Search in sources :

Example 21 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class DefaultLdapRegisteredServiceMapper method mapFromRegisteredService.

@Override
@SneakyThrows
public LdapEntry mapFromRegisteredService(final String dn, final RegisteredService svc) {
    if (svc.getId() == RegisteredService.INITIAL_IDENTIFIER_VALUE) {
        svc.setId(System.currentTimeMillis());
    }
    final String newDn = getDnForRegisteredService(dn, svc);
    LOGGER.debug("Creating entry DN [{}]", newDn);
    final Collection<LdapAttribute> attrs = new ArrayList<>();
    attrs.add(new LdapAttribute(ldap.getIdAttribute(), String.valueOf(svc.getId())));
    try (StringWriter writer = new StringWriter()) {
        this.jsonSerializer.to(writer, svc);
        attrs.add(new LdapAttribute(ldap.getServiceDefinitionAttribute(), writer.toString()));
        attrs.add(new LdapAttribute(LdapUtils.OBJECT_CLASS_ATTRIBUTE, "top", ldap.getObjectClass()));
    }
    LOGGER.debug("LDAP attributes assigned to the DN [{}] are [{}]", newDn, attrs);
    final LdapEntry entry = new LdapEntry(newDn, attrs);
    LOGGER.debug("Created LDAP entry [{}]", entry);
    return entry;
}
Also used : StringWriter(java.io.StringWriter) LdapAttribute(org.ldaptive.LdapAttribute) ArrayList(java.util.ArrayList) LdapEntry(org.ldaptive.LdapEntry) SneakyThrows(lombok.SneakyThrows)

Example 22 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapAuthenticationHandler method getLdapPrincipalIdentifier.

/**
 * Gets ldap principal identifier. If the principal id attribute is defined, it's retrieved.
 * If no attribute value is found, a warning is generated and the provided username is used instead.
 * If no attribute is defined, username is used instead.
 *
 * @param username  the username
 * @param ldapEntry the ldap entry
 * @return the ldap principal identifier
 * @throws LoginException in case the principal id cannot be determined.
 */
protected String getLdapPrincipalIdentifier(final String username, final LdapEntry ldapEntry) throws LoginException {
    if (StringUtils.isNotBlank(this.principalIdAttribute)) {
        final LdapAttribute principalAttr = ldapEntry.getAttribute(this.principalIdAttribute);
        if (principalAttr == null || principalAttr.size() == 0) {
            if (this.allowMissingPrincipalAttributeValue) {
                LOGGER.warn("The principal id attribute [{}] is not found. CAS cannot construct the final authenticated principal " + "if it's unable to locate the attribute that is designated as the principal id. " + "Attributes available on the LDAP entry are [{}]. Since principal id attribute is not available, CAS will " + "fall back to construct the principal based on the provided user id: [{}]", this.principalIdAttribute, ldapEntry.getAttributes(), username);
                return username;
            }
            LOGGER.error("The principal id attribute [{}] is not found. CAS is configured to disallow missing principal attributes", this.principalIdAttribute);
            throw new LoginException("Principal id attribute is not found for " + principalAttr);
        }
        if (principalAttr.size() > 1) {
            if (!this.allowMultiplePrincipalAttributeValues) {
                throw new LoginException("Multiple principal values are not allowed: " + principalAttr);
            }
            LOGGER.warn("Found multiple values for principal id attribute: [{}]. Using first value=[{}].", principalAttr, principalAttr.getStringValue());
        }
        LOGGER.debug("Retrieved principal id attribute [{}]", principalAttr.getStringValue());
        return principalAttr.getStringValue();
    }
    LOGGER.debug("Principal id attribute is not defined. Using the default provided user id [{}]", username);
    return username;
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException)

Example 23 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapAuthenticationHandler method collectAttributesForLdapEntry.

