protected int authenticate(
long companyId, String emailAddress, String screenName, long userId, String password)
throws Exception {
LDAPAuthConfiguration ldapAuthConfiguration =
_ldapAuthConfigurationProvider.getConfiguration(companyId);
if (!ldapAuthConfiguration.enabled()) {
if (_log.isDebugEnabled()) {
_log.debug("Authenticator is not enabled");
}
return SUCCESS;
}
if (_log.isDebugEnabled()) {
_log.debug("Authenticator is enabled");
}
int preferredLDAPServerResult =
authenticateAgainstPreferredLDAPServer(
companyId, emailAddress, screenName, userId, password);
LDAPImportConfiguration ldapImportConfiguration =
_ldapImportConfigurationProvider.getConfiguration(companyId);
if (preferredLDAPServerResult == SUCCESS) {
if (ldapImportConfiguration.importUserPasswordEnabled()) {
return preferredLDAPServerResult;
}
return Authenticator.SKIP_LIFERAY_CHECK;
}
List<LDAPServerConfiguration> ldapServerConfigurations =
_ldapServerConfigurationProvider.getConfigurations(companyId);
for (LDAPServerConfiguration ldapServerConfiguration : ldapServerConfigurations) {
int result =
authenticate(
ldapServerConfiguration.ldapServerId(),
companyId,
emailAddress,
screenName,
userId,
password);
if (result == SUCCESS) {
if (ldapImportConfiguration.importUserPasswordEnabled()) {
return result;
}
return Authenticator.SKIP_LIFERAY_CHECK;
}
}
return authenticateRequired(companyId, userId, emailAddress, screenName, true, FAILURE);
}
protected int authenticateAgainstPreferredLDAPServer(
long companyId, String emailAddress, String screenName, long userId, String password)
throws Exception {
int result = DNE;
User user = null;
try {
if (userId > 0) {
user = _userLocalService.getUserById(companyId, userId);
} else if (Validator.isNotNull(emailAddress)) {
user = _userLocalService.getUserByEmailAddress(companyId, emailAddress);
} else if (Validator.isNotNull(screenName)) {
user = _userLocalService.getUserByScreenName(companyId, screenName);
} else {
if (_log.isDebugEnabled()) {
_log.debug("Unable to get preferred LDAP server");
}
return result;
}
} catch (NoSuchUserException nsue) {
if (_log.isDebugEnabled()) {
_log.debug("Unable to get preferred LDAP server", nsue);
}
return result;
}
long ldapServerId = user.getLdapServerId();
if (ldapServerId < 0) {
return result;
}
LDAPServerConfiguration ldapServerConfiguration =
_ldapServerConfigurationProvider.getConfiguration(companyId, ldapServerId);
String providerUrl = ldapServerConfiguration.baseProviderURL();
if (Validator.isNull(providerUrl)) {
return result;
}
if (_log.isDebugEnabled()) {
_log.debug(
"Using LDAP server ID " + ldapServerId + " to authenticate user " + user.getUserId());
}
result = authenticate(ldapServerId, companyId, emailAddress, screenName, userId, password);
return result;
}
protected int authenticate(
long ldapServerId,
long companyId,
String emailAddress,
String screenName,
long userId,
String password)
throws Exception {
LdapContext ldapContext = _portalLDAP.getContext(ldapServerId, companyId);
if (ldapContext == null) {
return FAILURE;
}
NamingEnumeration<SearchResult> enu = null;
try {
LDAPServerConfiguration ldapServerConfiguration =
_ldapServerConfigurationProvider.getConfiguration(companyId, ldapServerId);
String baseDN = ldapServerConfiguration.baseDN();
// Process LDAP auth search filter
String filter =
_ldapSettings.getAuthSearchFilter(
ldapServerId, companyId, emailAddress, screenName, String.valueOf(userId));
Properties userMappings = _ldapSettings.getUserMappings(ldapServerId, companyId);
String userMappingsScreenName = GetterUtil.getString(userMappings.getProperty("screenName"));
userMappingsScreenName = StringUtil.toLowerCase(userMappingsScreenName);
SearchControls searchControls =
new SearchControls(
SearchControls.SUBTREE_SCOPE,
1,
0,
new String[] {userMappingsScreenName},
false,
false);
enu = ldapContext.search(baseDN, filter, searchControls);
if (enu.hasMoreElements()) {
if (_log.isDebugEnabled()) {
_log.debug("Search filter returned at least one result");
}
SearchResult result = enu.nextElement();
String fullUserDN = _portalLDAP.getNameInNamespace(ldapServerId, companyId, result);
Attributes attributes =
_portalLDAP.getUserAttributes(ldapServerId, companyId, ldapContext, fullUserDN);
// Get user or create from LDAP
User user =
_ldapUserImporter.importUser(
ldapServerId, companyId, ldapContext, attributes, password);
// Authenticate
LDAPAuthResult ldapAuthResult =
authenticate(ldapContext, companyId, attributes, fullUserDN, password);
// Process LDAP failure codes
String errorMessage = ldapAuthResult.getErrorMessage();
if (errorMessage != null) {
SystemLDAPConfiguration systemLDAPConfiguration =
_systemLDAPConfigurationProvider.getConfiguration(companyId);
int pos = errorMessage.indexOf(systemLDAPConfiguration.errorUserLockout());
if (pos != -1) {
throw new UserLockoutException.LDAPLockout(fullUserDN, errorMessage);
}
pos = errorMessage.indexOf(systemLDAPConfiguration.errorPasswordExpired());
if (pos != -1) {
throw new PasswordExpiredException();
}
}
if (!ldapAuthResult.isAuthenticated()) {
return FAILURE;
}
// Process LDAP success codes
String resultCode = ldapAuthResult.getResponseControl();
if (resultCode.equals(LDAPAuth.RESULT_PASSWORD_RESET)) {
_userLocalService.updatePasswordReset(user.getUserId(), true);
}
} else {
if (_log.isDebugEnabled()) {
_log.debug("Search filter did not return any results");
}
return DNE;
}
} catch (Exception e) {
if (e instanceof LDAPFilterException
|| e instanceof PasswordExpiredException
|| e instanceof UserLockoutException) {
throw e;
}
_log.error("Problem accessing LDAP server", e);
return FAILURE;
} finally {
if (enu != null) {
enu.close();
}
if (ldapContext != null) {
ldapContext.close();
}
}
return SUCCESS;
}