@Test
public void testUpdateArray() throws Exception {
String sql =
"update LdapModel.People set userid = 1, vals = ('a','b') where dn = 'x'"; //$NON-NLS-1$
QueryMetadataInterface metadata = exampleLdap();
Update query = (Update) getCommand(sql, metadata);
LDAPExecutionFactory config = new LDAPExecutionFactory();
LdapContext context = Mockito.mock(LdapContext.class);
Mockito.stub(context.lookup("")).toReturn(context);
LDAPUpdateExecution lue = new LDAPUpdateExecution(query, context);
lue.execute();
ArgumentCaptor<ModificationItem[]> captor = ArgumentCaptor.forClass(ModificationItem[].class);
Mockito.verify(context)
.modifyAttributes(ArgumentCaptor.forClass(String.class).capture(), captor.capture());
ModificationItem[] modifications = captor.getValue();
assertEquals(2, modifications.length);
assertEquals("uid: 1", modifications[0].getAttribute().toString());
assertEquals("vals: a, b", modifications[1].getAttribute().toString());
}
public User importLDAPUserByScreenName(long companyId, String screenName) throws Exception {
long ldapServerId = PortalLDAPUtil.getLdapServerId(companyId, screenName, StringPool.BLANK);
SearchResult result =
(SearchResult)
PortalLDAPUtil.getUser(ldapServerId, companyId, screenName, StringPool.BLANK);
if (result == null) {
if (_log.isWarnEnabled()) {
_log.warn("No user was found in LDAP with screenName " + screenName);
}
return null;
}
LdapContext ldapContext = PortalLDAPUtil.getContext(ldapServerId, companyId);
String fullUserDN = PortalLDAPUtil.getNameInNamespace(ldapServerId, companyId, result);
Attributes attributes =
PortalLDAPUtil.getUserAttributes(ldapServerId, companyId, ldapContext, fullUserDN);
User user = importLDAPUser(ldapServerId, companyId, ldapContext, attributes, StringPool.BLANK);
ldapContext.close();
return user;
}
@Test
public void testLdapExample2() throws Exception {
System.out.println("testLdapExample2");
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attrIDs = {"cn"};
constraints.setReturningAttributes(attrIDs);
Hashtable<String, Object> options = new Hashtable<String, Object>();
options.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
options.put("java.naming.provider.url", "ldap://127.0.0.1:10389/");
options.put("java.naming.security.authentication", "simple");
options.put(Context.SECURITY_PRINCIPAL, "uid=admin,ou=system");
options.put(Context.SECURITY_CREDENTIALS, "secret");
LdapContext ctx = new InitialLdapContext(options, null);
String username = "******";
NamingEnumeration<SearchResult> answer =
ctx.search("ou=users,o=jtogaf", "uid=" + username, constraints);
assertTrue("There is att: ", answer.hasMore());
if (answer.hasMore()) {
Attributes attrs = ((SearchResult) answer.next()).getAttributes();
Attribute attr = (Attribute) attrs.get("cn");
System.out.print(attr.get(0));
}
}
public boolean authenticate(String user, String pass) {
String returnedAtts[] = {"sn", "givenName", "mail"};
String searchFilter = "(&(objectClass=user)(sAMAccountName=" + user + "))";
// Create the search controls
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
// Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapHost);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, user + "@" + domain);
env.put(Context.SECURITY_CREDENTIALS, pass);
LdapContext ctxGC = null;
try {
ctxGC = new InitialLdapContext(env, null);
// Search objects in GC using filters
NamingEnumeration answer = ctxGC.search(searchBase, searchFilter, searchCtls);
} catch (NamingException ex) {
// ex.printStackTrace();
return false;
}
return true;
}
/**
* Get the existing RequestControls from the LdapContext, call {@link #createRequestControl()} to
* get a new instance, build a new array of Controls and set it on the LdapContext.
*
* <p>The {@link Control} feature is specific for LDAP v3 and thus applies only to {@link
* LdapContext}. However, the generic DirContextProcessor mechanism used for calling <code>
* preProcess</code> and <code>postProcess</code> uses DirContext, since it also works for LDAP
* v2. This is the reason that DirContext has to be cast to a LdapContext.
*
* @param ctx an LdapContext instance.
* @throws NamingException
* @throws IllegalArgumentException if the supplied DirContext is not an LdapContext.