/**
 * Collect attributes for ldap entry.
 *
 * @param ldapEntry the ldap entry
 * @param username  the username
 * @return the map
 */
protected Map<String, Object> collectAttributesForLdapEntry(final LdapEntry ldapEntry, final String username) {
    final Map<String, Object> attributeMap = new LinkedHashMap<>(this.principalAttributeMap.size());
    LOGGER.debug("The following attributes are requested to be retrieved and mapped: [{}]", attributeMap.keySet());
    this.principalAttributeMap.forEach((key, attributeNames) -> {
        final LdapAttribute attr = ldapEntry.getAttribute(key);
        if (attr != null) {
            LOGGER.debug("Found principal attribute: [{}]", attr);
            final Collection<String> names = (Collection<String>) attributeNames;
            if (names.isEmpty()) {
                LOGGER.debug("Principal attribute [{}] is collected as [{}]", attr, key);
                attributeMap.put(key, CollectionUtils.wrap(attr.getStringValues()));
            } else {
                names.forEach(s -> {
                    LOGGER.debug("Principal attribute [{}] is virtually remapped/renamed to [{}]", attr, s);
                    attributeMap.put(s, CollectionUtils.wrap(attr.getStringValues()));
                });
            }
        } else {
            LOGGER.warn("Requested LDAP attribute [{}] could not be found on the resolved LDAP entry for [{}]", key, ldapEntry.getDn());
        }
    });
    if (this.collectDnAttribute) {
        LOGGER.debug("Recording principal DN attribute as [{}]", this.principalDnAttributeName);
        attributeMap.put(this.principalDnAttributeName, ldapEntry.getDn());
    }
    return attributeMap;
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute) Collection(java.util.Collection) LinkedHashMap(java.util.LinkedHashMap)

Example 24 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapUserGroupsToRolesAuthorizationGenerator method generateAuthorizationForLdapEntry.

@Override
protected CommonProfile generateAuthorizationForLdapEntry(final CommonProfile profile, final LdapEntry userEntry) {
    try {
        LOGGER.debug("Attempting to get roles for user [{}].", userEntry.getDn());
        final Response<SearchResult> response = this.groupSearchExecutor.search(this.connectionFactory, LdapUtils.newLdaptiveSearchFilter(this.groupSearchExecutor.getSearchFilter().getFilter(), LdapUtils.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, CollectionUtils.wrap(userEntry.getDn())));
        LOGGER.debug("LDAP role search response: [{}]", response);
        final SearchResult groupResult = response.getResult();
        for (final LdapEntry entry : groupResult.getEntries()) {
            final LdapAttribute groupAttribute = entry.getAttribute(this.groupAttributeName);
            if (groupAttribute == null) {
                LOGGER.warn("Role attribute not found on entry [{}]", entry);
                continue;
            }
            addProfileRolesFromAttributes(profile, groupAttribute, this.groupPrefix);
        }
    } catch (final Exception e) {
        throw new IllegalArgumentException("LDAP error fetching roles for user.", e);
    }
    return profile;
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute) SearchResult(org.ldaptive.SearchResult) LdapEntry(org.ldaptive.LdapEntry)

Example 25 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapUtils method newLdaptiveBlockingConnectionPool.

