Example 1 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LDAPStatusChecker method healthForNewConfiguration.
public static HealthData healthForNewConfiguration(final PwmApplication pwmApplication, final Configuration config, final Locale locale, final String profileID, final boolean testContextless, final boolean fullTest) throws PwmUnrecoverableException {
final PwmApplication tempApplication = new PwmApplication(pwmApplication.getPwmEnvironment().makeRuntimeInstance(config));
final LDAPStatusChecker ldapStatusChecker = new LDAPStatusChecker();
final List<HealthRecord> profileRecords = new ArrayList<>();
final LdapProfile ldapProfile = config.getLdapProfiles().get(profileID);
profileRecords.addAll(ldapStatusChecker.checkBasicLdapConnectivity(tempApplication, config, ldapProfile, testContextless));
if (fullTest) {
profileRecords.addAll(ldapStatusChecker.checkLdapServerUrls(pwmApplication, config, ldapProfile));
}
if (profileRecords.isEmpty()) {
profileRecords.add(HealthRecord.forMessage(HealthMessage.LDAP_OK));
}
if (fullTest) {
profileRecords.addAll(ldapStatusChecker.doLdapTestUserCheck(config, ldapProfile, tempApplication));
}
return HealthRecord.asHealthDataBean(config, locale, profileRecords);
}
Also used :
PwmApplication(password.pwm.PwmApplication)
ArrayList(java.util.ArrayList)
LdapProfile(password.pwm.config.profile.LdapProfile)
Example 2 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class ConfigurationChecker method passwordStrengthChecks.
private List<HealthRecord> passwordStrengthChecks(final Configuration config, final Locale locale) {
final List<HealthRecord> records = new ArrayList<>();
for (final PwmSetting setting : PwmSetting.values()) {
if (setting.getSyntax() == PwmSettingSyntax.PASSWORD) {
if (!setting.getCategory().hasProfiles()) {
if (!config.isDefaultValue(setting)) {
try {
final PasswordData passwordValue = config.readSettingAsPassword(setting);
final int strength = PasswordUtility.judgePasswordStrength(config, passwordValue.getStringValue());
if (strength < 50) {
records.add(HealthRecord.forMessage(HealthMessage.Config_WeakPassword, setting.toMenuLocationDebug(null, locale), String.valueOf(strength)));
}
} catch (Exception e) {
LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error while inspecting setting " + setting.toMenuLocationDebug(null, locale) + ", error: " + e.getMessage());
}
}
}
}
}
for (final LdapProfile profile : config.getLdapProfiles().values()) {
final PwmSetting setting = PwmSetting.LDAP_PROXY_USER_PASSWORD;
try {
final PasswordData passwordValue = profile.readSettingAsPassword(setting);
final int strength = PasswordUtility.judgePasswordStrength(config, passwordValue == null ? null : passwordValue.getStringValue());
if (strength < 50) {
records.add(HealthRecord.forMessage(HealthMessage.Config_WeakPassword, setting.toMenuLocationDebug(profile.getIdentifier(), locale), String.valueOf(strength)));
}
} catch (PwmException e) {
LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error while inspecting setting " + setting.toMenuLocationDebug(profile.getIdentifier(), locale) + ", error: " + e.getMessage());
}
}
return records;
}
Also used :
PwmSetting(password.pwm.config.PwmSetting)
PwmException(password.pwm.error.PwmException)
PasswordData(password.pwm.util.PasswordData)
ArrayList(java.util.ArrayList)
LdapProfile(password.pwm.config.profile.LdapProfile)
URISyntaxException(java.net.URISyntaxException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
Example 3 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LdapOperationsHelper method readLdapGuidValue.
