Search in sources :

Example 1 with Credential

use of org.ldaptive.Credential in project cas by apereo.

the class Beans method newLdaptiveBlockingConnectionPool.

/**
     * New blocking connection pool connection pool.
     *
     * @param l the l
     * @return the connection pool
     */
public static ConnectionPool newLdaptiveBlockingConnectionPool(final AbstractLdapProperties l) {
    final DefaultConnectionFactory bindCf = newLdaptiveConnectionFactory(l);
    final PoolConfig pc = newLdaptivePoolConfig(l);
    final BlockingConnectionPool cp = new BlockingConnectionPool(pc, bindCf);
    cp.setBlockWaitTime(newDuration(l.getBlockWaitTime()));
    cp.setPoolConfig(pc);
    final IdlePruneStrategy strategy = new IdlePruneStrategy();
    strategy.setIdleTime(newDuration(l.getIdleTime()));
    strategy.setPrunePeriod(newDuration(l.getPrunePeriod()));
    cp.setPruneStrategy(strategy);
    switch(l.getValidator().getType().trim().toLowerCase()) {
        case "compare":
            final CompareRequest compareRequest = new CompareRequest();
            compareRequest.setDn(l.getValidator().getDn());
            compareRequest.setAttribute(new LdapAttribute(l.getValidator().getAttributeName(), l.getValidator().getAttributeValues().toArray(new String[] {})));
            compareRequest.setReferralHandler(new SearchReferralHandler());
            cp.setValidator(new CompareValidator(compareRequest));
            break;
        case "none":
            LOGGER.debug("No validator is configured for the LDAP connection pool of [{}]", l.getLdapUrl());
            break;
        case "search":
        default:
            final SearchRequest searchRequest = new SearchRequest();
            searchRequest.setBaseDn(l.getValidator().getBaseDn());
            searchRequest.setSearchFilter(new SearchFilter(l.getValidator().getSearchFilter()));
            searchRequest.setReturnAttributes(ReturnAttributes.NONE.value());
            searchRequest.setSearchScope(l.getValidator().getScope());
            searchRequest.setSizeLimit(1L);
            searchRequest.setReferralHandler(new SearchReferralHandler());
            cp.setValidator(new SearchValidator(searchRequest));
            break;
    }
    cp.setFailFastInitialize(l.isFailFast());
    if (StringUtils.isNotBlank(l.getPoolPassivator())) {
        final AbstractLdapProperties.LdapConnectionPoolPassivator pass = AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(l.getPoolPassivator().toUpperCase());
        switch(pass) {
            case CLOSE:
                cp.setPassivator(new ClosePassivator());
                break;
            case BIND:
                final BindRequest bindRequest = new BindRequest();
                bindRequest.setDn(l.getBindDn());
                bindRequest.setCredential(new Credential(l.getBindCredential()));
                cp.setPassivator(new BindPassivator(bindRequest));
                break;
            default:
                break;
        }
    }
    LOGGER.debug("Initializing ldap connection pool for [{}] and bindDn [{}]", l.getLdapUrl(), l.getBindDn());
    cp.initialize();
    return cp;
}
Also used : DefaultConnectionFactory(org.ldaptive.DefaultConnectionFactory) IdlePruneStrategy(org.ldaptive.pool.IdlePruneStrategy) SearchRequest(org.ldaptive.SearchRequest) MongoCredential(com.mongodb.MongoCredential) Credential(org.ldaptive.Credential) ClosePassivator(org.ldaptive.pool.ClosePassivator) BindRequest(org.ldaptive.BindRequest) BlockingConnectionPool(org.ldaptive.pool.BlockingConnectionPool) SearchFilter(org.ldaptive.SearchFilter) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) CompareRequest(org.ldaptive.CompareRequest) SearchValidator(org.ldaptive.pool.SearchValidator) CompareValidator(org.ldaptive.pool.CompareValidator) BindPassivator(org.ldaptive.pool.BindPassivator) LdapAttribute(org.ldaptive.LdapAttribute) PoolConfig(org.ldaptive.pool.PoolConfig) SearchReferralHandler(org.ldaptive.referral.SearchReferralHandler)

Example 2 with Credential

use of org.ldaptive.Credential in project cas by apereo.

the class LdapUtils method executePasswordModifyOperation.

