Example 6 with LDAPConnectionFactory
use of org.forgerock.opendj.ldap.LDAPConnectionFactory in project ddf by codice.
the class SslLdapLoginModuleTest method testUnsuccessfulConnectionBind1.
@Test
public void testUnsuccessfulConnectionBind1() throws LoginException {
LDAPConnectionFactory mockedConnectionFactory = PowerMockito.mock(LDAPConnectionFactory.class);
BindResult mockedBindResult = mock(BindResult.class);
when(mockedBindResult.isSuccess()).thenReturn(false);
Connection mockedConnection = mock(Connection.class);
SslLdapLoginModule testLoginModule = mock(SslLdapLoginModule.class);
try {
when(mockedConnectionFactory.getConnection()).thenReturn(mockedConnection);
when(mockedConnection.bind(anyString(), any(char[].class))).thenReturn(mockedBindResult);
when(testLoginModule.createLdapConnectionFactory(any(String.class), any(Boolean.class))).thenReturn(mockedConnectionFactory);
} catch (LdapException e) {
LOGGER.debug("LDAP exception", e);
}
Boolean loginBool = testLoginModule.doLogin();
assertThat(loginBool, is(false));
}
Also used :
Connection(org.forgerock.opendj.ldap.Connection)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
Matchers.anyString(org.mockito.Matchers.anyString)
LdapException(org.forgerock.opendj.ldap.LdapException)
Test(org.junit.Test)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Example 7 with LDAPConnectionFactory
use of org.forgerock.opendj.ldap.LDAPConnectionFactory in project ddf by codice.
the class ClaimsHandlerManager method createLdapConnectionFactory.
protected LDAPConnectionFactory createLdapConnectionFactory(String url, Boolean startTls) throws LdapException {
boolean useSsl = url.startsWith("ldaps");
boolean useTls = !url.startsWith("ldaps") && startTls;
Options lo = Options.defaultOptions();
try {
if (useSsl || useTls) {
lo.set(LDAPConnectionFactory.SSL_CONTEXT, SSLContext.getDefault());
}
} catch (GeneralSecurityException e) {
LOGGER.info("Error encountered while configuring SSL. Secure connection will fail.", e);
}
lo.set(LDAPConnectionFactory.SSL_USE_STARTTLS, useTls);
lo.set(LDAPConnectionFactory.SSL_ENABLED_CIPHER_SUITES, Arrays.asList(System.getProperty("https.cipherSuites").split(",")));
lo.set(LDAPConnectionFactory.SSL_ENABLED_PROTOCOLS, Arrays.asList(System.getProperty("https.protocols").split(",")));
lo.set(LDAPConnectionFactory.TRANSPORT_PROVIDER_CLASS_LOADER, ClaimsHandlerManager.class.getClassLoader());
String host = url.substring(url.indexOf("://") + 3, url.lastIndexOf(":"));
Integer port = useSsl ? 636 : 389;
try {
port = Integer.valueOf(url.substring(url.lastIndexOf(":") + 1));
} catch (NumberFormatException ignore) {
}
auditRemoteConnection(host);
return new LDAPConnectionFactory(host, port, lo);
}
Also used :
Options(org.forgerock.util.Options)
GeneralSecurityException(java.security.GeneralSecurityException)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
Example 8 with LDAPConnectionFactory
use of org.forgerock.opendj.ldap.LDAPConnectionFactory in project ddf by codice.
the class ClaimsHandlerManager method update.
/**
* Callback method that is called when configuration is updated. Also called by the
* blueprint init-method when all properties have been set.
*
* @param props Map of properties.
