private static void checkConfiguration(final Configuration configuration)
throws PwmUnrecoverableException {
final String namingAttribute =
configuration.getDefaultLdapProfile().readSettingAsString(PwmSetting.LDAP_NAMING_ATTRIBUTE);
final List<FormConfiguration> formItems =
configuration.readSettingAsForm(PwmSetting.GUEST_FORM);
{
boolean namingIsInForm = false;
for (final FormConfiguration formItem : formItems) {
if (namingAttribute.equalsIgnoreCase(formItem.getName())) {
namingIsInForm = true;
}
}
if (!namingIsInForm) {
final String errorMsg =
"ldap naming attribute '"
+ namingAttribute
+ "' is not in form configuration, but is required";
final ErrorInformation errorInformation =
new ErrorInformation(
PwmError.ERROR_INVALID_CONFIG, errorMsg, new String[] {namingAttribute});
throw new PwmUnrecoverableException(errorInformation);
}
}
}
private static String determineUserDN(
final Map<FormConfiguration, String> formValues, final Configuration config)
throws PwmUnrecoverableException {
final String namingAttribute =
config.getDefaultLdapProfile().readSettingAsString(PwmSetting.LDAP_NAMING_ATTRIBUTE);
for (final FormConfiguration formItem : formValues.keySet()) {
if (namingAttribute.equals(formItem.getName())) {
final String namingValue = formValues.get(formItem);
final String gestUserContextDN = config.readSettingAsString(PwmSetting.GUEST_CONTEXT);
return namingAttribute + "=" + namingValue + "," + gestUserContextDN;
}
}
final String errorMsg =
"unable to determine new user DN due to missing form value for naming attribute '"
+ namingAttribute
+ '"';
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
}
private void restLdapHealth(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean)
throws IOException, PwmUnrecoverableException {
final Configuration tempConfiguration =
new Configuration(configGuideBean.getStoredConfiguration());
final PwmApplication tempApplication =
new PwmApplication.PwmEnvironment(
tempConfiguration, pwmRequest.getPwmApplication().getApplicationPath())
.setApplicationMode(PwmApplication.MODE.NEW)
.setInternalRuntimeInstance(true)
.setWebInfPath(pwmRequest.getPwmApplication().getWebInfPath())
.createPwmApplication();
final LDAPStatusChecker ldapStatusChecker = new LDAPStatusChecker();
final List<HealthRecord> records = new ArrayList<>();
final LdapProfile ldapProfile = tempConfiguration.getDefaultLdapProfile();
switch (configGuideBean.getStep()) {
case LDAP_SERVER:
{
try {
checkLdapServer(configGuideBean);
records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
} catch (Exception e) {
records.add(
new HealthRecord(
HealthStatus.WARN,
HealthTopic.LDAP,
"Can not connect to remote server: " + e.getMessage()));
}
}
break;
case LDAP_ADMIN:
{
records.addAll(
ldapStatusChecker.checkBasicLdapConnectivity(
tempApplication, tempConfiguration, ldapProfile, false));
if (records.isEmpty()) {
records.add(password.pwm.health.HealthRecord.forMessage(HealthMessage.LDAP_OK));
}
}
break;
case LDAP_CONTEXT:
{
records.addAll(
ldapStatusChecker.checkBasicLdapConnectivity(
tempApplication, tempConfiguration, ldapProfile, true));
if (records.isEmpty()) {
records.add(
new HealthRecord(
HealthStatus.GOOD, HealthTopic.LDAP, "LDAP Contextless Login Root validated"));
}
try {
final UserMatchViewerFunction userMatchViewerFunction = new UserMatchViewerFunction();
final Collection<UserIdentity> results =
userMatchViewerFunction.discoverMatchingUsers(
pwmRequest.getPwmApplication(),
2,
configGuideBean.getStoredConfiguration(),
PwmSetting.QUERY_MATCH_PWM_ADMIN,
null);
if (results.isEmpty()) {
records.add(
new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "No matching admin users"));
} else {
records.add(
new HealthRecord(HealthStatus.GOOD, HealthTopic.LDAP, "Admin group validated"));
}
} catch (PwmException e) {
records.add(
new HealthRecord(
HealthStatus.WARN,
HealthTopic.LDAP,
"Error during admin group validation: "
+ e.getErrorInformation().toDebugStr()));