*/
public void preProcess(DirContext ctx) throws NamingException {
LdapContext ldapContext;
if (ctx instanceof LdapContext) {
ldapContext = (LdapContext) ctx;
} else {
throw new IllegalArgumentException(
"Request Control operations require LDAPv3 - " + "Context must be of type LdapContext");
}
Control[] requestControls = ldapContext.getRequestControls();
if (requestControls == null) {
requestControls = new Control[0];
}
Control newControl = createRequestControl();
Control[] newControls = new Control[requestControls.length + 1];
for (int i = 0; i < requestControls.length; i++) {
if (replaceSameControlEnabled && requestControls[i].getClass() == newControl.getClass()) {
log.debug("Replacing already existing control in context: " + newControl);
requestControls[i] = newControl;
ldapContext.setRequestControls(requestControls);
return;
}
newControls[i] = requestControls[i];
}
// Add the new Control at the end of the array.
newControls[newControls.length - 1] = newControl;
ldapContext.setRequestControls(newControls);
}
private ProxyLdapContext(Hashtable env) throws NamingException {
final Map<String, Object> savedEnv = new HashMap<String, Object>();
for (final String key :
Arrays.asList(
Context.SECURITY_AUTHENTICATION,
Context.SECURITY_CREDENTIALS,
Context.SECURITY_PRINCIPAL,
Context.SECURITY_PROTOCOL)) {
final Object entry = env.remove(key);
if (entry != null) {
savedEnv.put(key, entry);
}
}
delegate = new InitialLdapContext(env, null);
tls = (StartTlsResponse) delegate.extendedOperation(new StartTlsRequest());
tls.setHostnameVerifier(
new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
try {
final SSLSession negotiate = tls.negotiate();
Logger.getLogger(this.getClass().getCanonicalName())
.fine("LDAP is now using " + negotiate.getProtocol());
} catch (final IOException e) {
throw new NamingException(e.getMessage());
}
for (final Map.Entry<String, Object> savedEntry : savedEnv.entrySet()) {
delegate.addToEnvironment(savedEntry.getKey(), savedEntry.getValue());
}
}
public static void main(String[] args) {
try {
LdapContext ctx = ActiveDirectory.getConnection("lcevallosc", "Passw0rd");
System.out.println("Aqui tooyyy me longoneee");
ctx.close();
} catch (Exception e) {
// Failed to authenticate user!
e.printStackTrace();
}
}
/** contact the ldap server and attempt to authenticate */
protected boolean ldapAuthenticate(String netid, String password, Context context) {
if (!password.equals("")) {
LdapContext ctx = null;
StartTlsResponse startTLSResponse = null;
// Set up environment for creating initial context
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(javax.naming.Context.PROVIDER_URL, ldap_provider_url);
try {
if (useTLS) {
ctx = new InitialLdapContext(env, null);
// start TLS
startTLSResponse = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
startTLSResponse.negotiate();
// perform simple client authentication
ctx.addToEnvironment(javax.naming.Context.SECURITY_AUTHENTICATION, "simple");
ctx.addToEnvironment(javax.naming.Context.SECURITY_PRINCIPAL, netid);
ctx.addToEnvironment(javax.naming.Context.SECURITY_CREDENTIALS, password);
ctx.addToEnvironment(javax.naming.Context.AUTHORITATIVE, "true");
ctx.addToEnvironment(javax.naming.Context.REFERRAL, "follow");
// dummy operation to check if authentication has succeeded
ctx.getAttributes("");
} else if (!useTLS) {
// Authenticate
env.put(javax.naming.Context.SECURITY_AUTHENTICATION, "Simple");
env.put(javax.naming.Context.SECURITY_PRINCIPAL, netid);
env.put(javax.naming.Context.SECURITY_CREDENTIALS, password);
env.put(javax.naming.Context.AUTHORITATIVE, "true");
env.put(javax.naming.Context.REFERRAL, "follow");
// Try to bind
ctx = new InitialLdapContext(env, null);
}
} catch (NamingException | IOException e) {
// something went wrong (like wrong password) so return false
log.warn(LogManager.getHeader(context, "ldap_authentication", "type=failed_auth " + e));
return false;
} finally {
// Close the context when we're done
try {
if (startTLSResponse != null) {
startTLSResponse.close();
}
if (ctx != null) {
ctx.close();
}
} catch (NamingException | IOException e) {
}
}
} else {
return false;
}
return true;
}
/**
