예제 #1
0
  private String remove_from_ldap(String dn) {
    CMS.debug("UpdateDomainXML: delete_from_ldap: starting dn: " + dn);
    String status = SUCCESS;
    ILdapConnFactory connFactory = null;
    LDAPConnection conn = null;
    IConfigStore cs = CMS.getConfigStore();

    try {
      IConfigStore ldapConfig = cs.getSubStore("internaldb");
      connFactory = CMS.getLdapBoundConnFactory("UpdateDomainXML");
      connFactory.init(ldapConfig);
      conn = connFactory.getConn();
      conn.delete(dn);
    } catch (LDAPException e) {
      int resultCode = e.getLDAPResultCode();
      if (resultCode != LDAPException.NO_SUCH_OBJECT) {
        status = FAILED;
        CMS.debug("Failed to delete entry" + e.toString());
      }
    } catch (Exception e) {
      CMS.debug("Failed to delete entry" + e.toString());
    } finally {
      try {
        if ((conn != null) && (connFactory != null)) {
          CMS.debug("Releasing ldap connection");
          connFactory.returnConn(conn);
        }
      } catch (Exception e) {
        CMS.debug("Error releasing the ldap connection" + e.toString());
      }
    }
    return status;
  }
예제 #2
0
  /**
   * Invoked when the registry shuts down, giving services a chance to perform any final operations.
   * Service implementations should not attempt to invoke methods on other services (via proxies) as
   * the service proxies may themselves be shutdown.
   */
  public void shutdown() {
    try {
      if (ldapConnection != null && ldapConnection.isConnected()) {
        if (logger.isDebugEnabled()) logger.debug("disconnecting from server {}", ldapHostName);

        ldapConnection.disconnect();
      }
    } catch (LDAPException e) {
      throw new RuntimeException(e);
    }
  }
예제 #3
0
  /**
   * connect and/or authenticate at LDAP server.
   *
   * @throws LDAPException
   */
  private synchronized void checkAndconnect() throws LDAPException {
    if (!ldapConnection.isConnected()) {
      if (logger.isDebugEnabled()) logger.debug("connecting server: {}", ldapHostName);

      ldapConnection.connect(ldapVersion, ldapHostName, ldapPort, ldapAuthDN, ldapPwd);
    }

    if (!ldapConnection.isAuthenticated()) {
      if (logger.isDebugEnabled()) logger.debug("authenticate at server: {}", ldapHostName);

      ldapConnection.authenticate(ldapVersion, ldapAuthDN, ldapPwd);
    }
  }
예제 #4
0
  public LDAPSourceImpl(
      Logger logger,
      @Inject @Symbol(ChenilleKitLDAPConstants.LDAP_VERSION) int ldapVersion,
      @Inject @Symbol(ChenilleKitLDAPConstants.LDAP_HOSTNAME) String ldapHostName,
      @Inject @Symbol(ChenilleKitLDAPConstants.LDAP_HOSTPORT) int ldapPort,
      @Inject @Symbol(ChenilleKitLDAPConstants.LDAP_AUTHDN) String ldapAuthDN,
      @Inject @Symbol(ChenilleKitLDAPConstants.LDAP_AUTHPWD) String ldapPwd,
      @Inject @Symbol(ChenilleKitLDAPConstants.LDAP_SIZELIMIT) String sizeLimit,
      @Inject @Symbol(ChenilleKitLDAPConstants.LDAP_TIMELIMIT) String timeLimit) {
    this.logger = logger;
    this.ldapVersion = ldapVersion;

    if (ldapHostName == null || ldapHostName.trim().length() < 1)
      throw new RuntimeException(
          "property '" + ChenilleKitLDAPConstants.LDAP_HOSTNAME + "' cant be empty!");

    this.ldapHostName = ldapHostName;

    this.ldapPort = ldapPort;
    this.ldapAuthDN = ldapAuthDN;
    this.ldapPwd = ldapPwd;

    ldapConnection = new LDAPConnection();

    try {
      ldapConnection.setOption(LDAPv2.SIZELIMIT, new Integer(sizeLimit));
      ldapConnection.setOption(LDAPv2.TIMELIMIT, new Integer(timeLimit));
    } catch (LDAPException le) {
      logger.error(le.getMessage(), le);

      throw new RuntimeException(le);
    }
  }
예제 #5
0
  /**
   * Constructs a virtual list.
   *
   * <p>param registry the registry of attribute mappers param c the ldap connection. It has to be
   * version 3 and upper param base the base distinguished name to search from param filter search
   * filter specifying the search criteria param attrs list of attributes that you want returned in
   * the search results param sortKey the attribute to sort by param pageSize the size of a page.
   * There is a 3*pageSize buffer maintained so pageUp and pageDown won't invoke fetch from ldap
   * server
   */
  public DBVirtualList(
      IDBRegistry registry,
      LDAPConnection c,
      String base,
      String filter,
      String attrs[],
      String sortKey,
      int pageSize)
      throws EBaseException {

