public Vector<LDAPUser> getUserListLDAP() throws LDAPException { LDAPConnection connection = connectionPool.getConnection(); /*patron para la busqueda de todos los usuarios*/ String attb = "(" + atributoRol + "=" + rol + ")"; /*buequeda de todos los usuarios que cumplan el patron*/ LDAPSearchResults results = connection.search(base, LDAPv3.SCOPE_SUB, attb, null, false); LDAPAttribute ldapAttribute = null; LDAPUser usuario = null; LDAPEntry ldapEntry = null; Vector<LDAPUser> listUsers = new Vector<LDAPUser>(); /*guardamos los usuarios en un array de usuarios con la informaciĆ³n que nos interesa*/ while (results.hasMoreElements()) { usuario = new LDAPUser(); usuario = inicilizaUsuario(usuario); ldapEntry = (LDAPEntry) results.next(); ldapAttribute = ldapEntry.getAttribute("uid"); usuario.setName(ldapAttribute.getStringValues().nextElement().toString().toUpperCase()); ldapAttribute = ldapEntry.getAttribute("cn"); usuario.setNombreCompleto(ldapAttribute.getStringValues().nextElement().toString()); ldapAttribute = ldapEntry.getAttribute("sn"); usuario.setNombre(ldapAttribute.getStringValues().nextElement().toString()); ldapAttribute = ldapEntry.getAttribute("mail"); if (ldapAttribute != null) { usuario.setMail(ldapAttribute.getStringValues().nextElement().toString()); } listUsers.add(usuario); } connectionPool.close(connection); return listUsers; }
/** * Devuleve si un usuario dado con su password se autentica correctamente y posee el rol de la * aplicacion correspondiente * * @param user, usuario para validar * @param password, del usuario * @return true/false si se autentica correctamente o no * @throws LDAPException */ public boolean isValidUser(String user, String password) throws LDAPException { LDAPConnection connection = connectionPool.getConnection(); String attributeName = "uid"; String filter = "uid=" + user + "," + base; /* Se realiza la autenticacion del usuario con la password*/ connection.authenticate(filter, password); /* si es correcta se obtienen los atributos del usuario*/ LDAPSearchResults results = connection.search( base, LDAPv3.SCOPE_SUB, "(" + attributeName + "=" + user + ")", null, false); /* Se obtienen los valores para el atributo rol*/ LDAPAttribute ldapAttribute = null; LDAPEntry ldapEntry = null; while (results.hasMoreElements()) { ldapEntry = (LDAPEntry) results.next(); ldapAttribute = ldapEntry.getAttribute(atributoRol); } // ahora no vendrian en lista separadas por coma si no la lista String[] lista = ldapAttribute.getStringValueArray(); /* se cierra la conexion*/ connectionPool.close(connection); /* si comprueba si pertenece al rol correspondiente para la aplicacion*/ boolean resultado = perteneceGrupo(lista, rol); if (resultado) { logger.info("Autenticacion Ldap correcta"); } else { logger.info("Error de autenticaciĆ³n contra ldap"); } return resultado; }
private synchronized boolean getEntries() { CMS.debug("DBVirtualList.getEntries()"); // Specify necessary controls for vlist // LDAPSearchConstraints cons = mConn.getSearchConstraints(); LDAPSearchConstraints cons = new LDAPSearchConstraints(); cons.setMaxResults(0); if (mPageControls != null) { cons.setServerControls(mPageControls); // System.out.println( "setting vlist control" ); } // Empty the buffer mEntries.removeAllElements(); // Do a search try { // what happen if there is no matching? String ldapFilter = mRegistry.getFilter(mFilter); String ldapAttrs[] = null; LDAPSearchResults result; if (mAttrs != null) { ldapAttrs = mRegistry.getLDAPAttributes(mAttrs); /* LDAPv2.SCOPE_BASE: (search only the base DN) LDAPv2.SCOPE_ONE: (search only entries under the base DN) LDAPv2.SCOPE_SUB: (search the base DN and all entries within its subtree) */ result = mConn.search(mBase, LDAPConnection.SCOPE_ONE, ldapFilter, ldapAttrs, false, cons); } else { result = mConn.search(mBase, LDAPConnection.SCOPE_ONE, ldapFilter, null, false, cons); } if (result == null) { return false; } int damageCounter = 0; while (result.hasMoreElements()) { LDAPEntry entry = (LDAPEntry) result.nextElement(); try { // maintain mEntries as vector of LDAPEntry @SuppressWarnings("unchecked") E o = (E) mRegistry.createObject(entry.getAttributeSet()); mEntries.addElement(o); } catch (Exception e) { CMS.debug("Exception " + e); /*LogDoc * * @phase local ldap search * @reason Failed to get enties. * @message DBVirtualList: <exception thrown> */ mLogger.log( ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_DBS_VL_ADD", e.toString())); // #539044 damageCounter++; if (damageCounter > 100) { mLogger.log( ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, CMS.getLogMessage( "CMSCORE_DBS_VL_CORRUPTED_ENTRIES", Integer.toString(damageCounter))); return false; } } } } catch (Exception e) { /*LogDoc * * @phase local ldap search * @reason Failed to get enties. * @message DBVirtualList: <exception thrown> */ CMS.debug("getEntries: exception " + e); mLogger.log( ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString())); } // System.out.println( "Returning " + mEntries.size() + // " entries" ); CMS.debug("DBVirtualList: entries: " + mEntries.size()); return true; }
public static void main(String[] args) { String host = null; String binddn = null; String baseDN = "mds-vo-name=local, o=grid"; String filter = "(objectclass=*)"; String qop = "auth-conf, auth"; boolean debug = false; int port = 389; int version = 3; for (int i = 0; i < args.length; i++) { if (args[i].equals("-h")) { host = args[++i]; } else if (args[i].equals("-p")) { port = Integer.parseInt(args[++i]); } else if (args[i].equals("-ver")) { version = Integer.parseInt(args[++i]); } else if (args[i].equals("-d")) { debug = true; } else if (args[i].equals("-D")) { binddn = args[++i]; } else if (args[i].equals("-b")) { baseDN = args[++i]; } else if (args[i].equals("-qop")) { qop = args[++i]; } else if (args[i].equalsIgnoreCase("-usage") || args[i].equalsIgnoreCase("-help")) { System.err.println("Usage: NetscapeTest -h [host] -p [port] -D [binddn] [-d] -b [baseDN]"); System.err.println("\tExample: NetscapeTest -h mds.globus.org -p 389 -r o=globus,c=us"); System.exit(1); } else { System.err.println("Invalid argument: " + args[i]); System.exit(1); } } if (host == null) { System.err.println("Error: hostname not specified!"); System.exit(1); } LDAPConnection ld = null; ld = new LDAPConnection(); Hashtable props = new Hashtable(); /* This property specifies where the implementation of * the GSI SASL mechanism for Netscape Directory SDK * can be found. */ props.put("javax.security.sasl.client.pkgs", "org.globus.mds.gsi.netscape"); /* This property specifies the quality of protection * value. It can be a comma separated list of protection * values in preference order. There are three possible * qop values: * "auth" - authentication only, * "auth-int" - authentication with integrity protection * (GSI without encryption) * "auth-conf" - authentication with integrity and privacy * protections. (GSI with encryption) * If not specified, defaults to "auth" */ props.put("javax.security.sasl.qop", qop); /* This property can be used to pass a specific * set of credentials for the GSI SASL mechanism * to use. It must be a GSSCredential object. * If not set, the defaut credential will be * used. */ // env.put(GSIMechanism.SECURITY_CREDENTIALS, cred); try { if (debug) { // to enable debugging ld.setProperty("debug", "true"); ld.setProperty(LDAPConnection.TRACE_PROPERTY, System.out); } ld.setOption(LDAPv2.PROTOCOL_VERSION, new Integer(version)); ld.connect(host, port); /* Authenticate to the server over SASL. * Use GSIMechanism.NAME for the GSI SASL mechanism. */ ld.authenticate(binddn, new String[] {GSIMechanism.NAME}, props, null); LDAPSearchResults myResults = null; myResults = ld.search(baseDN, LDAPv2.SCOPE_ONE, filter, null, false); while (myResults.hasMoreElements()) { LDAPEntry myEntry = myResults.next(); String nextDN = myEntry.getDN(); System.out.println(nextDN + ":"); LDAPAttributeSet entryAttrs = myEntry.getAttributeSet(); System.out.println(entryAttrs); System.out.println(); } } catch (Exception e) { System.err.println("NetscapeTest failed: " + e.getMessage()); e.printStackTrace(); } finally { try { ld.disconnect(); } catch (Exception ee) { } } }