public static String readLdapGuidValue(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity, final boolean throwExceptionOnError) throws ChaiUnavailableException, PwmUnrecoverableException {
final boolean enableCache = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.LDAP_CACHE_USER_GUID_ENABLE));
final CacheKey cacheKey = CacheKey.makeCacheKey(LdapOperationsHelper.class, null, "guidValue-" + userIdentity.toDelimitedKey());
if (enableCache) {
final String cachedValue = pwmApplication.getCacheService().get(cacheKey);
if (cachedValue != null) {
return NULL_CACHE_GUID.equals(cachedValue) ? null : cachedValue;
}
}
final String existingValue = GUIDHelper.readExistingGuidValue(pwmApplication, sessionLabel, userIdentity, throwExceptionOnError);
final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get(userIdentity.getLdapProfileID());
final String guidAttributeName = ldapProfile.readSettingAsString(PwmSetting.LDAP_GUID_ATTRIBUTE);
if (StringUtil.isEmpty(existingValue)) {
if (!"DN".equalsIgnoreCase(guidAttributeName) && !"VENDORGUID".equalsIgnoreCase(guidAttributeName)) {
if (ldapProfile.readSettingAsBoolean(PwmSetting.LDAP_GUID_AUTO_ADD)) {
LOGGER.trace("assigning new GUID to user " + userIdentity);
return GUIDHelper.assignGuidToUser(pwmApplication, sessionLabel, userIdentity, guidAttributeName);
}
}
final String errorMsg = "unable to resolve GUID value for user " + userIdentity.toString();
GUIDHelper.processError(errorMsg, throwExceptionOnError);
}
if (enableCache) {
final long cacheSeconds = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.LDAP_CACHE_USER_GUID_SECONDS));
final CachePolicy cachePolicy = CachePolicy.makePolicyWithExpiration(new TimeDuration(cacheSeconds, TimeUnit.SECONDS));
final String cacheValue = existingValue == null ? NULL_CACHE_GUID : existingValue;
pwmApplication.getCacheService().put(cacheKey, cachePolicy, cacheValue);
}
return existingValue;
}
Also used :
CachePolicy(password.pwm.svc.cache.CachePolicy)
TimeDuration(password.pwm.util.java.TimeDuration)
LdapProfile(password.pwm.config.profile.LdapProfile)
CacheKey(password.pwm.svc.cache.CacheKey)
Example 4 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LdapOperationsHelper method addConfiguredUserObjectClass.
public static void addConfiguredUserObjectClass(final SessionLabel sessionLabel, final UserIdentity userIdentity, final PwmApplication pwmApplication) throws ChaiUnavailableException, PwmUnrecoverableException {
final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get(userIdentity.getLdapProfileID());
final Set<String> newObjClasses = new HashSet<>(ldapProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
if (newObjClasses.isEmpty()) {
return;
}
final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID());
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
addUserObjectClass(sessionLabel, theUser, newObjClasses);
}
Also used :
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiUser(com.novell.ldapchai.ChaiUser)
LdapProfile(password.pwm.config.profile.LdapProfile)
HashSet(java.util.HashSet)
Example 5 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LdapOperationsHelper method updateLastPasswordUpdateAttribute.
/**
* Update the user's "lastUpdated" attribute. By default this is
* "pwmLastUpdate" attribute
*
* @param userIdentity ldap user to operate on
* @return true if successful;
* @throws com.novell.ldapchai.exception.ChaiUnavailableException if the
* directory is unavailable
*/
public static boolean updateLastPasswordUpdateAttribute(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final UserIdentity userIdentity) throws ChaiUnavailableException, PwmUnrecoverableException {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
boolean success = false;
final LdapProfile ldapProfile = pwmApplication.getConfig().getLdapProfiles().get(userIdentity.getLdapProfileID());
final String updateAttribute = ldapProfile.readSettingAsString(PwmSetting.PASSWORD_LAST_UPDATE_ATTRIBUTE);
if (updateAttribute != null && updateAttribute.length() > 0) {
try {
theUser.writeDateAttribute(updateAttribute, Instant.now());
LOGGER.debug(sessionLabel, "wrote pwdLastModified update attribute for " + theUser.getEntryDN());
success = true;
} catch (ChaiOperationException e) {
LOGGER.debug(sessionLabel, "error writing update attribute for user '" + theUser.getEntryDN() + "' " + e.getMessage());
}
}
return success;
}
Also used :
ChaiUser(com.novell.ldapchai.ChaiUser)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
LdapProfile(password.pwm.config.profile.LdapProfile)
Aggregations
LdapProfile (password.pwm.config.profile.LdapProfile)54
ArrayList (java.util.ArrayList)16
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)16
ErrorInformation (password.pwm.error.ErrorInformation)15
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)12
Map (java.util.Map)11
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)10
ChaiUser (com.novell.ldapchai.ChaiUser)9
Configuration (password.pwm.config.Configuration)9
PwmOperationalException (password.pwm.error.PwmOperationalException)9
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)8
LinkedHashMap (java.util.LinkedHashMap)8
List (java.util.List)7
FormConfiguration (password.pwm.config.value.data.FormConfiguration)7
UserIdentity (password.pwm.bean.UserIdentity)6
ChaiException (com.novell.ldapchai.exception.ChaiException)5
ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)5
IOException (java.io.IOException)5
HashSet (java.util.HashSet)5
TreeMap (java.util.TreeMap)5
