Search in sources :

Example 1 with SearchConfiguration

use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.

the class LdapOperationsHelper method readAllUsersFromLdap.

public static Iterator<UserIdentity> readAllUsersFromLdap(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final String searchFilter, final int maxResults) throws ChaiUnavailableException, ChaiOperationException, PwmUnrecoverableException, PwmOperationalException {
    final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
    final SearchConfiguration searchConfiguration;
    {
        final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
        builder.enableValueEscaping(false);
        builder.searchTimeout(Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.REPORTING_LDAP_SEARCH_TIMEOUT)));
        if (searchFilter == null) {
            builder.username("*");
        } else {
            builder.filter(searchFilter);
        }
        searchConfiguration = builder.build();
    }
    LOGGER.debug(sessionLabel, "beginning user search using parameters: " + (JsonUtil.serialize(searchConfiguration)));
    final Map<UserIdentity, Map<String, String>> searchResults = userSearchEngine.performMultiUserSearch(searchConfiguration, maxResults, Collections.emptyList(), sessionLabel);
    LOGGER.debug(sessionLabel, "user search found " + searchResults.size() + " users");
    final Queue<UserIdentity> tempQueue = new LinkedList<>(searchResults.keySet());
    return new Iterator<UserIdentity>() {

        @Override
        public boolean hasNext() {
            return tempQueue.peek() != null;
        }

        @Override
        public UserIdentity next() {
            return tempQueue.poll();
        }
    };
}
Also used : UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) UserIdentity(password.pwm.bean.UserIdentity) Iterator(java.util.Iterator) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) Map(java.util.Map) HashMap(java.util.HashMap) LinkedList(java.util.LinkedList)

Example 2 with SearchConfiguration

use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.

the class ResponseStatsCommand method readAllUsersFromLdap.

private static List<UserIdentity> readAllUsersFromLdap(final PwmApplication pwmApplication) throws ChaiUnavailableException, ChaiOperationException, PwmUnrecoverableException, PwmOperationalException {
    final List<UserIdentity> returnList = new ArrayList<>();
    for (final LdapProfile ldapProfile : pwmApplication.getConfig().getLdapProfiles().values()) {
        final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
        final SearchConfiguration searchConfiguration = SearchConfiguration.builder().enableValueEscaping(false).searchTimeout(Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.REPORTING_LDAP_SEARCH_TIMEOUT))).username("*").enableValueEscaping(false).filter(ldapProfile.readSettingAsString(PwmSetting.LDAP_USERNAME_SEARCH_FILTER)).ldapProfile(ldapProfile.getIdentifier()).build();
        final Map<UserIdentity, Map<String, String>> searchResults = userSearchEngine.performMultiUserSearch(searchConfiguration, Integer.MAX_VALUE, Collections.emptyList(), SessionLabel.SYSTEM_LABEL);
        returnList.addAll(searchResults.keySet());
    }
    return returnList;
}
Also used : UserIdentity(password.pwm.bean.UserIdentity) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) ArrayList(java.util.ArrayList) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) LdapProfile(password.pwm.config.profile.LdapProfile) Map(java.util.Map) TreeMap(java.util.TreeMap)

Example 3 with SearchConfiguration

use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.

the class HelpdeskServlet method restSearchRequest.

