pwm-project
diff --git a/‎server/src/main/java/password/pwm/AppProperty.java
Lines changed: 2 additions & 0 deletions b/‎server/src/main/java/password/pwm/AppProperty.java
Lines changed: 2 additions & 0 deletions
diff --git a/‎server/src/main/java/password/pwm/config/profile/NewUserProfile.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/config/profile/NewUserProfile.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/health/ConfigurationChecker.java
Lines changed: 19 additions & 18 deletions b/‎server/src/main/java/password/pwm/health/ConfigurationChecker.java
Lines changed: 19 additions & 18 deletions
diff --git a/‎server/src/main/java/password/pwm/health/HealthMessage.java
Lines changed: 3 additions & 1 deletion b/‎server/src/main/java/password/pwm/health/HealthMessage.java
Lines changed: 3 additions & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/health/LDAPHealthChecker.java
Lines changed: 39 additions & 35 deletions b/‎server/src/main/java/password/pwm/health/LDAPHealthChecker.java
Lines changed: 39 additions & 35 deletions
diff --git a/‎server/src/main/java/password/pwm/health/LocalDBHealthChecker.java
Lines changed: 23 additions & 0 deletions b/‎server/src/main/java/password/pwm/health/LocalDBHealthChecker.java
Lines changed: 23 additions & 0 deletions
diff --git a/‎server/src/main/java/password/pwm/http/servlet/GuestRegistrationServlet.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/http/servlet/GuestRegistrationServlet.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/http/servlet/admin/UserDebugDataReader.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/http/servlet/admin/UserDebugDataReader.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServlet.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServlet.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServletUtil.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/http/servlet/changepw/ChangePasswordServletUtil.java
Lines changed: 1 addition & 1 deletion
@@ -196,6 +196,7 @@ public enum AppProperty
     HEALTHCHECK_MAX_FORCE_WAIT                      ( "healthCheck.maximumForceCheckWaitSeconds" ),
     HEALTH_SUPPORT_BUNDLE_WRITE_INTERVAL_SECONDS    ( "health.supportBundle.file.writeIntervalSeconds" ),
     HEALTH_SUPPORT_BUNDLE_FILE_WRITE_COUNT          ( "health.supportBundle.file.writeRetentionCount" ),
+    HEALTH_DISK_MIN_FREE_WARNING                    ( "health.disk.minFreeWarning" ),
     HEALTH_CERTIFICATE_WARN_SECONDS                 ( "health.certificate.warnSeconds" ),
     HEALTH_LDAP_CAUTION_DURATION_MS                 ( "health.ldap.cautionDurationMS" ),
     HEALTH_LDAP_PROXY_WARN_PW_EXPIRE_SECONDS        ( "health.ldap.proxy.pwExpireWarnSeconds" ),
@@ -363,6 +364,7 @@ public enum AppProperty
     WORDLIST_CHAR_LENGTH_MIN                        ( "wordlist.minCharLength" ),
     WORDLIST_IMPORT_AUTO_IMPORT_RECHECK_SECONDS     ( "wordlist.import.autoImportRecheckSeconds" ),
     WORDLIST_IMPORT_DURATION_GOAL_MS                ( "wordlist.import.durationGoalMS" ),
+    WORDLIST_IMPORT_MIN_FREE_SPACE                  ( "wordlist.import.minFreeSpace" ),
     WORDLIST_IMPORT_MIN_TRANSACTIONS                ( "wordlist.import.minTransactions" ),
     WORDLIST_IMPORT_MAX_TRANSACTIONS                ( "wordlist.import.maxTransactions" ),
     WORDLIST_IMPORT_MAX_CHARS_TRANSACTIONS          ( "wordlist.import.maxCharsTransactions" ),
 
@@ -35,7 +35,7 @@
 import password.pwm.error.PwmError;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.util.java.TimeDuration;
-import password.pwm.util.operations.PasswordUtility;
+import password.pwm.util.password.PasswordUtility;
 
 import java.time.Instant;
 import java.util.HashMap;
 
@@ -45,7 +45,7 @@
 import password.pwm.util.i18n.LocaleHelper;
 import password.pwm.util.java.StringUtil;
 import password.pwm.util.logging.PwmLogger;
-import password.pwm.util.operations.PasswordUtility;
+import password.pwm.util.password.PasswordUtility;
 