    CMS.debug(
        "In DBVirtualList filter attrs sortKey pageSize filter: "
            + filter
            + " attrs: "
            + Arrays.toString(attrs)
            + " pageSize "
            + pageSize);
    mRegistry = registry;
    mFilter = filter;
    try {
      mConn = (LDAPConnection) c.clone();
    } catch (Exception e) {
      throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", e.toString()));
    }
    mBase = base;
    mAttrs = attrs;
    mPageControls = new LDAPControl[2];
    setSortKey(sortKey);
    setPageSize(pageSize);
  }
예제 #6
0
  private String add_to_ldap(LDAPEntry entry, String dn) {
    CMS.debug("UpdateDomainXML: add_to_ldap: starting");
    String status = SUCCESS;
    ILdapConnFactory connFactory = null;
    LDAPConnection conn = null;
    IConfigStore cs = CMS.getConfigStore();

    try {
      IConfigStore ldapConfig = cs.getSubStore("internaldb");
      connFactory = CMS.getLdapBoundConnFactory("UpdateDomainXML");
      connFactory.init(ldapConfig);
      conn = connFactory.getConn();
      conn.add(entry);
    } catch (LDAPException e) {
      if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
        CMS.debug("UpdateDomainXML: Entry already exists");
        try {
          conn.delete(dn);
          conn.add(entry);
        } catch (LDAPException ee) {
          CMS.debug("UpdateDomainXML: Error when replacing existing entry " + ee.toString());
          status = FAILED;
        }
      } else {
        CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + e.toString());
        status = FAILED;
      }
    } catch (Exception e) {
      CMS.debug("Failed to add entry" + e.toString());
    } finally {
      try {
        if ((conn != null) && (connFactory != null)) {
          CMS.debug("Releasing ldap connection");
          connFactory.returnConn(conn);
        }
      } catch (Exception e) {
        CMS.debug("Error releasing the ldap connection" + e.toString());
      }
    }
    return status;
  }
예제 #7
0
  public Vector<LDAPUser> getUserListLDAP() throws LDAPException {

    LDAPConnection connection = connectionPool.getConnection();

    /*patron para la busqueda de todos los usuarios*/
    String attb = "(" + atributoRol + "=" + rol + ")";

    /*buequeda de todos los usuarios que cumplan el patron*/
    LDAPSearchResults results = connection.search(base, LDAPv3.SCOPE_SUB, attb, null, false);

    LDAPAttribute ldapAttribute = null;
    LDAPUser usuario = null;
    LDAPEntry ldapEntry = null;

    Vector<LDAPUser> listUsers = new Vector<LDAPUser>();

    /*guardamos los usuarios en un array de usuarios con la información que nos interesa*/
    while (results.hasMoreElements()) {
      usuario = new LDAPUser();
      usuario = inicilizaUsuario(usuario);
      ldapEntry = (LDAPEntry) results.next();
      ldapAttribute = ldapEntry.getAttribute("uid");
      usuario.setName(ldapAttribute.getStringValues().nextElement().toString().toUpperCase());
      ldapAttribute = ldapEntry.getAttribute("cn");
      usuario.setNombreCompleto(ldapAttribute.getStringValues().nextElement().toString());
      ldapAttribute = ldapEntry.getAttribute("sn");
      usuario.setNombre(ldapAttribute.getStringValues().nextElement().toString());
      ldapAttribute = ldapEntry.getAttribute("mail");
      if (ldapAttribute != null) {
        usuario.setMail(ldapAttribute.getStringValues().nextElement().toString());
      }

      listUsers.add(usuario);
    }

    connectionPool.close(connection);

    return listUsers;
  }
예제 #8
0
  /**
   * Devuleve si un usuario dado con su password se autentica correctamente y posee el rol de la
   * aplicacion correspondiente
   *
   * @param user, usuario para validar
   * @param password, del usuario
   * @return true/false si se autentica correctamente o no
   * @throws LDAPException
   */
  public boolean isValidUser(String user, String password) throws LDAPException {

    LDAPConnection connection = connectionPool.getConnection();

    String attributeName = "uid";
    String filter = "uid=" + user + "," + base;

    /* Se realiza la autenticacion del usuario con la password*/
    connection.authenticate(filter, password);

