use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.
the class LdapOperationsHelper method readAllUsersFromLdap.
public static Iterator<UserIdentity> readAllUsersFromLdap(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final String searchFilter, final int maxResults) throws ChaiUnavailableException, ChaiOperationException, PwmUnrecoverableException, PwmOperationalException {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final SearchConfiguration searchConfiguration;
{
final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
builder.enableValueEscaping(false);
builder.searchTimeout(Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.REPORTING_LDAP_SEARCH_TIMEOUT)));
if (searchFilter == null) {
builder.username("*");
} else {
builder.filter(searchFilter);
}
searchConfiguration = builder.build();
}
LOGGER.debug(sessionLabel, "beginning user search using parameters: " + (JsonUtil.serialize(searchConfiguration)));
final Map<UserIdentity, Map<String, String>> searchResults = userSearchEngine.performMultiUserSearch(searchConfiguration, maxResults, Collections.emptyList(), sessionLabel);
LOGGER.debug(sessionLabel, "user search found " + searchResults.size() + " users");
final Queue<UserIdentity> tempQueue = new LinkedList<>(searchResults.keySet());
return new Iterator<UserIdentity>() {
@Override
public boolean hasNext() {
return tempQueue.peek() != null;
}
@Override
public UserIdentity next() {
return tempQueue.poll();
}
};
}
use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.
the class ResponseStatsCommand method readAllUsersFromLdap.
private static List<UserIdentity> readAllUsersFromLdap(final PwmApplication pwmApplication) throws ChaiUnavailableException, ChaiOperationException, PwmUnrecoverableException, PwmOperationalException {
final List<UserIdentity> returnList = new ArrayList<>();
for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().enableValueEscaping(false).searchTimeout(Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.REPORTING_LDAP_SEARCH_TIMEOUT))).username("*").enableValueEscaping(false).filter(ldapProfile.readSettingAsString(PwmSetting.LDAP_USERNAME_SEARCH_FILTER)).ldapProfile(ldapProfile.getIdentifier()).build();
final Map<UserIdentity, Map<String, String>> searchResults = userSearchEngine.performMultiUserSearch(searchConfiguration, Integer.MAX_VALUE, Collections.emptyList(), SessionLabel.SYSTEM_LABEL);
returnList.addAll(searchResults.keySet());
}
return returnList;
}
use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.
the class HelpdeskServlet method restSearchRequest.
@ActionHandler(action = "search")
private ProcessStatus restSearchRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final Map<String, String> valueMap = pwmRequest.readBodyAsJsonStringMap();
final String username = valueMap.get("username");
final boolean useProxy = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY);
final List<FormConfiguration> searchForm = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_SEARCH_FORM);
final int maxResults = (int) helpdeskProfile.readSettingAsLong(PwmSetting.HELPDESK_RESULT_LIMIT);
if (username == null || username.isEmpty()) {
final HelpdeskSearchResultsBean emptyResults = new HelpdeskSearchResultsBean();
emptyResults.setSearchResults(new ArrayList<>());
emptyResults.setSizeExceeded(false);
final RestResultBean restResultBean = RestResultBean.withData(emptyResults);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
final UserSearchEngine userSearchEngine = pwmRequest.getPwmApplication().getUserSearchEngine();
final SearchConfiguration searchConfiguration;
{
final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
builder.contexts(helpdeskProfile.readSettingAsStringArray(PwmSetting.HELPDESK_SEARCH_BASE));
builder.enableContextValidation(false);
builder.username(username);
builder.enableValueEscaping(false);
builder.filter(HelpdeskServletUtil.getSearchFilter(pwmRequest.getConfig(), helpdeskProfile));
builder.enableSplitWhitespace(true);
if (!useProxy) {
final UserIdentity loggedInUser = pwmRequest.getPwmSession().getUserInfo().getUserIdentity();
builder.ldapProfile(loggedInUser.getLdapProfileID());
builder.chaiProvider(getChaiUser(pwmRequest, helpdeskProfile, loggedInUser).getChaiProvider());
}
searchConfiguration = builder.build();
}
final UserSearchResults results;
final boolean sizeExceeded;
try {
final Locale locale = pwmRequest.getLocale();
results = userSearchEngine.performMultiUserSearchFromForm(locale, searchConfiguration, maxResults, searchForm, pwmRequest.getSessionLabel());
sizeExceeded = results.isSizeExceeded();
} catch (PwmOperationalException e) {
final ErrorInformation errorInformation = e.getErrorInformation();
LOGGER.error(pwmRequest, errorInformation);
final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
final HelpdeskSearchResultsBean outputData = new HelpdeskSearchResultsBean();
outputData.setSearchResults(results.resultsAsJsonOutput(pwmRequest.getPwmApplication(), pwmRequest.getUserInfoIfLoggedIn()));
outputData.setSizeExceeded(sizeExceeded);
final RestResultBean restResultBean = RestResultBean.withData(outputData);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.
the class GuestRegistrationServlet method handleSearchRequest.