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -194,30 +194,31 @@ private List<HealthRecord> passwordStrengthChecks(
 
         for ( final PwmSetting setting : PwmSetting.values() )
         {
-            if ( setting.getSyntax() == PwmSettingSyntax.PASSWORD )
+            if (
+                    setting.getSyntax() == PwmSettingSyntax.PASSWORD
+                            && !setting.getCategory().hasProfiles()
+                            && !config.isDefaultValue( setting )
+            )
             {
-                if ( !setting.getCategory().hasProfiles() )
+                try
                 {
-                    if ( !config.isDefaultValue( setting ) )
+                    final PasswordData passwordValue = config.readSettingAsPassword( setting );
+                    final String stringValue = passwordValue.getStringValue();
+                    if ( !StringUtil.isEmpty( stringValue ) )
                     {
-                        try
+                        final int strength = PasswordUtility.judgePasswordStrength( config, stringValue );
+                        if ( strength < 50 )
                         {
-                            final PasswordData passwordValue = config.readSettingAsPassword( setting );
-                            final int strength = PasswordUtility.judgePasswordStrength( config,
-                                    passwordValue.getStringValue() );
-                            if ( strength < 50 )
-                            {
-                                records.add( HealthRecord.forMessage( HealthMessage.Config_WeakPassword,
-                                        setting.toMenuLocationDebug( null, locale ), String.valueOf( strength ) ) );
-                            }
-                        }
-                        catch ( Exception e )
-                        {
-                            LOGGER.error( SessionLabel.HEALTH_SESSION_LABEL, "error while inspecting setting "
-                                    + setting.toMenuLocationDebug( null, locale ) + ", error: " + e.getMessage() );
+                            records.add( HealthRecord.forMessage( HealthMessage.Config_WeakPassword,
+                                    setting.toMenuLocationDebug( null, locale ), String.valueOf( strength ) ) );
                         }
                     }
                 }
+                catch ( Exception e )
+                {
+                    LOGGER.error( SessionLabel.HEALTH_SESSION_LABEL, "error while inspecting setting "
+                            + setting.toMenuLocationDebug( null, locale ) + ", error: " + e.getMessage() );
+                }
             }
         }
         for ( final LdapProfile profile : config.getLdapProfiles().values() )
 
@@ -83,6 +83,7 @@ public enum HealthMessage
     LocalDB_BAD( HealthStatus.WARN, HealthTopic.LocalDB ),
     LocalDB_NEW( HealthStatus.WARN, HealthTopic.LocalDB ),
     LocalDB_CLOSED( HealthStatus.WARN, HealthTopic.LocalDB ),
+    LocalDB_LowDiskSpace( HealthStatus.WARN, HealthTopic.LocalDB ),
     LocalDBLogger_NOTOPEN( HealthStatus.CAUTION, HealthTopic.LocalDB ),
     LocalDBLogger_HighRecordCount( HealthStatus.CAUTION, HealthTopic.LocalDB ),
     LocalDBLogger_OldRecordPresent( HealthStatus.CAUTION, HealthTopic.LocalDB ),
@@ -91,7 +92,8 @@ public enum HealthMessage
     ServiceClosed_LocalDBUnavail( HealthStatus.CAUTION, HealthTopic.Application ),
     ServiceClosed_AppReadOnly( HealthStatus.CAUTION, HealthTopic.Application ),
     SMS_SendFailure( HealthStatus.WARN, HealthTopic.SMS ),
-    Wordlist_AutoImportFailure( HealthStatus.WARN, HealthTopic.Configuration ),;
+    Wordlist_AutoImportFailure( HealthStatus.WARN, HealthTopic.Configuration ),
+    Wordlist_ImportInProgress( HealthStatus.CAUTION, HealthTopic.Application ),;
 
     private final HealthStatus status;
     private final HealthTopic topic;
 