    /* si es correcta se obtienen los atributos del usuario*/
    LDAPSearchResults results =
        connection.search(
            base, LDAPv3.SCOPE_SUB, "(" + attributeName + "=" + user + ")", null, false);

    /* Se obtienen los valores para el atributo rol*/
    LDAPAttribute ldapAttribute = null;
    LDAPEntry ldapEntry = null;
    while (results.hasMoreElements()) {
      ldapEntry = (LDAPEntry) results.next();
      ldapAttribute = ldapEntry.getAttribute(atributoRol);
    }
    // ahora no vendrian en lista separadas por coma si no la lista
    String[] lista = ldapAttribute.getStringValueArray();

    /* se cierra la conexion*/
    connectionPool.close(connection);

    /* si comprueba si pertenece al rol correspondiente para la aplicacion*/
    boolean resultado = perteneceGrupo(lista, rol);

    if (resultado) {
      logger.info("Autenticacion Ldap correcta");
    } else {
      logger.info("Error de autenticación contra ldap");
    }
    return resultado;
  }
예제 #9
0
  /** Contructor por defecto privado para implementar el patrón Singleton */
  private LDAPManager() {
    String prefixLog = "LDAPManager: ";
    logger.debug(prefixLog + "Inicializando LDAPManager");

    // Se cargan las propiedades de fichero
    cargarPropiedades();

    /*
     * Se inicializa el pool
     */
    try {
      LDAPConnection connection = new LDAPConnection();

      connection.connect(3, host, Integer.parseInt(port), rootdn, passwroot);
      connectionPool =
          new ConnectionPool(
              Integer.parseInt(minSizePool), Integer.parseInt(maxSizePool), connection);

    } catch (LDAPException e) {
      logger.error(prefixLog + "No se ha podido conectar con el LDAP", e);
    }
    logger.debug(prefixLog + "LDAPManager inicializado correctamente");
  }
예제 #10
0
 /**
  * Constructs a virtual list. Be sure to setPageSize() later if your pageSize is not the default
  * 10 Be sure to setSortKey() before fetchs
  *
  * <p>param registry the registry of attribute mappers param c the ldap connection. It has to be
  * version 3 and upper param base the base distinguished name to search from param filter search
  * filter specifying the search criteria param attrs list of attributes that you want returned in
  * the search results
  */
 public DBVirtualList(
     IDBRegistry registry, LDAPConnection c, String base, String filter, String attrs[])
     throws EBaseException {
   mRegistry = registry;
   mFilter = filter;
   mBase = base;
   mAttrs = attrs;
   CMS.debug(
       "In DBVirtualList filter attrs filter: " + filter + " attrs: " + Arrays.toString(attrs));
   mPageControls = new LDAPControl[2];
   try {
     mConn = (LDAPConnection) c.clone();
   } catch (Exception e) {
     throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", e.toString()));
   }
 }
예제 #11
0
  private synchronized boolean getJumpToPage() {
    try {
      // Get the actual entries
      if (!getEntries()) return false;

      // Check if we have a control returned
      LDAPControl[] c = mConn.getResponseControls();
      LDAPVirtualListResponse nextCont = null;

      if (c != null) {
        for (LDAPControl control : c) {
          if (control instanceof LDAPVirtualListResponse) {
            nextCont = (LDAPVirtualListResponse) control;
            break;
          }
        }
      }

      if (nextCont != null) {
        mSelectedIndex = nextCont.getFirstPosition() - 1;
        mTop = Math.max(0, mSelectedIndex - mBeforeCount);

        CMS.debug("DBVirtualList: top: " + mTop);
        if (mJumpTo != null) {
          mJumpToInitialIndex = mTop;
        }

        // Now we know the total size of the virtual list box
        mSize = nextCont.getContentCount();
        ((LDAPVirtualListControl) mPageControls[1]).setListSize(mSize);
        mInitialized = true;
        // System.out.println( "Virtual window: " + mTop +
        //       ".." + (mTop+mEntries.size()-1) +
        //      " of " + mSize );
      } else {
        mLogger.log(
            ILogger.EV_SYSTEM,
            ILogger.S_DB,
            ILogger.LL_FAILURE,
            CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE"));
      }
      return true;
    } catch (Exception e) {
      // happens when connection is not available
      return false;
    }
  }
예제 #12
0
  public DBVirtualList(
      IDBRegistry registry,
      LDAPConnection c,
      String base,
      String filter,
      String attrs[],
      String startFrom,
      String sortKey,
      int pageSize)
      throws EBaseException {

