Examples with LDAPAuthUtils org.forgerock.openam.ldap.LDAPAuthUtils used on opensource projects

Example 1 with LDAPAuthUtils

use of org.forgerock.openam.ldap.LDAPAuthUtils in project OpenAM by OpenRock.

the class MSISDNValidation method getUserId.

/**
     * Returns user ID which has <code>sunIdentityMSISDNNumber</code> matching 
     * the <code>msisdn<code> number.
     *
     * @param msisdnNumber to search.
     * @throws AuthLoginException
     */
protected String getUserId(String msisdnNumber) throws AuthLoginException {
    String validatedUserID = null;
    try {
        LDAPAuthUtils ldapUtil = new LDAPAuthUtils(serverHost, serverPort, Collections.<String>emptySet(), useSSL, AMResourceBundleCache.getInstance().getResBundle(amAuthMSISDN, locale), startSearchLoc, debug);
        String searchFilter = new StringBuffer(250).append("(").append(userSearchAttr).append("=").append(msisdnNumber).append(")").toString();
        ldapUtil.setReturnUserDN(returnUserDN);
        ldapUtil.setUserNamingAttribute(userNamingAttr);
        ldapUtil.setFilter(searchFilter);
        ldapUtil.setAuthDN(principalUser);
        ldapUtil.setAuthPassword(principalPasswd.toCharArray());
        ldapUtil.searchForUser();
        switch(ldapUtil.getState()) {
            case USER_FOUND:
                debug.message("User search successful");
                validatedUserID = ldapUtil.getUserId();
                return validatedUserID;
            case USER_NOT_FOUND:
                debug.error("MSISDN - Error finding user");
                throw new AuthLoginException(amAuthMSISDN, "userNotFound", null);
            case SERVER_DOWN:
                debug.error("Server down");
                throw new AuthLoginException(amAuthMSISDN, "MSISDNServerDown", null);
            default:
                throw new AuthLoginException(amAuthMSISDN, "MSISDNValidateEx", null);
        }
    } catch (Exception e) {
        throw new AuthLoginException(e);
    }
}

Example 2 with LDAPAuthUtils

use of org.forgerock.openam.ldap.LDAPAuthUtils in project OpenAM by OpenRock.

the class Application method authenticateToLDAP.

private ModuleState authenticateToLDAP(String userName, String userPassword) throws AuthLoginException {
    if (debug.messageEnabled()) {
        debug.message("In authenticateToLDAP with User : " + userName);
    }
    try {
        if (isSuperAdmin(userName)) {
            String baseDN = CollectionHelper.getServerMapAttr(currentConfig, ISAuthConstants.LDAP_BASEDN);
            ldapUtil = new LDAPAuthUtils(Collections.singleton(AuthD.directoryHostName + ":" + AuthD.directoryPort), Collections.<String>emptySet(), ldapSSL, AMResourceBundleCache.getInstance().getResBundle(amAuthApplication, getLoginLocale()), baseDN, debug);
            ldapUtil.authenticateUser(userName, userPassword);
            if (ldapUtil.getState() == ModuleState.SUCCESS) {
                userTokenId = userName;
            } else {
                debug.message("Invalid adminID or admin Password");
                setFailureID(ldapUtil.getUserId(userName));
                throw new AuthLoginException(amAuthApplication, "InvalidUP", null);
            }
        } else {
            if (initLDAPAttributes(ISAuthConstants.LDAP_SERVICE_NAME)) {
                ldapUtil.authenticateUser(userName, userPassword);
            } else {
                debug.message("Invalid userID or user Password");
                setFailureID(userName);
                throw new AuthLoginException(amAuthApplication, "basicLDAPex", null);
            }
        }
        return ldapUtil.getState();
    } catch (LDAPUtilException ex) {
        setFailureID(userName);
        if (ResultCode.NO_SUCH_OBJECT.equals(ex.getResultCode())) {
            debug.message("The specified user does not exist.");
            throw new AuthLoginException(amAuthApplication, "NoUser", null);
        } else if (ResultCode.INVALID_CREDENTIALS.equals(ex.getResultCode())) {
            debug.message("Invalid password.");
            String failureUserID = ldapUtil.getUserId();
            throw new InvalidPasswordException(amAuthApplication, "InvalidUP", null, failureUserID, ex);
        } else {
            throw new AuthLoginException(amAuthApplication, "basicLDAPex", null);
        }
    }
}

