private static String getLdapUrlFromFormConfig(final Map<String, String> ldapForm) { final String ldapServerIP = ldapForm.get(PARAM_LDAP_HOST); final String ldapServerPort = ldapForm.get(PARAM_LDAP_PORT); final boolean ldapServerSecure = "true".equalsIgnoreCase(ldapForm.get(PARAM_LDAP_SECURE)); return "ldap" + (ldapServerSecure ? "s" : "") + "://" + ldapServerIP + ":" + ldapServerPort; }
private void restUpdateLdapForm( final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean) throws IOException, PwmUnrecoverableException { final StoredConfigurationImpl storedConfiguration = configGuideBean.getStoredConfiguration(); final Map<String, String> incomingFormData = pwmRequest.readBodyAsJsonStringMap(); if (incomingFormData != null) { configGuideBean.getFormData().putAll(incomingFormData); } if (incomingFormData != null && incomingFormData.get(PARAM_TEMPLATE_NAME) != null && !incomingFormData.get(PARAM_TEMPLATE_NAME).isEmpty()) { try { final PwmSettingTemplate template = PwmSettingTemplate.valueOf(incomingFormData.get(PARAM_TEMPLATE_NAME)); if (configGuideBean.getSelectedTemplate() != template) { LOGGER.debug( pwmRequest, "resetting form defaults using " + template.toString() + " template"); final Map<String, String> defaultForm = defaultForm(template); configGuideBean.getFormData().putAll(defaultForm); configGuideBean.setSelectedTemplate(template); storedConfiguration.setTemplate(template); } } catch (Exception e) { LOGGER.error("unknown template set request: " + e.getMessage()); } } final RestResultBean restResultBean = new RestResultBean(); pwmRequest.outputJsonResult(restResultBean); convertFormToConfiguration( storedConfiguration, configGuideBean.getFormData(), incomingFormData); // LOGGER.info("config: " + storedConfiguration.toString()); }
public static SchemaOperationResult extendSchema( ConfigGuideBean configGuideBean, final boolean doSchemaExtension) { final Map<String, String> form = configGuideBean.getFormData(); final boolean ldapServerSecure = "true".equalsIgnoreCase(form.get(PARAM_LDAP_SECURE)); final String ldapUrl = "ldap" + (ldapServerSecure ? "s" : "") + "://" + form.get(PARAM_LDAP_HOST) + ":" + form.get(PARAM_LDAP_PORT); try { final ChaiConfiguration chaiConfiguration = new ChaiConfiguration( ldapUrl, form.get(PARAM_LDAP_PROXY_DN), form.get(PARAM_LDAP_PROXY_PW)); chaiConfiguration.setSetting(ChaiSetting.PROMISCUOUS_SSL, "true"); final ChaiProvider chaiProvider = ChaiProviderFactory.createProvider(chaiConfiguration); if (doSchemaExtension) { return SchemaManager.extendSchema(chaiProvider); } else { return SchemaManager.checkExistingSchema(chaiProvider); } } catch (Exception e) { LOGGER.error("unable to create schema extender object: " + e.getMessage()); return null; } }
private void restBrowseLdap(final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean) throws IOException, ServletException, PwmUnrecoverableException { final StoredConfigurationImpl storedConfiguration = StoredConfigurationImpl.copy(configGuideBean.getStoredConfiguration()); if (configGuideBean.getStep() == STEP.LDAP_ADMIN) { storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_KEY, null); storedConfiguration.resetSetting(PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_KEY, null); } final Date startTime = new Date(); final Map<String, String> inputMap = pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation); final String profile = inputMap.get("profile"); final String dn = inputMap.containsKey("dn") ? inputMap.get("dn") : ""; final LdapBrowser ldapBrowser = new LdapBrowser(storedConfiguration); final LdapBrowser.LdapBrowseResult result = ldapBrowser.doBrowse(profile, dn); ldapBrowser.close(); LOGGER.trace( pwmRequest, "performed ldapBrowse operation in " + TimeDuration.fromCurrent(startTime).asCompactString() + ", result=" + JsonUtil.serialize(result)); pwmRequest.outputJsonResult(new RestResultBean(result)); }
