Search in sources :

Example 51 with LDAPException

use of com.unboundid.ldap.sdk.LDAPException in project gitblit by gitblit.

the class LdapConnection method connect.

public boolean connect() {
    try {
        URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
        String ldapHost = ldapUrl.getHost();
        int ldapPort = ldapUrl.getPort();
        if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) {
            // SSL
            SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
            conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
            if (ldapPort == -1) {
                ldapPort = 636;
            }
        } else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
            // no encryption or StartTLS
            conn = new LDAPConnection();
            if (ldapPort == -1) {
                ldapPort = 389;
            }
        } else {
            logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());
            return false;
        }
        conn.connect(ldapHost, ldapPort);
        if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
            SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
            ExtendedResult extendedResult = conn.processExtendedOperation(new StartTLSExtendedRequest(sslUtil.createSSLContext()));
            if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
                throw new LDAPException(extendedResult.getResultCode());
            }
        }
        return true;
    } catch (URISyntaxException e) {
        logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
    } catch (GeneralSecurityException e) {
        logger.error("Unable to create SSL Connection", e);
    } catch (LDAPException e) {
        logger.error("Error Connecting to LDAP", e);
    }
    return false;
}
Also used : SSLUtil(com.unboundid.util.ssl.SSLUtil) LDAPException(com.unboundid.ldap.sdk.LDAPException) GeneralSecurityException(java.security.GeneralSecurityException) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) StartTLSExtendedRequest(com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)

Example 52 with LDAPException

use of com.unboundid.ldap.sdk.LDAPException in project spring-security by spring-projects.

the class UnboundIdContainer method start.

@Override
public void start() {
    if (isRunning()) {
        return;
    }
    try {
        InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig(this.defaultPartitionSuffix);
        config.addAdditionalBindCredentials("uid=admin,ou=system", "secret");
        config.setListenerConfigs(InMemoryListenerConfig.createLDAPConfig("LDAP", this.port));
        config.setEnforceSingleStructuralObjectClass(false);
        config.setEnforceAttributeSyntaxCompliance(true);
        DN dn = new DN(this.defaultPartitionSuffix);
        Entry entry = new Entry(dn);
        entry.addAttribute("objectClass", "top", "domain", "extensibleObject");
        entry.addAttribute("dc", dn.getRDN().getAttributeValues()[0]);
        InMemoryDirectoryServer directoryServer = new InMemoryDirectoryServer(config);
        directoryServer.add(entry);
        importLdif(directoryServer);
        directoryServer.startListening();
        this.port = directoryServer.getListenPort();
        this.directoryServer = directoryServer;
        this.running = true;
    } catch (LDAPException ex) {
        throw new RuntimeException("Server startup failed", ex);
    }
}
Also used : Entry(com.unboundid.ldap.sdk.Entry) LDAPException(com.unboundid.ldap.sdk.LDAPException) InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer) InMemoryDirectoryServerConfig(com.unboundid.ldap.listener.InMemoryDirectoryServerConfig) DN(com.unboundid.ldap.sdk.DN)

Example 53 with LDAPException

use of com.unboundid.ldap.sdk.LDAPException in project graylog2-server by Graylog2.

the class UnboundLDAPConnector method search.