Example 3 with LDAPAuthUtils

use of org.forgerock.openam.ldap.LDAPAuthUtils in project OpenAM by OpenRock.

the class AMSDKRepo method authenticate.

public boolean authenticate(Callback[] credentials) throws IdRepoException, AuthLoginException {
    debug.message("AMSDKRepo: authenticate. ");
    // Obtain user name and password from credentials and authenticate
    String username = null;
    String password = null;
    for (int i = 0; i < credentials.length; i++) {
        if (credentials[i] instanceof NameCallback) {
            username = ((NameCallback) credentials[i]).getName();
            if (debug.messageEnabled()) {
                debug.message("LDPv3Repo:authenticate username: " + username);
            }
        } else if (credentials[i] instanceof PasswordCallback) {
            char[] passwd = ((PasswordCallback) credentials[i]).getPassword();
            if (passwd != null) {
                password = new String(passwd);
                debug.message("AMSDKRepo: authenticate passwd XXX.");
            }
        }
    }
    if (username == null || (username.length() == 0) || password == null) {
        Object[] args = { CLASS_NAME };
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.UNABLE_TO_AUTHENTICATE, args);
    }
    ServerInstance svrCfg = getDsSvrCfg(LDAPUser.Type.AUTH_ADMIN);
    boolean ssl = (svrCfg.getConnectionType() == Server.Type.CONN_SSL);
    LDAPAuthUtils ldapAuthUtil;
    try {
        ldapAuthUtil = new LDAPAuthUtils(Collections.singleton(svrCfg.getServerName() + ":" + svrCfg.getPort()), Collections.<String>emptySet(), ssl, AMResourceBundleCache.getInstance().getResBundle(IdRepoBundle.BUNDLE_NAME, Locale.getDefaultLocale()), //BaseDN is set later based on whether authenticating user or agent
        "BASE_DN", debug);
    } catch (LDAPUtilException ldapUtilEx) {
        if (debug.messageEnabled()) {
            debug.message("AMSDKRepo: authenticate" + " LDAPUtilException: " + ldapUtilEx.getMessage());
        }
        Object[] args = { CLASS_NAME, username };
        throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.ERROR_DURING_SEARCH, args);
    }
    ldapAuthUtil.setAuthDN(AdminUtils.getAdminDN());
    ldapAuthUtil.setAuthPassword(new String(AdminUtils.getAdminPassword()).toCharArray());
    ldapAuthUtil.setScope(SearchScope.SINGLE_LEVEL);
    if (authenticateIt(ldapAuthUtil, IdType.USER, username, password)) {
        if (debug.messageEnabled()) {
            debug.message("AMSDKRepo: IdType.USER authenticateIt=true");
        }
        return (true);
    }
    if (authenticateIt(ldapAuthUtil, IdType.AGENT, username, password)) {
        if (debug.messageEnabled()) {
            debug.message("AMSDKRepo: IdType.AGENT authenticateIt=true");
        }
        return (true);
    }
    return (false);
}

Example 4 with LDAPAuthUtils

use of org.forgerock.openam.ldap.LDAPAuthUtils in project OpenAM by OpenRock.

the class Application method initLDAPAttributes.