    CMS.debug(
        "In DBVirtualList filter attrs startFrom sortKey pageSize "
            + "filter: "
            + filter
            + " attrs: "
            + Arrays.toString(attrs)
            + " pageSize "
            + pageSize
            + " startFrom "
            + startFrom);
    mRegistry = registry;
    mFilter = filter;
    try {
      mConn = (LDAPConnection) c.clone();
    } catch (Exception e) {
      throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", e.toString()));
    }
    mBase = base;
    mAttrs = attrs;
    mPageControls = new LDAPControl[2];
    mJumpTo = startFrom;
    setSortKey(sortKey);
    // setPageSize(pageSize);

    if (pageSize < 0) {
      mJumpToDirection = -1;
    }
    mPageSize = pageSize;

    mBeforeCount = 0;
    mAfterCount = mPageSize;
  }
예제 #13
0
  /** Fetch a buffer */
  private boolean getPage() {
    // Get the actual entries
    if (!getEntries()) return false;

    // Check if we have a control returned
    LDAPControl[] c = mConn.getResponseControls();
    LDAPVirtualListResponse nextCont = null;

    if (c != null) {
      for (LDAPControl control : c) {
        if (control instanceof LDAPVirtualListResponse) {
          nextCont = (LDAPVirtualListResponse) control;
          break;
        }
      }
    }

    if (nextCont != null) {
      mSelectedIndex = nextCont.getFirstPosition() - 1;
      mTop = Math.max(0, mSelectedIndex - mBeforeCount);
      // CMS.debug("New mTop: " + mTop + " mSelectedIndex " + mSelectedIndex);
      // Now we know the total size of the virtual list box
      mSize = nextCont.getContentCount();
      ((LDAPVirtualListControl) mPageControls[1]).setListSize(mSize);
      mInitialized = true;
      // System.out.println( "Virtual window: " + mTop +
      //       ".." + (mTop+mEntries.size()-1) +
      //      " of " + mSize );
    } else {

      /*LogDoc
       *
       * @phase local ldap search
       */
      mLogger.log(
          ILogger.EV_SYSTEM,
          ILogger.S_DB,
          ILogger.LL_FAILURE,
          CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE"));
    }
    return true;
  }
예제 #14
0
  private synchronized boolean getEntries() {

    CMS.debug("DBVirtualList.getEntries()");

    // Specify necessary controls for vlist
    // LDAPSearchConstraints cons = mConn.getSearchConstraints();
    LDAPSearchConstraints cons = new LDAPSearchConstraints();

    cons.setMaxResults(0);
    if (mPageControls != null) {
      cons.setServerControls(mPageControls);
      // System.out.println( "setting vlist control" );
    }
    // Empty the buffer
    mEntries.removeAllElements();
    // Do a search
    try {
      // what happen if there is no matching?
      String ldapFilter = mRegistry.getFilter(mFilter);
      String ldapAttrs[] = null;
      LDAPSearchResults result;

      if (mAttrs != null) {
        ldapAttrs = mRegistry.getLDAPAttributes(mAttrs);

        /*
        LDAPv2.SCOPE_BASE:
        (search only the base DN)
        LDAPv2.SCOPE_ONE:
        (search only entries under the base DN)
        LDAPv2.SCOPE_SUB:
        (search the base DN and all entries within its subtree)
        */
        result = mConn.search(mBase, LDAPConnection.SCOPE_ONE, ldapFilter, ldapAttrs, false, cons);

      } else {
        result = mConn.search(mBase, LDAPConnection.SCOPE_ONE, ldapFilter, null, false, cons);
      }
      if (result == null) {
        return false;
      }
      int damageCounter = 0;

      while (result.hasMoreElements()) {
        LDAPEntry entry = (LDAPEntry) result.nextElement();

        try {
          // maintain mEntries as vector of LDAPEntry
          @SuppressWarnings("unchecked")
          E o = (E) mRegistry.createObject(entry.getAttributeSet());

          mEntries.addElement(o);
        } catch (Exception e) {

          CMS.debug("Exception " + e);

          /*LogDoc
           *
           * @phase local ldap search
           * @reason Failed to get enties.
           * @message DBVirtualList: <exception thrown>
           */
          mLogger.log(
              ILogger.EV_SYSTEM,
              ILogger.S_DB,
              ILogger.LL_FAILURE,
              CMS.getLogMessage("CMSCORE_DBS_VL_ADD", e.toString()));
          // #539044
          damageCounter++;
          if (damageCounter > 100) {
            mLogger.log(
                ILogger.EV_SYSTEM,
                ILogger.S_DB,
                ILogger.LL_FAILURE,
                CMS.getLogMessage(
                    "CMSCORE_DBS_VL_CORRUPTED_ENTRIES", Integer.toString(damageCounter)));
            return false;
          }
        }
      }
    } catch (Exception e) {

