Example 51 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class ConfigurationChecker method doHealthCheck.
public List<HealthRecord> doHealthCheck(final Configuration config, final Locale locale) {
final List<HealthRecord> records = new ArrayList<>();
if (config.readSettingAsBoolean(PwmSetting.HIDE_CONFIGURATION_HEALTH_WARNINGS)) {
return records;
}
records.addAll(allChecks(config, locale));
final String siteUrl = config.readSettingAsString(PwmSetting.PWM_SITE_URL);
final String separator = LocaleHelper.getLocalizedMessage(locale, Config.Display_SettingNavigationSeparator, null);
try {
if (siteUrl == null || siteUrl.isEmpty() || siteUrl.equals(PwmSetting.PWM_SITE_URL.getDefaultValue(config.getTemplate()).toNativeObject())) {
records.add(HealthRecord.forMessage(HealthMessage.Config_NoSiteURL, PwmSetting.PWM_SITE_URL.toMenuLocationDebug(null, locale)));
}
} catch (PwmException e) {
LOGGER.error(SessionLabel.HEALTH_SESSION_LABEL, "error while inspecting site URL setting: " + e.getMessage());
}
if (config.readSettingAsBoolean(PwmSetting.LDAP_ENABLE_WIRE_TRACE)) {
records.add(HealthRecord.forMessage(HealthMessage.Config_LDAPWireTrace, PwmSetting.LDAP_ENABLE_WIRE_TRACE.toMenuLocationDebug(null, locale)));
}
if (Boolean.parseBoolean(config.readAppProperty(AppProperty.LDAP_PROMISCUOUS_ENABLE))) {
final String appPropertyKey = "AppProperty" + separator + AppProperty.LDAP_PROMISCUOUS_ENABLE.getKey();
records.add(HealthRecord.forMessage(HealthMessage.Config_PromiscuousLDAP, appPropertyKey));
}
if (config.readSettingAsBoolean(PwmSetting.DISPLAY_SHOW_DETAILED_ERRORS)) {
records.add(HealthRecord.forMessage(HealthMessage.Config_ShowDetailedErrors, PwmSetting.DISPLAY_SHOW_DETAILED_ERRORS.toMenuLocationDebug(null, locale)));
}
for (final LdapProfile ldapProfile : config.getLdapProfiles().values()) {
final String testUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
if (testUserDN == null || testUserDN.length() < 1) {
records.add(HealthRecord.forMessage(HealthMessage.Config_AddTestUser, PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(ldapProfile.getIdentifier(), locale)));
}
}
for (final LdapProfile ldapProfile : config.getLdapProfiles().values()) {
final List<String> ldapServerURLs = ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_SERVER_URLS);
if (ldapServerURLs != null && !ldapServerURLs.isEmpty()) {
for (final String urlStringValue : ldapServerURLs) {
try {
final URI url = new URI(urlStringValue);
final boolean secure = "ldaps".equalsIgnoreCase(url.getScheme());
if (!secure) {
records.add(HealthRecord.forMessage(HealthMessage.Config_LDAPUnsecure, PwmSetting.LDAP_SERVER_URLS.toMenuLocationDebug(ldapProfile.getIdentifier(), locale)));
}
} catch (URISyntaxException e) {
records.add(HealthRecord.forMessage(HealthMessage.Config_ParseError, e.getMessage(), PwmSetting.LDAP_SERVER_URLS.toMenuLocationDebug(ldapProfile.getIdentifier(), locale), urlStringValue));
}
}
}
}
records.addAll(passwordStrengthChecks(config, locale));
return records;
}
Also used :
PwmException(password.pwm.error.PwmException)
ArrayList(java.util.ArrayList)
URISyntaxException(java.net.URISyntaxException)
LdapProfile(password.pwm.config.profile.LdapProfile)
URI(java.net.URI)
Example 52 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class ConfigGuideServlet method restLdapHealth.
