Example 41 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LdapXmlUserHistory method readUserHistory.
private StoredHistory readUserHistory(final PwmApplication pwmApplication, final UserIdentity userIdentity, final ChaiUser chaiUser) throws ChaiUnavailableException, PwmUnrecoverableException {
final LdapProfile ldapProfile = userIdentity.getLdapProfile(pwmApplication.getConfig());
final String corAttribute = ldapProfile.readSettingAsString(PwmSetting.EVENTS_LDAP_ATTRIBUTE);
if (corAttribute == null || corAttribute.length() < 1) {
LOGGER.trace("no user event log attribute configured, skipping read of log data");
return new StoredHistory();
}
try {
final List corList = ConfigObjectRecord.readRecordFromLDAP(chaiUser, corAttribute, COR_RECORD_ID, null, null);
if (!corList.isEmpty()) {
final ConfigObjectRecord theCor = (ConfigObjectRecord) corList.get(0);
return StoredHistory.fromXml(theCor.getPayload());
}
} catch (ChaiOperationException e) {
LOGGER.error("ldap error reading user event log: " + e.getMessage());
}
return new StoredHistory();
}
Also used :
LinkedList(java.util.LinkedList)
List(java.util.List)
ConfigObjectRecord(com.novell.ldapchai.util.ConfigObjectRecord)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
LdapProfile(password.pwm.config.profile.LdapProfile)
Example 42 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class TelemetryService method generatePublishableBean.
public TelemetryPublishBean generatePublishableBean() throws URISyntaxException, IOException, PwmUnrecoverableException {
final StatisticsBundle bundle = pwmApplication.getStatisticsManager().getStatBundleForKey(StatisticsManager.KEY_CUMULATIVE);
final Configuration config = pwmApplication.getConfig();
final Map<PwmAboutProperty, String> aboutPropertyStringMap = PwmAboutProperty.makeInfoBean(pwmApplication);
final Map<String, String> statData = new TreeMap<>();
for (final Statistic loopStat : Statistic.values()) {
statData.put(loopStat.getKey(), bundle.getStatistic(loopStat));
}
final List<String> configuredSettings = new ArrayList<>();
for (final PwmSetting pwmSetting : config.nonDefaultSettings()) {
if (!pwmSetting.getCategory().hasProfiles() && !config.isDefaultValue(pwmSetting)) {
configuredSettings.add(pwmSetting.getKey());
}
}
String ldapVendorName = null;
for (final LdapProfile ldapProfile : config.getLdapProfiles().values()) {
if (ldapVendorName == null) {
try {
final DirectoryVendor directoryVendor = ldapProfile.getProxyChaiProvider(pwmApplication).getDirectoryVendor();
final PwmLdapVendor pwmLdapVendor = PwmLdapVendor.fromChaiVendor(directoryVendor);
if (pwmLdapVendor != null) {
ldapVendorName = pwmLdapVendor.name();
}
} catch (Exception e) {
LOGGER.trace(SessionLabel.TELEMETRY_SESSION_LABEL, "unable to read ldap vendor type for stats publication: " + e.getMessage());
}
}
}
final Map<String, String> aboutStrings = new TreeMap<>();
{
for (final Map.Entry<PwmAboutProperty, String> entry : aboutPropertyStringMap.entrySet()) {
final PwmAboutProperty pwmAboutProperty = entry.getKey();
aboutStrings.put(pwmAboutProperty.name(), entry.getValue());
}
aboutStrings.remove(PwmAboutProperty.app_instanceID.name());
aboutStrings.remove(PwmAboutProperty.app_siteUrl.name());
}
final TelemetryPublishBean.TelemetryPublishBeanBuilder builder = TelemetryPublishBean.builder();
builder.timestamp(Instant.now());
builder.id(makeId(pwmApplication));
builder.instanceHash(pwmApplication.getSecureService().hash(pwmApplication.getInstanceID()));
builder.installTime(pwmApplication.getInstallTime());
builder.siteDescription(config.readSettingAsString(PwmSetting.PUBLISH_STATS_SITE_DESCRIPTION));
builder.versionBuild(PwmConstants.BUILD_NUMBER);
builder.versionVersion(PwmConstants.BUILD_VERSION);
builder.ldapVendorName(ldapVendorName);
builder.statistics(Collections.unmodifiableMap(statData));
builder.configuredSettings(Collections.unmodifiableList(configuredSettings));
builder.about(aboutStrings);
return builder.build();
}
Also used :
Configuration(password.pwm.config.Configuration)
ArrayList(java.util.ArrayList)
PwmLdapVendor(password.pwm.ldap.PwmLdapVendor)
TreeMap(java.util.TreeMap)
LdapProfile(password.pwm.config.profile.LdapProfile)
URISyntaxException(java.net.URISyntaxException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
IOException(java.io.IOException)
PwmSetting(password.pwm.config.PwmSetting)
PwmAboutProperty(password.pwm.PwmAboutProperty)
StatisticsBundle(password.pwm.svc.stats.StatisticsBundle)
Statistic(password.pwm.svc.stats.Statistic)
DirectoryVendor(com.novell.ldapchai.provider.DirectoryVendor)
TelemetryPublishBean(password.pwm.bean.TelemetryPublishBean)
Example 43 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LDAPPermissionCalculator method figureStaticRecords.
