@Override
public void init() {
// Check if LDAP is enabled
if (!isLDAPEnabled()) {
log.info("LDAP login is disabled");
return;
}
// Create LDAP Security Group if not existing. Used to identify users that
// have to be synced with LDAP
SecurityGroup ldapGroup =
securityManager.findSecurityGroupByName(LDAPConstants.SECURITY_GROUP_LDAP);
if (ldapGroup == null) {
ldapGroup =
securityManager.createAndPersistNamedSecurityGroup(LDAPConstants.SECURITY_GROUP_LDAP);
}
// check for valid configuration
if (!checkConfigParameterIsNotEmpty(ldapUrl)) {
return;
}
if (!checkConfigParameterIsNotEmpty(systemDN)) {
return;
}
if (!checkConfigParameterIsNotEmpty(systemPW)) {
return;
}
if (ldapBases == null || ldapBases.size() == 0) {
log.error(
"Missing configuration 'ldapBases'. Add at least one LDAP Base to the this configuration in olatextconfig.xml first. Disabling LDAP");
setEnableLDAPLogins(false);
return;
}
if (!checkConfigParameterIsNotEmpty(ldapUserObjectClass)) {
return;
}
if (!checkConfigParameterIsNotEmpty(ldapUserCreatedTimestampAttribute)) {
return;
}
if (!checkConfigParameterIsNotEmpty(ldapUserLastModifiedTimestampAttribute)) {
return;
}
if (userAttrMap == null || userAttrMap.size() == 0) {
log.error(
"Missing configuration 'userAttrMap'. Add at least the email propery to the this configuration in olatextconfig.xml first. Disabling LDAP");
setEnableLDAPLogins(false);
return;
}
if (reqAttr == null || reqAttr.size() == 0) {
log.error(
"Missing configuration 'reqAttr'. Add at least the email propery to the this configuration in olatextconfig.xml first. Disabling LDAP");
setEnableLDAPLogins(false);
return;
}
// check if OLAT user properties is defined in olat_userconfig.xml, if not disable the LDAP
// module
if (!checkIfOlatPropertiesExists(userAttrMap)) {
log.error("Invalid LDAP OLAT properties mapping configuration (userAttrMap). Disabling LDAP");
setEnableLDAPLogins(false);
return;
}
if (!checkIfOlatPropertiesExists(reqAttr)) {
log.error("Invalid LDAP OLAT properties mapping configuration (reqAttr). Disabling LDAP");
setEnableLDAPLogins(false);
return;
}
if (syncOnlyOnCreateProperties != null
&& !checkIfStaticOlatPropertiesExists(syncOnlyOnCreateProperties)) {
log.error("Invalid LDAP OLAT syncOnlyOnCreateProperties configuration. Disabling LDAP");
setEnableLDAPLogins(false);
return;
}
if (staticUserProperties != null
&& !checkIfStaticOlatPropertiesExists(staticUserProperties.keySet())) {
log.error(
"Invalid static OLAT properties configuration (staticUserProperties). Disabling LDAP");
setEnableLDAPLogins(false);
return;
}
// check SSL certifications, throws Startup Exception if certificate is not found
if (isSslEnabled()) {
if (!checkServerCertValidity(0)) {
throw new StartupException(
"LDAP enabled but no valid server certificate found. Please fix!");
}
if (!checkServerCertValidity(30)) {
log.warn("Server Certificate will expire in less than 30 days.");
}
}
// Check ldap connection
if (ldapManager.bindSystem() == null) {
// don't disable ldap, maybe just a temporary problem, but still report
// problem in logfile
log.warn(
"LDAP connection test failed during module initialization, edit config or contact network administrator");
}
// OK, everything finished checkes passed
log.info("LDAP login is enabled");
/*
*
*/
// Sync LDAP Users on Startup
if (isLdapSyncOnStartup()) {
initStartSyncJob();
} else {
log.info("LDAP start sync is disabled");
}
// Start LDAP cron sync job
if (isLdapSyncCronSync()) {
initCronSyncJob();
} else {
log.info("LDAP cron sync is disabled");
}
// OK, everything finished checkes passed
log.info("LDAP login is enabled");
}
