public Vector<LDAPUser> getUserListLDAP() throws LDAPException { LDAPConnection connection = connectionPool.getConnection(); /*patron para la busqueda de todos los usuarios*/ String attb = "(" + atributoRol + "=" + rol + ")"; /*buequeda de todos los usuarios que cumplan el patron*/ LDAPSearchResults results = connection.search(base, LDAPv3.SCOPE_SUB, attb, null, false); LDAPAttribute ldapAttribute = null; LDAPUser usuario = null; LDAPEntry ldapEntry = null; Vector<LDAPUser> listUsers = new Vector<LDAPUser>(); /*guardamos los usuarios en un array de usuarios con la informaciĆ³n que nos interesa*/ while (results.hasMoreElements()) { usuario = new LDAPUser(); usuario = inicilizaUsuario(usuario); ldapEntry = (LDAPEntry) results.next(); ldapAttribute = ldapEntry.getAttribute("uid"); usuario.setName(ldapAttribute.getStringValues().nextElement().toString().toUpperCase()); ldapAttribute = ldapEntry.getAttribute("cn"); usuario.setNombreCompleto(ldapAttribute.getStringValues().nextElement().toString()); ldapAttribute = ldapEntry.getAttribute("sn"); usuario.setNombre(ldapAttribute.getStringValues().nextElement().toString()); ldapAttribute = ldapEntry.getAttribute("mail"); if (ldapAttribute != null) { usuario.setMail(ldapAttribute.getStringValues().nextElement().toString()); } listUsers.add(usuario); } connectionPool.close(connection); return listUsers; }
/** * Devuleve si un usuario dado con su password se autentica correctamente y posee el rol de la * aplicacion correspondiente * * @param user, usuario para validar * @param password, del usuario * @return true/false si se autentica correctamente o no * @throws LDAPException */ public boolean isValidUser(String user, String password) throws LDAPException { LDAPConnection connection = connectionPool.getConnection(); String attributeName = "uid"; String filter = "uid=" + user + "," + base; /* Se realiza la autenticacion del usuario con la password*/ connection.authenticate(filter, password); /* si es correcta se obtienen los atributos del usuario*/ LDAPSearchResults results = connection.search( base, LDAPv3.SCOPE_SUB, "(" + attributeName + "=" + user + ")", null, false); /* Se obtienen los valores para el atributo rol*/ LDAPAttribute ldapAttribute = null; LDAPEntry ldapEntry = null; while (results.hasMoreElements()) { ldapEntry = (LDAPEntry) results.next(); ldapAttribute = ldapEntry.getAttribute(atributoRol); } // ahora no vendrian en lista separadas por coma si no la lista String[] lista = ldapAttribute.getStringValueArray(); /* se cierra la conexion*/ connectionPool.close(connection); /* si comprueba si pertenece al rol correspondiente para la aplicacion*/ boolean resultado = perteneceGrupo(lista, rol); if (resultado) { logger.info("Autenticacion Ldap correcta"); } else { logger.info("Error de autenticaciĆ³n contra ldap"); } return resultado; }
public static void main(String[] args) { String host = null; String binddn = null; String baseDN = "mds-vo-name=local, o=grid"; String filter = "(objectclass=*)"; String qop = "auth-conf, auth"; boolean debug = false; int port = 389; int version = 3; for (int i = 0; i < args.length; i++) { if (args[i].equals("-h")) { host = args[++i]; } else if (args[i].equals("-p")) { port = Integer.parseInt(args[++i]); } else if (args[i].equals("-ver")) { version = Integer.parseInt(args[++i]); } else if (args[i].equals("-d")) { debug = true; } else if (args[i].equals("-D")) { binddn = args[++i]; } else if (args[i].equals("-b")) { baseDN = args[++i]; } else if (args[i].equals("-qop")) { qop = args[++i]; } else if (args[i].equalsIgnoreCase("-usage") || args[i].equalsIgnoreCase("-help")) { System.err.println("Usage: NetscapeTest -h [host] -p [port] -D [binddn] [-d] -b [baseDN]"); System.err.println("\tExample: NetscapeTest -h mds.globus.org -p 389 -r o=globus,c=us"); System.exit(1); } else { System.err.println("Invalid argument: " + args[i]); System.exit(1); } } if (host == null) { System.err.println("Error: hostname not specified!"); System.exit(1); } LDAPConnection ld = null; ld = new LDAPConnection(); Hashtable props = new Hashtable(); /* This property specifies where the implementation of * the GSI SASL mechanism for Netscape Directory SDK * can be found. */ props.put("javax.security.sasl.client.pkgs", "org.globus.mds.gsi.netscape"); /* This property specifies the quality of protection * value. It can be a comma separated list of protection * values in preference order. There are three possible * qop values: * "auth" - authentication only, * "auth-int" - authentication with integrity protection * (GSI without encryption) * "auth-conf" - authentication with integrity and privacy * protections. (GSI with encryption) * If not specified, defaults to "auth" */ props.put("javax.security.sasl.qop", qop); /* This property can be used to pass a specific * set of credentials for the GSI SASL mechanism * to use. It must be a GSSCredential object. * If not set, the defaut credential will be * used. */ // env.put(GSIMechanism.SECURITY_CREDENTIALS, cred); try { if (debug) { // to enable debugging ld.setProperty("debug", "true"); ld.setProperty(LDAPConnection.TRACE_PROPERTY, System.out); } ld.setOption(LDAPv2.PROTOCOL_VERSION, new Integer(version)); ld.connect(host, port); /* Authenticate to the server over SASL. * Use GSIMechanism.NAME for the GSI SASL mechanism. */ ld.authenticate(binddn, new String[] {GSIMechanism.NAME}, props, null); LDAPSearchResults myResults = null; myResults = ld.search(baseDN, LDAPv2.SCOPE_ONE, filter, null, false); while (myResults.hasMoreElements()) { LDAPEntry myEntry = myResults.next(); String nextDN = myEntry.getDN(); System.out.println(nextDN + ":"); LDAPAttributeSet entryAttrs = myEntry.getAttributeSet(); System.out.println(entryAttrs); System.out.println(); } } catch (Exception e) { System.err.println("NetscapeTest failed: " + e.getMessage()); e.printStackTrace(); } finally { try { ld.disconnect(); } catch (Exception ee) { } } }