Example 21 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class CertificateChecker method doHealthCheck.
private static List<HealthRecord> doHealthCheck(final Configuration configuration) {
final List<HealthRecord> returnList = new ArrayList<>();
for (final PwmSetting setting : PwmSetting.values()) {
if (setting.getSyntax() == PwmSettingSyntax.X509CERT && !setting.getCategory().hasProfiles()) {
if (setting != PwmSetting.LDAP_SERVER_CERTS) {
final List<X509Certificate> certs = configuration.readSettingAsCertificate(setting);
returnList.addAll(doHealthCheck(configuration, setting, null, certs));
}
}
}
for (final LdapProfile ldapProfile : configuration.getLdapProfiles().values()) {
final List<X509Certificate> certificates = configuration.getLdapProfiles().get(ldapProfile.getIdentifier()).readSettingAsCertificate(PwmSetting.LDAP_SERVER_CERTS);
returnList.addAll(doHealthCheck(configuration, PwmSetting.LDAP_SERVER_CERTS, ldapProfile.getIdentifier(), certificates));
}
return Collections.unmodifiableList(returnList);
}
Also used :
PwmSetting(password.pwm.config.PwmSetting)
ArrayList(java.util.ArrayList)
LdapProfile(password.pwm.config.profile.LdapProfile)
X509Certificate(java.security.cert.X509Certificate)
Example 22 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class NewUserUtils method createUser.
@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final long startTime = System.currentTimeMillis();
// re-perform verification before proceeding
{
final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
passwordCheckInfoToException(passwordCheckInfo);
}
NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
final PasswordData userPassword;
if (promptForPassword) {
userPassword = newUserForm.getNewUserPassword();
} else {
final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
}
// set up the user creation attributes
final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
// read the creation object classes from configuration
final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
// add the auto-add object classes
{
final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
}
final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
try {
// create the ldap entry
chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
final boolean useTempPw;
{
final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
if ("auto".equalsIgnoreCase(settingValue)) {
useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
} else {
useTempPw = Boolean.parseBoolean(settingValue);
}
}
if (useTempPw) {
NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
final PasswordData temporaryPassword;
{
final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
}
final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
try {
// set password as admin
proxiedUser.setPassword(temporaryPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
try {
// bind as user
NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
bindAsProvider.close();
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
} else {
try {
// set password
theUser.setPassword(userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
}
NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
// write data to remote web service
remoteWriteFormData(pwmRequest, newUserForm);
// authenticate the user to pwm
final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
sessionAuthenticator.authenticateUser(userIdentity, userPassword);
{
// execute configured actions
final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
if (actions != null && !actions.isEmpty()) {
NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
// send user email
sendNewUserEmailConfirmation(pwmRequest);
// add audit record
pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
// increment the new user creation statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
PasswordData(password.pwm.util.PasswordData)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
List(java.util.List)
ArrayList(java.util.ArrayList)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ActionExecutor(password.pwm.util.operations.ActionExecutor)
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
LdapProfile(password.pwm.config.profile.LdapProfile)
ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmSession(password.pwm.http.PwmSession)
Example 23 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class UpdateProfileUtil method determineTokenValidationsRequired.
