protected String getDnForUser(String userId) {
LdapUserEntity user =
(LdapUserEntity)
createUserQuery(org.camunda.bpm.engine.impl.context.Context.getCommandContext())
.userId(userId)
.singleResult();
if (user == null) {
return "";
} else {
return user.getDn();
}
}
public boolean checkPassword(String userId, String password) {
// prevent a null password
if (password == null) {
return false;
}
// engine can't work without users
if (userId == null || userId.isEmpty()) {
return false;
}
/*
* We only allow login with no password if anonymous login is set.
* RFC allows such a behavior but discourages the usage so we provide it for
* user which have an ldap with anonymous login.
*/
if (!ldapConfiguration.isAllowAnonymousLogin() && password.equals("")) {
return false;
}
// first search for user using manager DN
LdapUserEntity user = (LdapUserEntity) findUserById(userId);
close();
if (user == null) {
return false;
} else {
try {
// bind authenticate for user + supplied password
openContext(user.getDn(), password);
return true;
} catch (LdapAuthenticationException e) {
return false;
}
}
}
protected LdapUserEntity transformUser(SearchResult result) throws NamingException {
final Attributes attributes = result.getAttributes();
LdapUserEntity user = new LdapUserEntity();
user.setDn(result.getNameInNamespace());
user.setId(getStringAttributeValue(ldapConfiguration.getUserIdAttribute(), attributes));
user.setFirstName(
getStringAttributeValue(ldapConfiguration.getUserFirstnameAttribute(), attributes));
user.setLastName(
getStringAttributeValue(ldapConfiguration.getUserLastnameAttribute(), attributes));
user.setEmail(getStringAttributeValue(ldapConfiguration.getUserEmailAttribute(), attributes));
return user;
}
