider.create(Arrays.asList(addresses)));
        } else {
            sslUtil = new SSLUtil(new TrustAllX509TrustManager());
        }
        if (ldapConfig.transportSecurity() == LDAPTransportSecurity.START_TLS) {
            // Use the StartTLS extended operation to secure the connection.
            startTLSRequest = new StartTLSExtendedRequest(sslUtil.createSSLContext());
        } else if (ldapConfig.transportSecurity() == LDAPTransportSecurity.TLS) {
            socketFactory = sslUtil.createSSLSocketFactory();
        }
    }
    final FailoverServerSet serverSet = new FailoverServerSet(addresses, ports, socketFactory, connectionOptions, null, null);
    final LDAPConnection connection = serverSet.getConnection();
    if (startTLSRequest != null) {
        final ExtendedResult startTLSResult = connection.processExtendedOperation(startTLSRequest);
        LDAPTestUtils.assertResultCodeEquals(startTLSResult, ResultCode.SUCCESS);
    }
    if (ldapConfig.systemUsername().isPresent()) {
        if (ldapConfig.systemPassword().isSet()) {
            final String systemPassword = encryptedValueService.decrypt(ldapConfig.systemPassword());
            final BindRequest bindRequest = new SimpleBindRequest(ldapConfig.systemUsername().get(), systemPassword);
            connection.bind(bindRequest);
        } else {
            LOG.warn("System username has been set to <{}> but no system password has been set. Skipping bind request.", ldapConfig.systemUsername().get());
        }
    }
    return connection;
}
Also used : LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) SocketFactory(javax.net.SocketFactory) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) StaticUtils.toUTF8String(com.unboundid.util.StaticUtils.toUTF8String) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) TrustAllX509TrustManager(org.graylog2.security.TrustAllX509TrustManager) SSLUtil(com.unboundid.util.ssl.SSLUtil) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) StartTLSExtendedRequest(com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)

Example 3 with BindRequest

use of com.unboundid.ldap.sdk.BindRequest in project oxCore by GluuFederation.

the class LDAPConnectionProvider method init.

/**
	 * This method is used to create LDAPConnectionPool
	 *
	 * @throws NumberFormatException
	 * @throws LDAPException
	 * @throws GeneralSecurityException
	 * @throws EncryptionException
	 * @throws EncryptionException
	 */
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
    String serverProp = props.getProperty("servers");
    this.servers = serverProp.split(",");
    this.addresses = new String[this.servers.length];
    this.ports = new int[this.servers.length];
    for (int i = 0; i < this.servers.length; i++) {
        String str = this.servers[i];
        this.addresses[i] = str.substring(0, str.indexOf(":")).trim();
        this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
    }
    BindRequest bindRequest = null;
    if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
        this.bindDn = null;
        this.bindPassword = null;
        bindRequest = new SimpleBindRequest();
    } else {
        this.bindDn = props.getProperty("bindDN");
        this.bindPassword = props.getProperty("bindPassword");
        bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
    }
    LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setConnectTimeoutMillis(100 * 1000);
    connectionOptions.setAutoReconnect(true);
    this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
    SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
    FailoverServerSet failoverSet;
    if (this.useSSL) {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
    } else {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
    }
    int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
    this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
    if (this.connectionPool != null) {
        this.connectionPool.setCreateIfNecessary(true);
        String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
        if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
            this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
        }
    }
    this.binaryAttributes = new ArrayList<String>();
    if (props.containsKey("binaryAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
        this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    log.debug("Using next binary attributes: " + this.binaryAttributes);
    this.supportedLDAPVersion = determineSupportedLdapVersion();
    this.subschemaSubentry = determineSubschemaSubentry();
    this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
    this.creationResultCode = ResultCode.SUCCESS;
}
Also used : LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) SSLUtil(com.unboundid.util.ssl.SSLUtil) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager)

Example 4 with BindRequest

use of com.unboundid.ldap.sdk.BindRequest in project oxCore by GluuFederation.

the class LdapConnectionProvider method init.