/**
 * New blocking connection pool connection pool.
 *
 * @param l the l
 * @return the connection pool
 */
public static ConnectionPool newLdaptiveBlockingConnectionPool(final AbstractLdapProperties l) {
    final DefaultConnectionFactory bindCf = newLdaptiveConnectionFactory(l);
    final PoolConfig pc = newLdaptivePoolConfig(l);
    final BlockingConnectionPool cp = new BlockingConnectionPool(pc, bindCf);
    cp.setBlockWaitTime(Beans.newDuration(l.getBlockWaitTime()));
    cp.setPoolConfig(pc);
    final IdlePruneStrategy strategy = new IdlePruneStrategy();
    strategy.setIdleTime(Beans.newDuration(l.getIdleTime()));
    strategy.setPrunePeriod(Beans.newDuration(l.getPrunePeriod()));
    cp.setPruneStrategy(strategy);
    switch(l.getValidator().getType().trim().toLowerCase()) {
        case "compare":
            final CompareRequest compareRequest = new CompareRequest();
            compareRequest.setDn(l.getValidator().getDn());
            compareRequest.setAttribute(new LdapAttribute(l.getValidator().getAttributeName(), l.getValidator().getAttributeValues().toArray(new String[] {})));
            compareRequest.setReferralHandler(new SearchReferralHandler());
            cp.setValidator(new CompareValidator(compareRequest));
            break;
        case "none":
            LOGGER.debug("No validator is configured for the LDAP connection pool of [{}]", l.getLdapUrl());
            break;
        case "search":
        default:
            final SearchRequest searchRequest = new SearchRequest();
            searchRequest.setBaseDn(l.getValidator().getBaseDn());
            searchRequest.setSearchFilter(new SearchFilter(l.getValidator().getSearchFilter()));
            searchRequest.setReturnAttributes(ReturnAttributes.NONE.value());
            searchRequest.setSearchScope(SearchScope.valueOf(l.getValidator().getScope()));
            searchRequest.setSizeLimit(1L);
            searchRequest.setReferralHandler(new SearchReferralHandler());
            cp.setValidator(new SearchValidator(searchRequest));
            break;
    }
    cp.setFailFastInitialize(l.isFailFast());
    if (StringUtils.isNotBlank(l.getPoolPassivator())) {
        final AbstractLdapProperties.LdapConnectionPoolPassivator pass = AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(l.getPoolPassivator().toUpperCase());
        switch(pass) {
            case CLOSE:
                cp.setPassivator(new ClosePassivator());
                LOGGER.debug("Created [{}] passivator for [{}]", l.getPoolPassivator(), l.getLdapUrl());
                break;
            case BIND:
                if (StringUtils.isNotBlank(l.getBindDn()) && StringUtils.isNoneBlank(l.getBindCredential())) {
                    final BindRequest bindRequest = new BindRequest();
                    bindRequest.setDn(l.getBindDn());
                    bindRequest.setCredential(new Credential(l.getBindCredential()));
                    cp.setPassivator(new BindPassivator(bindRequest));
                    LOGGER.debug("Created [{}] passivator for [{}]", l.getPoolPassivator(), l.getLdapUrl());
                } else {
                    final List values = Arrays.stream(AbstractLdapProperties.LdapConnectionPoolPassivator.values()).filter(v -> v != AbstractLdapProperties.LdapConnectionPoolPassivator.BIND).collect(Collectors.toList());
                    LOGGER.warn("[{}] pool passivator could not be created for [{}] given bind credentials are not specified. " + "If you are dealing with LDAP in such a way that does not require bind credentials, you may need to " + "set the pool passivator setting to one of [{}]", l.getPoolPassivator(), l.getLdapUrl(), values);