*/
public void update(Map<String, Object> props) {
if (props == null) {
return;
}
LOGGER.debug("Received an updated set of configurations for the LDAP/Role Claims Handlers.");
String url = new PropertyResolver((String) props.get(ClaimsHandlerManager.URL)).toString();
Boolean startTls;
if (props.get(ClaimsHandlerManager.START_TLS) instanceof String) {
startTls = Boolean.valueOf((String) props.get(ClaimsHandlerManager.START_TLS));
} else {
startTls = (Boolean) props.get(ClaimsHandlerManager.START_TLS);
}
String userDn = (String) props.get(ClaimsHandlerManager.LDAP_BIND_USER_DN);
String password = (String) props.get(ClaimsHandlerManager.PASSWORD);
String userBaseDn = (String) props.get(ClaimsHandlerManager.USER_BASE_DN);
String objectClass = (String) props.get(ClaimsHandlerManager.OBJECT_CLASS);
String memberNameAttribute = (String) props.get(ClaimsHandlerManager.MEMBER_NAME_ATTRIBUTE);
String groupBaseDn = (String) props.get(ClaimsHandlerManager.GROUP_BASE_DN);
String loginUserAttribute = (String) props.get(ClaimsHandlerManager.LOGIN_USER_ATTRIBUTE);
String membershipUserAttribute = (String) props.get(ClaimsHandlerManager.MEMBER_USER_ATTRIBUTE);
String propertyFileLocation = (String) props.get(ClaimsHandlerManager.PROPERTY_FILE_LOCATION);
String bindMethod = (String) props.get(ClaimsHandlerManager.BIND_METHOD);
String realm = (props.get(ClaimsHandlerManager.REALM) != null) ? (String) props.get(ClaimsHandlerManager.REALM) : "";
String kdcAddress = (props.get(ClaimsHandlerManager.KDC_ADDRESS) != null) ? (String) props.get(ClaimsHandlerManager.KDC_ADDRESS) : "";
if ("GSSAPI SASL".equals(bindMethod) && (StringUtils.isEmpty(realm) || StringUtils.isEmpty(kdcAddress))) {
LOGGER.warn("LDAP connection will fail. GSSAPI SASL connection requires Kerberos Realm and KDC Address.");
}
Boolean overrideCertDn;
if (props.get(ClaimsHandlerManager.OVERRIDE_CERT_DN) instanceof String) {
overrideCertDn = Boolean.valueOf((String) props.get(ClaimsHandlerManager.OVERRIDE_CERT_DN));
} else {
overrideCertDn = (Boolean) props.get(ClaimsHandlerManager.OVERRIDE_CERT_DN);
}
if (startTls == null) {
startTls = false;
}
if (overrideCertDn == null) {
overrideCertDn = false;
}
try {
if (encryptService != null) {
password = encryptService.decryptValue(password);
}
LDAPConnectionFactory connection1 = createLdapConnectionFactory(url, startTls);
LDAPConnectionFactory connection2 = createLdapConnectionFactory(url, startTls);
registerRoleClaimsHandler(connection1, propertyFileLocation, userBaseDn, loginUserAttribute, membershipUserAttribute, objectClass, memberNameAttribute, groupBaseDn, userDn, password, overrideCertDn, bindMethod, realm, kdcAddress);
registerLdapClaimsHandler(connection2, propertyFileLocation, userBaseDn, loginUserAttribute, userDn, password, overrideCertDn, bindMethod, realm, kdcAddress);
} catch (Exception e) {
LOGGER.warn("Experienced error while configuring claims handlers. Handlers are NOT configured and claim retrieval will not work. Check LDAP configuration.", e);
}
}
Also used :
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
PropertyResolver(org.codice.ddf.configuration.PropertyResolver)
LdapException(org.forgerock.opendj.ldap.LdapException)
KeyStoreException(java.security.KeyStoreException)
GeneralSecurityException(java.security.GeneralSecurityException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 9 with LDAPConnectionFactory
use of org.forgerock.opendj.ldap.LDAPConnectionFactory in project admin-console-beta by connexta.
the class LdapTestingUtils method getLdapConnection.
