public Vector<LDAPUser> getUserListLDAP() throws LDAPException {
LDAPConnection connection = connectionPool.getConnection();
/*patron para la busqueda de todos los usuarios*/
String attb = "(" + atributoRol + "=" + rol + ")";
/*buequeda de todos los usuarios que cumplan el patron*/
LDAPSearchResults results = connection.search(base, LDAPv3.SCOPE_SUB, attb, null, false);
LDAPAttribute ldapAttribute = null;
LDAPUser usuario = null;
LDAPEntry ldapEntry = null;
Vector<LDAPUser> listUsers = new Vector<LDAPUser>();
/*guardamos los usuarios en un array de usuarios con la información que nos interesa*/
while (results.hasMoreElements()) {
usuario = new LDAPUser();
usuario = inicilizaUsuario(usuario);
ldapEntry = (LDAPEntry) results.next();
ldapAttribute = ldapEntry.getAttribute("uid");
usuario.setName(ldapAttribute.getStringValues().nextElement().toString().toUpperCase());
ldapAttribute = ldapEntry.getAttribute("cn");
usuario.setNombreCompleto(ldapAttribute.getStringValues().nextElement().toString());
ldapAttribute = ldapEntry.getAttribute("sn");
usuario.setNombre(ldapAttribute.getStringValues().nextElement().toString());
ldapAttribute = ldapEntry.getAttribute("mail");
if (ldapAttribute != null) {
usuario.setMail(ldapAttribute.getStringValues().nextElement().toString());
}
listUsers.add(usuario);
}
connectionPool.close(connection);
return listUsers;
}
/**
* Devuleve si un usuario dado con su password se autentica correctamente y posee el rol de la
* aplicacion correspondiente
*
* @param user, usuario para validar
* @param password, del usuario
* @return true/false si se autentica correctamente o no
* @throws LDAPException
*/
public boolean isValidUser(String user, String password) throws LDAPException {
LDAPConnection connection = connectionPool.getConnection();
String attributeName = "uid";
String filter = "uid=" + user + "," + base;
/* Se realiza la autenticacion del usuario con la password*/
connection.authenticate(filter, password);
/* si es correcta se obtienen los atributos del usuario*/
LDAPSearchResults results =
connection.search(
base, LDAPv3.SCOPE_SUB, "(" + attributeName + "=" + user + ")", null, false);
/* Se obtienen los valores para el atributo rol*/
LDAPAttribute ldapAttribute = null;
LDAPEntry ldapEntry = null;
while (results.hasMoreElements()) {
ldapEntry = (LDAPEntry) results.next();
ldapAttribute = ldapEntry.getAttribute(atributoRol);
}
// ahora no vendrian en lista separadas por coma si no la lista
String[] lista = ldapAttribute.getStringValueArray();
/* se cierra la conexion*/
connectionPool.close(connection);
/* si comprueba si pertenece al rol correspondiente para la aplicacion*/
boolean resultado = perteneceGrupo(lista, rol);
if (resultado) {
logger.info("Autenticacion Ldap correcta");
} else {
logger.info("Error de autenticación contra ldap");
}
return resultado;
}
private synchronized boolean getEntries() {
CMS.debug("DBVirtualList.getEntries()");
// Specify necessary controls for vlist
// LDAPSearchConstraints cons = mConn.getSearchConstraints();
LDAPSearchConstraints cons = new LDAPSearchConstraints();
cons.setMaxResults(0);
if (mPageControls != null) {
cons.setServerControls(mPageControls);
// System.out.println( "setting vlist control" );
}
// Empty the buffer
mEntries.removeAllElements();
// Do a search
try {
// what happen if there is no matching?
String ldapFilter = mRegistry.getFilter(mFilter);
String ldapAttrs[] = null;
LDAPSearchResults result;
if (mAttrs != null) {
ldapAttrs = mRegistry.getLDAPAttributes(mAttrs);
/*
LDAPv2.SCOPE_BASE:
(search only the base DN)
LDAPv2.SCOPE_ONE:
(search only entries under the base DN)
LDAPv2.SCOPE_SUB:
(search the base DN and all entries within its subtree)
*/
result = mConn.search(mBase, LDAPConnection.SCOPE_ONE, ldapFilter, ldapAttrs, false, cons);
} else {
result = mConn.search(mBase, LDAPConnection.SCOPE_ONE, ldapFilter, null, false, cons);
}
if (result == null) {
return false;
}
int damageCounter = 0;
while (result.hasMoreElements()) {
LDAPEntry entry = (LDAPEntry) result.nextElement();
try {
// maintain mEntries as vector of LDAPEntry
@SuppressWarnings("unchecked")
E o = (E) mRegistry.createObject(entry.getAttributeSet());
mEntries.addElement(o);
} catch (Exception e) {
CMS.debug("Exception " + e);
/*LogDoc
*
* @phase local ldap search
* @reason Failed to get enties.