public ImmutableList<LDAPEntry> search(LDAPConnection connection, String searchBase, Filter filter, String uniqueIdAttribute, Set<String> attributes) throws LDAPException {
    final ImmutableSet<String> allAttributes = ImmutableSet.<String>builder().add(OBJECT_CLASS_ATTRIBUTE).addAll(attributes).build();
    // TODO: Use LDAPEntrySource for a more memory efficient search
    final SearchRequest searchRequest = new SearchRequest(searchBase, SearchScope.SUB, filter, allAttributes.toArray(new String[0]));
    searchRequest.setTimeLimitSeconds(requestTimeoutSeconds);
    if (LOG.isTraceEnabled()) {
        LOG.trace("Search LDAP for <{}> using search base <{}>", filter.toNormalizedString(), searchBase);
    }
    final SearchResult searchResult = connection.search(searchRequest);
    if (searchResult.getSearchEntries().isEmpty()) {
        LOG.trace("No LDAP entry found for filter <{}>", filter.toNormalizedString());
        return ImmutableList.of();
    }
    return searchResult.getSearchEntries().stream().map(entry -> createLDAPEntry(entry, uniqueIdAttribute)).collect(ImmutableList.toImmutableList());
}
Also used : LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) Arrays(java.util.Arrays) Entry(com.unboundid.ldap.sdk.Entry) TrustAllX509TrustManager(org.graylog2.security.TrustAllX509TrustManager) Attribute(com.unboundid.ldap.sdk.Attribute) LoggerFactory(org.slf4j.LoggerFactory) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) Singleton(javax.inject.Singleton) Base64(com.unboundid.util.Base64) BindRequest(com.unboundid.ldap.sdk.BindRequest) MessageFormat(java.text.MessageFormat) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) Inject(javax.inject.Inject) LDAPBindException(com.unboundid.ldap.sdk.LDAPBindException) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) GeneralSecurityException(java.security.GeneralSecurityException) ImmutableList(com.google.common.collect.ImmutableList) Locale(java.util.Locale) SSLUtil(com.unboundid.util.ssl.SSLUtil) Objects.requireNonNull(java.util.Objects.requireNonNull) SearchRequest(com.unboundid.ldap.sdk.SearchRequest) Named(javax.inject.Named) BindResult(com.unboundid.ldap.sdk.BindResult) LDAPException(com.unboundid.ldap.sdk.LDAPException) ResultCode(com.unboundid.ldap.sdk.ResultCode) LDAPTestUtils(com.unboundid.util.LDAPTestUtils) TLSProtocolsConfiguration(org.graylog2.configuration.TLSProtocolsConfiguration) ImmutableSet(com.google.common.collect.ImmutableSet) EncryptedValue(org.graylog2.security.encryption.EncryptedValue) Logger(org.slf4j.Logger) StaticUtils.isValidUTF8(com.unboundid.util.StaticUtils.isValidUTF8) TrustManagerProvider(org.graylog2.security.TrustManagerProvider) LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) Set(java.util.Set) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) Ints(com.google.common.primitives.Ints) StartTLSExtendedRequest(com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest) SocketFactory(javax.net.SocketFactory) SearchResult(com.unboundid.ldap.sdk.SearchResult) StaticUtils.toUTF8String(com.unboundid.util.StaticUtils.toUTF8String) StringUtils.isBlank(org.apache.commons.lang3.StringUtils.isBlank) EncryptedValueService(org.graylog2.security.encryption.EncryptedValueService) Optional(java.util.Optional) Filter(com.unboundid.ldap.sdk.Filter) SearchScope(com.unboundid.ldap.sdk.SearchScope) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) SearchRequest(com.unboundid.ldap.sdk.SearchRequest) SearchResult(com.unboundid.ldap.sdk.SearchResult) StaticUtils.toUTF8String(com.unboundid.util.StaticUtils.toUTF8String)

Example 54 with LDAPException

use of com.unboundid.ldap.sdk.LDAPException in project graylog2-server by Graylog2.

the class LDAPAuthServiceBackend method authenticateAndProvision.

