private static void checkConfiguration(final Configuration configuration) throws PwmUnrecoverableException { final String namingAttribute = configuration.getDefaultLdapProfile().readSettingAsString(PwmSetting.LDAP_NAMING_ATTRIBUTE); final List<FormConfiguration> formItems = configuration.readSettingAsForm(PwmSetting.GUEST_FORM); { boolean namingIsInForm = false; for (final FormConfiguration formItem : formItems) { if (namingAttribute.equalsIgnoreCase(formItem.getName())) { namingIsInForm = true; } } if (!namingIsInForm) { final String errorMsg = "ldap naming attribute '" + namingAttribute + "' is not in form configuration, but is required"; final ErrorInformation errorInformation = new ErrorInformation( PwmError.ERROR_INVALID_CONFIG, errorMsg, new String[] {namingAttribute}); throw new PwmUnrecoverableException(errorInformation); } } }
private static String determineUserDN( final Map<FormConfiguration, String> formValues, final Configuration config) throws PwmUnrecoverableException { final String namingAttribute = config.getDefaultLdapProfile().readSettingAsString(PwmSetting.LDAP_NAMING_ATTRIBUTE); for (final FormConfiguration formItem : formValues.keySet()) { if (namingAttribute.equals(formItem.getName())) { final String namingValue = formValues.get(formItem); final String gestUserContextDN = config.readSettingAsString(PwmSetting.GUEST_CONTEXT); return namingAttribute + "=" + namingValue + "," + gestUserContextDN; } } final String errorMsg = "unable to determine new user DN due to missing form value for naming attribute '" + namingAttribute + '"'; throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg)); }
private void restLdapHealth(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean) throws IOException, PwmUnrecoverableException { final Configuration tempConfiguration = new Configuration(configGuideBean.getStoredConfiguration()); final PwmApplication tempApplication = new PwmApplication.PwmEnvironment( tempConfiguration, pwmRequest.getPwmApplication().getApplicationPath()) .setApplicationMode(PwmApplication.MODE.NEW) .setInternalRuntimeInstance(true) .setWebInfPath(pwmRequest.getPwmApplication().getWebInfPath()) .createPwmApplication(); final LDAPStatusChecker ldapStatusChecker = new LDAPStatusChecker(); final List<HealthRecord> records = new ArrayList<>(); final LdapProfile ldapProfile = tempConfiguration.getDefaultLdapProfile(); switch (configGuideBean.getStep()) { case LDAP_SERVER: { try { checkLdapServer(configGuideBean); records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK)); } catch (Exception e) { records.add( new HealthRecord( HealthStatus.WARN, HealthTopic.LDAP, "Can not connect to remote server: " + e.getMessage())); } } break; case LDAP_ADMIN: { records.addAll( ldapStatusChecker.checkBasicLdapConnectivity( tempApplication, tempConfiguration, ldapProfile, false)); if (records.isEmpty()) { records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK)); } } break; case LDAP_CONTEXT: { records.addAll( ldapStatusChecker.checkBasicLdapConnectivity( tempApplication, tempConfiguration, ldapProfile, true)); if (records.isEmpty()) { records.add( new HealthRecord( HealthStatus.GOOD, HealthTopic.LDAP, "LDAP Contextless Login Root validated")); } try { final UserMatchViewerFunction userMatchViewerFunction = new UserMatchViewerFunction(); final Collection<UserIdentity> results = userMatchViewerFunction.discoverMatchingUsers( pwmRequest.getPwmApplication(), 2, configGuideBean.getStoredConfiguration(), PwmSetting.QUERY_MATCH_PWM_ADMIN, null); if (results.isEmpty()) { records.add( new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "No matching admin users")); } else { records.add( new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "Admin group validated")); } } catch (PwmException e) { records.add( new HealthRecord( HealthStatus.WARN, HealthTopic.LDAP, "Error during admin group validation: " + e.getErrorInformation().toDebugStr())); } catch (Exception e) { records.add( new HealthRecord( HealthStatus.WARN, HealthTopic.LDAP, "Error during admin group validation: " + e.getMessage())); } } break; case LDAP_TESTUSER: { final String testUserValue = configGuideBean.getFormData().get(PARAM_LDAP_TEST_USER); if (testUserValue != null && !testUserValue.isEmpty()) { records.addAll( ldapStatusChecker.checkBasicLdapConnectivity( tempApplication, tempConfiguration, ldapProfile, false)); records.addAll( ldapStatusChecker.doLdapTestUserCheck( tempConfiguration, ldapProfile, tempApplication)); } else { records.add( new HealthRecord(HealthStatus.CAUTION, HealthTopic.LDAP, "No test user specified")); } } break; } HealthData jsonOutput = new HealthData(); jsonOutput.records = password.pwm.ws.server.rest.bean.HealthRecord.fromHealthRecords( records, pwmRequest.getLocale(), tempConfiguration); jsonOutput.timestamp = new Date(); jsonOutput.overall = HealthMonitor.getMostSevereHealthStatus(records).toString(); final RestResultBean restResultBean = new RestResultBean(); restResultBean.setData(jsonOutput); pwmRequest.outputJsonResult(restResultBean); }
private void publishStatisticsToCloud() throws URISyntaxException, IOException, PwmUnrecoverableException { final StatsPublishBean statsPublishData; { final StatisticsBundle bundle = getStatBundleForKey(KEY_CUMULATIVE); final Map<String, String> statData = new HashMap<>(); for (final Statistic loopStat : Statistic.values()) { statData.put(loopStat.getKey(), bundle.getStatistic(loopStat)); } final Configuration config = pwmApplication.getConfig(); final List<String> configuredSettings = new ArrayList<>(); for (final PwmSetting pwmSetting : config.nonDefaultSettings()) { if (!pwmSetting.getCategory().hasProfiles() && !config.isDefaultValue(pwmSetting)) { configuredSettings.add(pwmSetting.getKey()); } } final Map<String, String> otherData = new HashMap<>(); otherData.put( StatsPublishBean.KEYS.SITE_URL.toString(), config.readSettingAsString(PwmSetting.PWM_SITE_URL)); otherData.put( StatsPublishBean.KEYS.SITE_DESCRIPTION.toString(), config.readSettingAsString(PwmSetting.PUBLISH_STATS_SITE_DESCRIPTION)); otherData.put( StatsPublishBean.KEYS.INSTALL_DATE.toString(), PwmConstants.DEFAULT_DATETIME_FORMAT.format(pwmApplication.getInstallTime())); try { otherData.put( StatsPublishBean.KEYS.LDAP_VENDOR.toString(), pwmApplication .getProxyChaiProvider(config.getDefaultLdapProfile().getIdentifier()) .getDirectoryVendor() .toString()); } catch (Exception e) { LOGGER.trace("unable to read ldap vendor type for stats publication: " + e.getMessage()); } statsPublishData = new StatsPublishBean( pwmApplication.getInstanceID(), new Date(), statData, configuredSettings, PwmConstants.BUILD_NUMBER, PwmConstants.BUILD_VERSION, otherData); } final URI requestURI = new URI(PwmConstants.PWM_URL_CLOUD + "/rest/pwm/statistics"); final HttpPost httpPost = new HttpPost(requestURI.toString()); final String jsonDataString = JsonUtil.serialize(statsPublishData); httpPost.setEntity(new StringEntity(jsonDataString)); httpPost.setHeader("Accept", PwmConstants.AcceptValue.json.getHeaderValue()); httpPost.setHeader("Content-Type", PwmConstants.ContentTypeValue.json.getHeaderValue()); LOGGER.debug( "preparing to send anonymous statistics to " + requestURI.toString() + ", data to send: " + jsonDataString); final HttpResponse httpResponse = PwmHttpClient.getHttpClient(pwmApplication.getConfig()).execute(httpPost); if (httpResponse.getStatusLine().getStatusCode() != HttpStatus.SC_OK) { throw new IOException( "http response error code: " + httpResponse.getStatusLine().getStatusCode()); } LOGGER.info("published anonymous statistics to " + requestURI.toString()); try { localDB.put( LocalDB.DB.PWM_STATS, KEY_CLOUD_PUBLISH_TIMESTAMP, String.valueOf(System.currentTimeMillis())); } catch (LocalDBException e) { LOGGER.error( "unexpected error trying to save last statistics published time to LocalDB: " + e.getMessage()); } }