private Collection<PermissionRecord> figureStaticRecords() {
final Set<PwmSettingTemplate> edirInterestedTemplates = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(PwmSettingTemplate.NOVL, PwmSettingTemplate.NOVL_IDM)));
final List<PermissionRecord> permissionRecords = new ArrayList<>();
final PwmSettingTemplateSet templateSet = storedConfiguration.getTemplateSet();
{
// edir specific attributes
if (!Collections.disjoint(templateSet.getTemplates(), edirInterestedTemplates)) {
final Map<String, LDAPPermissionInfo.Access> ldapAttributes = new LinkedHashMap<>();
ldapAttributes.put(ChaiConstant.ATTR_LDAP_LOCKED_BY_INTRUDER, LDAPPermissionInfo.Access.write);
ldapAttributes.put(ChaiConstant.ATTR_LDAP_LOGIN_INTRUDER_ATTEMPTS, LDAPPermissionInfo.Access.write);
ldapAttributes.put(ChaiConstant.ATTR_LDAP_LOGIN_INTRUDER_RESET_TIME, LDAPPermissionInfo.Access.write);
ldapAttributes.put(ChaiConstant.ATTR_LDAP_LOGIN_GRACE_LIMIT, LDAPPermissionInfo.Access.write);
ldapAttributes.put(ChaiConstant.ATTR_LDAP_LOGIN_GRACE_REMAINING, LDAPPermissionInfo.Access.write);
ldapAttributes.put(ChaiConstant.ATTR_LDAP_PASSWORD_EXPIRE_TIME, LDAPPermissionInfo.Access.read);
for (final Map.Entry<String, LDAPPermissionInfo.Access> entry : ldapAttributes.entrySet()) {
final String ldapAttribute = entry.getKey();
permissionRecords.add(new PermissionRecord(ldapAttribute, null, null, entry.getValue(), LDAPPermissionInfo.Actor.proxy));
}
}
}
if (configuration.getLdapProfiles() != null && !configuration.getLdapProfiles().isEmpty()) {
for (final LdapProfile ldapProfile : configuration.getLdapProfiles().values()) {
final List<String> autoAddObjectClasses = ldapProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES);
if (autoAddObjectClasses != null && !autoAddObjectClasses.isEmpty()) {
permissionRecords.add(new PermissionRecord(ChaiConstant.ATTR_LDAP_OBJECTCLASS, PwmSetting.AUTO_ADD_OBJECT_CLASSES, ldapProfile.getIdentifier(), LDAPPermissionInfo.Access.write, LDAPPermissionInfo.Actor.proxy));
}
}
}
return permissionRecords;
}
Also used :
PwmSettingTemplate(password.pwm.config.PwmSettingTemplate)
ArrayList(java.util.ArrayList)
LdapProfile(password.pwm.config.profile.LdapProfile)
PwmSettingTemplateSet(password.pwm.config.PwmSettingTemplateSet)
LDAPPermissionInfo(password.pwm.config.LDAPPermissionInfo)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
Example 44 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LdapCrOperator method writeResponses.
