protected LDAPAuthResult authenticate( LdapContext ctx, long companyId, Attributes attributes, String userDN, String password) throws Exception { LDAPAuthResult ldapAuthResult = new LDAPAuthResult(); // Check passwords by either doing a comparison between the passwords or // by binding to the LDAP server. If using LDAP password policies, bind // auth method must be used in order to get the result control codes. String authMethod = PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_AUTH_METHOD); InitialLdapContext innerCtx = null; if (authMethod.equals(AUTH_METHOD_BIND)) { try { Hashtable<String, Object> env = (Hashtable<String, Object>) ctx.getEnvironment(); env.put(Context.SECURITY_PRINCIPAL, userDN); env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.REFERRAL, PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_REFERRAL)); // Do not use pooling because principal changes env.put("com.sun.jndi.ldap.connect.pool", "false"); innerCtx = new InitialLdapContext(env, null); // Get LDAP bind results Control[] responseControls = innerCtx.getResponseControls(); ldapAuthResult.setAuthenticated(true); ldapAuthResult.setResponseControl(responseControls); } catch (Exception e) { if (_log.isDebugEnabled()) { _log.debug( "Failed to bind to the LDAP server with userDN " + userDN + " and password " + password); } _log.error("Failed to bind to the LDAP server", e); ldapAuthResult.setAuthenticated(false); ldapAuthResult.setErrorMessage(e.getMessage()); } finally { if (innerCtx != null) { innerCtx.close(); } } } else if (authMethod.equals(AUTH_METHOD_PASSWORD_COMPARE)) { Attribute userPassword = attributes.get("userPassword"); if (userPassword != null) { String ldapPassword = new String((byte[]) userPassword.get()); String encryptedPassword = password; String algorithm = PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_AUTH_PASSWORD_ENCRYPTION_ALGORITHM); if (Validator.isNotNull(algorithm)) { encryptedPassword = "******" + algorithm + "}" + PwdEncryptor.encrypt(algorithm, password, ldapPassword); } if (ldapPassword.equals(encryptedPassword)) { ldapAuthResult.setAuthenticated(true); } else { ldapAuthResult.setAuthenticated(false); if (_log.isWarnEnabled()) { _log.warn("Passwords do not match for userDN " + userDN); } } } } return ldapAuthResult; }
protected LDAPAuthResult authenticate( LdapContext ctx, long companyId, Attributes attributes, String userDN, String password) throws Exception { LDAPAuthResult ldapAuthResult = null; // Check passwords by either doing a comparison between the passwords or // by binding to the LDAP server. If using LDAP password policies, bind // auth method must be used in order to get the result control codes. LDAPAuthConfiguration ldapAuthConfiguration = _ldapAuthConfigurationProvider.getConfiguration(companyId); String authMethod = ldapAuthConfiguration.method(); SystemLDAPConfiguration systemLDAPConfiguration = _systemLDAPConfigurationProvider.getConfiguration(companyId); if (authMethod.equals(AUTH_METHOD_BIND)) { Hashtable<String, Object> env = (Hashtable<String, Object>) ctx.getEnvironment(); env.put(Context.REFERRAL, systemLDAPConfiguration.referral()); env.put(Context.SECURITY_CREDENTIALS, password); env.put(Context.SECURITY_PRINCIPAL, userDN); // Do not use pooling because principal changes env.put("com.sun.jndi.ldap.connect.pool", "false"); ldapAuthResult = getFailedLDAPAuthResult(env); if (ldapAuthResult != null) { return ldapAuthResult; } ldapAuthResult = new LDAPAuthResult(); InitialLdapContext initialLdapContext = null; try { initialLdapContext = new InitialLdapContext(env, null); // Get LDAP bind results Control[] responseControls = initialLdapContext.getResponseControls(); ldapAuthResult.setAuthenticated(true); ldapAuthResult.setResponseControl(responseControls); } catch (Exception e) { if (_log.isDebugEnabled()) { _log.debug( "Failed to bind to the LDAP server with userDN " + userDN + " and password " + password, e); } ldapAuthResult.setAuthenticated(false); ldapAuthResult.setErrorMessage(e.getMessage()); setFailedLDAPAuthResult(env, ldapAuthResult); } finally { if (initialLdapContext != null) { initialLdapContext.close(); } } } else if (authMethod.equals(AUTH_METHOD_PASSWORD_COMPARE)) { ldapAuthResult = new LDAPAuthResult(); Attribute userPassword = attributes.get("userPassword"); if (userPassword != null) { String ldapPassword = new String((byte[]) userPassword.get()); String encryptedPassword = password; String algorithm = ldapAuthConfiguration.passwordEncryptionAlgorithm(); if (Validator.isNotNull(algorithm)) { encryptedPassword = _passwordEncryptor.encrypt(algorithm, password, ldapPassword); } if (ldapPassword.equals(encryptedPassword)) { ldapAuthResult.setAuthenticated(true); } else { ldapAuthResult.setAuthenticated(false); if (_log.isDebugEnabled()) { _log.debug("Passwords do not match for userDN " + userDN); } } } } return ldapAuthResult; }