* Search for entry that matches the specific <code>DirectoryQuery</code> conditions. Results will
* be order using the values of a specific attribute
*
* @param q DirectoryQuery
* @param attribute Name of the attribute that determines the order
* @return java.util.List<DirectoryEntry>
* @exception LDAPException
*/
public List<Identity> sortedSearch(final LDAPDirectoryQuery q, final String attribute)
throws LDAPException {
TreeMap<String, Identity> results =
new TreeMap<String, Identity>(Collator.getInstance(new Locale("es")));
try {
LdapContext ctx = connection.connect();
if (ctx == null) {
throw new LDAPException("Directory service not available");
}
SearchControls ctls = new SearchControls();
if (connection.hasCountLimit()) {
ctls.setCountLimit(connection.getCountLimit());
}
ctls.setSearchScope(connection.getScope());
ctx.setRequestControls(new Control[] {new SortControl(attribute, Control.NONCRITICAL)});
String filter = getQueryString(ctx, q);
NamingEnumeration<SearchResult> answer = ctx.search(baseDN, filter, ctls);
while (answer.hasMoreElements()) {
SearchResult sr = answer.nextElement();
LDAPDirectoryEntry _e = new LDAPDirectoryEntry(sr.getNameInNamespace());
@SuppressWarnings("unchecked")
NamingEnumeration<Attribute> ne =
(NamingEnumeration<Attribute>) sr.getAttributes().getAll();
while (ne.hasMore()) {
Attribute att = ne.next();
Object[] attrs = new Object[att.size()];
@SuppressWarnings("unchecked")
NamingEnumeration<Object> nea = (NamingEnumeration<Object>) att.getAll();
for (int i = 0; nea.hasMore(); i++) {
attrs[i] = nea.next();
}
_e.setAttribute(att.getID(), attrs);
}
String _value = String.valueOf(_e.getAttribute(attribute)[0]);
while (results.containsKey(_value)) {
_value = _value.concat("0");
}
results.put(_value, _e);
}
} catch (NullPointerException e) {
_log.log(java.util.logging.Level.ALL, "sortedSearch() null pointer");
throw new LDAPException("sorted search null pointer");
} catch (NamingException e) {
_log.log(java.util.logging.Level.ALL, "sortedSearch() - " + e.getMessage());
throw new LDAPException(e.getMessage());
} catch (IOException e) {
_log.log(java.util.logging.Level.ALL, "sortedSearch() - " + e.getMessage());
throw new LDAPException(e.getMessage());
} finally {
connection.disconnect();
}
return new ArrayList<Identity>(results.values());
}
public void importFromLDAP(long ldapServerId, long companyId) throws Exception {
if (!LDAPSettingsUtil.isImportEnabled(companyId)) {
return;
}
LdapContext ldapContext = PortalLDAPUtil.getContext(ldapServerId, companyId);
if (ldapContext == null) {
return;
}
try {
Properties userMappings = LDAPSettingsUtil.getUserMappings(ldapServerId, companyId);
Properties userExpandoMappings =
LDAPSettingsUtil.getUserExpandoMappings(ldapServerId, companyId);
Properties contactMappings = LDAPSettingsUtil.getContactMappings(ldapServerId, companyId);
Properties contactExpandoMappings =
LDAPSettingsUtil.getContactExpandoMappings(ldapServerId, companyId);
Properties groupMappings = LDAPSettingsUtil.getGroupMappings(ldapServerId, companyId);
String importMethod = PrefsPropsUtil.getString(companyId, PropsKeys.LDAP_IMPORT_METHOD);
if (importMethod.equals(_IMPORT_BY_GROUP)) {
importFromLDAPByGroup(
ldapServerId,
companyId,
ldapContext,
userMappings,
userExpandoMappings,
contactMappings,
contactExpandoMappings,
groupMappings);
} else if (importMethod.equals(_IMPORT_BY_USER)) {
importFromLDAPByUser(
ldapServerId,
companyId,
ldapContext,
userMappings,
userExpandoMappings,
contactMappings,
contactExpandoMappings,
groupMappings);
}
} catch (Exception e) {
_log.error("Error importing LDAP users and groups", e);
} finally {
if (ldapContext != null) {
ldapContext.close();
}
}
}
@Override
public LdapContext getLdapContext(Object principal, Object credentials) throws NamingException {
LdapContext ctx = getSystemLdapContext();
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials);
try {
// AUTHENTICATE CREDENTIALS BY CREATING AN INITIAL LDAP CONTEXT
new InitialLdapContext(ctx.getEnvironment(), null);
} catch (AuthenticationException ex) {
throw new AuthenticationException("Access denied: " + principal);
}
return ctx;
}
/**
* Method authenticate.