@ActionHandler(action = "search")
private ProcessStatus restSearchRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final Map<String, String> valueMap = pwmRequest.readBodyAsJsonStringMap();
    final String username = valueMap.get("username");
    final boolean useProxy = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY);
    final List<FormConfiguration> searchForm = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_SEARCH_FORM);
    final int maxResults = (int) helpdeskProfile.readSettingAsLong(PwmSetting.HELPDESK_RESULT_LIMIT);
    if (username == null || username.isEmpty()) {
        final HelpdeskSearchResultsBean emptyResults = new HelpdeskSearchResultsBean();
        emptyResults.setSearchResults(new ArrayList<>());
        emptyResults.setSizeExceeded(false);
        final RestResultBean restResultBean = RestResultBean.withData(emptyResults);
        pwmRequest.outputJsonResult(restResultBean);
        return ProcessStatus.Halt;
    }
    final UserSearchEngine userSearchEngine = pwmRequest.getPwmApplication().getUserSearchEngine();
    final SearchConfiguration searchConfiguration;
    {
        final SearchConfiguration.SearchConfigurationBuilder builder = SearchConfiguration.builder();
        builder.contexts(helpdeskProfile.readSettingAsStringArray(PwmSetting.HELPDESK_SEARCH_BASE));
        builder.enableContextValidation(false);
        builder.username(username);
        builder.enableValueEscaping(false);
        builder.filter(HelpdeskServletUtil.getSearchFilter(pwmRequest.getConfig(), helpdeskProfile));
        builder.enableSplitWhitespace(true);
        if (!useProxy) {
            final UserIdentity loggedInUser = pwmRequest.getPwmSession().getUserInfo().getUserIdentity();
            builder.ldapProfile(loggedInUser.getLdapProfileID());
            builder.chaiProvider(getChaiUser(pwmRequest, helpdeskProfile, loggedInUser).getChaiProvider());
        }
        searchConfiguration = builder.build();
    }
    final UserSearchResults results;
    final boolean sizeExceeded;
    try {
        final Locale locale = pwmRequest.getLocale();
        results = userSearchEngine.performMultiUserSearchFromForm(locale, searchConfiguration, maxResults, searchForm, pwmRequest.getSessionLabel());
        sizeExceeded = results.isSizeExceeded();
    } catch (PwmOperationalException e) {
        final ErrorInformation errorInformation = e.getErrorInformation();
        LOGGER.error(pwmRequest, errorInformation);
        final RestResultBean restResultBean = RestResultBean.fromError(errorInformation, pwmRequest);
        pwmRequest.outputJsonResult(restResultBean);
        return ProcessStatus.Halt;
    }
    final HelpdeskSearchResultsBean outputData = new HelpdeskSearchResultsBean();
    outputData.setSearchResults(results.resultsAsJsonOutput(pwmRequest.getPwmApplication(), pwmRequest.getUserInfoIfLoggedIn()));
    outputData.setSizeExceeded(sizeExceeded);
    final RestResultBean restResultBean = RestResultBean.withData(outputData);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : Locale(java.util.Locale) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) UserIdentity(password.pwm.bean.UserIdentity) UserSearchResults(password.pwm.ldap.search.UserSearchResults) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) FormConfiguration(password.pwm.config.value.data.FormConfiguration) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 4 with SearchConfiguration

use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.

the class GuestRegistrationServlet method handleSearchRequest.