public void writeResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String userGuid, final ResponseInfoBean responseInfoBean) throws PwmUnrecoverableException {
final LdapProfile ldapProfile = userIdentity.getLdapProfile(config);
final String ldapStorageAttribute = ldapProfile.readSettingAsString(PwmSetting.CHALLENGE_USER_ATTRIBUTE);
if (ldapStorageAttribute == null || ldapStorageAttribute.length() < 1) {
final String errorMsg = "ldap storage attribute is not configured, unable to write user responses";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
final ChaiResponseSet responseSet = ChaiCrFactory.newChaiResponseSet(responseInfoBean.getCrMap(), responseInfoBean.getHelpdeskCrMap(), responseInfoBean.getLocale(), responseInfoBean.getMinRandoms(), theUser.getChaiProvider().getChaiConfiguration(), responseInfoBean.getCsIdentifier());
ChaiCrFactory.writeChaiResponseSet(responseSet, theUser);
LOGGER.info("saved responses for user to chai-ldap format");
} catch (ChaiException e) {
final String errorMsg;
if (e.getErrorCode() == ChaiError.NO_ACCESS) {
errorMsg = "permission error writing user responses to ldap attribute '" + ldapStorageAttribute + "', user does not appear to have correct permissions to save responses: " + e.getMessage();
} else {
errorMsg = "error writing user responses to ldap attribute '" + ldapStorageAttribute + "': " + e.getMessage();
}
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, errorMsg);
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(e);
throw pwmOE;
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiResponseSet(com.novell.ldapchai.cr.ChaiResponseSet)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
LdapProfile(password.pwm.config.profile.LdapProfile)
ChaiException(com.novell.ldapchai.exception.ChaiException)
Example 45 with LdapProfile
use of password.pwm.config.profile.LdapProfile in project pwm by pwm-project.
the class LdapOtpOperator method clearOtpUserConfiguration.
@Override
public void clearOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity userIdentity, final String userGuid) throws PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
final LdapProfile ldapProfile = config.getLdapProfiles().get(userIdentity.getLdapProfileID());
final String ldapStorageAttribute = ldapProfile.readSettingAsString(PwmSetting.OTP_SECRET_LDAP_ATTRIBUTE);
if (ldapStorageAttribute == null || ldapStorageAttribute.length() < 1) {
final String errorMsg = "ldap storage attribute is not configured, unable to clear OTP secret";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
final ChaiUser theUser = pwmSession == null ? pwmApplication.getProxiedChaiUser(userIdentity) : pwmSession.getSessionManager().getActor(pwmApplication, userIdentity);
theUser.deleteAttribute(ldapStorageAttribute, null);
LOGGER.info("cleared OTP secret for user to chai-ldap format");
} catch (ChaiOperationException e) {
final String errorMsg;
if (e.getErrorCode() == ChaiError.NO_ACCESS) {
errorMsg = "permission error clearing responses to ldap attribute '" + ldapStorageAttribute + "', user does not appear to have correct permissions to clear OTP secret: " + e.getMessage();
} else {
errorMsg = "error clearing OTP secret to ldap attribute '" + ldapStorageAttribute + "': " + e.getMessage();
}
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, errorMsg);
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(e);
throw pwmOE;
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Configuration(password.pwm.config.Configuration)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
LdapProfile(password.pwm.config.profile.LdapProfile)
Aggregations
LdapProfile (password.pwm.config.profile.LdapProfile)54
ArrayList (java.util.ArrayList)16
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)16
ErrorInformation (password.pwm.error.ErrorInformation)15
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)12
Map (java.util.Map)11
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)10
ChaiUser (com.novell.ldapchai.ChaiUser)9
Configuration (password.pwm.config.Configuration)9
PwmOperationalException (password.pwm.error.PwmOperationalException)9
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)8
LinkedHashMap (java.util.LinkedHashMap)8
List (java.util.List)7
FormConfiguration (password.pwm.config.value.data.FormConfiguration)7
UserIdentity (password.pwm.bean.UserIdentity)6
ChaiException (com.novell.ldapchai.exception.ChaiException)5
ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)5
IOException (java.io.IOException)5
HashSet (java.util.HashSet)5
TreeMap (java.util.TreeMap)5