@ActionHandler(action = "ldapHealth")
private ProcessStatus restLdapHealth(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException {
final ConfigGuideBean configGuideBean = getBean(pwmRequest);
final StoredConfigurationImpl storedConfigurationImpl = ConfigGuideForm.generateStoredConfig(configGuideBean);
final Configuration tempConfiguration = new Configuration(storedConfigurationImpl);
final PwmApplication tempApplication = new PwmApplication(pwmRequest.getPwmApplication().getPwmEnvironment().makeRuntimeInstance(tempConfiguration));
final LDAPStatusChecker ldapStatusChecker = new LDAPStatusChecker();
final List<HealthRecord> records = new ArrayList<>();
final LdapProfile ldapProfile = tempConfiguration.getDefaultLdapProfile();
switch(configGuideBean.getStep()) {
case LDAP_SERVER:
{
try {
ConfigGuideUtils.checkLdapServer(configGuideBean);
records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
} catch (Exception e) {
records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Can not connect to remote server: " + e.getMessage()));
}
}
break;
case LDAP_PROXY:
{
records.addAll(ldapStatusChecker.checkBasicLdapConnectivity(tempApplication, tempConfiguration, ldapProfile, false));
if (records.isEmpty()) {
records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
}
}
break;
case LDAP_CONTEXT:
{
records.addAll(ldapStatusChecker.checkBasicLdapConnectivity(tempApplication, tempConfiguration, ldapProfile, true));
if (records.isEmpty()) {
records.add(new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "LDAP Contextless Login Root validated"));
}
}
break;
case LDAP_ADMINS:
{
try {
final UserMatchViewerFunction userMatchViewerFunction = new UserMatchViewerFunction();
final Collection<UserIdentity> results = userMatchViewerFunction.discoverMatchingUsers(pwmRequest.getPwmApplication(), 2, storedConfigurationImpl, PwmSetting.QUERY_MATCH_PWM_ADMIN, null);
if (results.isEmpty()) {
records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "No matching admin users"));
} else {
records.add(new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "Admin group validated"));
}
} catch (PwmException e) {
records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Error during admin group validation: " + e.getErrorInformation().toDebugStr()));
} catch (Exception e) {
records.add(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Error during admin group validation: " + e.getMessage()));
}
}
break;
case LDAP_TESTUSER:
{
final String testUserValue = configGuideBean.getFormData().get(ConfigGuideFormField.PARAM_LDAP_TEST_USER);
if (testUserValue != null && !testUserValue.isEmpty()) {
records.addAll(ldapStatusChecker.checkBasicLdapConnectivity(tempApplication, tempConfiguration, ldapProfile, false));
records.addAll(ldapStatusChecker.doLdapTestUserCheck(tempConfiguration, ldapProfile, tempApplication));
} else {
records.add(new HealthRecord(HealthStatus.CAUTION, HealthTopic.LDAP, "No test user specified"));
}
}
break;
case DATABASE:
{
records.addAll(DatabaseStatusChecker.checkNewDatabaseStatus(pwmRequest.getPwmApplication(), tempConfiguration));
}
break;
default:
JavaHelper.unhandledSwitchStatement(configGuideBean.getStep());
}
final HealthData jsonOutput = new HealthData();
jsonOutput.records = password.pwm.ws.server.rest.bean.HealthRecord.fromHealthRecords(records, pwmRequest.getLocale(), tempConfiguration);
jsonOutput.timestamp = Instant.now();
jsonOutput.overall = HealthMonitor.getMostSevereHealthStatus(records).toString();
final RestResultBean restResultBean = RestResultBean.withData(jsonOutput);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
HealthData(password.pwm.ws.server.rest.bean.HealthData)
ConfigGuideBean(password.pwm.http.bean.ConfigGuideBean)
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
PwmApplication(password.pwm.PwmApplication)
Configuration(password.pwm.config.Configuration)
UserMatchViewerFunction(password.pwm.config.function.UserMatchViewerFunction)
ArrayList(java.util.ArrayList)
LdapProfile(password.pwm.config.profile.LdapProfile)
ServletException(javax.servlet.ServletException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
PwmException(password.pwm.error.PwmException)
HealthRecord(password.pwm.health.HealthRecord)
Collection(java.util.Collection)
LDAPStatusChecker(password.pwm.health.LDAPStatusChecker)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 53 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class NewUserUtils method determineTokenValidationsRequired.
