Example 36 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class UserSearchEngine method createExecutor.
private static ThreadPoolExecutor createExecutor(final PwmApplication pwmApplication) {
final Configuration configuration = pwmApplication.getConfig();
final boolean enabled = Boolean.parseBoolean(configuration.readAppProperty(AppProperty.LDAP_SEARCH_PARALLEL_ENABLE));
if (!enabled) {
return null;
}
final int endPoints;
{
int counter = 0;
for (final LdapProfile ldapProfile : configuration.getLdapProfiles().values()) {
final List<String> rootContexts = ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_CONTEXTLESS_ROOT);
counter += rootContexts.size();
}
endPoints = counter;
}
if (endPoints > 1) {
final int factor = Integer.parseInt(configuration.readAppProperty(AppProperty.LDAP_SEARCH_PARALLEL_FACTOR));
final int maxThreads = Integer.parseInt(configuration.readAppProperty(AppProperty.LDAP_SEARCH_PARALLEL_THREAD_MAX));
final int threads = Math.min(maxThreads, (endPoints) * factor);
final ThreadFactory threadFactory = JavaHelper.makePwmThreadFactory(JavaHelper.makeThreadName(pwmApplication, UserSearchEngine.class), true);
return new ThreadPoolExecutor(threads, threads, 1, TimeUnit.MINUTES, new ArrayBlockingQueue<>(threads), threadFactory);
}
return null;
}
Also used :
ThreadFactory(java.util.concurrent.ThreadFactory)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
Configuration(password.pwm.config.Configuration)
List(java.util.List)
ArrayList(java.util.ArrayList)
ThreadPoolExecutor(java.util.concurrent.ThreadPoolExecutor)
LdapProfile(password.pwm.config.profile.LdapProfile)
Example 37 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class UserSearchEngine method performMultiUserSearch.
public Map<UserIdentity, Map<String, String>> performMultiUserSearch(final SearchConfiguration searchConfiguration, final int maxResults, final Collection<String> returnAttributes, final SessionLabel sessionLabel) throws PwmUnrecoverableException, PwmOperationalException {
final Collection<LdapProfile> ldapProfiles;
if (searchConfiguration.getLdapProfile() != null && !searchConfiguration.getLdapProfile().isEmpty()) {
if (pwmApplication.getConfig().getLdapProfiles().containsKey(searchConfiguration.getLdapProfile())) {
ldapProfiles = Collections.singletonList(pwmApplication.getConfig().getLdapProfiles().get(searchConfiguration.getLdapProfile()));
} else {
LOGGER.debug(sessionLabel, "attempt to search for users in unknown ldap profile '" + searchConfiguration.getLdapProfile() + "', skipping search");
return Collections.emptyMap();
}
} else {
ldapProfiles = pwmApplication.getConfig().getLdapProfiles().values();
}
final boolean ignoreUnreachableProfiles = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.LDAP_IGNORE_UNREACHABLE_PROFILES);
final List<String> errors = new ArrayList<>();
final long profileRetryDelayMS = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.LDAP_PROFILE_RETRY_DELAY));
final List<UserSearchJob> searchJobs = new ArrayList<>();
for (final LdapProfile ldapProfile : ldapProfiles) {
boolean skipProfile = false;
final Instant lastLdapFailure = pwmApplication.getLdapConnectionService().getLastLdapFailureTime(ldapProfile);
if (ldapProfiles.size() > 1 && lastLdapFailure != null && TimeDuration.fromCurrent(lastLdapFailure).isShorterThan(profileRetryDelayMS)) {
LOGGER.info("skipping user search on ldap profile " + ldapProfile.getIdentifier() + " due to recent unreachable status (" + TimeDuration.fromCurrent(lastLdapFailure).asCompactString() + ")");
skipProfile = true;
}
if (!skipProfile) {
try {
searchJobs.addAll(this.makeSearchJobs(ldapProfile, searchConfiguration, maxResults, returnAttributes));
} catch (PwmUnrecoverableException e) {
if (e.getError() == PwmError.ERROR_DIRECTORY_UNAVAILABLE) {
pwmApplication.getLdapConnectionService().setLastLdapFailure(ldapProfile, e.getErrorInformation());
if (ignoreUnreachableProfiles) {
errors.add(e.getErrorInformation().getDetailedErrorMsg());
if (errors.size() >= ldapProfiles.size()) {
final String errorMsg = "all ldap profiles are unreachable; errors: " + JsonUtil.serializeCollection(errors);
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, errorMsg));
}
}
} else {
throw e;
}
}
}
}
final Map<UserIdentity, Map<String, String>> resultsMap = new LinkedHashMap<>(executeSearchJobs(searchJobs, sessionLabel, searchCounter.getAndIncrement()));
final Map<UserIdentity, Map<String, String>> returnMap = trimOrderedMap(resultsMap, maxResults);
return Collections.unmodifiableMap(returnMap);
}
Also used :
Instant(java.time.Instant)
UserIdentity(password.pwm.bean.UserIdentity)
ArrayList(java.util.ArrayList)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
LdapProfile(password.pwm.config.profile.LdapProfile)
LinkedHashMap(java.util.LinkedHashMap)
ErrorInformation(password.pwm.error.ErrorInformation)
Map(java.util.Map)
LinkedHashMap(java.util.LinkedHashMap)
TreeMap(java.util.TreeMap)
Example 38 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class UserSearchEngine method resolveUserDN.