private boolean initLDAPAttributes(String serviceName) throws AuthLoginException {
    String serverHost = null;
    currentConfig = getOrgServiceTemplate(getRequestOrg(), serviceName);
    try {
        // All LDAP module Attribute Initialization done here ...
        serverHost = CollectionHelper.getServerMapAttr(currentConfig, ISAuthConstants.LDAP_SERVER);
        if (serverHost == null) {
            debug.message("No server for configuring");
            return false;
        }
        String baseDN = CollectionHelper.getServerMapAttr(currentConfig, ISAuthConstants.LDAP_BASEDN);
        if (baseDN == null) {
            debug.error("Fatal error: baseDN for search has invalid value");
            throw new AuthLoginException(amAuthApplication, "basednnull", null);
        }
        String bindDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_BINDDN, "");
        String bindPassword = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_BINDPWD, "");
        String userNamingAttr = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_UNA, "uid");
        Set userSearchAttrs = (Set) currentConfig.get(ISAuthConstants.LDAP_USERSEARCH);
        String searchFilter = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SEARCHFILTER, "");
        boolean ssl = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SSL, "false"));
        String tmp = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SEARCHSCOPE, "SUBTREE");
        // SUBTREE is the default
        SearchScope searchScope = SearchScope.WHOLE_SUBTREE;
        if (tmp.equalsIgnoreCase("OBJECT")) {
            searchScope = SearchScope.BASE_OBJECT;
        } else if (tmp.equalsIgnoreCase("ONELEVEL")) {
            searchScope = SearchScope.SINGLE_LEVEL;
        }
        String returnUserDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_RETURNUSERDN, "true");
        // set LDAP Parameters
        int index = serverHost.indexOf(':');
        int serverPort = 389;
        String port = null;
        if (index != -1) {
            port = serverHost.substring(index + 1);
            serverPort = Integer.parseInt(port);
            serverHost = serverHost.substring(0, index);
        }
        // set the optional attributes here
        ldapUtil = new LDAPAuthUtils(Collections.singleton(serverHost + ":" + serverPort), Collections.<String>emptySet(), ldapSSL, AMResourceBundleCache.getInstance().getResBundle(amAuthApplication, getLoginLocale()), baseDN, debug);
        ldapUtil.setScope(searchScope);
        ldapUtil.setFilter(searchFilter);
        ldapUtil.setUserNamingAttribute(userNamingAttr);
        ldapUtil.setUserSearchAttribute(userSearchAttrs);
        ldapUtil.setAuthPassword(bindPassword.toCharArray());
        ldapUtil.setAuthDN(bindDN);
        ldapUtil.setReturnUserDN(returnUserDN);
        if (debug.messageEnabled()) {
            debug.message("bindDN-> " + bindDN + "\nbaseDN-> " + baseDN + "\nuserNamingAttr-> " + userNamingAttr + "\nuserSearchAttr(s)-> " + userSearchAttrs + "\nsearchFilter-> " + searchFilter + "\nsearchScope-> " + searchScope + "\nssl-> " + ssl + "\nHost: " + serverHost + "\nINDEDX : " + index + "\nPORT : " + serverPort);
        }
        return true;
    } catch (Exception ex) {
        debug.error("LDAP Init Exception", ex);
        throw new AuthLoginException(amAuthApplication, "basicLDAPex", null, ex);
    }
}

Example 5 with LDAPAuthUtils

use of org.forgerock.openam.ldap.LDAPAuthUtils in project OpenAM by OpenRock.

the class LDAP method initializeLDAP.