*
* @param username String
* @param password String
* @return boolean * @throws Exception
*/
public boolean authenticate(String username, String password) throws Exception {
try {
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, username);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(connCtls);
} catch (AuthenticationException e) {
throw e;
} catch (NamingException e) {
throw e;
}
return true;
}
private boolean loginWithLDAP(String login, String password) {
try {
LdapContext context = null;
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
env.put(Context.SECURITY_PRINCIPAL, login);
// env.put(Context.SECURITY_PRINCIPAL, "labs\\natalia.ukhorskaya");
// env.put(Context.SECURITY_CREDENTIALS, "DeeJou5d");
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.PROVIDER_URL, "ldap://msdc.labs.intellij.net:389");
context = new InitialLdapContext(env, null);
} catch (NamingException nex) {
// nex.printStackTrace();
return false;
}
String cn;
if (login.contains("\\")) {
cn = login.substring(login.indexOf("\\"));
} else {
cn = login;
}
String query = "(&(objectclass=person)(samaccountname=" + cn + "))";
String attribute = "cn";
SearchControls ctrl = new SearchControls();
ctrl.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration enumeration = context.search("dc=labs,dc=intellij,dc=net", query, ctrl);
SearchResult result = (SearchResult) enumeration.next();
if (result != null) {
Attributes attribs = result.getAttributes();
NamingEnumeration values = attribs.get(attribute).getAll();
if (values.hasMore()) {
userName = values.next().toString();
}
return true;
}
} catch (Throwable e) {
// incorrect login or password
ErrorWriter.ERROR_WRITER.writeExceptionToExceptionAnalyzer(
e, SessionInfo.TypeOfRequest.ANALYZE_LOG.name(), login + " " + password);
}
return false;
}
private void checkPasswordUsingBind(
LdapContextFactory ldapContextFactory, String user, String pass)
throws AuthenticationException {
LdapContext ctx = null;
try {
ctx = ldapContextFactory.getLdapContext(user, pass);
ctx.getAttributes("");
} catch (javax.naming.AuthenticationException e) {
throw new AuthenticationException("User '" + user + "' cannot be authenticated.", e);
} catch (NamingException e) {
throw new AuthenticationException("User '" + user + "' cannot be authenticated.", e);
} finally {
LdapUtils.closeContext(ctx);
}
}
private List<TolvenPerson> findTolvenPerson(
LdapContext ctx,
String peopleBaseName,
String principalLdapName,
String realm,
int maxResults,
int timeLimit) {
NamingEnumeration<SearchResult> namingEnum = null;
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctls.setCountLimit(maxResults);
ctls.setTimeLimit(timeLimit);
ArrayList<TolvenPerson> searchResults = new ArrayList<TolvenPerson>(10);
try {
namingEnum = ctx.search(peopleBaseName, principalLdapName, ctls);
while (namingEnum.hasMore()) {
SearchResult rslt = namingEnum.next();
searchResults.add(new TolvenPerson(rslt));
}
} catch (GatekeeperSecurityException ex) {
throw ex;
} catch (Exception ex) {
throw new RuntimeException(
"Could not search for TolvenPerson: " + principalLdapName + " in realm: " + realm + ": ",
ex);
}
return searchResults;
}
private User getUserBasicAttributes(String username, LdapContext ctx) {
User user = null;
try {
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attrIDs = {"distinguishedName", "sn", "givenname", "mail", "telephonenumber"};
constraints.setReturningAttributes(attrIDs);
// First input parameter is search bas, it can be "CN=Users,DC=YourDomain,DC=com"
// Second Attribute can be uid=username
NamingEnumeration answer =
ctx.search("DC=YourDomain,DC=com", "sAMAccountName=" + username, constraints);
if (answer.hasMore()) {
Attributes attrs = ((SearchResult) answer.next()).getAttributes();
System.out.println("distinguishedName " + attrs.get("distinguishedName"));
System.out.println("givenname " + attrs.get("givenname"));
System.out.println("sn " + attrs.get("sn"));
System.out.println("mail " + attrs.get("mail"));
} else {
throw new Exception("Invalid User");
}
} catch (Exception ex) {
ex.printStackTrace();
}
return user;
}
// GHH 20080326 - set all batches as last batch after an exception
// is thrown calling a method on the enumeration. Per Javadoc for
// javax.naming.NamingEnumeration, enumeration is invalid after an
// exception is thrown - by setting last batch indicator we prevent
// it from being used again.