/**
     * Execute a password modify operation.
     *
     * @param currentDn         the current dn
     * @param connectionFactory the connection factory
     * @param oldPassword       the old password
     * @param newPassword       the new password
     * @param type              the type
     * @return true /false
     */
public static boolean executePasswordModifyOperation(final String currentDn, final ConnectionFactory connectionFactory, final String oldPassword, final String newPassword, final AbstractLdapProperties.LdapType type) {
    try (Connection modifyConnection = createConnection(connectionFactory)) {
        if (!modifyConnection.getConnectionConfig().getUseSSL() && !modifyConnection.getConnectionConfig().getUseStartTLS()) {
            LOGGER.warn("Executing password modification op under a non-secure LDAP connection; " + "To modify password attributes, the connection to the LDAP server SHOULD be secured and/or encrypted.");
        }
        if (type == AbstractLdapProperties.LdapType.AD) {
            LOGGER.debug("Executing password modification op for active directory based on " + "[https://support.microsoft.com/en-us/kb/269190]");
            final ModifyOperation operation = new ModifyOperation(modifyConnection);
            final Response response = operation.execute(new ModifyRequest(currentDn, new AttributeModification(AttributeModificationType.REPLACE, new UnicodePwdAttribute(newPassword))));
            LOGGER.debug("Result code [{}], message: [{}]", response.getResult(), response.getMessage());
            return response.getResultCode() == ResultCode.SUCCESS;
        }
        LOGGER.debug("Executing password modification op for generic LDAP");
        final PasswordModifyOperation operation = new PasswordModifyOperation(modifyConnection);
        final Response response = operation.execute(new PasswordModifyRequest(currentDn, StringUtils.isNotBlank(oldPassword) ? new Credential(oldPassword) : null, new Credential(newPassword)));
        LOGGER.debug("Result code [{}], message: [{}]", response.getResult(), response.getMessage());
        return response.getResultCode() == ResultCode.SUCCESS;
    } catch (final LdapException e) {
        LOGGER.error(e.getMessage(), e);
    }
    return false;
}
Also used : Response(org.ldaptive.Response) PasswordModifyOperation(org.ldaptive.extended.PasswordModifyOperation) Credential(org.ldaptive.Credential) UnicodePwdAttribute(org.ldaptive.ad.UnicodePwdAttribute) AttributeModification(org.ldaptive.AttributeModification) PasswordModifyRequest(org.ldaptive.extended.PasswordModifyRequest) Connection(org.ldaptive.Connection) ModifyOperation(org.ldaptive.ModifyOperation) PasswordModifyOperation(org.ldaptive.extended.PasswordModifyOperation) PasswordModifyRequest(org.ldaptive.extended.PasswordModifyRequest) ModifyRequest(org.ldaptive.ModifyRequest) LdapException(org.ldaptive.LdapException)

Example 3 with Credential

use of org.ldaptive.Credential in project cas by apereo.

the class Beans method newLdaptiveConnectionConfig.

