Example 1 with SearchResult
use of org.ldaptive.SearchResult in project cas by apereo.
the class LdapUserGraphicalAuthenticationRepository method getGraphics.
@Override
public ByteSource getGraphics(final String username) {
try {
final GraphicalUserAuthenticationProperties gua = casProperties.getAuthn().getGua();
final Response<SearchResult> response = searchForId(username);
if (LdapUtils.containsResultEntry(response)) {
final LdapEntry entry = response.getResult().getEntry();
final LdapAttribute attribute = entry.getAttribute(gua.getLdap().getImageAttribute());
if (attribute != null && attribute.isBinary()) {
return ByteSource.wrap(attribute.getBinaryValue());
}
}
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return ByteSource.empty();
}
Also used :
LdapAttribute(org.ldaptive.LdapAttribute)
SearchResult(org.ldaptive.SearchResult)
LdapEntry(org.ldaptive.LdapEntry)
GraphicalUserAuthenticationProperties(org.apereo.cas.configuration.model.support.gua.GraphicalUserAuthenticationProperties)
LdapException(org.ldaptive.LdapException)
Example 2 with SearchResult
use of org.ldaptive.SearchResult in project cas by apereo.
the class LdaptiveResourceCRLFetcher method fetchCRLFromLdap.
/**
* Downloads a CRL from given LDAP url.
*
* @param r the resource that is the ldap url.
* @return the x 509 cRL
* @throws IOException the exception thrown if resources cant be fetched
* @throws CRLException the exception thrown if resources cant be fetched
* @throws CertificateException if connection to ldap fails, or attribute to get the revocation list is unavailable
*/
protected X509CRL fetchCRLFromLdap(final Object r) throws CertificateException, IOException, CRLException {
try {
final String ldapURL = r.toString();
LOGGER.debug("Fetching CRL from ldap [{}]", ldapURL);
final Response<SearchResult> result = performLdapSearch(ldapURL);
if (result.getResultCode() == ResultCode.SUCCESS) {
final LdapEntry entry = result.getResult().getEntry();
final LdapAttribute attribute = entry.getAttribute(this.certificateAttribute);
if (attribute.isBinary()) {
LOGGER.debug("Located entry [{}]. Retrieving first attribute [{}]", entry, attribute);
return fetchX509CRLFromAttribute(attribute);
} else {
LOGGER.warn("Found certificate attribute [{}] but it is not marked as a binary attribute", this.certificateAttribute);
}
}
LOGGER.debug("Failed to execute the search [{}]", result);
throw new CertificateException("Failed to establish a connection ldap and search.");
} catch (final LdapException e) {
LOGGER.error(e.getMessage(), e);
throw new CertificateException(e.getMessage());
}
}
Also used :
LdapAttribute(org.ldaptive.LdapAttribute)
SearchResult(org.ldaptive.SearchResult)
LdapEntry(org.ldaptive.LdapEntry)
CertificateException(java.security.cert.CertificateException)
LdapException(org.ldaptive.LdapException)
Example 3 with SearchResult
use of org.ldaptive.SearchResult in project cas by apereo.
the class LdapPasswordManagementService method getSecurityQuestions.
@Override
public Map<String, String> getSecurityQuestions(final String username) {
final Map<String, String> set = new LinkedHashMap<>();
try {
final PasswordManagementProperties.Ldap ldap = passwordManagementProperties.getLdap();
final SearchFilter filter = Beans.newLdaptiveSearchFilter(ldap.getUserFilter(), Beans.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, Arrays.asList(username));
LOGGER.debug("Constructed LDAP filter [{}] to locate security questions", filter);
final ConnectionFactory factory = Beans.newLdaptivePooledConnectionFactory(ldap);
final Response<SearchResult> response = LdapUtils.executeSearchOperation(factory, ldap.getBaseDn(), filter);
LOGGER.debug("LDAP response for security questions [{}]", response);
if (LdapUtils.containsResultEntry(response)) {
final LdapEntry entry = response.getResult().getEntry();
LOGGER.debug("Located LDAP entry [{}] in the response", entry);
final Map<String, String> qs = passwordManagementProperties.getLdap().getSecurityQuestionsAttributes();
LOGGER.debug("Security question attributes are defined to be [{}]", qs);
qs.forEach((k, v) -> {
final LdapAttribute q = entry.getAttribute(k);
final LdapAttribute a = entry.getAttribute(v);
if (q != null && a != null && StringUtils.isNotBlank(q.getStringValue()) && StringUtils.isNotBlank(a.getStringValue())) {
LOGGER.debug("Added security question [{}]", q.getStringValue());
set.put(q.getStringValue(), a.getStringValue());
}
});
} else {
LOGGER.debug("LDAP response did not contain a result for security questions");
}
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return set;
}
Also used :
ConnectionFactory(org.ldaptive.ConnectionFactory)
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
LdapAttribute(org.ldaptive.LdapAttribute)
SearchFilter(org.ldaptive.SearchFilter)
SearchResult(org.ldaptive.SearchResult)
LdapEntry(org.ldaptive.LdapEntry)
LinkedHashMap(java.util.LinkedHashMap)
Example 4 with SearchResult
use of org.ldaptive.SearchResult in project cas by apereo.
the class LdapPasswordManagementService method findEmail.