protected void handleSearchRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
LOGGER.trace(pwmRequest, "Enter: handleSearchRequest(...)");
final PwmSession pwmSession = pwmRequest.getPwmSession();
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final ChaiProvider chaiProvider = pwmSession.getSessionManager().getChaiProvider();
final Configuration config = pwmApplication.getConfig();
final String adminDnAttribute = config.readSettingAsString(PwmSetting.GUEST_ADMIN_ATTRIBUTE);
final Boolean origAdminOnly = config.readSettingAsBoolean(PwmSetting.GUEST_EDIT_ORIG_ADMIN_ONLY);
final String usernameParam = pwmRequest.readParameterAsString("username");
final GuestRegistrationBean guBean = pwmApplication.getSessionStateService().getBean(pwmRequest, GuestRegistrationBean.class);
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().chaiProvider(chaiProvider).contexts(Collections.singletonList(config.readSettingAsString(PwmSetting.GUEST_CONTEXT))).enableContextValidation(false).username(usernameParam).build();
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
try {
final UserIdentity theGuest = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmSession.getLabel());
final FormMap formProps = guBean.getFormValues();
try {
final List<FormConfiguration> guestUpdateForm = config.readSettingAsForm(PwmSetting.GUEST_UPDATE_FORM);
final Set<String> involvedAttrs = new HashSet<>();
for (final FormConfiguration formItem : guestUpdateForm) {
if (!formItem.getName().equalsIgnoreCase(HTTP_PARAM_EXPIRATION_DATE)) {
involvedAttrs.add(formItem.getName());
}
}
final UserInfo guestUserInfo = UserInfoFactory.newUserInfo(pwmApplication, pwmSession.getLabel(), pwmRequest.getLocale(), theGuest, pwmSession.getSessionManager().getChaiProvider());
final Map<String, String> userAttrValues = guestUserInfo.readStringAttributes(involvedAttrs);
if (origAdminOnly && adminDnAttribute != null && adminDnAttribute.length() > 0) {
final String origAdminDn = userAttrValues.get(adminDnAttribute);
if (origAdminDn != null && origAdminDn.length() > 0) {
if (!pwmSession.getUserInfo().getUserIdentity().getUserDN().equalsIgnoreCase(origAdminDn)) {
final ErrorInformation info = new ErrorInformation(PwmError.ERROR_ORIG_ADMIN_ONLY);
setLastError(pwmRequest, info);
LOGGER.warn(pwmSession, info);
this.forwardToJSP(pwmRequest, guestRegistrationBean);
}
}
}
final String expirationAttribute = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
if (expirationAttribute != null && expirationAttribute.length() > 0) {
final Instant expiration = guestUserInfo.readDateAttribute(expirationAttribute);
if (expiration != null) {
guBean.setUpdateUserExpirationDate(expiration);
}
}
for (final FormConfiguration formItem : guestUpdateForm) {
final String key = formItem.getName();
final String value = userAttrValues.get(key);
if (value != null) {
formProps.put(key, value);
}
}
guBean.setUpdateUserIdentity(theGuest);
this.forwardToUpdateJSP(pwmRequest, guestRegistrationBean);
return;
} catch (PwmUnrecoverableException e) {
LOGGER.warn(pwmSession, "error reading current attributes for user: " + e.getMessage());
}
} catch (PwmOperationalException e) {
final ErrorInformation error = e.getErrorInformation();
setLastError(pwmRequest, error);
this.forwardToJSP(pwmRequest, guestRegistrationBean);
return;
}
this.forwardToJSP(pwmRequest, guestRegistrationBean);
}
use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.
the class ActivateUserServlet method handleActivateRequest.
@ActionHandler(action = "activate")
public ProcessStatus handleActivateRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final Configuration config = pwmApplication.getConfig();
final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
throw new PwmUnrecoverableException(errorInfo);
}
}
pwmApplication.getSessionStateService().clearBean(pwmRequest, ActivateUserBean.class);
final List<FormConfiguration> configuredActivationForm = config.readSettingAsForm(PwmSetting.ACTIVATE_USER_FORM);
Map<FormConfiguration, String> formValues = new HashMap<>();
try {
// read the values from the request
formValues = FormUtility.readFormValuesFromRequest(pwmRequest, configuredActivationForm, ssBean.getLocale());
// check for intruders
pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
// read the context attr
final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
// read the profile attr
final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
// see if the values meet the configured form requirements.
FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
final String searchFilter = ActivateUserUtils.figureLdapSearchFilter(pwmRequest);
// read an ldap user object based on the params
final UserIdentity userIdentity;
{
final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
final SearchConfiguration searchConfiguration = SearchConfiguration.builder().contexts(Collections.singletonList(contextParam)).filter(searchFilter).formValues(formValues).ldapProfile(ldapProfile).build();
userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmRequest.getSessionLabel());
}
ActivateUserUtils.validateParamsAgainstLDAP(pwmRequest, formValues, userIdentity);
final List<UserPermission> userPermissions = config.readSettingAsUserPermission(PwmSetting.ACTIVATE_USER_QUERY_MATCH);
if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession.getLabel(), userIdentity, userPermissions)) {
final String errorMsg = "user " + userIdentity + " attempted activation, but does not match query string";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_ACTIVATE_NO_PERMISSION, errorMsg);
pwmApplication.getIntruderManager().convenience().markUserIdentity(userIdentity, pwmSession);
pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
throw new PwmUnrecoverableException(errorInformation);
}
final ActivateUserBean activateUserBean = pwmApplication.getSessionStateService().getBean(pwmRequest, ActivateUserBean.class);
activateUserBean.setUserIdentity(userIdentity);
activateUserBean.setFormValidated(true);
pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
} catch (PwmOperationalException e) {
pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
setLastError(pwmRequest, e.getErrorInformation());
LOGGER.debug(pwmSession.getLabel(), e.getErrorInformation().toDebugStr());
}
return ProcessStatus.Continue;
}
Aggregations