static Map<String, TokenDestinationItem.Type> determineTokenValidationsRequired(final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean, final UpdateProfileProfile updateProfileProfile) throws PwmUnrecoverableException {
final List<FormConfiguration> formFields = updateProfileProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
final LdapProfile ldapProfile = pwmRequest.getUserInfoIfLoggedIn().getLdapProfile(pwmRequest.getConfig());
final Map<String, TokenDestinationItem.Type> workingMap = new LinkedHashMap<>(FormUtility.identifyFormItemsNeedingPotentialTokenValidation(ldapProfile, formFields));
final Set<TokenDestinationItem.Type> interestedTypes = new HashSet<>();
if (updateProfileProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_EMAIL_VERIFICATION)) {
interestedTypes.add(TokenDestinationItem.Type.email);
}
if (updateProfileProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_SMS_VERIFICATION)) {
interestedTypes.add(TokenDestinationItem.Type.sms);
}
if (!JavaHelper.isEmpty(workingMap)) {
final Map<String, String> ldapData = formDataFromLdap(pwmRequest, updateProfileProfile);
final Map<String, String> updateData = updateProfileBean.getFormData();
for (final Iterator<Map.Entry<String, TokenDestinationItem.Type>> iter = workingMap.entrySet().iterator(); iter.hasNext(); ) {
final Map.Entry<String, TokenDestinationItem.Type> entry = iter.next();
final String attrName = entry.getKey();
final TokenDestinationItem.Type type = entry.getValue();
if (!interestedTypes.contains(type)) {
iter.remove();
} else if (updateData.containsKey(attrName)) {
final String updateValue = updateData.get(attrName);
final String ldapValue = ldapData.get(attrName);
if (StringUtil.nullSafeEqualsIgnoreCase(updateValue, ldapValue)) {
iter.remove();
}
}
}
}
return Collections.unmodifiableMap(workingMap);
}
Also used :
LdapProfile(password.pwm.config.profile.LdapProfile)
TokenDestinationItem(password.pwm.bean.TokenDestinationItem)
LinkedHashMap(java.util.LinkedHashMap)
TokenType(password.pwm.svc.token.TokenType)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 24 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class UpdateProfileUtil method tokenDestinationItemForCurrentValidation.
static TokenDestinationItem tokenDestinationItemForCurrentValidation(final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean, final UpdateProfileProfile updateProfileProfile) {
final List<FormConfiguration> formFields = updateProfileProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
final LdapProfile ldapProfile = pwmRequest.getUserInfoIfLoggedIn().getLdapProfile(pwmRequest.getConfig());
final Map<String, TokenDestinationItem.Type> tokenTypeMap = FormUtility.identifyFormItemsNeedingPotentialTokenValidation(ldapProfile, formFields);
final String value = updateProfileBean.getFormData().get(updateProfileBean.getCurrentTokenField());
final TokenDestinationItem.Type type = tokenTypeMap.get(updateProfileBean.getCurrentTokenField());
return TokenDestinationItem.builder().display(value).id("1").value(value).type(type).build();
}
Also used :
TokenType(password.pwm.svc.token.TokenType)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
LdapProfile(password.pwm.config.profile.LdapProfile)
TokenDestinationItem(password.pwm.bean.TokenDestinationItem)
Example 25 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LdapConnectionService method setLastLdapFailure.
public void setLastLdapFailure(final LdapProfile ldapProfile, final ErrorInformation errorInformation) {
lastLdapErrors.put(ldapProfile, errorInformation);
final HashMap<String, ErrorInformation> outputMap = new HashMap<>();
for (final Map.Entry<LdapProfile, ErrorInformation> entry : lastLdapErrors.entrySet()) {
final LdapProfile loopProfile = entry.getKey();
outputMap.put(loopProfile.getIdentifier(), entry.getValue());
}
final String jsonString = JsonUtil.serialize(outputMap);
pwmApplication.writeAppAttribute(PwmApplication.AppAttribute.LAST_LDAP_ERROR, jsonString);
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
LdapProfile(password.pwm.config.profile.LdapProfile)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Aggregations
LdapProfile (password.pwm.config.profile.LdapProfile)54
ArrayList (java.util.ArrayList)16
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)16
ErrorInformation (password.pwm.error.ErrorInformation)15
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)12
Map (java.util.Map)11
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)10
ChaiUser (com.novell.ldapchai.ChaiUser)9
Configuration (password.pwm.config.Configuration)9
PwmOperationalException (password.pwm.error.PwmOperationalException)9
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)8
LinkedHashMap (java.util.LinkedHashMap)8
List (java.util.List)7
FormConfiguration (password.pwm.config.value.data.FormConfiguration)7
UserIdentity (password.pwm.bean.UserIdentity)6
ChaiException (com.novell.ldapchai.exception.ChaiException)5
ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)5
IOException (java.io.IOException)5
HashSet (java.util.HashSet)5
TreeMap (java.util.TreeMap)5
