Пример #1
0
  public Vector<LDAPUser> getUserListLDAP() throws LDAPException {

    LDAPConnection connection = connectionPool.getConnection();

    /*patron para la busqueda de todos los usuarios*/
    String attb = "(" + atributoRol + "=" + rol + ")";

    /*buequeda de todos los usuarios que cumplan el patron*/
    LDAPSearchResults results = connection.search(base, LDAPv3.SCOPE_SUB, attb, null, false);

    LDAPAttribute ldapAttribute = null;
    LDAPUser usuario = null;
    LDAPEntry ldapEntry = null;

    Vector<LDAPUser> listUsers = new Vector<LDAPUser>();

    /*guardamos los usuarios en un array de usuarios con la información que nos interesa*/
    while (results.hasMoreElements()) {
      usuario = new LDAPUser();
      usuario = inicilizaUsuario(usuario);
      ldapEntry = (LDAPEntry) results.next();
      ldapAttribute = ldapEntry.getAttribute("uid");
      usuario.setName(ldapAttribute.getStringValues().nextElement().toString().toUpperCase());
      ldapAttribute = ldapEntry.getAttribute("cn");
      usuario.setNombreCompleto(ldapAttribute.getStringValues().nextElement().toString());
      ldapAttribute = ldapEntry.getAttribute("sn");
      usuario.setNombre(ldapAttribute.getStringValues().nextElement().toString());
      ldapAttribute = ldapEntry.getAttribute("mail");
      if (ldapAttribute != null) {
        usuario.setMail(ldapAttribute.getStringValues().nextElement().toString());
      }

      listUsers.add(usuario);
    }

    connectionPool.close(connection);

    return listUsers;
  }
Пример #2
0
  /**
   * Devuleve si un usuario dado con su password se autentica correctamente y posee el rol de la
   * aplicacion correspondiente
   *
   * @param user, usuario para validar
   * @param password, del usuario
   * @return true/false si se autentica correctamente o no
   * @throws LDAPException
   */
  public boolean isValidUser(String user, String password) throws LDAPException {

    LDAPConnection connection = connectionPool.getConnection();

    String attributeName = "uid";
    String filter = "uid=" + user + "," + base;

    /* Se realiza la autenticacion del usuario con la password*/
    connection.authenticate(filter, password);

    /* si es correcta se obtienen los atributos del usuario*/
    LDAPSearchResults results =
        connection.search(
            base, LDAPv3.SCOPE_SUB, "(" + attributeName + "=" + user + ")", null, false);

    /* Se obtienen los valores para el atributo rol*/
    LDAPAttribute ldapAttribute = null;
    LDAPEntry ldapEntry = null;
    while (results.hasMoreElements()) {
      ldapEntry = (LDAPEntry) results.next();
      ldapAttribute = ldapEntry.getAttribute(atributoRol);
    }
    // ahora no vendrian en lista separadas por coma si no la lista
    String[] lista = ldapAttribute.getStringValueArray();

    /* se cierra la conexion*/
    connectionPool.close(connection);

    /* si comprueba si pertenece al rol correspondiente para la aplicacion*/
    boolean resultado = perteneceGrupo(lista, rol);

    if (resultado) {
      logger.info("Autenticacion Ldap correcta");
    } else {
      logger.info("Error de autenticación contra ldap");
    }
    return resultado;
  }
Пример #3
0
  private synchronized boolean getEntries() {

    CMS.debug("DBVirtualList.getEntries()");

    // Specify necessary controls for vlist
    // LDAPSearchConstraints cons = mConn.getSearchConstraints();
    LDAPSearchConstraints cons = new LDAPSearchConstraints();

    cons.setMaxResults(0);
    if (mPageControls != null) {
      cons.setServerControls(mPageControls);
      // System.out.println( "setting vlist control" );
    }
    // Empty the buffer
    mEntries.removeAllElements();
    // Do a search
    try {
      // what happen if there is no matching?
      String ldapFilter = mRegistry.getFilter(mFilter);
      String ldapAttrs[] = null;
      LDAPSearchResults result;

      if (mAttrs != null) {
        ldapAttrs = mRegistry.getLDAPAttributes(mAttrs);

        /*
        LDAPv2.SCOPE_BASE:
        (search only the base DN)
        LDAPv2.SCOPE_ONE:
        (search only entries under the base DN)
        LDAPv2.SCOPE_SUB:
        (search the base DN and all entries within its subtree)
        */
        result = mConn.search(mBase, LDAPConnection.SCOPE_ONE, ldapFilter, ldapAttrs, false, cons);

      } else {
        result = mConn.search(mBase, LDAPConnection.SCOPE_ONE, ldapFilter, null, false, cons);
      }
      if (result == null) {
        return false;
      }
      int damageCounter = 0;

      while (result.hasMoreElements()) {
        LDAPEntry entry = (LDAPEntry) result.nextElement();

        try {
          // maintain mEntries as vector of LDAPEntry
          @SuppressWarnings("unchecked")
          E o = (E) mRegistry.createObject(entry.getAttributeSet());

          mEntries.addElement(o);
        } catch (Exception e) {

          CMS.debug("Exception " + e);

