Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IDS-9532: LDAP server validation #165

Merged
merged 5 commits into from
Aug 2, 2023
Merged

IDS-9532: LDAP server validation #165

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
07a80c2
init
voxparcxls Jul 4, 2023
b9e41a5
Merge branch 'develop' into IDS-9532_Ldap-server-check
voxparcxls Jul 21, 2023
c914db3
add ldap server checker
voxparcxls Jul 25, 2023
ace58da
add warnings to ldap checker
voxparcxls Aug 1, 2023
3c99874
remove line
voxparcxls Aug 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
101 changes: 99 additions & 2 deletions cws-installer/src/main/java/jpl/cws/task/CwsInstaller.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -588,7 +588,27 @@ private static void setIdentityPluginType() throws UnsupportedOperationException

// PROMPT USER FOR LDAP SERVER URL
if (cws_installer_mode.equals("interactive")) {
cws_ldap_url = readLine("Enter the LDAP URL, default is " + cws_ldap_url + ": ", cws_ldap_url);
boolean valid_ldap_server = false;
while (!valid_ldap_server) {
String read_cws_ldap_url = readLine("Enter the LDAP URL. " + "Default is " + cws_ldap_url + ": ", cws_ldap_url);

try {
boolean checkLdapServer = checkLdapServerStatus(read_cws_ldap_url);
if (checkLdapServer == true) {
valid_ldap_server = true;
cws_ldap_url = read_cws_ldap_url;
} else {
valid_ldap_server = false;
print(" WARNING: LDAP (" + read_cws_ldap_url + ") cannot be reached." );
print(" Possible Issues: ");
print(" - Incorrect configuration of 'config/templates/tomcat_conf/ldap_plugin_bean.xml'.");
print(" - Can't contact LDAP server because of bad certificate in host machine.");
print(" - LDAP server is inactive.");
}
} catch(IOException e) {
// exception
}
}
}

cws_identity_plugin_class = ldap_identity_plugin_class;
Expand Down Expand Up @@ -1731,6 +1751,7 @@ private static void validateConfig() {
warningCount += validateDbConfig();
if (cws_auth_scheme.equals("LDAP")) {
try {
warningCount += validateLdapServer();
warningCount += validateLdapUserConfig();
} catch(IOException e) {
// exception
Expand Down Expand Up @@ -1939,9 +1960,85 @@ private static int validateDbConfig() {
return warningCount;
}

/**
* Validates the LDAP URL configuration.
*
*/
private static int validateLdapServer() throws IOException {
int warningCount = 0;
// VALIDATE LDAP SERVER
print("");
if (cws_auth_scheme.equals("LDAP")) {
print("checking that user provided LDAP Server (" + cws_ldap_url + ") is accessible...");
}

boolean checkLdapServer = checkLdapServerStatus(cws_ldap_url);
if (checkLdapServer == false) {
print(" [WARNING]");
print(" Possible Issues: ");
print(" - Incorrect configuration of 'config/templates/tomcat_conf/ldap_plugin_bean.xml'.");
print(" - Can't contact LDAP server because of bad certificate in host machine.");
print(" - LDAP server is inactive.");
return 1;
} else {
print(" [OK]");
}
return warningCount;
}

private static boolean checkLdapServerStatus(String ldapUrl) throws IOException {
//
// Check for LDAP Server accessibility
//
Path pluginBeanFilePath = Paths.get(config_templates_dir + SEP + "tomcat_conf" + SEP + "ldap_plugin_bean.xml");
String ldapBaseDn = getLdapBaseDnValue(pluginBeanFilePath);
String[] baseDnArray = ldapBaseDn.split(",");
String searchBase = baseDnArray[0];

Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
try {
DirContext ctx = new InitialDirContext(env);
SearchControls ctrl = new SearchControls();
ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);

String filter = "(&(" + searchBase + "))";
NamingEnumeration ldapQuery = ctx.search(ldapBaseDn, filter, ctrl);

if (!ldapQuery.hasMore()) {
print(" ERROR: LDAP server (" + ldapUrl + ")" + " Search Query return is empty. Server may be inactive.") ;
return false;
}

while (ldapQuery.hasMore()) {
SearchResult r = (SearchResult) ldapQuery.next();
if (r.getNameInNamespace().toString() != null || r.getNameInNamespace().length() == 0) {
break;
}
}
// Close the context
ctx.close();
} catch (AuthenticationNotSupportedException e) {
print(" ERROR: LDAP authentication failed with server " + ldapUrl + " (" + e.toString() + ")");
return false;
} catch (AuthenticationException e) {
print(" ERROR AuthenticationException: " + e.toString());
return false;
} catch (NamingException e) {
print(" ERROR NamingException: " + e.toString());
return false;
}
return true;
}

/**
* Validates the LDAP User Admin configuration.
*
*/
private static int validateLdapUserConfig() throws IOException {
int warningCount = 0;
// VALIDATE LDAP or CAM CONFIGURATION AND LDAP USER INFO RETREIVEL
// VALIDATE LDAP CONFIGURATION AND LDAP USER INFO RETREIVEL
print("");
if (cws_auth_scheme.equals("LDAP")) {
print("checking that user provided LDAP authentication profile (UID: " + cws_user + ") is valid...");
Expand Down