private void restUpdateLdapForm(
final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
throws IOException, PwmUnrecoverableException {
final StoredConfigurationImpl storedConfiguration = configGuideBean.getStoredConfiguration();
final Map<String, String> incomingFormData = pwmRequest.readBodyAsJsonStringMap();
if (incomingFormData != null) {
configGuideBean.getFormData().putAll(incomingFormData);
}
if (incomingFormData != null
&& incomingFormData.get(PARAM_TEMPLATE_NAME) != null
&& !incomingFormData.get(PARAM_TEMPLATE_NAME).isEmpty()) {
try {
final PwmSettingTemplate template =
PwmSettingTemplate.valueOf(incomingFormData.get(PARAM_TEMPLATE_NAME));
if (configGuideBean.getSelectedTemplate() != template) {
LOGGER.debug(
pwmRequest, "resetting form defaults using " + template.toString() + " template");
final Map<String, String> defaultForm = defaultForm(template);
configGuideBean.getFormData().putAll(defaultForm);
configGuideBean.setSelectedTemplate(template);
storedConfiguration.setTemplate(template);
}
} catch (Exception e) {
LOGGER.error("unknown template set request: " + e.getMessage());
}
}
final RestResultBean restResultBean = new RestResultBean();
pwmRequest.outputJsonResult(restResultBean);
convertFormToConfiguration(
storedConfiguration, configGuideBean.getFormData(), incomingFormData);
// LOGGER.info("config: " + storedConfiguration.toString());
}
private static String getLdapUrlFromFormConfig(final Map<String, String> ldapForm) {
final String ldapServerIP = ldapForm.get(PARAM_LDAP_HOST);
final String ldapServerPort = ldapForm.get(PARAM_LDAP_PORT);
final boolean ldapServerSecure = "true".equalsIgnoreCase(ldapForm.get(PARAM_LDAP_SECURE));
return "ldap" + (ldapServerSecure ? "s" : "") + "://" + ldapServerIP + ":" + ldapServerPort;
}
private void restBrowseLdap(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
throws IOException, ServletException, PwmUnrecoverableException {
final StoredConfigurationImpl storedConfiguration =
StoredConfigurationImpl.copy(configGuideBean.getStoredConfiguration());
if (configGuideBean.getStep() == STEP.LDAP_ADMIN) {
storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_KEY, null);
storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_KEY, null);
}
final Date startTime = new Date();
final Map<String, String> inputMap =
pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation);
final String profile = inputMap.get("profile");
final String dn = inputMap.containsKey("dn") ? inputMap.get("dn") : "";
final LdapBrowser ldapBrowser = new LdapBrowser(storedConfiguration);
final LdapBrowser.LdapBrowseResult result = ldapBrowser.doBrowse(profile, dn);
ldapBrowser.close();
LOGGER.trace(
pwmRequest,
"performed ldapBrowse operation in "
+ TimeDuration.fromCurrent(startTime).asCompactString()
+ ", result="
+ JsonUtil.serialize(result));
pwmRequest.outputJsonResult(new RestResultBean(result));
}
public static void convertFormToConfiguration(
final StoredConfigurationImpl storedConfiguration,
final Map<String, String> ldapForm,
final Map<String, String> incomingLdapForm)
throws PwmUnrecoverableException {
{
final String newLdapURI = getLdapUrlFromFormConfig(ldapForm);
final StringArrayValue newValue = new StringArrayValue(Collections.singletonList(newLdapURI));
storedConfiguration.writeSetting(
PwmSetting.LDAP_SERVER_URLS, LDAP_PROFILE_KEY, newValue, null);
}
{ // proxy/admin account
final String ldapAdminDN = ldapForm.get(PARAM_LDAP_PROXY_DN);
final String ldapAdminPW = ldapForm.get(PARAM_LDAP_PROXY_PW);
storedConfiguration.writeSetting(
PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_KEY, new StringValue(ldapAdminDN), null);
final PasswordValue passwordValue =
new PasswordValue(PasswordData.forStringValue(ldapAdminPW));
storedConfiguration.writeSetting(
PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_KEY, passwordValue, null);
}
storedConfiguration.writeSetting(
PwmSetting.LDAP_CONTEXTLESS_ROOT,
LDAP_PROFILE_KEY,
new StringArrayValue(Collections.singletonList(ldapForm.get(PARAM_LDAP_CONTEXT))),
null);
{