protected void handleSearchRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
    LOGGER.trace(pwmRequest, "Enter: handleSearchRequest(...)");
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final ChaiProvider chaiProvider = pwmSession.getSessionManager().getChaiProvider();
    final Configuration config = pwmApplication.getConfig();
    final String adminDnAttribute = config.readSettingAsString(PwmSetting.GUEST_ADMIN_ATTRIBUTE);
    final Boolean origAdminOnly = config.readSettingAsBoolean(PwmSetting.GUEST_EDIT_ORIG_ADMIN_ONLY);
    final String usernameParam = pwmRequest.readParameterAsString("username");
    final GuestRegistrationBean guBean = pwmApplication.getSessionStateService().getBean(pwmRequest, GuestRegistrationBean.class);
    final SearchConfiguration searchConfiguration = SearchConfiguration.builder().chaiProvider(chaiProvider).contexts(Collections.singletonList(config.readSettingAsString(PwmSetting.GUEST_CONTEXT))).enableContextValidation(false).username(usernameParam).build();
    final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
    try {
        final UserIdentity theGuest = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmSession.getLabel());
        final FormMap formProps = guBean.getFormValues();
        try {
            final List<FormConfiguration> guestUpdateForm = config.readSettingAsForm(PwmSetting.GUEST_UPDATE_FORM);
            final Set<String> involvedAttrs = new HashSet<>();
            for (final FormConfiguration formItem : guestUpdateForm) {
                if (!formItem.getName().equalsIgnoreCase(HTTP_PARAM_EXPIRATION_DATE)) {
                    involvedAttrs.add(formItem.getName());
                }
            }
            final UserInfo guestUserInfo = UserInfoFactory.newUserInfo(pwmApplication, pwmSession.getLabel(), pwmRequest.getLocale(), theGuest, pwmSession.getSessionManager().getChaiProvider());
            final Map<String, String> userAttrValues = guestUserInfo.readStringAttributes(involvedAttrs);
            if (origAdminOnly && adminDnAttribute != null && adminDnAttribute.length() > 0) {
                final String origAdminDn = userAttrValues.get(adminDnAttribute);
                if (origAdminDn != null && origAdminDn.length() > 0) {
                    if (!pwmSession.getUserInfo().getUserIdentity().getUserDN().equalsIgnoreCase(origAdminDn)) {
                        final ErrorInformation info = new ErrorInformation(PwmError.ERROR_ORIG_ADMIN_ONLY);
                        setLastError(pwmRequest, info);
                        LOGGER.warn(pwmSession, info);
                        this.forwardToJSP(pwmRequest, guestRegistrationBean);
                    }
                }
            }
            final String expirationAttribute = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
            if (expirationAttribute != null && expirationAttribute.length() > 0) {
                final Instant expiration = guestUserInfo.readDateAttribute(expirationAttribute);
                if (expiration != null) {
                    guBean.setUpdateUserExpirationDate(expiration);
                }
            }
            for (final FormConfiguration formItem : guestUpdateForm) {
                final String key = formItem.getName();
                final String value = userAttrValues.get(key);
                if (value != null) {
                    formProps.put(key, value);
                }
            }
            guBean.setUpdateUserIdentity(theGuest);
            this.forwardToUpdateJSP(pwmRequest, guestRegistrationBean);
            return;
        } catch (PwmUnrecoverableException e) {
            LOGGER.warn(pwmSession, "error reading current attributes for user: " + e.getMessage());
        }
    } catch (PwmOperationalException e) {
        final ErrorInformation error = e.getErrorInformation();
        setLastError(pwmRequest, error);
        this.forwardToJSP(pwmRequest, guestRegistrationBean);
        return;
    }
    this.forwardToJSP(pwmRequest, guestRegistrationBean);
}
Also used : PwmApplication(password.pwm.PwmApplication) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) Configuration(password.pwm.config.Configuration) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) UserIdentity(password.pwm.bean.UserIdentity) Instant(java.time.Instant) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) FormMap(password.pwm.util.FormMap) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) FormConfiguration(password.pwm.config.value.data.FormConfiguration) PwmSession(password.pwm.http.PwmSession) GuestRegistrationBean(password.pwm.http.bean.GuestRegistrationBean) HashSet(java.util.HashSet)

Example 5 with SearchConfiguration

use of password.pwm.ldap.search.SearchConfiguration in project pwm by pwm-project.

the class ActivateUserServlet method handleActivateRequest.