      /*LogDoc
       *
       * @phase local ldap search
       * @reason Failed to get enties.
       * @message DBVirtualList: <exception thrown>
       */
      CMS.debug("getEntries: exception " + e);

      mLogger.log(
          ILogger.EV_SYSTEM,
          ILogger.S_DB,
          ILogger.LL_FAILURE,
          CMS.getLogMessage("OPERATION_ERROR", e.toString()));
    }
    // System.out.println( "Returning " + mEntries.size() +
    //       " entries" );

    CMS.debug("DBVirtualList: entries: " + mEntries.size());

    return true;
  }
예제 #15
0
  public static void main(String[] args) {

    String host = null;
    String binddn = null;
    String baseDN = "mds-vo-name=local, o=grid";
    String filter = "(objectclass=*)";
    String qop = "auth-conf, auth";
    boolean debug = false;
    int port = 389;
    int version = 3;

    for (int i = 0; i < args.length; i++) {
      if (args[i].equals("-h")) {
        host = args[++i];
      } else if (args[i].equals("-p")) {
        port = Integer.parseInt(args[++i]);
      } else if (args[i].equals("-ver")) {
        version = Integer.parseInt(args[++i]);
      } else if (args[i].equals("-d")) {
        debug = true;
      } else if (args[i].equals("-D")) {
        binddn = args[++i];
      } else if (args[i].equals("-b")) {
        baseDN = args[++i];
      } else if (args[i].equals("-qop")) {
        qop = args[++i];
      } else if (args[i].equalsIgnoreCase("-usage") || args[i].equalsIgnoreCase("-help")) {
        System.err.println("Usage: NetscapeTest -h [host] -p [port] -D [binddn] [-d] -b [baseDN]");
        System.err.println("\tExample: NetscapeTest -h mds.globus.org -p 389 -r o=globus,c=us");
        System.exit(1);
      } else {
        System.err.println("Invalid argument: " + args[i]);
        System.exit(1);
      }
    }

    if (host == null) {
      System.err.println("Error: hostname not specified!");
      System.exit(1);
    }

    LDAPConnection ld = null;
    ld = new LDAPConnection();

    Hashtable props = new Hashtable();

    /* This property specifies where the implementation of
     * the GSI SASL mechanism for Netscape Directory SDK
     * can be found.
     */
    props.put("javax.security.sasl.client.pkgs", "org.globus.mds.gsi.netscape");

    /* This property specifies the quality of protection
     * value. It can be a comma separated list of protection
     * values in preference order. There are three possible
     * qop values:
     *  "auth"      - authentication only,
     *  "auth-int"  - authentication with integrity protection
     *                (GSI without encryption)
     *  "auth-conf" - authentication with integrity and privacy
     *                protections. (GSI with encryption)
     * If not specified, defaults to "auth"
     */
    props.put("javax.security.sasl.qop", qop);

    /* This property can be used to pass a specific
     * set of credentials for the GSI SASL mechanism
     * to use. It must be a GSSCredential object.
     * If not set, the defaut credential will be
     * used.
     */
    // env.put(GSIMechanism.SECURITY_CREDENTIALS, cred);

    try {
      if (debug) {
        // to enable debugging
        ld.setProperty("debug", "true");
        ld.setProperty(LDAPConnection.TRACE_PROPERTY, System.out);
      }

      ld.setOption(LDAPv2.PROTOCOL_VERSION, new Integer(version));

      ld.connect(host, port);

      /* Authenticate to the server over SASL.
       * Use GSIMechanism.NAME for the GSI SASL mechanism.
       */
      ld.authenticate(binddn, new String[] {GSIMechanism.NAME}, props, null);

      LDAPSearchResults myResults = null;
      myResults = ld.search(baseDN, LDAPv2.SCOPE_ONE, filter, null, false);

      while (myResults.hasMoreElements()) {
        LDAPEntry myEntry = myResults.next();
        String nextDN = myEntry.getDN();
        System.out.println(nextDN + ":");
        LDAPAttributeSet entryAttrs = myEntry.getAttributeSet();
        System.out.println(entryAttrs);
        System.out.println();
      }

    } catch (Exception e) {
      System.err.println("NetscapeTest failed: " + e.getMessage());
      e.printStackTrace();
    } finally {
      try {
        ld.disconnect();
      } catch (Exception ee) {
      }
    }
  }