static Map<String, TokenDestinationItem.Type> determineTokenValidationsRequired(final PwmRequest pwmRequest, final NewUserBean newUserBean, final NewUserProfile newUserProfile) throws PwmUnrecoverableException {
final List<FormConfiguration> formFields = newUserProfile.readSettingAsForm(PwmSetting.NEWUSER_FORM);
final LdapProfile defaultLDAPProfile = pwmRequest.getConfig().getDefaultLdapProfile();
final Map<String, TokenDestinationItem.Type> workingMap = new LinkedHashMap<>(FormUtility.identifyFormItemsNeedingPotentialTokenValidation(defaultLDAPProfile, formFields));
final Set<TokenDestinationItem.Type> interestedTypes = new HashSet<>();
if (newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_EMAIL_VERIFICATION)) {
interestedTypes.add(TokenDestinationItem.Type.email);
}
if (newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_SMS_VERIFICATION)) {
interestedTypes.add(TokenDestinationItem.Type.sms);
}
if (!JavaHelper.isEmpty(workingMap)) {
final Map<String, String> formData = newUserBean.getNewUserForm().getFormData();
for (final Iterator<Map.Entry<String, TokenDestinationItem.Type>> iter = workingMap.entrySet().iterator(); iter.hasNext(); ) {
final Map.Entry<String, TokenDestinationItem.Type> entry = iter.next();
final String attrName = entry.getKey();
final TokenDestinationItem.Type type = entry.getValue();
if (!interestedTypes.contains(type)) {
iter.remove();
}
if (!formData.containsKey(attrName)) {
iter.remove();
}
}
}
return Collections.unmodifiableMap(workingMap);
}
Also used :
LdapProfile(password.pwm.config.profile.LdapProfile)
TokenDestinationItem(password.pwm.bean.TokenDestinationItem)
LinkedHashMap(java.util.LinkedHashMap)
TokenType(password.pwm.svc.token.TokenType)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
Map(java.util.Map)
LinkedHashMap(java.util.LinkedHashMap)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Example 54 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class NewUserUtils method tokenDestinationItemForCurrentValidation.
static TokenDestinationItem tokenDestinationItemForCurrentValidation(final PwmRequest pwmRequest, final NewUserBean newUserBean, final NewUserProfile newUserProfile) throws PwmUnrecoverableException {
if (!newUserBean.isFormPassed()) {
return null;
}
final List<FormConfiguration> formFields = newUserProfile.readSettingAsForm(PwmSetting.NEWUSER_FORM);
final LdapProfile defaultLDAPProfile = pwmRequest.getConfig().getDefaultLdapProfile();
final Map<String, TokenDestinationItem.Type> tokenTypeMap = FormUtility.identifyFormItemsNeedingPotentialTokenValidation(defaultLDAPProfile, formFields);
final String value = newUserBean.getNewUserForm().getFormData().get(newUserBean.getCurrentTokenField());
final TokenDestinationItem.Type type = tokenTypeMap.get(newUserBean.getCurrentTokenField());
return TokenDestinationItem.builder().display(value).id("1").value(value).type(type).build();
}
Also used :
TokenType(password.pwm.svc.token.TokenType)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
LdapProfile(password.pwm.config.profile.LdapProfile)
TokenDestinationItem(password.pwm.bean.TokenDestinationItem)
Aggregations
LdapProfile (password.pwm.config.profile.LdapProfile)54
ArrayList (java.util.ArrayList)16
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)16
ErrorInformation (password.pwm.error.ErrorInformation)15
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)12
Map (java.util.Map)11
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)10
ChaiUser (com.novell.ldapchai.ChaiUser)9
Configuration (password.pwm.config.Configuration)9
PwmOperationalException (password.pwm.error.PwmOperationalException)9
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)8
LinkedHashMap (java.util.LinkedHashMap)8
List (java.util.List)7
FormConfiguration (password.pwm.config.value.data.FormConfiguration)7
UserIdentity (password.pwm.bean.UserIdentity)6
ChaiException (com.novell.ldapchai.exception.ChaiException)5
ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)5
IOException (java.io.IOException)5
HashSet (java.util.HashSet)5
TreeMap (java.util.TreeMap)5