@ActionHandler(action = "activate")
public ProcessStatus handleActivateRequest(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final Configuration config = pwmApplication.getConfig();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    if (CaptchaUtility.captchaEnabledForRequest(pwmRequest)) {
        if (!CaptchaUtility.verifyReCaptcha(pwmRequest)) {
            final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_BAD_CAPTCHA_RESPONSE);
            throw new PwmUnrecoverableException(errorInfo);
        }
    }
    pwmApplication.getSessionStateService().clearBean(pwmRequest, ActivateUserBean.class);
    final List<FormConfiguration> configuredActivationForm = config.readSettingAsForm(PwmSetting.ACTIVATE_USER_FORM);
    Map<FormConfiguration, String> formValues = new HashMap<>();
    try {
        // read the values from the request
        formValues = FormUtility.readFormValuesFromRequest(pwmRequest, configuredActivationForm, ssBean.getLocale());
        // check for intruders
        pwmApplication.getIntruderManager().convenience().checkAttributes(formValues);
        // read the context attr
        final String contextParam = pwmRequest.readParameterAsString(PwmConstants.PARAM_CONTEXT);
        // read the profile attr
        final String ldapProfile = pwmRequest.readParameterAsString(PwmConstants.PARAM_LDAP_PROFILE);
        // see if the values meet the configured form requirements.
        FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
        final String searchFilter = ActivateUserUtils.figureLdapSearchFilter(pwmRequest);
        // read an ldap user object based on the params
        final UserIdentity userIdentity;
        {
            final UserSearchEngine userSearchEngine = pwmApplication.getUserSearchEngine();
            final SearchConfiguration searchConfiguration = SearchConfiguration.builder().contexts(Collections.singletonList(contextParam)).filter(searchFilter).formValues(formValues).ldapProfile(ldapProfile).build();
            userIdentity = userSearchEngine.performSingleUserSearch(searchConfiguration, pwmRequest.getSessionLabel());
        }
        ActivateUserUtils.validateParamsAgainstLDAP(pwmRequest, formValues, userIdentity);
        final List<UserPermission> userPermissions = config.readSettingAsUserPermission(PwmSetting.ACTIVATE_USER_QUERY_MATCH);
        if (!LdapPermissionTester.testUserPermissions(pwmApplication, pwmSession.getLabel(), userIdentity, userPermissions)) {
            final String errorMsg = "user " + userIdentity + " attempted activation, but does not match query string";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_ACTIVATE_NO_PERMISSION, errorMsg);
            pwmApplication.getIntruderManager().convenience().markUserIdentity(userIdentity, pwmSession);
            pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
            throw new PwmUnrecoverableException(errorInformation);
        }
        final ActivateUserBean activateUserBean = pwmApplication.getSessionStateService().getBean(pwmRequest, ActivateUserBean.class);
        activateUserBean.setUserIdentity(userIdentity);
        activateUserBean.setFormValidated(true);
        pwmApplication.getIntruderManager().convenience().clearAttributes(formValues);
        pwmApplication.getIntruderManager().convenience().clearAddressAndSession(pwmSession);
    } catch (PwmOperationalException e) {
        pwmApplication.getIntruderManager().convenience().markAttributes(formValues, pwmSession);
        pwmApplication.getIntruderManager().convenience().markAddressAndSession(pwmSession);
        setLastError(pwmRequest, e.getErrorInformation());
        LOGGER.debug(pwmSession.getLabel(), e.getErrorInformation().toDebugStr());
    }
    return ProcessStatus.Continue;
}
Also used : PwmApplication(password.pwm.PwmApplication) FormConfiguration(password.pwm.config.value.data.FormConfiguration) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) Configuration(password.pwm.config.Configuration) HashMap(java.util.HashMap) UserIdentity(password.pwm.bean.UserIdentity) UserSearchEngine(password.pwm.ldap.search.UserSearchEngine) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) SearchConfiguration(password.pwm.ldap.search.SearchConfiguration) ActivateUserBean(password.pwm.http.bean.ActivateUserBean) PwmOperationalException(password.pwm.error.PwmOperationalException) ErrorInformation(password.pwm.error.ErrorInformation) LocalSessionStateBean(password.pwm.bean.LocalSessionStateBean) FormConfiguration(password.pwm.config.value.data.FormConfiguration) PwmSession(password.pwm.http.PwmSession) UserPermission(password.pwm.config.value.data.UserPermission)

Aggregations

UserIdentity (password.pwm.bean.UserIdentity)13 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)13 UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)13 ErrorInformation (password.pwm.error.ErrorInformation)10 PwmOperationalException (password.pwm.error.PwmOperationalException)10 Map (java.util.Map)8 FormConfiguration (password.pwm.config.value.data.FormConfiguration)7 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)7 HashMap (java.util.HashMap)5 PwmApplication (password.pwm.PwmApplication)5 LinkedHashMap (java.util.LinkedHashMap)4 PwmSession (password.pwm.http.PwmSession)4 Locale (java.util.Locale)3 TreeMap (java.util.TreeMap)3 UserInfo (password.pwm.ldap.UserInfo)3 ChaiUser (com.novell.ldapchai.ChaiUser)2 SearchHelper (com.novell.ldapchai.util.SearchHelper)2 Instant (java.time.Instant)2 ArrayList (java.util.ArrayList)2 LocalSessionStateBean (password.pwm.bean.LocalSessionStateBean)2