/**
     * New connection config connection config.
     *
     * @param l the ldap properties
     * @return the connection config
     */
public static ConnectionConfig newLdaptiveConnectionConfig(final AbstractLdapProperties l) {
    if (StringUtils.isBlank(l.getLdapUrl())) {
        throw new IllegalArgumentException("LDAP url cannot be empty/blank");
    }
    LOGGER.debug("Creating LDAP connection configuration for [{}]", l.getLdapUrl());
    final ConnectionConfig cc = new ConnectionConfig();
    final String urls = l.getLdapUrl().contains(" ") ? l.getLdapUrl() : Arrays.stream(l.getLdapUrl().split(",")).collect(Collectors.joining(" "));
    LOGGER.debug("Transformed LDAP urls from [{}] to [{}]", l.getLdapUrl(), urls);
    cc.setLdapUrl(urls);
    cc.setUseSSL(l.isUseSsl());
    cc.setUseStartTLS(l.isUseStartTls());
    cc.setConnectTimeout(newDuration(l.getConnectTimeout()));
    cc.setResponseTimeout(newDuration(l.getResponseTimeout()));
    if (StringUtils.isNotBlank(l.getConnectionStrategy())) {
        final AbstractLdapProperties.LdapConnectionStrategy strategy = AbstractLdapProperties.LdapConnectionStrategy.valueOf(l.getConnectionStrategy());
        switch(strategy) {
            case RANDOM:
                cc.setConnectionStrategy(new RandomConnectionStrategy());
                break;
            case DNS_SRV:
                cc.setConnectionStrategy(new DnsSrvConnectionStrategy());
                break;
            case ACTIVE_PASSIVE:
                cc.setConnectionStrategy(new ActivePassiveConnectionStrategy());
                break;
            case ROUND_ROBIN:
                cc.setConnectionStrategy(new RoundRobinConnectionStrategy());
                break;
            case DEFAULT:
            default:
                cc.setConnectionStrategy(new DefaultConnectionStrategy());
                break;
        }
    }
    if (l.getTrustCertificates() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via trust certificates [{}]", l.getTrustCertificates());
        final X509CredentialConfig cfg = new X509CredentialConfig();
        cfg.setTrustCertificates(l.getTrustCertificates());
        cc.setSslConfig(new SslConfig(cfg));
    } else if (l.getKeystore() != null) {
        LOGGER.debug("Creating LDAP SSL configuration via keystore [{}]", l.getKeystore());
        final KeyStoreCredentialConfig cfg = new KeyStoreCredentialConfig();
        cfg.setKeyStore(l.getKeystore());
        cfg.setKeyStorePassword(l.getKeystorePassword());
        cfg.setKeyStoreType(l.getKeystoreType());
        cc.setSslConfig(new SslConfig(cfg));
    } else {
        LOGGER.debug("Creating LDAP SSL configuration via the native JVM truststore");
        cc.setSslConfig(new SslConfig());
    }
    if (l.getSaslMechanism() != null) {
        LOGGER.debug("Creating LDAP SASL mechanism via [{}]", l.getSaslMechanism());
        final BindConnectionInitializer bc = new BindConnectionInitializer();
        final SaslConfig sc;
        switch(l.getSaslMechanism()) {
            case DIGEST_MD5:
                sc = new DigestMd5Config();
                ((DigestMd5Config) sc).setRealm(l.getSaslRealm());
                break;
            case CRAM_MD5:
                sc = new CramMd5Config();
                break;
            case EXTERNAL:
                sc = new ExternalConfig();
                break;
            case GSSAPI:
                sc = new GssApiConfig();
                ((GssApiConfig) sc).setRealm(l.getSaslRealm());
                break;
            default:
                throw new IllegalArgumentException("Unknown SASL mechanism " + l.getSaslMechanism().name());
        }
        sc.setAuthorizationId(l.getSaslAuthorizationId());
        sc.setMutualAuthentication(l.getSaslMutualAuth());
        sc.setQualityOfProtection(l.getSaslQualityOfProtection());
        sc.setSecurityStrength(l.getSaslSecurityStrength());
        bc.setBindSaslConfig(sc);
        cc.setConnectionInitializer(bc);
    } else if (StringUtils.equals(l.getBindCredential(), "*") && StringUtils.equals(l.getBindDn(), "*")) {
        LOGGER.debug("Creating LDAP fast-bind connection initializer");
        cc.setConnectionInitializer(new FastBindOperation.FastBindConnectionInitializer());
    } else if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNotBlank(l.getBindCredential())) {
        LOGGER.debug("Creating LDAP bind connection initializer via [{}]", l.getBindDn());
        cc.setConnectionInitializer(new BindConnectionInitializer(l.getBindDn(), new Credential(l.getBindCredential())));
    }
    return cc;
}
Also used : GssApiConfig(org.ldaptive.sasl.GssApiConfig) ActivePassiveConnectionStrategy(org.ldaptive.ActivePassiveConnectionStrategy) DefaultConnectionStrategy(org.ldaptive.DefaultConnectionStrategy) MongoCredential(com.mongodb.MongoCredential) Credential(org.ldaptive.Credential) SaslConfig(org.ldaptive.sasl.SaslConfig) CramMd5Config(org.ldaptive.sasl.CramMd5Config) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) RandomConnectionStrategy(org.ldaptive.RandomConnectionStrategy) SslConfig(org.ldaptive.ssl.SslConfig) ExternalConfig(org.ldaptive.sasl.ExternalConfig) DnsSrvConnectionStrategy(org.ldaptive.DnsSrvConnectionStrategy) DigestMd5Config(org.ldaptive.sasl.DigestMd5Config) RoundRobinConnectionStrategy(org.ldaptive.RoundRobinConnectionStrategy) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) ConnectionConfig(org.ldaptive.ConnectionConfig)

Aggregations

Credential (org.ldaptive.Credential)3 MongoCredential (com.mongodb.MongoCredential)2 AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)2 ActivePassiveConnectionStrategy (org.ldaptive.ActivePassiveConnectionStrategy)1 AttributeModification (org.ldaptive.AttributeModification)1 BindConnectionInitializer (org.ldaptive.BindConnectionInitializer)1 BindRequest (org.ldaptive.BindRequest)1 CompareRequest (org.ldaptive.CompareRequest)1 Connection (org.ldaptive.Connection)1 ConnectionConfig (org.ldaptive.ConnectionConfig)1 DefaultConnectionFactory (org.ldaptive.DefaultConnectionFactory)1 DefaultConnectionStrategy (org.ldaptive.DefaultConnectionStrategy)1 DnsSrvConnectionStrategy (org.ldaptive.DnsSrvConnectionStrategy)1 LdapAttribute (org.ldaptive.LdapAttribute)1 LdapException (org.ldaptive.LdapException)1 ModifyOperation (org.ldaptive.ModifyOperation)1 ModifyRequest (org.ldaptive.ModifyRequest)1 RandomConnectionStrategy (org.ldaptive.RandomConnectionStrategy)1 Response (org.ldaptive.Response)1 RoundRobinConnectionStrategy (org.ldaptive.RoundRobinConnectionStrategy)1