                }
                break;
            default:
                break;
        }
    }
    LOGGER.debug("Initializing ldap connection pool for [{}] and bindDn [{}]", l.getLdapUrl(), l.getBindDn());
    cp.initialize();
    return cp;
}
Also used : Arrays(java.util.Arrays) ConnectionFactory(org.ldaptive.ConnectionFactory) SearchOperation(org.ldaptive.SearchOperation) AddRequest(org.ldaptive.AddRequest) ExternalConfig(org.ldaptive.sasl.ExternalConfig) StringUtils(org.apache.commons.lang3.StringUtils) SearchEntryHandler(org.ldaptive.handler.SearchEntryHandler) ClassUtils(org.apache.commons.lang3.ClassUtils) ActivePassiveConnectionStrategy(org.ldaptive.ActivePassiveConnectionStrategy) FormatDnResolver(org.ldaptive.auth.FormatDnResolver) Map(java.util.Map) AbstractLdapAuthenticationProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties) PasswordPolicyControl(org.ldaptive.control.PasswordPolicyControl) ConnectionConfig(org.ldaptive.ConnectionConfig) BindPassivator(org.ldaptive.pool.BindPassivator) SaslConfig(org.ldaptive.sasl.SaslConfig) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) ModifyRequest(org.ldaptive.ModifyRequest) BlockingConnectionPool(org.ldaptive.pool.BlockingConnectionPool) Set(java.util.Set) PasswordModifyOperation(org.ldaptive.extended.PasswordModifyOperation) DnsSrvConnectionStrategy(org.ldaptive.DnsSrvConnectionStrategy) SearchScope(org.ldaptive.SearchScope) Response(org.ldaptive.Response) StandardCharsets(java.nio.charset.StandardCharsets) Slf4j(lombok.extern.slf4j.Slf4j) AddOperation(org.ldaptive.AddOperation) LdapAttribute(org.ldaptive.LdapAttribute) LdapEntry(org.ldaptive.LdapEntry) CramMd5Config(org.ldaptive.sasl.CramMd5Config) ObjectGuidHandler(org.ldaptive.ad.handler.ObjectGuidHandler) SearchFilter(org.ldaptive.SearchFilter) RangeEntryHandler(org.ldaptive.ad.handler.RangeEntryHandler) ArrayList(java.util.ArrayList) UtilityClass(lombok.experimental.UtilityClass) IdlePruneStrategy(org.ldaptive.pool.IdlePruneStrategy) ModifyOperation(org.ldaptive.ModifyOperation) SearchResult(org.ldaptive.SearchResult) SearchValidator(org.ldaptive.pool.SearchValidator) CompareRequest(org.ldaptive.CompareRequest) AttributeModification(org.ldaptive.AttributeModification) SearchRequest(org.ldaptive.SearchRequest) DefaultConnectionFactory(org.ldaptive.DefaultConnectionFactory) RoundRobinConnectionStrategy(org.ldaptive.RoundRobinConnectionStrategy) Mechanism(org.ldaptive.sasl.Mechanism) CaseChangeEntryHandler(org.ldaptive.handler.CaseChangeEntryHandler) KeyStoreCredentialConfig(org.ldaptive.ssl.KeyStoreCredentialConfig) LdapException(org.ldaptive.LdapException) SearchExecutor(org.ldaptive.SearchExecutor) ClosePassivator(org.ldaptive.pool.ClosePassivator) PooledSearchDnResolver(org.ldaptive.auth.PooledSearchDnResolver) UnicodePwdAttribute(org.ldaptive.ad.UnicodePwdAttribute) URL(java.net.URL) AttributeModificationType(org.ldaptive.AttributeModificationType) Beans(org.apereo.cas.configuration.support.Beans) PooledBindAuthenticationHandler(org.ldaptive.auth.PooledBindAuthenticationHandler) ConnectionPool(org.ldaptive.pool.ConnectionPool) DerefAliases(org.ldaptive.DerefAliases) SearchReferralHandler(org.ldaptive.referral.SearchReferralHandler) PasswordModifyRequest(org.ldaptive.extended.PasswordModifyRequest) DigestMd5Config(org.ldaptive.sasl.DigestMd5Config) URI(java.net.URI) DeleteRequest(org.ldaptive.DeleteRequest) PooledCompareAuthenticationHandler(org.ldaptive.auth.PooledCompareAuthenticationHandler) SslConfig(org.ldaptive.ssl.SslConfig) PoolConfig(org.ldaptive.pool.PoolConfig) PrimaryGroupIdHandler(org.ldaptive.ad.handler.PrimaryGroupIdHandler) X509CredentialConfig(org.ldaptive.ssl.X509CredentialConfig) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) Collectors(java.util.stream.Collectors) DnAttributeEntryHandler(org.ldaptive.handler.DnAttributeEntryHandler) List(java.util.List) DeleteOperation(org.ldaptive.DeleteOperation) CompareValidator(org.ldaptive.pool.CompareValidator) BindRequest(org.ldaptive.BindRequest) IntStream(java.util.stream.IntStream) Provider(org.ldaptive.provider.Provider) ReturnAttributes(org.ldaptive.ReturnAttributes) DefaultConnectionStrategy(org.ldaptive.DefaultConnectionStrategy) HashSet(java.util.HashSet) EntryResolver(org.ldaptive.auth.EntryResolver) QualityOfProtection(org.ldaptive.sasl.QualityOfProtection) ModifyReferralHandler(org.ldaptive.referral.ModifyReferralHandler) RecursiveEntryHandler(org.ldaptive.handler.RecursiveEntryHandler) PooledSearchEntryResolver(org.ldaptive.auth.PooledSearchEntryResolver) RandomConnectionStrategy(org.ldaptive.RandomConnectionStrategy) ObjectSidHandler(org.ldaptive.ad.handler.ObjectSidHandler) ResultCode(org.ldaptive.ResultCode) FastBindOperation(org.ldaptive.ad.extended.FastBindOperation) GssApiConfig(org.ldaptive.sasl.GssApiConfig) Connection(org.ldaptive.Connection) Authenticator(org.ldaptive.auth.Authenticator) DeleteReferralHandler(org.ldaptive.referral.DeleteReferralHandler) Credential(org.ldaptive.Credential) MergeAttributeEntryHandler(org.ldaptive.handler.MergeAttributeEntryHandler) NumberUtils(org.apache.commons.lang3.math.NumberUtils) PooledConnectionFactory(org.ldaptive.pool.PooledConnectionFactory) SecurityStrength(org.ldaptive.sasl.SecurityStrength) DefaultConnectionFactory(org.ldaptive.DefaultConnectionFactory) IdlePruneStrategy(org.ldaptive.pool.IdlePruneStrategy) SearchRequest(org.ldaptive.SearchRequest) Credential(org.ldaptive.Credential) ClosePassivator(org.ldaptive.pool.ClosePassivator) BindRequest(org.ldaptive.BindRequest) BlockingConnectionPool(org.ldaptive.pool.BlockingConnectionPool) SearchFilter(org.ldaptive.SearchFilter) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) CompareRequest(org.ldaptive.CompareRequest) SearchValidator(org.ldaptive.pool.SearchValidator) CompareValidator(org.ldaptive.pool.CompareValidator) BindPassivator(org.ldaptive.pool.BindPassivator) LdapAttribute(org.ldaptive.LdapAttribute) PoolConfig(org.ldaptive.pool.PoolConfig) ArrayList(java.util.ArrayList) List(java.util.List) SearchReferralHandler(org.ldaptive.referral.SearchReferralHandler)

Aggregations

LdapAttribute (org.ldaptive.LdapAttribute)27 LdapEntry (org.ldaptive.LdapEntry)18 SearchResult (org.ldaptive.SearchResult)11 SearchFilter (org.ldaptive.SearchFilter)7 ArrayList (java.util.ArrayList)6 ConnectionFactory (org.ldaptive.ConnectionFactory)5 LinkedHashMap (java.util.LinkedHashMap)4 PasswordManagementProperties (org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)4 MessageDescriptor (org.apereo.cas.authentication.MessageDescriptor)3 AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)3 Test (org.junit.Test)3 BindRequest (org.ldaptive.BindRequest)3 CompareRequest (org.ldaptive.CompareRequest)3 LdapException (org.ldaptive.LdapException)3 URI (java.net.URI)2 URL (java.net.URL)2 StandardCharsets (java.nio.charset.StandardCharsets)2 Arrays (java.util.Arrays)2 HashSet (java.util.HashSet)2 List (java.util.List)2