final String ldapContext = ldapForm.get(PARAM_LDAP_CONTEXT);
storedConfiguration.writeSetting(
PwmSetting.LDAP_CONTEXTLESS_ROOT,
LDAP_PROFILE_KEY,
new StringArrayValue(Collections.singletonList(ldapContext)),
null);
}
{
final String ldapTestUserDN = ldapForm.get(PARAM_LDAP_TEST_USER);
storedConfiguration.writeSetting(
PwmSetting.LDAP_TEST_USER_DN, LDAP_PROFILE_KEY, new StringValue(ldapTestUserDN), null);
}
{ // set admin query
final String groupDN = ldapForm.get(PARAM_LDAP_ADMIN_GROUP);
final List<UserPermission> userPermissions =
Collections.singletonList(
new UserPermission(UserPermission.Type.ldapGroup, null, null, groupDN));
storedConfiguration.writeSetting(
PwmSetting.QUERY_MATCH_PWM_ADMIN, new UserPermissionValue(userPermissions), null);
}
// set context based on ldap dn
if (incomingLdapForm.containsKey(PARAM_APP_SITEURL)) {
ldapForm.put(PARAM_APP_SITEURL, incomingLdapForm.get(PARAM_APP_SITEURL));
}
storedConfiguration.writeSetting(
PwmSetting.PWM_SITE_URL, new StringValue(ldapForm.get(PARAM_APP_SITEURL)), null);
}
private void checkLdapServer(ConfigGuideBean configGuideBean)
throws PwmOperationalException, IOException {
final Map<String, String> formData = configGuideBean.getFormData();
final String host = formData.get(PARAM_LDAP_HOST);
final int port = Integer.parseInt(formData.get(PARAM_LDAP_PORT));
if (Boolean.parseBoolean(formData.get(PARAM_LDAP_SECURE))) {
X509Utils.readRemoteCertificates(host, port);
} else {
InetAddress addr = InetAddress.getByName(host);
SocketAddress sockaddr = new InetSocketAddress(addr, port);
Socket sock = new Socket();
// this method will block for the defined number of milliseconds
int timeout = 2000;
sock.connect(sockaddr, timeout);
}
}
private void checkLdapServer(ConfigGuideBean configGuideBean)
throws PwmOperationalException, IOException {
final Map<String, String> formData = configGuideBean.getFormData();
final String host = formData.get(PARAM_LDAP_HOST);
final int port = Integer.parseInt(formData.get(PARAM_LDAP_PORT));
{ // socket test
final InetAddress inetAddress = InetAddress.getByName(host);
final SocketAddress socketAddress = new InetSocketAddress(inetAddress, port);
final Socket socket = new Socket();
final int timeout = 2000;
socket.connect(socketAddress, timeout);
}
if (Boolean.parseBoolean(formData.get(PARAM_LDAP_SECURE))) {
X509Utils.readRemoteCertificates(host, port);
}
}
private void restUpdateLdapForm(
final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
throws IOException, PwmUnrecoverableException {
final StoredConfiguration storedConfiguration = configGuideBean.getStoredConfiguration();
final Map<String, String> incomingFormData = pwmRequest.readBodyAsJsonStringMap();
if (incomingFormData != null) {
configGuideBean.getFormData().putAll(incomingFormData);
}
if (incomingFormData != null
&& incomingFormData.get(PARAM_TEMPLATE_NAME) != null
&& !incomingFormData.get(PARAM_TEMPLATE_NAME).isEmpty()) {
try {
final PwmSettingTemplate template =
PwmSettingTemplate.valueOf(incomingFormData.get(PARAM_TEMPLATE_NAME));
if (configGuideBean.getSelectedTemplate() != template) {
LOGGER.debug(
pwmRequest, "resetting form defaults using " + template.toString() + " template");
final Map<String, String> defaultForm = defaultForm(template);
configGuideBean.getFormData().putAll(defaultForm);
configGuideBean.setSelectedTemplate(template);
storedConfiguration.setTemplate(template);
{
final String settingValue = AppProperty.LDAP_PROMISCUOUS_ENABLE.getKey() + "=true";
storedConfiguration.writeSetting(
PwmSetting.APP_PROPERTY_OVERRIDES,
new StringArrayValue(Collections.singletonList(settingValue)),
null);
}
}
} catch (Exception e) {
LOGGER.error("unknown template set request: " + e.getMessage());
}
}
final RestResultBean restResultBean = new RestResultBean();
pwmRequest.outputJsonResult(restResultBean);
convertFormToConfiguration(
storedConfiguration, configGuideBean.getFormData(), incomingFormData);
// LOGGER.info("config: " + storedConfiguration.toString());
}
public static SchemaOperationResult extendSchema(
ConfigGuideBean configGuideBean, final boolean doSchemaExtension) {