* @message DBVirtualList: <exception thrown>
*/
mLogger.log(
ILogger.EV_SYSTEM,
ILogger.S_DB,
ILogger.LL_FAILURE,
CMS.getLogMessage("CMSCORE_DBS_VL_ADD", e.toString()));
// #539044
damageCounter++;
if (damageCounter > 100) {
mLogger.log(
ILogger.EV_SYSTEM,
ILogger.S_DB,
ILogger.LL_FAILURE,
CMS.getLogMessage(
"CMSCORE_DBS_VL_CORRUPTED_ENTRIES", Integer.toString(damageCounter)));
return false;
}
}
}
} catch (Exception e) {
/*LogDoc
*
* @phase local ldap search
* @reason Failed to get enties.
* @message DBVirtualList: <exception thrown>
*/
CMS.debug("getEntries: exception " + e);
mLogger.log(
ILogger.EV_SYSTEM,
ILogger.S_DB,
ILogger.LL_FAILURE,
CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
// System.out.println( "Returning " + mEntries.size() +
// " entries" );
CMS.debug("DBVirtualList: entries: " + mEntries.size());
return true;
}
public static void main(String[] args) {
String host = null;
String binddn = null;
String baseDN = "mds-vo-name=local, o=grid";
String filter = "(objectclass=*)";
String qop = "auth-conf, auth";
boolean debug = false;
int port = 389;
int version = 3;
for (int i = 0; i < args.length; i++) {
if (args[i].equals("-h")) {
host = args[++i];
} else if (args[i].equals("-p")) {
port = Integer.parseInt(args[++i]);
} else if (args[i].equals("-ver")) {
version = Integer.parseInt(args[++i]);
} else if (args[i].equals("-d")) {
debug = true;
} else if (args[i].equals("-D")) {
binddn = args[++i];
} else if (args[i].equals("-b")) {
baseDN = args[++i];
} else if (args[i].equals("-qop")) {
qop = args[++i];
} else if (args[i].equalsIgnoreCase("-usage") || args[i].equalsIgnoreCase("-help")) {
System.err.println("Usage: NetscapeTest -h [host] -p [port] -D [binddn] [-d] -b [baseDN]");
System.err.println("\tExample: NetscapeTest -h mds.globus.org -p 389 -r o=globus,c=us");
System.exit(1);
} else {
System.err.println("Invalid argument: " + args[i]);
System.exit(1);
}
}
if (host == null) {
System.err.println("Error: hostname not specified!");
System.exit(1);
}
LDAPConnection ld = null;
ld = new LDAPConnection();
Hashtable props = new Hashtable();
/* This property specifies where the implementation of
* the GSI SASL mechanism for Netscape Directory SDK
* can be found.
*/
props.put("javax.security.sasl.client.pkgs", "org.globus.mds.gsi.netscape");
/* This property specifies the quality of protection
* value. It can be a comma separated list of protection
* values in preference order. There are three possible
* qop values:
* "auth" - authentication only,
* "auth-int" - authentication with integrity protection
* (GSI without encryption)
* "auth-conf" - authentication with integrity and privacy
* protections. (GSI with encryption)
* If not specified, defaults to "auth"
*/
props.put("javax.security.sasl.qop", qop);
/* This property can be used to pass a specific
* set of credentials for the GSI SASL mechanism
* to use. It must be a GSSCredential object.
* If not set, the defaut credential will be
* used.
*/
// env.put(GSIMechanism.SECURITY_CREDENTIALS, cred);
try {
if (debug) {
// to enable debugging
ld.setProperty("debug", "true");
ld.setProperty(LDAPConnection.TRACE_PROPERTY, System.out);
}
ld.setOption(LDAPv2.PROTOCOL_VERSION, new Integer(version));
ld.connect(host, port);
/* Authenticate to the server over SASL.
* Use GSIMechanism.NAME for the GSI SASL mechanism.
*/
ld.authenticate(binddn, new String[] {GSIMechanism.NAME}, props, null);
LDAPSearchResults myResults = null;
myResults = ld.search(baseDN, LDAPv2.SCOPE_ONE, filter, null, false);
while (myResults.hasMoreElements()) {
LDAPEntry myEntry = myResults.next();
String nextDN = myEntry.getDN();
System.out.println(nextDN + ":");
LDAPAttributeSet entryAttrs = myEntry.getAttributeSet();
System.out.println(entryAttrs);
System.out.println();
}
} catch (Exception e) {
System.err.println("NetscapeTest failed: " + e.getMessage());
e.printStackTrace();
} finally {
try {
ld.disconnect();
} catch (Exception ee) {
}
}
}