@@ -54,13 +54,13 @@
 import password.pwm.ldap.UserInfo;
 import password.pwm.ldap.UserInfoFactory;
 import password.pwm.util.PasswordData;
-import password.pwm.util.password.RandomPasswordGenerator;
 import password.pwm.util.i18n.LocaleHelper;
 import password.pwm.util.java.JavaHelper;
 import password.pwm.util.java.StringUtil;
 import password.pwm.util.java.TimeDuration;
 import password.pwm.util.logging.PwmLogger;
-import password.pwm.util.operations.PasswordUtility;
+import password.pwm.util.password.PasswordUtility;
+import password.pwm.util.password.RandomPasswordGenerator;
 import password.pwm.ws.server.rest.bean.HealthData;
 
 import java.io.Serializable;
@@ -78,6 +78,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Optional;
 import java.util.Set;
 
 public class LDAPHealthChecker implements HealthChecker
@@ -857,14 +858,11 @@ private static List<HealthRecord> checkLdapDNSyntaxValues( final PwmApplication
                             final String value = config.getLdapProfiles().get( profile ).readSettingAsString( pwmSetting );
                             if ( value != null && !value.isEmpty() )
                             {
-                                final String errorMsg = validateDN( pwmApplication, value, profile );
-                                if ( errorMsg != null )
-                                {
-                                    returnList.add( HealthRecord.forMessage(
-                                            HealthMessage.Config_DNValueValidity,
-                                            pwmSetting.toMenuLocationDebug( profile, PwmConstants.DEFAULT_LOCALE ), errorMsg )
-                                    );
-                                }
+                                final Optional<String> errorMsg = validateDN( pwmApplication, value, profile );
+                                errorMsg.ifPresent( s -> returnList.add( HealthRecord.forMessage(
+                                        HealthMessage.Config_DNValueValidity,
+                                        pwmSetting.toMenuLocationDebug( profile, PwmConstants.DEFAULT_LOCALE ), s )
+                                ) );
                             }
                         }
                         else if ( pwmSetting.getSyntax() == PwmSettingSyntax.STRING_ARRAY )
@@ -874,14 +872,11 @@ else if ( pwmSetting.getSyntax() == PwmSettingSyntax.STRING_ARRAY )
                             {
                                 for ( final String value : values )
                                 {
-                                    final String errorMsg = validateDN( pwmApplication, value, profile );
-                                    if ( errorMsg != null )
-                                    {
-                                        returnList.add( HealthRecord.forMessage(
-                                                HealthMessage.Config_DNValueValidity,
-                                                pwmSetting.toMenuLocationDebug( profile, PwmConstants.DEFAULT_LOCALE ), errorMsg )
-                                        );
-                                    }
+                                    final Optional<String> errorMsg = validateDN( pwmApplication, value, profile );
+                                    errorMsg.ifPresent( s -> returnList.add( HealthRecord.forMessage(
+                                            HealthMessage.Config_DNValueValidity,
+                                            pwmSetting.toMenuLocationDebug( profile, PwmConstants.DEFAULT_LOCALE ), s )
+                                    ) );
                                 }
                             }
                         }
@@ -985,7 +980,7 @@ private static List<HealthRecord> checkUserPermission(
             }
             else
             {
-                if ( config.getLdapProfiles().keySet().contains( configuredLdapProfileID ) )
+                if ( config.getLdapProfiles().containsKey( configuredLdapProfileID ) )
                 {
                     ldapProfilesToCheck.add( configuredLdapProfileID );
                 }
@@ -1009,11 +1004,10 @@ private static List<HealthRecord> checkUserPermission(
                     final String groupDN = userPermission.getLdapBase();
                     if ( groupDN != null && !isExampleDN( groupDN ) )
                     {
-                        final String errorMsg = validateDN( pwmApplication, groupDN, ldapProfileID );
-                        if ( errorMsg != null )
-                        {
-                            returnList.add( HealthRecord.forMessage( HealthMessage.Config_UserPermissionValidity, settingDebugName, "groupDN: " + errorMsg ) );
-                        }
+                        final Optional<String> errorMsg = validateDN( pwmApplication, groupDN, ldapProfileID );
+                        errorMsg.ifPresent( s -> returnList.add( HealthRecord.forMessage(
+                                HealthMessage.Config_UserPermissionValidity,
+                                settingDebugName, "groupDN: " + s ) ) );
                     }
                 }
                 break;
@@ -1023,11 +1017,10 @@ private static List<HealthRecord> checkUserPermission(
                     final String baseDN = userPermission.getLdapBase();
                     if ( baseDN != null && !isExampleDN( baseDN ) )
                     {
-                        final String errorMsg = validateDN( pwmApplication, baseDN, ldapProfileID );
-                        if ( errorMsg != null )
-                        {
-                            returnList.add( HealthRecord.forMessage( HealthMessage.Config_UserPermissionValidity, settingDebugName, "baseDN: " + errorMsg ) );
-                        }
+                        final Optional<String> errorMsg = validateDN( pwmApplication, baseDN, ldapProfileID );
+                        errorMsg.ifPresent( s -> returnList.add( HealthRecord.forMessage(
+                                HealthMessage.Config_UserPermissionValidity,
+                                settingDebugName, "baseDN: " + s ) ) );
                     }
                 }
                 break;
@@ -1039,9 +1032,18 @@ private static List<HealthRecord> checkUserPermission(
         return returnList;
     }
 