// GHH 20080326 - also added return of explanation for generic
// NamingException
public List<?> next() throws TranslatorException {
try {
if (unwrapIterator != null) {
if (unwrapIterator.hasNext()) {
return unwrapIterator.next();
}
unwrapIterator = null;
}
// The search has been executed, so process up to one batch of
// results.
List<?> result = null;
while (result == null && searchEnumeration != null && searchEnumeration.hasMore()) {
SearchResult searchResult = (SearchResult) searchEnumeration.next();
try {
result = getRow(searchResult);
} catch (InvalidNameException e) {
}
}
if (result == null && this.executionFactory.usePagination()) {
byte[] cookie = null;
Control[] controls = ldapCtx.getResponseControls();
if (controls != null) {
for (int i = 0; i < controls.length; i++) {
if (controls[i] instanceof PagedResultsResponseControl) {
PagedResultsResponseControl prrc = (PagedResultsResponseControl) controls[i];
cookie = prrc.getCookie();
}
}
}
if (cookie == null) {
return null;
}
setRequestControls(cookie);
executeSearch();
return next();
}
if (result != null) {
resultCount++;
}
return result;
} catch (SizeLimitExceededException e) {
if (resultCount != searchDetails.getCountLimit()) {
String msg = LDAPPlugin.Util.gs(LDAPPlugin.Event.TEIID12008);
TranslatorException te = new TranslatorException(e, msg);
if (executionFactory.isExceptionOnSizeLimitExceeded()) {
throw te;
}
this.executionContext.addWarning(te);
LogManager.logWarning(LogConstants.CTX_CONNECTOR, e, msg);
}
return null; // GHH 20080326 - if size limit exceeded don't try to read more results
} catch (NamingException ne) {
throw new TranslatorException(ne, LDAPPlugin.Util.gs("ldap_error")); // $NON-NLS-1$
}
}
@SuppressWarnings("rawtypes")
protected void applyRequestControls(AbstractQuery query) {
try {
List<Control> controls = new ArrayList<Control>();
String orderBy = query.getOrderBy();
if (orderBy != null) {
orderBy = orderBy.substring(0, orderBy.length() - 4);
if (UserQueryProperty.USER_ID.getName().equals(orderBy)) {
controls.add(new SortControl(ldapConfiguration.getUserIdAttribute(), Control.CRITICAL));
} else if (UserQueryProperty.EMAIL.getName().equals(orderBy)) {
controls.add(
new SortControl(ldapConfiguration.getUserEmailAttribute(), Control.CRITICAL));
} else if (UserQueryProperty.FIRST_NAME.getName().equals(orderBy)) {
controls.add(
new SortControl(ldapConfiguration.getUserFirstnameAttribute(), Control.CRITICAL));
} else if (UserQueryProperty.LAST_NAME.getName().equals(orderBy)) {
controls.add(
new SortControl(ldapConfiguration.getUserLastnameAttribute(), Control.CRITICAL));
}
}
initialContext.setRequestControls(controls.toArray(new Control[0]));
} catch (Exception e) {
throw new IdentityProviderException("Exception while setting paging settings", e);
}
}
/**
* Method finito.