} catch (Exception e) {
records.add(
new HealthRecord(
HealthStatus.WARN,
HealthTopic.LDAP,
"Error during admin group validation: " + e.getMessage()));
}
}
break;
case LDAP_TESTUSER:
{
final String testUserValue = configGuideBean.getFormData().get(PARAM_LDAP_TEST_USER);
if (testUserValue != null && !testUserValue.isEmpty()) {
records.addAll(
ldapStatusChecker.checkBasicLdapConnectivity(
tempApplication, tempConfiguration, ldapProfile, false));
records.addAll(
ldapStatusChecker.doLdapTestUserCheck(
tempConfiguration, ldapProfile, tempApplication));
} else {
records.add(
new HealthRecord(HealthStatus.CAUTION, HealthTopic.LDAP, "No test user specified"));
}
}
break;
}
HealthData jsonOutput = new HealthData();
jsonOutput.records =
password.pwm.ws.server.rest.bean.HealthRecord.fromHealthRecords(
records, pwmRequest.getLocale(), tempConfiguration);
jsonOutput.timestamp = new Date();
jsonOutput.overall = HealthMonitor.getMostSevereHealthStatus(records).toString();
final RestResultBean restResultBean = new RestResultBean();
restResultBean.setData(jsonOutput);
pwmRequest.outputJsonResult(restResultBean);
}
private void publishStatisticsToCloud()
throws URISyntaxException, IOException, PwmUnrecoverableException {
final StatsPublishBean statsPublishData;
{
final StatisticsBundle bundle = getStatBundleForKey(KEY_CUMULATIVE);
final Map<String, String> statData = new HashMap<>();
for (final Statistic loopStat : Statistic.values()) {
statData.put(loopStat.getKey(), bundle.getStatistic(loopStat));
}
final Configuration config = pwmApplication.getConfig();
final List<String> configuredSettings = new ArrayList<>();
for (final PwmSetting pwmSetting : config.nonDefaultSettings()) {
if (!pwmSetting.getCategory().hasProfiles() && !config.isDefaultValue(pwmSetting)) {
configuredSettings.add(pwmSetting.getKey());
}
}
final Map<String, String> otherData = new HashMap<>();
otherData.put(
StatsPublishBean.KEYS.SITE_URL.toString(),
config.readSettingAsString(PwmSetting.PWM_SITE_URL));
otherData.put(
StatsPublishBean.KEYS.SITE_DESCRIPTION.toString(),
config.readSettingAsString(PwmSetting.PUBLISH_STATS_SITE_DESCRIPTION));
otherData.put(
StatsPublishBean.KEYS.INSTALL_DATE.toString(),
PwmConstants.DEFAULT_DATETIME_FORMAT.format(pwmApplication.getInstallTime()));
try {
otherData.put(
StatsPublishBean.KEYS.LDAP_VENDOR.toString(),
pwmApplication
.getProxyChaiProvider(config.getDefaultLdapProfile().getIdentifier())
.getDirectoryVendor()
.toString());
} catch (Exception e) {
LOGGER.trace("unable to read ldap vendor type for stats publication: " + e.getMessage());
}
statsPublishData =
new StatsPublishBean(
pwmApplication.getInstanceID(),
new Date(),
statData,
configuredSettings,
PwmConstants.BUILD_NUMBER,
PwmConstants.BUILD_VERSION,
otherData);
}
final URI requestURI = new URI(PwmConstants.PWM_URL_CLOUD + "/rest/pwm/statistics");
final HttpPost httpPost = new HttpPost(requestURI.toString());
final String jsonDataString = JsonUtil.serialize(statsPublishData);
httpPost.setEntity(new StringEntity(jsonDataString));
httpPost.setHeader("Accept", PwmConstants.AcceptValue.json.getHeaderValue());
httpPost.setHeader("Content-Type", PwmConstants.ContentTypeValue.json.getHeaderValue());
LOGGER.debug(
"preparing to send anonymous statistics to "
+ requestURI.toString()
+ ", data to send: "
+ jsonDataString);
final HttpResponse httpResponse =
PwmHttpClient.getHttpClient(pwmApplication.getConfig()).execute(httpPost);
if (httpResponse.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
throw new IOException(
"http response error code: " + httpResponse.getStatusLine().getStatusCode());
}
LOGGER.info("published anonymous statistics to " + requestURI.toString());
try {
localDB.put(
LocalDB.DB.PWM_STATS,
KEY_CLOUD_PUBLISH_TIMESTAMP,
String.valueOf(System.currentTimeMillis()));
} catch (LocalDBException e) {
LOGGER.error(
"unexpected error trying to save last statistics published time to LocalDB: "
+ e.getMessage());
}
}