-    private static String validateDN( final PwmApplication pwmApplication, final String dnValue, final String ldapProfileID )
+    private static Optional<String> validateDN(
+            final PwmApplication pwmApplication,
+            final String dnValue,
+            final String ldapProfileID
+    )
             throws PwmUnrecoverableException
     {
+        if ( StringUtil.isEmpty( dnValue ) )
+        {
+            return Optional.empty();
+        }
+
         final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider( ldapProfileID );
         try
         {
@@ -1050,15 +1052,15 @@ private static String validateDN( final PwmApplication pwmApplication, final Str
                 final ChaiEntry baseDNEntry = chaiProvider.getEntryFactory().newChaiEntry( dnValue );
                 if ( !baseDNEntry.exists() )
                 {
-                    return "DN '" + dnValue + "' is invalid";
+                    return Optional.of( "DN '" + dnValue + "' is invalid" );
                 }
                 else
                 {
                     final String canonicalDN = baseDNEntry.readCanonicalDN();
                     if ( !dnValue.equals( canonicalDN ) )
                     {
-                        return "DN '" + dnValue + "' is not the correct canonical value, the server reports the canonical value as '"
-                                + canonicalDN + "'";
+                        return Optional.of( "DN '" + dnValue + "' is not the correct canonical value, the server reports the canonical value as '"
+                                + canonicalDN + "'" );
                     }
                 }
             }
@@ -1071,19 +1073,21 @@ private static String validateDN( final PwmApplication pwmApplication, final Str
         {
             LOGGER.error( "error while evaluating ldap DN '" + dnValue + "', error: " + e.getMessage() );
         }
-        return null;
+        return Optional.empty();
     }
 
     private static boolean isExampleDN( final String dnValue )
     {
-        if ( dnValue == null )
+        if ( StringUtil.isEmpty( dnValue ) )
         {
             return false;
         }
+
         final String[] exampleSuffixes = new String[] {
                 "DC=site,DC=example,DC=net",
                 "ou=groups,o=example",
         };
+
         for ( final String suffix : exampleSuffixes )
         {
             if ( dnValue.endsWith( suffix ) )
 
@@ -20,10 +20,16 @@
 
 package password.pwm.health;
 
+import password.pwm.AppProperty;
 import password.pwm.PwmApplication;
+import password.pwm.config.Configuration;
+import password.pwm.util.java.FileSystemUtility;
+import password.pwm.util.java.JavaHelper;
+import password.pwm.util.java.StringUtil;
 import password.pwm.util.localdb.LocalDB;
 
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 public class LocalDBHealthChecker implements HealthChecker
@@ -58,11 +64,28 @@ public List<HealthRecord> doHealthCheck( final PwmApplication pwmApplication )
             return healthRecords;
         }
 
