IDS-9532: LDAP server validation (#165)

* init * add ldap server checker * add warnings to ldap checker * remove line
NASA-AMMOS · Aug 2, 2023 · fa8eef4 · fa8eef4
1 parent edf5658
commit fa8eef4
Showing 1 changed file with 99 additions and 2 deletions.
diff --git a/cws-installer/src/main/java/jpl/cws/task/CwsInstaller.java b/cws-installer/src/main/java/jpl/cws/task/CwsInstaller.java
@@ -588,7 +588,27 @@ private static void setIdentityPluginType() throws UnsupportedOperationException
 
 				// PROMPT USER FOR LDAP SERVER URL
 				if (cws_installer_mode.equals("interactive")) {
-					cws_ldap_url = readLine("Enter the LDAP URL, default is " + cws_ldap_url + ": ", cws_ldap_url);
+					boolean valid_ldap_server = false;
+					while (!valid_ldap_server) {
+						String read_cws_ldap_url = readLine("Enter the LDAP URL. " + "Default is " + cws_ldap_url + ": ", cws_ldap_url);
+
+						try {
+							boolean checkLdapServer = checkLdapServerStatus(read_cws_ldap_url);
+							if (checkLdapServer == true) {
+								valid_ldap_server = true;
+								cws_ldap_url = read_cws_ldap_url;
+							} else {
+								valid_ldap_server = false;
+								print("   WARNING: LDAP (" + read_cws_ldap_url + ") cannot be reached." );
+								print("       Possible Issues: ");
+								print("        - Incorrect configuration of 'config/templates/tomcat_conf/ldap_plugin_bean.xml'.");
+								print("        - Can't contact LDAP server because of bad certificate in host machine.");
+								print("        - LDAP server is inactive.");
+							}
+						} catch(IOException e) {
+							// exception
+						}
+					}
 				}
 
 				cws_identity_plugin_class = ldap_identity_plugin_class;
@@ -1731,6 +1751,7 @@ private static void validateConfig() {
 		warningCount += validateDbConfig();
 		if (cws_auth_scheme.equals("LDAP")) {
 			try {
+				warningCount += validateLdapServer();
 				warningCount += validateLdapUserConfig();
 			} catch(IOException e) {
 				// exception
@@ -1939,9 +1960,85 @@ private static int validateDbConfig() {
 		return warningCount;
 	}
 
+	/**
+	 * Validates the LDAP URL configuration.
+	 *
+	 */
+	private static int validateLdapServer() throws IOException {
+		int warningCount = 0;
+		// VALIDATE LDAP SERVER
+		print("");
+		if (cws_auth_scheme.equals("LDAP")) {
+			print("checking that user provided LDAP Server (" + cws_ldap_url + ") is accessible...");
+		}
+
+		boolean checkLdapServer = checkLdapServerStatus(cws_ldap_url);
+		if (checkLdapServer == false) {
+			print("   [WARNING]");
+			print("       Possible Issues: ");
+			print("        - Incorrect configuration of 'config/templates/tomcat_conf/ldap_plugin_bean.xml'.");
+			print("        - Can't contact LDAP server because of bad certificate in host machine.");
+			print("        - LDAP server is inactive.");
+			return 1;
+		} else {
+			print("   [OK]");
+		}
+		return warningCount;
+	}
+
+	private static boolean checkLdapServerStatus(String ldapUrl) throws IOException {
+		//
+		// Check for LDAP Server accessibility
+		//
+		Path pluginBeanFilePath = Paths.get(config_templates_dir + SEP + "tomcat_conf" + SEP + "ldap_plugin_bean.xml");
+		String ldapBaseDn = getLdapBaseDnValue(pluginBeanFilePath);
+		String[] baseDnArray = ldapBaseDn.split(",");
+		String searchBase = baseDnArray[0];
+
+		Hashtable env = new Hashtable();
+		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+		env.put(Context.PROVIDER_URL, ldapUrl);
+		try {
+			DirContext ctx = new InitialDirContext(env);
+			SearchControls ctrl = new SearchControls();
+			ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);
+
+			String filter = "(&(" + searchBase + "))";
+			NamingEnumeration ldapQuery = ctx.search(ldapBaseDn, filter, ctrl);
+
+			if (!ldapQuery.hasMore()) {
+				print("   ERROR: LDAP server (" + ldapUrl + ")" + " Search Query return is empty. Server may be inactive.") ;
+				return false;
+			}
+
+			while (ldapQuery.hasMore()) {
+				SearchResult r = (SearchResult) ldapQuery.next();
+				if (r.getNameInNamespace().toString() != null || r.getNameInNamespace().length() == 0) {
+					break;
+				}
+			}
+			// Close the context
+			ctx.close();
+		} catch (AuthenticationNotSupportedException e) {
+			print("   ERROR: LDAP authentication failed with server " + ldapUrl + " (" + e.toString() + ")");
+			return false;
+		} catch (AuthenticationException e) {
+			print("   ERROR AuthenticationException: " + e.toString());
+			return false;
+		} catch (NamingException e) {
+			print("   ERROR NamingException: " + e.toString());
+			return false;
+		}
+		return true;
+	}
+
+	/**
+	 * Validates the LDAP User Admin configuration.
+	 *
+	 */
 	private static int validateLdapUserConfig() throws IOException {
 		int warningCount = 0;
-		// VALIDATE LDAP or CAM CONFIGURATION AND LDAP USER INFO RETREIVEL
+		// VALIDATE LDAP CONFIGURATION AND LDAP USER INFO RETREIVEL
 		print("");
 		if (cws_auth_scheme.equals("LDAP")) {
 			print("checking that user provided LDAP authentication profile (UID: " + cws_user + ") is valid...");