Browse Source

improve health checks for ldap dn settings

Jason Rivard 9 years ago
parent
commit
dccd9244fb

+ 1 - 0
src/main/java/password/pwm/health/HealthMessage.java

@@ -62,6 +62,7 @@ public enum HealthMessage {
     Config_URLNotSecure                     (HealthStatus.CAUTION,  HealthTopic.Configuration),
     Config_PasswordPolicyProblem            (HealthStatus.CONFIG,   HealthTopic.Configuration),
     Config_UserPermissionValidity           (HealthStatus.CONFIG,   HealthTopic.Configuration),
+    Config_DNValueValidity                  (HealthStatus.CONFIG,   HealthTopic.Configuration),
     Config_NoRecoveryEnabled                (HealthStatus.CAUTION,  HealthTopic.Configuration),
     Config_Certificate                      (HealthStatus.WARN,     HealthTopic.Configuration),
     LDAP_VendorsNotSame                     (HealthStatus.CONFIG,   HealthTopic.LDAP),

+ 42 - 5
src/main/java/password/pwm/health/LDAPStatusChecker.java

@@ -39,10 +39,7 @@ import password.pwm.PwmApplication;
 import password.pwm.PwmConstants;
 import password.pwm.bean.UserIdentity;
 import password.pwm.bean.UserInfoBean;
-import password.pwm.config.Configuration;
-import password.pwm.config.PwmSetting;
-import password.pwm.config.PwmSettingSyntax;
-import password.pwm.config.UserPermission;
+import password.pwm.config.*;
 import password.pwm.config.profile.LdapProfile;
 import password.pwm.config.profile.PwmPasswordPolicy;
 import password.pwm.error.ErrorInformation;
@@ -118,6 +115,8 @@ public class LDAPStatusChecker implements HealthChecker {
 
         returnRecords.addAll(checkUserPermissionValues(pwmApplication));
 
+        returnRecords.addAll(checkLdapDNSyntaxValues(pwmApplication));
+
         return returnRecords;
     }
 
@@ -571,6 +570,43 @@ public class LDAPStatusChecker implements HealthChecker {
         return returnList;
     }
 
+    private static List<HealthRecord> checkLdapDNSyntaxValues(final PwmApplication pwmApplication) {
+        final List<HealthRecord> returnList = new ArrayList<>();
+        final Configuration config = pwmApplication.getConfig();
+
+        try {
+            for (final PwmSetting pwmSetting : PwmSetting.values()) {
+                if (!pwmSetting.isHidden() && pwmSetting.getCategory() == PwmSettingCategory.LDAP_PROFILE && pwmSetting.getFlags().contains(PwmSettingFlag.ldapDNsyntax)) {
+                    for (final String profile : config.getLdapProfiles().keySet()) {
+                        if (pwmSetting.getSyntax() == PwmSettingSyntax.STRING) {
+                            final String value = config.getLdapProfiles().get(profile).readSettingAsString(pwmSetting);
+                            if (value != null && !value.isEmpty()) {
+                                final String errorMsg = validateDN(pwmApplication, value, profile);
+                                if (errorMsg != null) {
+                                    returnList.add(HealthRecord.forMessage(HealthMessage.Config_DNValueValidity, pwmSetting.toMenuLocationDebug(profile, PwmConstants.DEFAULT_LOCALE), errorMsg));
+                                }
+                            }
+                        } else if (pwmSetting.getSyntax() == PwmSettingSyntax.STRING_ARRAY) {
+                            final List<String> values = config.getLdapProfiles().get(profile).readSettingAsStringArray(pwmSetting);
+                            if (values != null) {
+                                for (String value : values) {
+                                    final String errorMsg = validateDN(pwmApplication, value, profile);
+                                    if (errorMsg != null) {
+                                        returnList.add(HealthRecord.forMessage(HealthMessage.Config_DNValueValidity, pwmSetting.toMenuLocationDebug(profile, PwmConstants.DEFAULT_LOCALE), errorMsg));
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        } catch (PwmUnrecoverableException e) {
+            LOGGER.warn("error while checking DN ldap syntax values: " + e.getMessage());
+        }
+
+        return returnList;
+    }
+
     private static List<HealthRecord> checkUserPermission(
             final PwmApplication pwmApplication,
             final UserPermission userPermission,
@@ -639,7 +675,8 @@ public class LDAPStatusChecker implements HealthChecker {
                 } else {
                     final String canonicalDN = baseDNEntry.readCanonicalDN();
                     if (!dnValue.equals(canonicalDN)) {
-                        return "DN '" + dnValue + "' is not the correct canonical value";
+                        return "DN '" + dnValue + "' is not the correct canonical value, the server reports the canonical value as '"
+                                + canonicalDN + "'";
                     }
                 }
             }

+ 2 - 1
src/main/resources/password/pwm/i18n/Health.properties

@@ -52,7 +52,8 @@ HealthMessage_Config_NoRecoveryEnabled=No forgotten password recovery options ar
 HealthMessage_Config_MissingProxyDN=Missing proxy user DN for profile %1%
 HealthMessage_Config_MissingProxyPassword=Missing proxy user password for profile %1%
 HealthMessage_Config_PasswordPolicyProblem=Password policy %1% configuration anomaly: %2%
-HealthMessage_Config_UserPermissionValidity=User Permission configuration for setting %1% issue: %2%
+HealthMessage_Config_UserPermissionValidity=User Permission configuration for setting %1% issue: %2%.  This may cause unexpected issues.
+HealthMessage_Config_DNValueValidity=LDAP DN configuration setting %1% issue: %2%.  This may cause unexpected issues.
 HealthMessage_Config_Certificate=Certificate for setting %1% issue: %2%
 HealthMessage_LDAP_VendorsNotSame=LDAP directories of different vendor types are in use.  This configuration may cause undesirable side effects and is not supported.  %1%
 HealthMessage_LDAP_Ad_History_Asn_Missing=%1% is enabled, but the server at %2% does not support this feature.  Check to be sure it is upgraded to Windows Server 2008 R2 SP1 or greater.  Password changes against this server may fail until this is resolved.

+ 1 - 1
src/main/webapp/public/resources/js/admin.js

@@ -629,7 +629,7 @@ PWM_ADMIN.showAppHealth = function(parentDivID, options, refreshNow) {
     var refreshUrl = inputOpts['sourceUrl'] || PWM_GLOBAL['url-restservice'] + "/health";
     var showRefresh = inputOpts['showRefresh'];
     var showTimestamp = inputOpts['showTimestamp'];
-    var refreshTime = inputOpts['refreshTime'] || 10 * 1000;
+    var refreshTime = inputOpts['refreshTime'] || 60 * 1000;
     var finishFunction = inputOpts['finishFunction'];
 
     console.log('starting showPwmHealth: refreshTime=' + refreshTime);