*
* @throws Exception
*/
public void finito() throws Exception {
try {
if (ctx != null) ctx.close();
} catch (NamingException e) {
throw e;
}
}
protected void applyRequestControls(AbstractQuery<?, ?> query) {
try {
List<Control> controls = new ArrayList<Control>();
List<QueryOrderingProperty> orderBy = query.getOrderingProperties();
if (orderBy != null) {
for (QueryOrderingProperty orderingProperty : orderBy) {
String propertyName = orderingProperty.getQueryProperty().getName();
if (UserQueryProperty.USER_ID.getName().equals(propertyName)) {
controls.add(new SortControl(ldapConfiguration.getUserIdAttribute(), Control.CRITICAL));
} else if (UserQueryProperty.EMAIL.getName().equals(propertyName)) {
controls.add(
new SortControl(ldapConfiguration.getUserEmailAttribute(), Control.CRITICAL));
} else if (UserQueryProperty.FIRST_NAME.getName().equals(propertyName)) {
controls.add(
new SortControl(ldapConfiguration.getUserFirstnameAttribute(), Control.CRITICAL));
} else if (UserQueryProperty.LAST_NAME.getName().equals(propertyName)) {
controls.add(
new SortControl(ldapConfiguration.getUserLastnameAttribute(), Control.CRITICAL));
}
}
}
initialContext.setRequestControls(controls.toArray(new Control[0]));
} catch (Exception e) {
throw new IdentityProviderException("Exception while setting paging settings", e);
}
}
protected List<User> findUsersByGroupId(LdapUserQueryImpl query) {
String baseDn = getDnForGroup(query.getGroupId());
// compose group search filter
String groupSearchFilter = "(& " + ldapConfiguration.getGroupSearchFilter() + ")";
NamingEnumeration<SearchResult> enumeration = null;
try {
enumeration =
initialContext.search(baseDn, groupSearchFilter, ldapConfiguration.getSearchControls());
List<String> groupMemberList = new ArrayList<String>();
// first find group
while (enumeration.hasMoreElements()) {
SearchResult result = enumeration.nextElement();
Attribute memberAttribute =
result.getAttributes().get(ldapConfiguration.getGroupMemberAttribute());
if (null != memberAttribute) {
NamingEnumeration<?> allMembers = memberAttribute.getAll();
// iterate group members
while (allMembers.hasMoreElements() && groupMemberList.size() < query.getMaxResults()) {
groupMemberList.add((String) allMembers.nextElement());
}
}
}
List<User> userList = new ArrayList<User>();
String userBaseDn =
composeDn(ldapConfiguration.getUserSearchBase(), ldapConfiguration.getBaseDn());
for (String memberId : groupMemberList) {
if (ldapConfiguration.isUsePosixGroups()) {
query.userId(memberId);
}
List<User> users =
ldapConfiguration.isUsePosixGroups()
? findUsersWithoutGroupId(query, userBaseDn)
: findUsersWithoutGroupId(query, memberId);
if (users.size() > 0) {
userList.add(users.get(0));
}
}
return userList;
} catch (NamingException e) {
throw new IdentityProviderException("Could not query for users", e);
} finally {
try {
if (enumeration != null) {
enumeration.close();
}
} catch (Exception e) {
// ignore silently
}
}
}
@Override
protected AuthenticationInfo queryForAuthenticationInfo(
AuthenticationToken token, LdapContextFactory contextFactory) throws NamingException {
logger.debug(
"queryForAuthenticationInfo, principal: {}, credentials: *****", token.getPrincipal());
logger.debug("contextFactory : {}", contextFactory);
try {
if (token == null || token.getPrincipal() == null) {
logger.info("No authentication token provided, will not try to authenticate..");
return null;
}
LdapContext sysCtx = contextFactory.getSystemLdapContext();
String objClsFilter = createObjectClassFilter(objectClasses);
String userIdFilter = createAttributeFilter(userIdAttribute, token.getPrincipal().toString());
String filter = mergeFiltersAND(objClsFilter, userIdFilter);
NamingEnumeration<?> namingEnumeration =
sysCtx.search(config.getUserLdapBaseDn(), filter, getSimpleSearchControls());
while (namingEnumeration.hasMore()) {
SearchResult result = (SearchResult) namingEnumeration.next();
String dn = result.getNameInNamespace();
try {
contextFactory.getLdapContext(dn, token.getCredentials());
return new SimpleAuthenticationInfo(dn, token.getCredentials(), "StaticRealm");
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
}
return null;
}
private void close(LdapContext ctx, String realm) {
try {
if (ctx != null) {
ctx.close();
}
} catch (Exception ex) {
throw new RuntimeException("Could not close ldap context for realm: " + realm, ex);
}
}
public void close() {
if (initialContext != null) {
try {
initialContext.close();
} catch (Exception e) {
// ignore
LOG.log(Level.FINE, "exception while closing LDAP DIR CTX", e);
}
}
}
@Override
public LdapContext getSystemLdapContext() throws NamingException {
try {
InitialLdapContext ictx = new InitialLdapContext();
LdapContext ctx = (LdapContext) ictx.lookup(getLdapJndi());
/* Glassfish does not pass through these properties, even though it is aware of them?