/**
 * This method is used to create LDAPConnectionPool
 *
 * @throws NumberFormatException
 * @throws LDAPException
 * @throws GeneralSecurityException
 * @throws EncryptionException
 * @throws EncryptionException
 */
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
    String serverProp = props.getProperty("servers");
    this.servers = serverProp.split(",");
    this.addresses = new String[this.servers.length];
    this.ports = new int[this.servers.length];
    for (int i = 0; i < this.servers.length; i++) {
        String str = this.servers[i];
        int idx = str.indexOf(":");
        if (idx == -1) {
            throw new InvalidConfigurationException("Ldap server settings should be in format server:port");
        }
        this.addresses[i] = str.substring(0, idx).trim();
        this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
    }
    BindRequest bindRequest = null;
    if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
        this.bindDn = null;
        this.bindPassword = null;
        bindRequest = new SimpleBindRequest();
    } else {
        this.bindDn = props.getProperty("bindDN");
        this.bindPassword = props.getProperty("bindPassword");
        bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
    }
    LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setConnectTimeoutMillis(100 * 1000);
    connectionOptions.setAutoReconnect(true);
    this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
    SSLUtil sslUtil = null;
    FailoverServerSet failoverSet;
    if (this.useSSL) {
        String sslTrustStoreFile = props.getProperty("ssl.trustStoreFile");
        String sslTrustStorePin = props.getProperty("ssl.trustStorePin");
        String sslTrustStoreFormat = props.getProperty("ssl.trustStoreFormat");
        if (StringHelper.isEmpty(sslTrustStoreFile) && StringHelper.isEmpty(sslTrustStorePin)) {
            sslUtil = new SSLUtil(new TrustAllTrustManager());
        } else {
            TrustStoreTrustManager trustStoreTrustManager = new TrustStoreTrustManager(sslTrustStoreFile, sslTrustStorePin.toCharArray(), sslTrustStoreFormat, true);
            sslUtil = new SSLUtil(trustStoreTrustManager);
        }
        failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
    } else {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
    }
    int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
    this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
    if (this.connectionPool != null) {
        this.connectionPool.setCreateIfNecessary(true);
        String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
        if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
            this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
        }
    }
    this.binaryAttributes = new ArrayList<String>();
    if (props.containsKey("binaryAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
        this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    LOG.debug("Using next binary attributes: " + this.binaryAttributes);
    this.certificateAttributes = new ArrayList<String>();
    if (props.containsKey("certificateAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("certificateAttributes").toString().toLowerCase(), ",");
        this.certificateAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    LOG.debug("Using next binary certificateAttributes: " + this.certificateAttributes);
    this.supportedLDAPVersion = determineSupportedLdapVersion();
    this.subschemaSubentry = determineSubschemaSubentry();
    this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
    this.creationResultCode = ResultCode.SUCCESS_INT_VALUE;
}
Also used : LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) SSLUtil(com.unboundid.util.ssl.SSLUtil) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) InvalidConfigurationException(org.gluu.persist.exception.operation.InvalidConfigurationException)

Example 5 with BindRequest

use of com.unboundid.ldap.sdk.BindRequest in project zm-mailbox by Zimbra.

the class LdapConnectionPool method createConnPool.

private static LDAPConnectionPool createConnPool(LdapServerConfig config) throws LdapException {
    LdapServerPool serverPool = new LdapServerPool(config);
    ServerSet serverSet = serverPool.getServerSet();
    BindRequest bindRequest = createBindRequest(config);
    PostConnectProcessor postConnectProcessor = null;
    if (serverPool.getConnectionType() == LdapConnType.STARTTLS) {
        SSLContext startTLSContext = LdapSSLUtil.createSSLContext(config.sslAllowUntrustedCerts());
        postConnectProcessor = new StartTLSPostConnectProcessor(startTLSContext);
    }
    LDAPConnectionPool connPool = null;
    try {
        connPool = new LDAPConnectionPool(serverSet, bindRequest, config.getConnPoolInitSize(), config.getConnPoolMaxSize(), postConnectProcessor);
        connPool.setRetryFailedOperationsDueToInvalidConnections(true);
    } catch (LDAPException e) {
        throw UBIDLdapException.mapToLdapException(e);
    }
    return connPool;
}
Also used : ServerSet(com.unboundid.ldap.sdk.ServerSet) LDAPConnectionPool(com.unboundid.ldap.sdk.LDAPConnectionPool) LDAPException(com.unboundid.ldap.sdk.LDAPException) PostConnectProcessor(com.unboundid.ldap.sdk.PostConnectProcessor) StartTLSPostConnectProcessor(com.unboundid.ldap.sdk.StartTLSPostConnectProcessor) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) SSLContext(javax.net.ssl.SSLContext) StartTLSPostConnectProcessor(com.unboundid.ldap.sdk.StartTLSPostConnectProcessor)

Aggregations

BindRequest (com.unboundid.ldap.sdk.BindRequest)5 SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)5 FailoverServerSet (com.unboundid.ldap.sdk.FailoverServerSet)3 LDAPConnectionOptions (com.unboundid.ldap.sdk.LDAPConnectionOptions)3 SSLUtil (com.unboundid.util.ssl.SSLUtil)3 TrustAllTrustManager (com.unboundid.util.ssl.TrustAllTrustManager)2 ExtendedResult (com.unboundid.ldap.sdk.ExtendedResult)1 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)1 LDAPConnectionPool (com.unboundid.ldap.sdk.LDAPConnectionPool)1 LDAPException (com.unboundid.ldap.sdk.LDAPException)1 PostConnectProcessor (com.unboundid.ldap.sdk.PostConnectProcessor)1 ServerSet (com.unboundid.ldap.sdk.ServerSet)1 StartTLSPostConnectProcessor (com.unboundid.ldap.sdk.StartTLSPostConnectProcessor)1 StartTLSExtendedRequest (com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)1 StaticUtils.toUTF8String (com.unboundid.util.StaticUtils.toUTF8String)1 TrustStoreTrustManager (com.unboundid.util.ssl.TrustStoreTrustManager)1 SocketFactory (javax.net.SocketFactory)1 SSLContext (javax.net.ssl.SSLContext)1 InvalidConfigurationException (org.gluu.persist.exception.operation.InvalidConfigurationException)1 TrustAllX509TrustManager (org.graylog2.security.TrustAllX509TrustManager)1