/**
* connect and/or authenticate at LDAP server.
*
* @throws LDAPException
*/
private synchronized void checkAndconnect() throws LDAPException {
if (!ldapConnection.isConnected()) {
if (logger.isDebugEnabled()) logger.debug("connecting server: {}", ldapHostName);
ldapConnection.connect(ldapVersion, ldapHostName, ldapPort, ldapAuthDN, ldapPwd);
}
if (!ldapConnection.isAuthenticated()) {
if (logger.isDebugEnabled()) logger.debug("authenticate at server: {}", ldapHostName);
ldapConnection.authenticate(ldapVersion, ldapAuthDN, ldapPwd);
}
}
/**
* Devuleve si un usuario dado con su password se autentica correctamente y posee el rol de la
* aplicacion correspondiente
*
* @param user, usuario para validar
* @param password, del usuario
* @return true/false si se autentica correctamente o no
* @throws LDAPException
*/
public boolean isValidUser(String user, String password) throws LDAPException {
LDAPConnection connection = connectionPool.getConnection();
String attributeName = "uid";
String filter = "uid=" + user + "," + base;
/* Se realiza la autenticacion del usuario con la password*/
connection.authenticate(filter, password);
/* si es correcta se obtienen los atributos del usuario*/
LDAPSearchResults results =
connection.search(
base, LDAPv3.SCOPE_SUB, "(" + attributeName + "=" + user + ")", null, false);
/* Se obtienen los valores para el atributo rol*/
LDAPAttribute ldapAttribute = null;
LDAPEntry ldapEntry = null;
while (results.hasMoreElements()) {
ldapEntry = (LDAPEntry) results.next();
ldapAttribute = ldapEntry.getAttribute(atributoRol);
}
// ahora no vendrian en lista separadas por coma si no la lista
String[] lista = ldapAttribute.getStringValueArray();
/* se cierra la conexion*/
connectionPool.close(connection);
/* si comprueba si pertenece al rol correspondiente para la aplicacion*/
boolean resultado = perteneceGrupo(lista, rol);
if (resultado) {
logger.info("Autenticacion Ldap correcta");
} else {
logger.info("Error de autenticación contra ldap");
}
return resultado;
}
public static void main(String[] args) {
String host = null;
String binddn = null;
String baseDN = "mds-vo-name=local, o=grid";
String filter = "(objectclass=*)";
String qop = "auth-conf, auth";
boolean debug = false;
int port = 389;
int version = 3;
for (int i = 0; i < args.length; i++) {
if (args[i].equals("-h")) {
host = args[++i];
} else if (args[i].equals("-p")) {
port = Integer.parseInt(args[++i]);
} else if (args[i].equals("-ver")) {
version = Integer.parseInt(args[++i]);
} else if (args[i].equals("-d")) {
debug = true;
} else if (args[i].equals("-D")) {
binddn = args[++i];
} else if (args[i].equals("-b")) {
baseDN = args[++i];
} else if (args[i].equals("-qop")) {
qop = args[++i];
} else if (args[i].equalsIgnoreCase("-usage") || args[i].equalsIgnoreCase("-help")) {
System.err.println("Usage: NetscapeTest -h [host] -p [port] -D [binddn] [-d] -b [baseDN]");
System.err.println("\tExample: NetscapeTest -h mds.globus.org -p 389 -r o=globus,c=us");
System.exit(1);
} else {
System.err.println("Invalid argument: " + args[i]);
System.exit(1);
}
}
if (host == null) {
System.err.println("Error: hostname not specified!");
System.exit(1);
}
LDAPConnection ld = null;
ld = new LDAPConnection();
Hashtable props = new Hashtable();
/* This property specifies where the implementation of
* the GSI SASL mechanism for Netscape Directory SDK
* can be found.
*/
props.put("javax.security.sasl.client.pkgs", "org.globus.mds.gsi.netscape");
/* This property specifies the quality of protection
* value. It can be a comma separated list of protection
* values in preference order. There are three possible
* qop values:
* "auth" - authentication only,
* "auth-int" - authentication with integrity protection
* (GSI without encryption)
* "auth-conf" - authentication with integrity and privacy
* protections. (GSI with encryption)
* If not specified, defaults to "auth"
*/
props.put("javax.security.sasl.qop", qop);
/* This property can be used to pass a specific
* set of credentials for the GSI SASL mechanism
* to use. It must be a GSSCredential object.
* If not set, the defaut credential will be
* used.
*/
// env.put(GSIMechanism.SECURITY_CREDENTIALS, cred);
try {
if (debug) {
// to enable debugging
ld.setProperty("debug", "true");
ld.setProperty(LDAPConnection.TRACE_PROPERTY, System.out);
}
ld.setOption(LDAPv2.PROTOCOL_VERSION, new Integer(version));
ld.connect(host, port);
/* Authenticate to the server over SASL.
* Use GSIMechanism.NAME for the GSI SASL mechanism.
*/
ld.authenticate(binddn, new String[] {GSIMechanism.NAME}, props, null);
LDAPSearchResults myResults = null;
myResults = ld.search(baseDN, LDAPv2.SCOPE_ONE, filter, null, false);
while (myResults.hasMoreElements()) {
LDAPEntry myEntry = myResults.next();
String nextDN = myEntry.getDN();
System.out.println(nextDN + ":");
LDAPAttributeSet entryAttrs = myEntry.getAttributeSet();
System.out.println(entryAttrs);
System.out.println();
}
} catch (Exception e) {
System.err.println("NetscapeTest failed: " + e.getMessage());
e.printStackTrace();
} finally {
try {
ld.disconnect();
} catch (Exception ee) {
}
}
}