private UserIdentity resolveUserDN(final String userDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final Collection<LdapProfile> ldapProfiles = pwmApplication.getConfig().getLdapProfiles().values();
for (final LdapProfile ldapProfile : ldapProfiles) {
final ChaiProvider provider = pwmApplication.getProxyChaiProvider(ldapProfile.getIdentifier());
final ChaiUser user = provider.getEntryFactory().newChaiUser(userDN);
if (user.exists()) {
try {
return new UserIdentity(user.readCanonicalDN(), ldapProfile.getIdentifier());
} catch (ChaiOperationException e) {
LOGGER.error("unexpected error reading canonical userDN for '" + userDN + "', error: " + e.getMessage());
}
}
}
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_CANT_MATCH_USER));
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiUser(com.novell.ldapchai.ChaiUser)
UserIdentity(password.pwm.bean.UserIdentity)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
LdapProfile(password.pwm.config.profile.LdapProfile)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 39 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LdapDebugDataGenerator method makeLdapDebugInfos.
public static List<LdapDebugInfo> makeLdapDebugInfos(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final Configuration configuration, final Locale locale) {
final List<LdapDebugInfo> returnList = new ArrayList<>();
for (final LdapProfile ldapProfile : configuration.getLdapProfiles().values()) {
final LdapDebugInfo ldapDebugInfo = new LdapDebugInfo();
ldapDebugInfo.setProfileName(ldapProfile.getIdentifier());
ldapDebugInfo.setDisplayName(ldapProfile.getDisplayName(locale));
try {
final ChaiProvider chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, null, ldapProfile, configuration, ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN), ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD));
final Collection<ChaiConfiguration> chaiConfigurations = ChaiUtility.splitConfigurationPerReplica(chaiProvider.getChaiConfiguration(), null);
final List<LdapDebugServerInfo> ldapDebugServerInfos = new ArrayList<>();
for (final ChaiConfiguration chaiConfiguration : chaiConfigurations) {
final LdapDebugServerInfo ldapDebugServerInfo = new LdapDebugServerInfo();
ldapDebugServerInfo.setLdapServerlUrl(chaiConfiguration.getSetting(ChaiSetting.BIND_URLS));
final ChaiProvider loopProvider = chaiProvider.getProviderFactory().newProvider(chaiConfiguration);
{
final ChaiEntry rootDSEentry = ChaiUtility.getRootDSE(loopProvider);
final Map<String, List<String>> rootDSEdata = LdapOperationsHelper.readAllEntryAttributeValues(rootDSEentry);
ldapDebugServerInfo.setRootDseAttributes(rootDSEdata);
}
{
final String proxyUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
if (proxyUserDN != null) {
ldapDebugServerInfo.setProxyDN(proxyUserDN);
final ChaiEntry proxyUserEntry = chaiProvider.getEntryFactory().newChaiEntry(proxyUserDN);
if (proxyUserEntry.exists()) {
final Map<String, List<String>> proxyUserData = LdapOperationsHelper.readAllEntryAttributeValues(proxyUserEntry);
ldapDebugServerInfo.setProxyUserAttributes(proxyUserData);
}
}
}
{
final String testUserDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
if (testUserDN != null) {
ldapDebugServerInfo.setTestUserDN(testUserDN);
final ChaiEntry testUserEntry = chaiProvider.getEntryFactory().newChaiEntry(testUserDN);
if (testUserEntry.exists()) {
final Map<String, List<String>> testUserdata = LdapOperationsHelper.readAllEntryAttributeValues(testUserEntry);
ldapDebugServerInfo.setTestUserAttributes(testUserdata);
}
}
}
ldapDebugServerInfos.add(ldapDebugServerInfo);
}
ldapDebugInfo.setServerInfo(ldapDebugServerInfos);
returnList.add(ldapDebugInfo);
} catch (Exception e) {
LOGGER.error("error during output of ldap profile debug data profile: " + ldapProfile + ", error: " + e.getMessage());
}
}
return returnList;
}
Also used :
ArrayList(java.util.ArrayList)
ChaiEntry(com.novell.ldapchai.ChaiEntry)
LdapProfile(password.pwm.config.profile.LdapProfile)
ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 40 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LdapPermissionTester method testUserDNmatch.
private static boolean testUserDNmatch(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final String baseDN, final UserIdentity userIdentity) throws PwmUnrecoverableException {
if (baseDN == null || baseDN.trim().isEmpty()) {
return true;
}
final LdapProfile ldapProfile = userIdentity.getLdapProfile(pwmApplication.getConfig());
final String canonicalBaseDN = ldapProfile.readCanonicalDN(pwmApplication, baseDN);
final String userDN = userIdentity.getUserDN();
return userDN.endsWith(canonicalBaseDN);
}
Also used :
LdapProfile(password.pwm.config.profile.LdapProfile)
Aggregations
LdapProfile (password.pwm.config.profile.LdapProfile)54
ArrayList (java.util.ArrayList)16
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)16
ErrorInformation (password.pwm.error.ErrorInformation)15
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)12
Map (java.util.Map)11
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)10
ChaiUser (com.novell.ldapchai.ChaiUser)9
Configuration (password.pwm.config.Configuration)9
PwmOperationalException (password.pwm.error.PwmOperationalException)9
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)8
LinkedHashMap (java.util.LinkedHashMap)8
List (java.util.List)7
FormConfiguration (password.pwm.config.value.data.FormConfiguration)7
UserIdentity (password.pwm.bean.UserIdentity)6
ChaiException (com.novell.ldapchai.exception.ChaiException)5
ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)5
IOException (java.io.IOException)5
HashSet (java.util.HashSet)5
TreeMap (java.util.TreeMap)5