private void checkLdapServer(ConfigGuideBean configGuideBean) throws PwmOperationalException, IOException { final Map<String, String> formData = configGuideBean.getFormData(); final String host = formData.get(PARAM_LDAP_HOST); final int port = Integer.parseInt(formData.get(PARAM_LDAP_PORT)); if (Boolean.parseBoolean(formData.get(PARAM_LDAP_SECURE))) { X509Utils.readRemoteCertificates(host, port); } else { InetAddress addr = InetAddress.getByName(host); SocketAddress sockaddr = new InetSocketAddress(addr, port); Socket sock = new Socket(); // this method will block for the defined number of milliseconds int timeout = 2000; sock.connect(sockaddr, timeout); } }
public static void convertFormToConfiguration( final StoredConfigurationImpl storedConfiguration, final Map<String, String> ldapForm, final Map<String, String> incomingLdapForm) throws PwmUnrecoverableException { { final String newLdapURI = getLdapUrlFromFormConfig(ldapForm); final StringArrayValue newValue = new StringArrayValue(Collections.singletonList(newLdapURI)); storedConfiguration.writeSetting( PwmSetting.LDAP_SERVER_URLS, LDAP_PROFILE_KEY, newValue, null); } { // proxy/admin account final String ldapAdminDN = ldapForm.get(PARAM_LDAP_PROXY_DN); final String ldapAdminPW = ldapForm.get(PARAM_LDAP_PROXY_PW); storedConfiguration.writeSetting( PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_KEY, new StringValue(ldapAdminDN), null); final PasswordValue passwordValue = new PasswordValue(PasswordData.forStringValue(ldapAdminPW)); storedConfiguration.writeSetting( PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_KEY, passwordValue, null); } storedConfiguration.writeSetting( PwmSetting.LDAP_CONTEXTLESS_ROOT, LDAP_PROFILE_KEY, new StringArrayValue(Collections.singletonList(ldapForm.get(PARAM_LDAP_CONTEXT))), null); { final String ldapContext = ldapForm.get(PARAM_LDAP_CONTEXT); storedConfiguration.writeSetting( PwmSetting.LDAP_CONTEXTLESS_ROOT, LDAP_PROFILE_KEY, new StringArrayValue(Collections.singletonList(ldapContext)), null); } { final String ldapTestUserDN = ldapForm.get(PARAM_LDAP_TEST_USER); storedConfiguration.writeSetting( PwmSetting.LDAP_TEST_USER_DN, LDAP_PROFILE_KEY, new StringValue(ldapTestUserDN), null); } { // set admin query final String groupDN = ldapForm.get(PARAM_LDAP_ADMIN_GROUP); final List<UserPermission> userPermissions = Collections.singletonList( new UserPermission(UserPermission.Type.ldapGroup, null, null, groupDN)); storedConfiguration.writeSetting( PwmSetting.QUERY_MATCH_PWM_ADMIN, new UserPermissionValue(userPermissions), null); } // set context based on ldap dn if (incomingLdapForm.containsKey(PARAM_APP_SITEURL)) { ldapForm.put(PARAM_APP_SITEURL, incomingLdapForm.get(PARAM_APP_SITEURL)); } storedConfiguration.writeSetting( PwmSetting.PWM_SITE_URL, new StringValue(ldapForm.get(PARAM_APP_SITEURL)), null); }
private void checkLdapServer(ConfigGuideBean configGuideBean) throws PwmOperationalException, IOException { final Map<String, String> formData = configGuideBean.getFormData(); final String host = formData.get(PARAM_LDAP_HOST); final int port = Integer.parseInt(formData.get(PARAM_LDAP_PORT)); { // socket test final InetAddress inetAddress = InetAddress.getByName(host); final SocketAddress socketAddress = new InetSocketAddress(inetAddress, port); final Socket socket = new Socket(); final int timeout = 2000; socket.connect(socketAddress, timeout); } if (Boolean.parseBoolean(formData.get(PARAM_LDAP_SECURE))) { X509Utils.readRemoteCertificates(host, port); } }