@Override
public Optional<AuthenticationDetails> authenticateAndProvision(AuthServiceCredentials authCredentials, ProvisionerService provisionerService) {
    try (final LDAPConnection connection = ldapConnector.connect(config.getLDAPConnectorConfig())) {
        if (connection == null) {
            return Optional.empty();
        }
        final Optional<LDAPUser> optionalUser = findUser(connection, authCredentials);
        if (!optionalUser.isPresent()) {
            LOG.debug("User <{}> not found in LDAP", authCredentials.username());
            return Optional.empty();
        }
        final LDAPUser userEntry = optionalUser.get();
        if (!authCredentials.isAuthenticated()) {
            if (!isAuthenticated(connection, userEntry, authCredentials)) {
                LOG.debug("Invalid credentials for user <{}> (DN: {})", authCredentials.username(), userEntry.dn());
                return Optional.empty();
            }
        }
        final UserDetails userDetails = provisionerService.provision(provisionerService.newDetails(this).authServiceType(backendType()).authServiceId(backendId()).accountIsEnabled(true).base64AuthServiceUid(userEntry.base64UniqueId()).username(userEntry.username()).fullName(userEntry.fullName()).email(userEntry.email()).defaultRoles(backend.defaultRoles()).build());
        return Optional.of(AuthenticationDetails.builder().userDetails(userDetails).build());
    } catch (GeneralSecurityException e) {
        LOG.error("Error setting up TLS connection", e);
        throw new AuthenticationServiceUnavailableException("Error setting up TLS connection", e);
    } catch (LDAPException e) {
        LOG.error("LDAP error", e);
        throw new AuthenticationServiceUnavailableException("LDAP error", e);
    }
}
Also used : UserDetails(org.graylog.security.authservice.UserDetails) LDAPException(com.unboundid.ldap.sdk.LDAPException) GeneralSecurityException(java.security.GeneralSecurityException) LDAPUser(org.graylog.security.authservice.ldap.LDAPUser) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException)

Example 55 with LDAPException

use of com.unboundid.ldap.sdk.LDAPException in project zm-mailbox by Zimbra.

the class LdapConnectionPool method createConnPool.

private static LDAPConnectionPool createConnPool(LdapServerConfig config) throws LdapException {
    LdapServerPool serverPool = new LdapServerPool(config);
    ServerSet serverSet = serverPool.getServerSet();
    BindRequest bindRequest = createBindRequest(config);
    PostConnectProcessor postConnectProcessor = null;
    if (serverPool.getConnectionType() == LdapConnType.STARTTLS) {
        SSLContext startTLSContext = LdapSSLUtil.createSSLContext(config.sslAllowUntrustedCerts());
        postConnectProcessor = new StartTLSPostConnectProcessor(startTLSContext);
    }
    LDAPConnectionPool connPool = null;
    try {
        connPool = new LDAPConnectionPool(serverSet, bindRequest, config.getConnPoolInitSize(), config.getConnPoolMaxSize(), postConnectProcessor);
        connPool.setRetryFailedOperationsDueToInvalidConnections(true);
    } catch (LDAPException e) {
        throw UBIDLdapException.mapToLdapException(e);
    }
    return connPool;
}
Also used : ServerSet(com.unboundid.ldap.sdk.ServerSet) LDAPConnectionPool(com.unboundid.ldap.sdk.LDAPConnectionPool) LDAPException(com.unboundid.ldap.sdk.LDAPException) PostConnectProcessor(com.unboundid.ldap.sdk.PostConnectProcessor) StartTLSPostConnectProcessor(com.unboundid.ldap.sdk.StartTLSPostConnectProcessor) BindRequest(com.unboundid.ldap.sdk.BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) SSLContext(javax.net.ssl.SSLContext) StartTLSPostConnectProcessor(com.unboundid.ldap.sdk.StartTLSPostConnectProcessor)

Aggregations

LDAPException (com.unboundid.ldap.sdk.LDAPException)59 SearchResult (com.unboundid.ldap.sdk.SearchResult)15 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)13 SearchRequest (com.unboundid.ldap.sdk.SearchRequest)11 SearchResultEntry (com.unboundid.ldap.sdk.SearchResultEntry)11 IOException (java.io.IOException)11 ResultCode (com.unboundid.ldap.sdk.ResultCode)9 LDIFReader (com.unboundid.ldif.LDIFReader)8 GeneralSecurityException (java.security.GeneralSecurityException)8 DN (com.unboundid.ldap.sdk.DN)6 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)5 Entry (com.unboundid.ldap.sdk.Entry)5 Filter (com.unboundid.ldap.sdk.Filter)5 LDAPConnectionPool (com.unboundid.ldap.sdk.LDAPConnectionPool)5 ArrayList (java.util.ArrayList)5 LdifDataUtility (org.gluu.persist.ldap.impl.LdifDataUtility)5 InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)4 InMemoryDirectoryServerConfig (com.unboundid.ldap.listener.InMemoryDirectoryServerConfig)4 BindResult (com.unboundid.ldap.sdk.BindResult)4 SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)4