/**
   * connect and/or authenticate at LDAP server.
   *
   * @throws LDAPException
   */
  private synchronized void checkAndconnect() throws LDAPException {
    if (!ldapConnection.isConnected()) {
      if (logger.isDebugEnabled()) logger.debug("connecting server: {}", ldapHostName);

      ldapConnection.connect(ldapVersion, ldapHostName, ldapPort, ldapAuthDN, ldapPwd);
    }

    if (!ldapConnection.isAuthenticated()) {
      if (logger.isDebugEnabled()) logger.debug("authenticate at server: {}", ldapHostName);

      ldapConnection.authenticate(ldapVersion, ldapAuthDN, ldapPwd);
    }
  }
Exemple #2
0
  /**
   * Devuleve si un usuario dado con su password se autentica correctamente y posee el rol de la
   * aplicacion correspondiente
   *
   * @param user, usuario para validar
   * @param password, del usuario
   * @return true/false si se autentica correctamente o no
   * @throws LDAPException
   */
  public boolean isValidUser(String user, String password) throws LDAPException {

    LDAPConnection connection = connectionPool.getConnection();

    String attributeName = "uid";
    String filter = "uid=" + user + "," + base;

    /* Se realiza la autenticacion del usuario con la password*/
    connection.authenticate(filter, password);

    /* si es correcta se obtienen los atributos del usuario*/
    LDAPSearchResults results =
        connection.search(
            base, LDAPv3.SCOPE_SUB, "(" + attributeName + "=" + user + ")", null, false);

    /* Se obtienen los valores para el atributo rol*/
    LDAPAttribute ldapAttribute = null;
    LDAPEntry ldapEntry = null;
    while (results.hasMoreElements()) {
      ldapEntry = (LDAPEntry) results.next();
      ldapAttribute = ldapEntry.getAttribute(atributoRol);
    }
    // ahora no vendrian en lista separadas por coma si no la lista
    String[] lista = ldapAttribute.getStringValueArray();

    /* se cierra la conexion*/
    connectionPool.close(connection);

    /* si comprueba si pertenece al rol correspondiente para la aplicacion*/
    boolean resultado = perteneceGrupo(lista, rol);

    if (resultado) {
      logger.info("Autenticacion Ldap correcta");
    } else {
      logger.info("Error de autenticación contra ldap");
    }
    return resultado;
  }
  public static void main(String[] args) {

    String host = null;
    String binddn = null;
    String baseDN = "mds-vo-name=local, o=grid";
    String filter = "(objectclass=*)";
    String qop = "auth-conf, auth";
    boolean debug = false;
    int port = 389;
    int version = 3;

    for (int i = 0; i < args.length; i++) {
      if (args[i].equals("-h")) {
        host = args[++i];
      } else if (args[i].equals("-p")) {
        port = Integer.parseInt(args[++i]);
      } else if (args[i].equals("-ver")) {
        version = Integer.parseInt(args[++i]);
      } else if (args[i].equals("-d")) {
        debug = true;
      } else if (args[i].equals("-D")) {
        binddn = args[++i];
      } else if (args[i].equals("-b")) {
        baseDN = args[++i];
      } else if (args[i].equals("-qop")) {
        qop = args[++i];
      } else if (args[i].equalsIgnoreCase("-usage") || args[i].equalsIgnoreCase("-help")) {
        System.err.println("Usage: NetscapeTest -h [host] -p [port] -D [binddn] [-d] -b [baseDN]");
        System.err.println("\tExample: NetscapeTest -h mds.globus.org -p 389 -r o=globus,c=us");
        System.exit(1);
      } else {
        System.err.println("Invalid argument: " + args[i]);
        System.exit(1);
      }
    }

    if (host == null) {
      System.err.println("Error: hostname not specified!");
      System.exit(1);
    }

    LDAPConnection ld = null;
    ld = new LDAPConnection();

    Hashtable props = new Hashtable();

    /* This property specifies where the implementation of
     * the GSI SASL mechanism for Netscape Directory SDK
     * can be found.
     */
    props.put("javax.security.sasl.client.pkgs", "org.globus.mds.gsi.netscape");

    /* This property specifies the quality of protection
     * value. It can be a comma separated list of protection
     * values in preference order. There are three possible
     * qop values:
     *  "auth"      - authentication only,
     *  "auth-int"  - authentication with integrity protection
     *                (GSI without encryption)
     *  "auth-conf" - authentication with integrity and privacy
     *                protections. (GSI with encryption)
     * If not specified, defaults to "auth"
     */
    props.put("javax.security.sasl.qop", qop);

    /* This property can be used to pass a specific
     * set of credentials for the GSI SASL mechanism
     * to use. It must be a GSSCredential object.
     * If not set, the defaut credential will be
     * used.
     */
    // env.put(GSIMechanism.SECURITY_CREDENTIALS, cred);

    try {
      if (debug) {
        // to enable debugging
        ld.setProperty("debug", "true");
        ld.setProperty(LDAPConnection.TRACE_PROPERTY, System.out);
      }

      ld.setOption(LDAPv2.PROTOCOL_VERSION, new Integer(version));

      ld.connect(host, port);

      /* Authenticate to the server over SASL.
       * Use GSIMechanism.NAME for the GSI SASL mechanism.
       */
      ld.authenticate(binddn, new String[] {GSIMechanism.NAME}, props, null);

      LDAPSearchResults myResults = null;
      myResults = ld.search(baseDN, LDAPv2.SCOPE_ONE, filter, null, false);

      while (myResults.hasMoreElements()) {
        LDAPEntry myEntry = myResults.next();
        String nextDN = myEntry.getDN();
        System.out.println(nextDN + ":");
        LDAPAttributeSet entryAttrs = myEntry.getAttributeSet();
        System.out.println(entryAttrs);
        System.out.println();
      }

    } catch (Exception e) {
      System.err.println("NetscapeTest failed: " + e.getMessage());
      e.printStackTrace();
    } finally {
      try {
        ld.disconnect();
      } catch (Exception ee) {
      }
    }
  }