final Map<String, String> form = configGuideBean.getFormData();
final boolean ldapServerSecure = "true".equalsIgnoreCase(form.get(PARAM_LDAP_SECURE));
final String ldapUrl =
"ldap"
+ (ldapServerSecure ? "s" : "")
+ "://"
+ form.get(PARAM_LDAP_HOST)
+ ":"
+ form.get(PARAM_LDAP_PORT);
try {
final ChaiConfiguration chaiConfiguration =
new ChaiConfiguration(
ldapUrl, form.get(PARAM_LDAP_PROXY_DN), form.get(PARAM_LDAP_PROXY_PW));
chaiConfiguration.setSetting(ChaiSetting.PROMISCUOUS_SSL, "true");
final ChaiProvider chaiProvider = ChaiProviderFactory.createProvider(chaiConfiguration);
if (doSchemaExtension) {
return SchemaManager.extendSchema(chaiProvider);
} else {
return SchemaManager.checkExistingSchema(chaiProvider);
}
} catch (Exception e) {
LOGGER.error("unable to create schema extender object: " + e.getMessage());
return null;
}
}
public static Map<String, String> placeholderForm(PwmSettingTemplate template) {
final Map<String, String> defaultLdapForm = new HashMap<>();
try {
final String defaultLdapUrlString = PwmSetting.LDAP_SERVER_URLS.getPlaceholder(template);
final URI uri = new URI(defaultLdapUrlString);
defaultLdapForm.put(PARAM_LDAP_HOST, uri.getHost());
defaultLdapForm.put(PARAM_LDAP_PORT, String.valueOf(uri.getPort()));
defaultLdapForm.put(
PARAM_LDAP_SECURE, "ldaps".equalsIgnoreCase(uri.getScheme()) ? "true" : "false");
defaultLdapForm.put(
PARAM_LDAP_PROXY_DN, PwmSetting.LDAP_PROXY_USER_DN.getPlaceholder(template));
defaultLdapForm.put(PARAM_LDAP_PROXY_PW, "");
defaultLdapForm.put(
PARAM_LDAP_CONTEXT, PwmSetting.LDAP_CONTEXTLESS_ROOT.getPlaceholder(template));
defaultLdapForm.put(
PARAM_LDAP_TEST_USER, PwmSetting.LDAP_TEST_USER_DN.getPlaceholder(template));
defaultLdapForm.put(
PARAM_LDAP_ADMIN_GROUP, PwmSetting.LDAP_TEST_USER_DN.getPlaceholder(template));
defaultLdapForm.put(
PARAM_CR_STORAGE_PREF,
(String)
PwmSetting.FORGOTTEN_PASSWORD_WRITE_PREFERENCE
.getDefaultValue(template)
.toNativeObject());
defaultLdapForm.put(PARAM_CONFIG_PASSWORD, "");
defaultLdapForm.put(PARAM_CONFIG_PASSWORD_VERIFY, "");
} catch (Exception e) {
LOGGER.error(
"error building static form values using default configuration: " + e.getMessage());
e.printStackTrace();
}
return Collections.unmodifiableMap(defaultLdapForm);
}
public static Map<String, String> defaultForm(PwmSettingTemplate template) {
final Map<String, String> defaultLdapForm = new HashMap<>();
try {
final String defaultLdapUrlString =
((List<String>) PwmSetting.LDAP_SERVER_URLS.getDefaultValue(template).toNativeObject())
.get(0);
final URI uri = new URI(defaultLdapUrlString);
defaultLdapForm.put(PARAM_LDAP_HOST, uri.getHost());
defaultLdapForm.put(PARAM_LDAP_PORT, String.valueOf(uri.getPort()));
defaultLdapForm.put(
PARAM_LDAP_SECURE, "ldaps".equalsIgnoreCase(uri.getScheme()) ? "true" : "false");
defaultLdapForm.put(
PARAM_LDAP_ADMIN_DN,
(String) PwmSetting.LDAP_PROXY_USER_DN.getDefaultValue(template).toNativeObject());
defaultLdapForm.put(PARAM_LDAP_ADMIN_PW, "");
defaultLdapForm.put(
PARAM_LDAP_CONTEXT,
((List<String>)
PwmSetting.LDAP_CONTEXTLESS_ROOT.getDefaultValue(template).toNativeObject())
.get(0));
defaultLdapForm.put(
PARAM_LDAP_TEST_USER,
(String) PwmSetting.LDAP_TEST_USER_DN.getDefaultValue(template).toNativeObject());
{
List<UserPermission> userPermissions =
(List<UserPermission>)
PwmSetting.QUERY_MATCH_PWM_ADMIN.getDefaultValue(template).toNativeObject();
final String groupDN =
userPermissions != null && userPermissions.size() > 0
? userPermissions.get(0).getLdapBase()
: "";
defaultLdapForm.put(PARAM_LDAP_ADMIN_GROUP, groupDN);
}
defaultLdapForm.put(
PARAM_CR_STORAGE_PREF,
(String)
PwmSetting.FORGOTTEN_PASSWORD_WRITE_PREFERENCE
.getDefaultValue(template)
.toNativeObject());
defaultLdapForm.put(PARAM_CONFIG_PASSWORD, "");
defaultLdapForm.put(PARAM_CONFIG_PASSWORD_VERIFY, "");
} catch (Exception e) {
LOGGER.error(
"error building static form values using default configuration: " + e.getMessage());
e.printStackTrace();
}
return Collections.unmodifiableMap(defaultLdapForm);
}