          /*LogDoc
           *
           * @phase local ldap search
           * @reason Failed to get enties.
           * @message DBVirtualList: <exception thrown>
           */
          mLogger.log(
              ILogger.EV_SYSTEM,
              ILogger.S_DB,
              ILogger.LL_FAILURE,
              CMS.getLogMessage("CMSCORE_DBS_VL_ADD", e.toString()));
          // #539044
          damageCounter++;
          if (damageCounter > 100) {
            mLogger.log(
                ILogger.EV_SYSTEM,
                ILogger.S_DB,
                ILogger.LL_FAILURE,
                CMS.getLogMessage(
                    "CMSCORE_DBS_VL_CORRUPTED_ENTRIES", Integer.toString(damageCounter)));
            return false;
          }
        }
      }
    } catch (Exception e) {

      /*LogDoc
       *
       * @phase local ldap search
       * @reason Failed to get enties.
       * @message DBVirtualList: <exception thrown>
       */
      CMS.debug("getEntries: exception " + e);

      mLogger.log(
          ILogger.EV_SYSTEM,
          ILogger.S_DB,
          ILogger.LL_FAILURE,
          CMS.getLogMessage("OPERATION_ERROR", e.toString()));
    }
    // System.out.println( "Returning " + mEntries.size() +
    //       " entries" );

    CMS.debug("DBVirtualList: entries: " + mEntries.size());

    return true;
  }
Пример #4
0
  public static void main(String[] args) {

    String host = null;
    String binddn = null;
    String baseDN = "mds-vo-name=local, o=grid";
    String filter = "(objectclass=*)";
    String qop = "auth-conf, auth";
    boolean debug = false;
    int port = 389;
    int version = 3;

    for (int i = 0; i < args.length; i++) {
      if (args[i].equals("-h")) {
        host = args[++i];
      } else if (args[i].equals("-p")) {
        port = Integer.parseInt(args[++i]);
      } else if (args[i].equals("-ver")) {
        version = Integer.parseInt(args[++i]);
      } else if (args[i].equals("-d")) {
        debug = true;
      } else if (args[i].equals("-D")) {
        binddn = args[++i];
      } else if (args[i].equals("-b")) {
        baseDN = args[++i];
      } else if (args[i].equals("-qop")) {
        qop = args[++i];
      } else if (args[i].equalsIgnoreCase("-usage") || args[i].equalsIgnoreCase("-help")) {
        System.err.println("Usage: NetscapeTest -h [host] -p [port] -D [binddn] [-d] -b [baseDN]");
        System.err.println("\tExample: NetscapeTest -h mds.globus.org -p 389 -r o=globus,c=us");
        System.exit(1);
      } else {
        System.err.println("Invalid argument: " + args[i]);
        System.exit(1);
      }
    }

    if (host == null) {
      System.err.println("Error: hostname not specified!");
      System.exit(1);
    }

    LDAPConnection ld = null;
    ld = new LDAPConnection();

    Hashtable props = new Hashtable();

    /* This property specifies where the implementation of
     * the GSI SASL mechanism for Netscape Directory SDK
     * can be found.
     */
    props.put("javax.security.sasl.client.pkgs", "org.globus.mds.gsi.netscape");

    /* This property specifies the quality of protection
     * value. It can be a comma separated list of protection
     * values in preference order. There are three possible
     * qop values:
     *  "auth"      - authentication only,
     *  "auth-int"  - authentication with integrity protection
     *                (GSI without encryption)
     *  "auth-conf" - authentication with integrity and privacy
     *                protections. (GSI with encryption)
     * If not specified, defaults to "auth"
     */
    props.put("javax.security.sasl.qop", qop);

    /* This property can be used to pass a specific
     * set of credentials for the GSI SASL mechanism
     * to use. It must be a GSSCredential object.
     * If not set, the defaut credential will be
     * used.
     */
    // env.put(GSIMechanism.SECURITY_CREDENTIALS, cred);

    try {
      if (debug) {
        // to enable debugging
        ld.setProperty("debug", "true");
        ld.setProperty(LDAPConnection.TRACE_PROPERTY, System.out);
      }

      ld.setOption(LDAPv2.PROTOCOL_VERSION, new Integer(version));

      ld.connect(host, port);

      /* Authenticate to the server over SASL.
       * Use GSIMechanism.NAME for the GSI SASL mechanism.
       */
      ld.authenticate(binddn, new String[] {GSIMechanism.NAME}, props, null);

      LDAPSearchResults myResults = null;
      myResults = ld.search(baseDN, LDAPv2.SCOPE_ONE, filter, null, false);

      while (myResults.hasMoreElements()) {
        LDAPEntry myEntry = myResults.next();
        String nextDN = myEntry.getDN();
        System.out.println(nextDN + ":");
        LDAPAttributeSet entryAttrs = myEntry.getAttributeSet();
        System.out.println(entryAttrs);
        System.out.println();
      }

    } catch (Exception e) {
      System.err.println("NetscapeTest failed: " + e.getMessage());
      e.printStackTrace();
    } finally {
      try {
        ld.disconnect();
      } catch (Exception ee) {
      }
    }
  }