+        healthRecords.addAll( checkSpaceRemaining( pwmApplication ) );
+
         if ( healthRecords.isEmpty() )
         {
             healthRecords.add( HealthRecord.forMessage( HealthMessage.LocalDB_OK ) );
         }
 
         return healthRecords;
     }
+
+    private List<HealthRecord> checkSpaceRemaining( final PwmApplication pwmApplication )
+    {
+        final Configuration configuration = pwmApplication.getConfig();
+        final long minFreeSpace = JavaHelper.silentParseLong( configuration.readAppProperty( AppProperty.HEALTH_DISK_MIN_FREE_WARNING ), 500_000_000 );
+        final long freeSpace = FileSystemUtility.diskSpaceRemaining( pwmApplication.getLocalDB().getFileLocation() );
+
+        if ( freeSpace < minFreeSpace )
+        {
+            final String spaceValue = StringUtil.formatDiskSizeforDebug( freeSpace );
+            return Collections.singletonList( HealthRecord.forMessage( HealthMessage.LocalDB_LowDiskSpace, spaceValue ) );
+        }
+
+        return Collections.emptyList();
+    }
 }
@@ -60,7 +60,7 @@
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.macro.MacroMachine;
 import password.pwm.util.operations.ActionExecutor;
-import password.pwm.util.operations.PasswordUtility;
+import password.pwm.util.password.PasswordUtility;
 
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
 
@@ -40,7 +40,7 @@
 import password.pwm.svc.pwnotify.PwNotifyUserStatus;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.macro.MacroMachine;
-import password.pwm.util.operations.PasswordUtility;
+import password.pwm.util.password.PasswordUtility;
 
 import java.util.Collections;
 import java.util.List;
 
@@ -59,7 +59,7 @@
 import password.pwm.util.java.TimeDuration;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.macro.MacroMachine;
-import password.pwm.util.operations.PasswordUtility;
+import password.pwm.util.password.PasswordUtility;
 import password.pwm.util.password.PwmPasswordRuleValidator;
 import password.pwm.util.password.RandomPasswordGenerator;
 import password.pwm.ws.server.RestResultBean;
 
@@ -46,7 +46,7 @@
 import password.pwm.svc.event.AuditEvent;
 import password.pwm.util.PasswordData;
 import password.pwm.util.logging.PwmLogger;
-import password.pwm.util.operations.PasswordUtility;
+import password.pwm.util.password.PasswordUtility;
 
