protected int authenticate( long companyId, long ldapServerId, String emailAddress, String screenName, long userId, String password) throws Exception { String postfix = LDAPSettingsUtil.getPropertyPostfix(ldapServerId); LdapContext ldapContext = PortalLDAPUtil.getContext(ldapServerId, companyId); if (ldapContext == null) { return FAILURE; } try { String baseDN = PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_BASE_DN + postfix); // Process LDAP auth search filter String filter = LDAPSettingsUtil.getAuthSearchFilter( ldapServerId, companyId, emailAddress, screenName, String.valueOf(userId)); Properties userMappings = LDAPSettingsUtil.getUserMappings(ldapServerId, companyId); String userMappingsScreenName = GetterUtil.getString(userMappings.getProperty("screenName")).toLowerCase(); SearchControls searchControls = new SearchControls( SearchControls.SUBTREE_SCOPE, 1, 0, new String[] {userMappingsScreenName}, false, false); NamingEnumeration<SearchResult> enu = ldapContext.search(baseDN, filter, searchControls); if (enu.hasMoreElements()) { if (_log.isDebugEnabled()) { _log.debug("Search filter returned at least one result"); } SearchResult result = enu.nextElement(); String fullUserDN = PortalLDAPUtil.getNameInNamespace(ldapServerId, companyId, result); Attributes attributes = PortalLDAPUtil.getUserAttributes(ldapServerId, companyId, ldapContext, fullUserDN); LDAPAuthResult ldapAuthResult = null; if (PropsValues.LDAP_IMPORT_USER_PASSWORD_ENABLED) { ldapAuthResult = authenticate(ldapContext, companyId, attributes, fullUserDN, password); // Process LDAP failure codes String errorMessage = ldapAuthResult.getErrorMessage(); if (errorMessage != null) { if (errorMessage.indexOf( PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_ERROR_USER_LOCKOUT)) != -1) { throw new UserLockoutException(); } else if (errorMessage.indexOf( PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_ERROR_PASSWORD_EXPIRED)) != -1) { throw new PasswordExpiredException(); } } if (!ldapAuthResult.isAuthenticated() && PropsValues.LDAP_IMPORT_USER_PASSWORD_ENABLED) { return FAILURE; } } // Get user or create from LDAP User user = PortalLDAPImporterUtil.importLDAPUser( ldapServerId, companyId, ldapContext, attributes, password); // Process LDAP success codes if (ldapAuthResult != null) { String resultCode = ldapAuthResult.getResponseControl(); if (resultCode.equals(LDAPAuth.RESULT_PASSWORD_RESET)) { UserLocalServiceUtil.updatePasswordReset(user.getUserId(), true); } } } else { if (_log.isDebugEnabled()) { _log.debug("Search filter did not return any results"); } return DNE; } enu.close(); } catch (Exception e) { if (e instanceof PasswordExpiredException || e instanceof UserLockoutException) { throw e; } _log.error("Problem accessing LDAP server", e); return FAILURE; } finally { if (ldapContext != null) { ldapContext.close(); } } return SUCCESS; }