* Without com.sun.jndi.ldap.LdapCtxFactory, authentication is NOT carried out
*/
ctx.addToEnvironment(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
ctx.addToEnvironment("java.naming.ldap.attributes.binary", "userPKCS12");
if (logger.isDebugEnabled()) {
String providerURL = (String) ctx.getEnvironment().get(Context.PROVIDER_URL);
logger.debug("LDAP providerURL=" + providerURL);
}
return ctx;
} catch (Exception ex) {
throw new RuntimeException("Failed to lookup " + getLdapJndi(), ex);
}
}
public boolean closeLdap(LdapContext ldatCtx) {
try {
logger.debug(" start close ldap context ... ");
ldatCtx.close();
logger.debug(" close ldap context success. ");
return true;
} catch (NamingException e) {
logger.error(" close ldap context failed. ", e);
return false;
}
}
public List<Group> findGroupByQueryCriteria(LdapGroupQuery query) {
ensureContextInitialized();
String groupBaseDn =
composeDn(ldapConfiguration.getGroupSearchBase(), ldapConfiguration.getBaseDn());
if (ldapConfiguration.isSortControlSupported()) {
applyRequestControls(query);
}
NamingEnumeration<SearchResult> enumeration = null;
try {
String filter = getGroupSearchFilter(query);
enumeration =
initialContext.search(groupBaseDn, filter, ldapConfiguration.getSearchControls());
// perform client-side paging
int resultCount = 0;
List<Group> groupList = new ArrayList<Group>();
while (enumeration.hasMoreElements() && groupList.size() < query.getMaxResults()) {
SearchResult result = enumeration.nextElement();
GroupEntity group = transformGroup(result);
if (isAuthorized(READ, GROUP, group.getId())) {
if (resultCount >= query.getFirstResult()) {
groupList.add(group);
}
resultCount++;
}
}
return groupList;
} catch (NamingException e) {
throw new IdentityProviderException("Could not query for users", e);
} finally {
try {
if (enumeration != null) {
enumeration.close();
}
} catch (Exception e) {
// ignore silently
}
}
}
public List<User> findUsersWithoutGroupId(LdapUserQueryImpl query, String userBaseDn) {
if (ldapConfiguration.isSortControlSupported()) {
applyRequestControls(query);
}
NamingEnumeration<SearchResult> enumeration = null;
try {
String filter = getUserSearchFilter(query);
enumeration =
initialContext.search(userBaseDn, filter, ldapConfiguration.getSearchControls());
// perform client-side paging
int resultCount = 0;
List<User> userList = new ArrayList<User>();
while (enumeration.hasMoreElements() && userList.size() < query.getMaxResults()) {
SearchResult result = enumeration.nextElement();
UserEntity user = transformUser(result);
if (isAuthenticatedUser(user) || isAuthorized(READ, USER, user.getId())) {
if (resultCount >= query.getFirstResult()) {
userList.add(user);
}
resultCount++;
}
}
return userList;
} catch (NamingException e) {
throw new IdentityProviderException("Could not query for users", e);
} finally {
try {
if (enumeration != null) {
enumeration.close();
}
} catch (Exception e) {
// ignore silently
}
}
}
// GHH 20080326 - replaced existing implementation with the same
// code as used by cancel method. First try to
// close the searchEnumeration, then the search context
// We are very conservative when closing the enumeration
// but less so when closing context, since it is safe to call close
// on contexts multiple times
@Override
public void close() {
if (searchEnumeration != null) {
try {
searchEnumeration.close();
} catch (Exception e) {
} // catch everything, because NamingEnumeration has undefined behavior if it previously hit
// an exception
}
if (ldapCtx != null) {
try {
ldapCtx.close();
} catch (NamingException ne) {
LogManager.logWarning(
LogConstants.CTX_CONNECTOR,
LDAPPlugin.Util.gs(LDAPPlugin.Event.TEIID12003, ne.getExplanation()));
}
}
}
/** Clean out state because of a failed authentication attempt */
private void cleanState() {
username = null;
if (password != null) {
Arrays.fill(password, ' ');
password = null;
}
try {
if (ctx != null) {
ctx.close();
}
} catch (NamingException e) {
// ignore
}
ctx = null;
if (clearPass) {
sharedState.remove(USERNAME_KEY);
sharedState.remove(PASSWORD_KEY);
}
}