 import java.util.Locale;
 import java.util.Map;
Original file line number	Diff line number	Diff line change
`@@ -54,13 +54,13 @@`
`54`	`54`	`import password.pwm.ldap.UserInfo;`
`55`	`55`	`import password.pwm.ldap.UserInfoFactory;`
`56`	`56`	`import password.pwm.util.PasswordData;`
`57`		`-import password.pwm.util.password.RandomPasswordGenerator;`
`58`	`57`	`import password.pwm.util.i18n.LocaleHelper;`
`59`	`58`	`import password.pwm.util.java.JavaHelper;`
`60`	`59`	`import password.pwm.util.java.StringUtil;`
`61`	`60`	`import password.pwm.util.java.TimeDuration;`
`62`	`61`	`import password.pwm.util.logging.PwmLogger;`
`63`		`-import password.pwm.util.operations.PasswordUtility;`
	`62`	`+import password.pwm.util.password.PasswordUtility;`
	`63`	`+import password.pwm.util.password.RandomPasswordGenerator;`
`64`	`64`	`import password.pwm.ws.server.rest.bean.HealthData;`
`65`	`65`
`66`	`66`	`import java.io.Serializable;`
`@@ -78,6 +78,7 @@`
`78`	`78`	`import java.util.List;`
`79`	`79`	`import java.util.Locale;`
`80`	`80`	`import java.util.Map;`
	`81`	`+import java.util.Optional;`
`81`	`82`	`import java.util.Set;`
`82`	`83`
`83`	`84`	`public class LDAPHealthChecker implements HealthChecker`
`@@ -857,14 +858,11 @@ private static List<HealthRecord> checkLdapDNSyntaxValues( final PwmApplication`
`857`	`858`	`final String value = config.getLdapProfiles().get( profile ).readSettingAsString( pwmSetting );`
`858`	`859`	`if ( value != null && !value.isEmpty() )`
`859`	`860`	`{`
`860`		`- final String errorMsg = validateDN( pwmApplication, value, profile );`
`861`		`- if ( errorMsg != null )`
`862`		`- {`
`863`		`- returnList.add( HealthRecord.forMessage(`
`864`		`- HealthMessage.Config_DNValueValidity,`
`865`		`- pwmSetting.toMenuLocationDebug( profile, PwmConstants.DEFAULT_LOCALE ), errorMsg )`
`866`		`- );`
`867`		`- }`
	`861`	`+ final Optional<String> errorMsg = validateDN( pwmApplication, value, profile );`
	`862`	`+ errorMsg.ifPresent( s -> returnList.add( HealthRecord.forMessage(`
	`863`	`+ HealthMessage.Config_DNValueValidity,`
	`864`	`+ pwmSetting.toMenuLocationDebug( profile, PwmConstants.DEFAULT_LOCALE ), s )`
	`865`	`+ ) );`
`868`	`866`	`}`
`869`	`867`	`}`
`870`	`868`	`else if ( pwmSetting.getSyntax() == PwmSettingSyntax.STRING_ARRAY )`
`@@ -874,14 +872,11 @@ else if ( pwmSetting.getSyntax() == PwmSettingSyntax.STRING_ARRAY )`
`874`	`872`	`{`
`875`	`873`	`for ( final String value : values )`
`876`	`874`	`{`
`877`		`- final String errorMsg = validateDN( pwmApplication, value, profile );`
`878`		`- if ( errorMsg != null )`
`879`		`- {`
`880`		`- returnList.add( HealthRecord.forMessage(`
`881`		`- HealthMessage.Config_DNValueValidity,`
`882`		`- pwmSetting.toMenuLocationDebug( profile, PwmConstants.DEFAULT_LOCALE ), errorMsg )`
`883`		`- );`
`884`		`- }`
	`875`	`+ final Optional<String> errorMsg = validateDN( pwmApplication, value, profile );`
	`876`	`+ errorMsg.ifPresent( s -> returnList.add( HealthRecord.forMessage(`
	`877`	`+ HealthMessage.Config_DNValueValidity,`
	`878`	`+ pwmSetting.toMenuLocationDebug( profile, PwmConstants.DEFAULT_LOCALE ), s )`
	`879`	`+ ) );`
`885`	`880`	`}`
`886`	`881`	`}`
`887`	`882`	`}`
`@@ -985,7 +980,7 @@ private static List<HealthRecord> checkUserPermission(`
`985`	`980`	`}`
`986`	`981`	`else`
`987`	`982`	`{`
`988`		`- if ( config.getLdapProfiles().keySet().contains( configuredLdapProfileID ) )`
	`983`	`+ if ( config.getLdapProfiles().containsKey( configuredLdapProfileID ) )`
`989`	`984`	`{`
`990`	`985`	`ldapProfilesToCheck.add( configuredLdapProfileID );`
`991`	`986`	`}`
`@@ -1009,11 +1004,10 @@ private static List<HealthRecord> checkUserPermission(`
`1009`	`1004`	`final String groupDN = userPermission.getLdapBase();`
`1010`	`1005`	`if ( groupDN != null && !isExampleDN( groupDN ) )`
`1011`	`1006`	`{`
`1012`		`- final String errorMsg = validateDN( pwmApplication, groupDN, ldapProfileID );`
`1013`		`- if ( errorMsg != null )`
`1014`		`- {`