private void restUpdateLdapForm( final PwmRequest pwmRequest, final ConfigGuideBean configGuideBean) throws IOException, PwmUnrecoverableException { final StoredConfiguration storedConfiguration = configGuideBean.getStoredConfiguration(); final Map<String, String> incomingFormData = pwmRequest.readBodyAsJsonStringMap(); if (incomingFormData != null) { configGuideBean.getFormData().putAll(incomingFormData); } if (incomingFormData != null && incomingFormData.get(PARAM_TEMPLATE_NAME) != null && !incomingFormData.get(PARAM_TEMPLATE_NAME).isEmpty()) { try { final PwmSettingTemplate template = PwmSettingTemplate.valueOf(incomingFormData.get(PARAM_TEMPLATE_NAME)); if (configGuideBean.getSelectedTemplate() != template) { LOGGER.debug( pwmRequest, "resetting form defaults using " + template.toString() + " template"); final Map<String, String> defaultForm = defaultForm(template); configGuideBean.getFormData().putAll(defaultForm); configGuideBean.setSelectedTemplate(template); storedConfiguration.setTemplate(template); { final String settingValue = AppProperty.LDAP_PROMISCUOUS_ENABLE.getKey() + "=true"; storedConfiguration.writeSetting( PwmSetting.APP_PROPERTY_OVERRIDES, new StringArrayValue(Collections.singletonList(settingValue)), null); } } } catch (Exception e) { LOGGER.error("unknown template set request: " + e.getMessage()); } } final RestResultBean restResultBean = new RestResultBean(); pwmRequest.outputJsonResult(restResultBean); convertFormToConfiguration( storedConfiguration, configGuideBean.getFormData(), incomingFormData); // LOGGER.info("config: " + storedConfiguration.toString()); }
static Set<TokenVerificationProgress.TokenChannel> determineTokenPhaseRequired( final PwmRequest pwmRequest, final UpdateProfileBean updateProfileBean, final UpdateAttributesProfile updateAttributesProfile) throws PwmUnrecoverableException { final Set<TokenVerificationProgress.TokenChannel> returnObj = new HashSet<>(); final Map<String, String> userFormData = updateProfileBean.getFormData(); Map<String, String> ldapData = null; if (updateAttributesProfile.readSettingAsBoolean( PwmSetting.UPDATE_PROFILE_EMAIL_VERIFICATION)) { final String emailAddressAttribute = pwmRequest.getConfig().readSettingAsString(PwmSetting.EMAIL_USER_MAIL_ATTRIBUTE); if (userFormData.containsKey(emailAddressAttribute)) { ldapData = formDataFromLdap(pwmRequest, updateAttributesProfile); if (userFormData.get(emailAddressAttribute) != null && !userFormData .get(emailAddressAttribute) .equalsIgnoreCase(ldapData.get(emailAddressAttribute))) { returnObj.add(TokenVerificationProgress.TokenChannel.EMAIL); } } else { LOGGER.warn( pwmRequest, "email verification enabled, but email attribute '" + emailAddressAttribute + "' is not in update form"); } } if (updateAttributesProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_SMS_VERIFICATION)) { final String phoneNumberAttribute = pwmRequest.getConfig().readSettingAsString(PwmSetting.SMS_USER_PHONE_ATTRIBUTE); if (userFormData.containsKey(phoneNumberAttribute)) { if (ldapData == null) { ldapData = formDataFromLdap(pwmRequest, updateAttributesProfile); } if (userFormData.get(phoneNumberAttribute) != null && !userFormData .get(phoneNumberAttribute) .equalsIgnoreCase(ldapData.get(phoneNumberAttribute))) { returnObj.add(TokenVerificationProgress.TokenChannel.SMS); } } else { LOGGER.warn( pwmRequest, "sms verification enabled, but phone attribute '" + phoneNumberAttribute + "' is not in update form"); } } return returnObj; }