/**
     * TODO-JAVADOC
     */
public boolean initializeLDAP() throws AuthLoginException {
    debug.message("LDAP initialize()");
    try {
        Set<String> primaryServers = CollectionHelper.getServerMapAttrs(currentConfig, "iplanet-am-auth-ldap-server");
        Set<String> secondaryServers = CollectionHelper.getServerMapAttrs(currentConfig, "iplanet-am-auth-ldap-server2");
        String baseDN = CollectionHelper.getServerMapAttr(currentConfig, "iplanet-am-auth-ldap-base-dn");
        if (baseDN == null) {
            debug.error("BaseDN for search was null");
        }
        String pLen = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-min-password-length");
        if (pLen != null) {
            try {
                requiredPasswordLength = Integer.parseInt(pLen);
            } catch (NumberFormatException ex) {
                debug.error("LDAP.initializeLDAP : " + pLen, ex);
            }
        }
        bindDN = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-bind-dn", "");
        char[] bindPassword = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-bind-passwd", "").toCharArray();
        String userNamingAttr = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-user-naming-attribute", "uid");
        Set userSearchAttrs = (Set) currentConfig.get("iplanet-am-auth-ldap-user-search-attributes");
        String searchFilter = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-search-filter", "");
        final String connectionMode = CollectionHelper.getMapAttr(currentConfig, "openam-auth-ldap-connection-mode", "LDAP");
        useStartTLS = connectionMode.equalsIgnoreCase("StartTLS");
        isSecure = connectionMode.equalsIgnoreCase("LDAPS") || useStartTLS;
        getUserCreationAttrs(currentConfig);
        String tmp = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-search-scope", "SUBTREE");
        String authLevel = CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-auth-level");
        if (authLevel != null) {
            try {
                setAuthLevel(Integer.parseInt(authLevel));
            } catch (Exception e) {
                debug.error("Unable to set auth level " + authLevel);
            }
        }
        SearchScope searchScope = SearchScope.WHOLE_SUBTREE;
        if (tmp.equalsIgnoreCase("OBJECT")) {
            searchScope = SearchScope.BASE_OBJECT;
        } else if (tmp.equalsIgnoreCase("ONELEVEL")) {
            searchScope = SearchScope.SINGLE_LEVEL;
        }
        String returnUserDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_RETURNUSERDN, "true");
        regEx = CollectionHelper.getMapAttr(currentConfig, INVALID_CHARS);
        boolean beheraEnabled = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-behera-password-policy-enabled", "false")).booleanValue();
        sslTrustAll = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, "iplanet-am-auth-ldap-ssl-trust-all", "false")).booleanValue();
        int heartBeatInterval = CollectionHelper.getIntMapAttr(currentConfig, "openam-auth-ldap-heartbeat-interval", 10, debug);
        String heartBeatTimeUnit = CollectionHelper.getMapAttr(currentConfig, "openam-auth-ldap-heartbeat-timeunit", "SECONDS");
        final int operationTimeout = CollectionHelper.getIntMapAttr(currentConfig, OPERATION_TIMEOUT_ATTR, 0, debug);
        isProfileCreationEnabled = isDynamicProfileCreationEnabled();
        // set the optional attributes here
        ldapUtil = new LDAPAuthUtils(primaryServers, secondaryServers, isSecure, bundle, baseDN, debug);
        ldapUtil.setScope(searchScope);
        ldapUtil.setFilter(searchFilter);
        ldapUtil.setUserNamingAttribute(userNamingAttr);
        ldapUtil.setUserSearchAttribute(userSearchAttrs);
        ldapUtil.setAuthPassword(bindPassword);
        ldapUtil.setAuthDN(bindDN);
        ldapUtil.setReturnUserDN(returnUserDN);
        ldapUtil.setUserAttributes(userCreationAttrs);
        ldapUtil.setTrustAll(sslTrustAll);
        ldapUtil.setUseStartTLS(useStartTLS);
        ldapUtil.setDynamicProfileCreationEnabled(isProfileCreationEnabled);
        ldapUtil.setBeheraEnabled(beheraEnabled);
        ldapUtil.setHeartBeatInterval(heartBeatInterval);
        ldapUtil.setHeartBeatTimeUnit(heartBeatTimeUnit);
        ldapUtil.setOperationTimeout(operationTimeout);
        if (debug.messageEnabled()) {
            debug.message("bindDN-> " + bindDN + "\nrequiredPasswordLength-> " + requiredPasswordLength + "\nbaseDN-> " + baseDN + "\nuserNamingAttr-> " + userNamingAttr + "\nuserSearchAttr(s)-> " + userSearchAttrs + "\nuserCreationAttrs-> " + userCreationAttrs + "\nsearchFilter-> " + searchFilter + "\nsearchScope-> " + searchScope + "\nisSecure-> " + isSecure + "\nuseStartTLS-> " + useStartTLS + "\ntrustAll-> " + sslTrustAll + "\nauthLevel-> " + authLevel + "\nbeheraEnabled->" + beheraEnabled + "\nprimaryServers-> " + primaryServers + "\nsecondaryServers-> " + secondaryServers + "\nheartBeatInterval-> " + heartBeatInterval + "\nheartBeatTimeUnit-> " + heartBeatTimeUnit + "\noperationTimeout-> " + operationTimeout + "\nPattern : " + regEx);
        }
        return true;
    } catch (Exception ex) {
        debug.error("Init Exception", ex);
        throw new AuthLoginException(AM_AUTH, "LDAPex", null, ex);
    }
}