`1015`		`- returnList.add( HealthRecord.forMessage( HealthMessage.Config_UserPermissionValidity, settingDebugName, "groupDN: " + errorMsg ) );`
`1016`		`- }`
	`1007`	`+ final Optional<String> errorMsg = validateDN( pwmApplication, groupDN, ldapProfileID );`
	`1008`	`+ errorMsg.ifPresent( s -> returnList.add( HealthRecord.forMessage(`
	`1009`	`+ HealthMessage.Config_UserPermissionValidity,`
	`1010`	`+ settingDebugName, "groupDN: " + s ) ) );`
`1017`	`1011`	`}`
`1018`	`1012`	`}`
`1019`	`1013`	`break;`
`@@ -1023,11 +1017,10 @@ private static List<HealthRecord> checkUserPermission(`
`1023`	`1017`	`final String baseDN = userPermission.getLdapBase();`
`1024`	`1018`	`if ( baseDN != null && !isExampleDN( baseDN ) )`
`1025`	`1019`	`{`
`1026`		`- final String errorMsg = validateDN( pwmApplication, baseDN, ldapProfileID );`
`1027`		`- if ( errorMsg != null )`
`1028`		`- {`
`1029`		`- returnList.add( HealthRecord.forMessage( HealthMessage.Config_UserPermissionValidity, settingDebugName, "baseDN: " + errorMsg ) );`
`1030`		`- }`
	`1020`	`+ final Optional<String> errorMsg = validateDN( pwmApplication, baseDN, ldapProfileID );`
	`1021`	`+ errorMsg.ifPresent( s -> returnList.add( HealthRecord.forMessage(`
	`1022`	`+ HealthMessage.Config_UserPermissionValidity,`
	`1023`	`+ settingDebugName, "baseDN: " + s ) ) );`
`1031`	`1024`	`}`
`1032`	`1025`	`}`
`1033`	`1026`	`break;`
`@@ -1039,9 +1032,18 @@ private static List<HealthRecord> checkUserPermission(`
`1039`	`1032`	`return returnList;`
`1040`	`1033`	`}`
`1041`	`1034`
`1042`		`- private static String validateDN( final PwmApplication pwmApplication, final String dnValue, final String ldapProfileID )`
	`1035`	`+ private static Optional<String> validateDN(`
	`1036`	`+ final PwmApplication pwmApplication,`
	`1037`	`+ final String dnValue,`
	`1038`	`+ final String ldapProfileID`
	`1039`	`+ )`
`1043`	`1040`	`throws PwmUnrecoverableException`
`1044`	`1041`	`{`
	`1042`	`+ if ( StringUtil.isEmpty( dnValue ) )`
	`1043`	`+ {`
	`1044`	`+ return Optional.empty();`
	`1045`	`+ }`
	`1046`	`+`
`1045`	`1047`	`final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider( ldapProfileID );`
`1046`	`1048`	`try`
`1047`	`1049`	`{`
`@@ -1050,15 +1052,15 @@ private static String validateDN( final PwmApplication pwmApplication, final Str`
`1050`	`1052`	`final ChaiEntry baseDNEntry = chaiProvider.getEntryFactory().newChaiEntry( dnValue );`
`1051`	`1053`	`if ( !baseDNEntry.exists() )`
`1052`	`1054`	`{`
`1053`		`- return "DN '" + dnValue + "' is invalid";`
	`1055`	`+ return Optional.of( "DN '" + dnValue + "' is invalid" );`
`1054`	`1056`	`}`
`1055`	`1057`	`else`
`1056`	`1058`	`{`
`1057`	`1059`	`final String canonicalDN = baseDNEntry.readCanonicalDN();`
`1058`	`1060`	`if ( !dnValue.equals( canonicalDN ) )`
`1059`	`1061`	`{`
`1060`		`- return "DN '" + dnValue + "' is not the correct canonical value, the server reports the canonical value as '"`
`1061`		`- + canonicalDN + "'";`
	`1062`	`+ return Optional.of( "DN '" + dnValue + "' is not the correct canonical value, the server reports the canonical value as '"`
	`1063`	`+ + canonicalDN + "'" );`
`1062`	`1064`	`}`
`1063`	`1065`	`}`
`1064`	`1066`	`}`
`@@ -1071,19 +1073,21 @@ private static String validateDN( final PwmApplication pwmApplication, final Str`
`1071`	`1073`	`{`
`1072`	`1074`	`LOGGER.error( "error while evaluating ldap DN '" + dnValue + "', error: " + e.getMessage() );`
`1073`	`1075`	`}`
`1074`		`- return null;`
	`1076`	`+ return Optional.empty();`
`1075`	`1077`	`}`
`1076`	`1078`
`1077`	`1079`	`private static boolean isExampleDN( final String dnValue )`
`1078`	`1080`	`{`
`1079`		`- if ( dnValue == null )`
	`1081`	`+ if ( StringUtil.isEmpty( dnValue ) )`
`1080`	`1082`	`{`
`1081`	`1083`	`return false;`
`1082`	`1084`	`}`
	`1085`	`+`
`1083`	`1086`	`final String[] exampleSuffixes = new String[] {`
`1084`	`1087`	`"DC=site,DC=example,DC=net",`
`1085`	`1088`	`"ou=groups,o=example",`
`1086`	`1089`	`};`
	`1090`	`+`
`1087`	`1091`	`for ( final String suffix : exampleSuffixes )`
`1088`	`1092`	`{`
`1089`	`1093`	`if ( dnValue.endsWith( suffix ) )`