/**
* Attempts to connect to the given ldap address given the hostname, port, and encryptionMethod
*
* Possible message types: CANNOT_CONFIGURE, CANNOT_CONNECT
* @return
*/
public LdapConnectionAttempt getLdapConnection(LdapConnectionField connection) {
LDAPOptions ldapOptions = new LDAPOptions();
try {
if (connection.encryptionMethod().equals(LDAPS)) {
ldapOptions.setSSLContext(SSLContext.getDefault());
} else if (connection.encryptionMethod().equals(START_TLS)) {
ldapOptions.setUseStartTLS(true);
}
ldapOptions.addEnabledCipherSuite(System.getProperty("https.cipherSuites").split(","));
ldapOptions.addEnabledProtocol(System.getProperty("https.protocols").split(","));
//sets the classloader so it can find the grizzly protocol handler class
ldapOptions.setProviderClassLoader(LdapTestingUtils.class.getClassLoader());
} catch (Exception e) {
LOGGER.debug("Error prepping LDAP connection", e);
return new LdapConnectionAttempt(CANNOT_CONFIGURE);
}
Connection ldapConnection;
try {
ldapConnection = new LDAPConnectionFactory(connection.hostname(), connection.port(), ldapOptions).getConnection();
} catch (Exception e) {
LOGGER.debug("Error opening LDAP connection to [{}:{}]", connection.hostname(), connection.port());
return new LdapConnectionAttempt(CANNOT_CONNECT);
}
return new LdapConnectionAttempt(ldapConnection);
}
Also used :
LDAPOptions(org.forgerock.opendj.ldap.LDAPOptions)
Connection(org.forgerock.opendj.ldap.Connection)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
IOException(java.io.IOException)
Example 10 with LDAPConnectionFactory
use of org.forgerock.opendj.ldap.LDAPConnectionFactory in project OpenAM by OpenRock.
the class AMCertStore method getConnection.
/**
* Return ldap connection for ldap certificate store, or null if an error occured when connecting.
*/
synchronized Connection getConnection() {
if (ldapconn == null) {
/*
* Setup the LDAP certificate directory service context for
* use in verification of the users certificates.
*/
String serverName = storeParam.getServerName();
int port = storeParam.getPort();
LDAPConnectionFactory factory;
// Regardless of SSL on connection, we will use authentication
SimpleBindRequest authenticatedRequest = LDAPRequests.newSimpleBindRequest(storeParam.getUser(), storeParam.getPassword().toCharArray());
Options options = Options.defaultOptions().set(AUTHN_BIND_REQUEST, authenticatedRequest);
if (storeParam.isSecure()) {
debug.message("AMCertStore.getConnection: initial connection factory using ssl.");
try {
options = options.set(SSL_CONTEXT, new SSLContextBuilder().getSSLContext());
ldapconn = new LDAPConnectionFactory(serverName, port, options);
debug.message("AMCertStore.getConnection: SSLSocketFactory called");
} catch (GeneralSecurityException e) {
debug.error("AMCertStore.getConnection: Error getting SSL Context", e);
return null;
}
} else {
// non-ssl
ldapconn = new LDAPConnectionFactory(serverName, port, options);
}
}
try {
return ldapconn.getConnection();
} catch (LdapException e) {
debug.error("AMCertStore.getConnection: Exception in connection to LDAP server", e);
return null;
}
}
Also used :
Options(org.forgerock.util.Options)
SimpleBindRequest(org.forgerock.opendj.ldap.requests.SimpleBindRequest)
GeneralSecurityException(java.security.GeneralSecurityException)
ByteString(org.forgerock.opendj.ldap.ByteString)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
SSLContextBuilder(org.forgerock.opendj.ldap.SSLContextBuilder)
LdapException(org.forgerock.opendj.ldap.LdapException)
Aggregations
LDAPConnectionFactory (org.forgerock.opendj.ldap.LDAPConnectionFactory)18
Options (org.forgerock.util.Options)10
SSLContextBuilder (org.forgerock.opendj.ldap.SSLContextBuilder)8
LdapException (org.forgerock.opendj.ldap.LdapException)7
Duration (org.forgerock.util.time.Duration)7
GeneralSecurityException (java.security.GeneralSecurityException)6
IOException (java.io.IOException)5
Connection (org.forgerock.opendj.ldap.Connection)5
ShutdownListener (org.forgerock.util.thread.listener.ShutdownListener)4
ByteString (org.forgerock.opendj.ldap.ByteString)3
ConnectionFactory (org.forgerock.opendj.ldap.ConnectionFactory)3
SimpleBindRequest (org.forgerock.opendj.ldap.requests.SimpleBindRequest)3
BindResult (org.forgerock.opendj.ldap.responses.BindResult)2
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)2
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)2
Test (org.junit.Test)2
Matchers.anyString (org.mockito.Matchers.anyString)2
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)2
DSConfigMgr (com.iplanet.services.ldap.DSConfigMgr)1
LDAPServiceException (com.iplanet.services.ldap.LDAPServiceException)1