@Override
public String findEmail(final String username) {
try {
final PasswordManagementProperties.Ldap ldap = passwordManagementProperties.getLdap();
final SearchFilter filter = Beans.newLdaptiveSearchFilter(ldap.getUserFilter(), Beans.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, Arrays.asList(username));
LOGGER.debug("Constructed LDAP filter [{}] to locate account email", filter);
final ConnectionFactory factory = Beans.newLdaptivePooledConnectionFactory(ldap);
final Response<SearchResult> response = LdapUtils.executeSearchOperation(factory, ldap.getBaseDn(), filter);
LOGGER.debug("LDAP response to locate account email is [{}]", response);
if (LdapUtils.containsResultEntry(response)) {
final LdapEntry entry = response.getResult().getEntry();
LOGGER.debug("Found LDAP entry [{}] to use for the account email", entry);
final String attributeName = passwordManagementProperties.getReset().getEmailAttribute();
final LdapAttribute attr = entry.getAttribute(attributeName);
if (attr != null) {
final String email = attr.getStringValue();
LOGGER.debug("Found email address [{}] for user [{}]. Validating...", email, username);
if (EmailValidator.getInstance().isValid(email)) {
LOGGER.debug("Email address [{}] matches a valid email address", email);
return email;
} else {
LOGGER.error("Email [{}] is not a valid address", email);
}
} else {
LOGGER.error("Could not locate an LDAP attribute [{}] for [{}] and base DN [{}]", attributeName, filter.format(), ldap.getBaseDn());
}
return null;
} else {
LOGGER.error("Could not locate an LDAP entry for [{}] and base DN [{}]", filter.format(), ldap.getBaseDn());
}
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return null;
}
Also used :
ConnectionFactory(org.ldaptive.ConnectionFactory)
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
LdapAttribute(org.ldaptive.LdapAttribute)
SearchFilter(org.ldaptive.SearchFilter)
SearchResult(org.ldaptive.SearchResult)
LdapEntry(org.ldaptive.LdapEntry)
Example 5 with SearchResult
use of org.ldaptive.SearchResult in project cas by apereo.
the class LdapSpnegoKnownClientSystemsFilterAction method executeSearchForSpnegoAttribute.
/**
* Searches the ldap instance for the attribute value.
*
* @param remoteIp the remote ip
* @return true/false
*/
protected boolean executeSearchForSpnegoAttribute(final String remoteIp) {
Connection connection = null;
final String remoteHostName = getRemoteHostName(remoteIp);
LOGGER.debug("Resolved remote hostname [{}] based on ip [{}]", remoteHostName, remoteIp);
try {
connection = createConnection();
final Operation searchOperation = new SearchOperation(connection);
this.searchRequest.getSearchFilter().setParameter(0, remoteHostName);
LOGGER.debug("Using search filter [{}] on baseDn [{}]", this.searchRequest.getSearchFilter().format(), this.searchRequest.getBaseDn());
final Response<SearchResult> searchResult = searchOperation.execute(this.searchRequest);
if (searchResult.getResultCode() == ResultCode.SUCCESS) {
return processSpnegoAttribute(searchResult);
}
throw new RuntimeException("Failed to establish a connection ldap. " + searchResult.getMessage());
} catch (final LdapException e) {
LOGGER.error(e.getMessage(), e);
throw Throwables.propagate(e);
} finally {
if (connection != null) {
connection.close();
}
}
}
Also used :
SearchOperation(org.ldaptive.SearchOperation)
Connection(org.ldaptive.Connection)
SearchResult(org.ldaptive.SearchResult)
SearchOperation(org.ldaptive.SearchOperation)
Operation(org.ldaptive.Operation)
LdapException(org.ldaptive.LdapException)
Aggregations
SearchResult (org.ldaptive.SearchResult)10
LdapEntry (org.ldaptive.LdapEntry)8
LdapAttribute (org.ldaptive.LdapAttribute)6
LdapException (org.ldaptive.LdapException)6
PasswordManagementProperties (org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)3
ConnectionFactory (org.ldaptive.ConnectionFactory)3
SearchFilter (org.ldaptive.SearchFilter)3
CertificateException (java.security.cert.CertificateException)1
LinkedHashMap (java.util.LinkedHashMap)1
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)1
GraphicalUserAuthenticationProperties (org.apereo.cas.configuration.model.support.gua.GraphicalUserAuthenticationProperties)1
Audit (org.apereo.inspektr.audit.annotation.Audit)1
Connection (org.ldaptive.Connection)1
Operation (org.ldaptive.Operation)1
SearchOperation (org.ldaptive.SearchOperation)1
AccountNotFoundException (org.pac4j.core.exception.AccountNotFoundException)1
