AMQ-4685: Improved LDAPLoginModule to support ldap alias when result is absolute. Thanks to Igor Podolskiy for patch.

This commit is contained in:
Claus Ibsen 2013-11-02 14:51:09 +01:00
parent 70e2b998d2
commit 20747eedca
2 changed files with 40 additions and 7 deletions

View File

@ -17,6 +17,8 @@
package org.apache.activemq.jaas;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.*;
@ -225,13 +227,43 @@ public class LDAPLoginModule implements LoginModule {
if (results.hasMore()) {
// ignore for now
}
NameParser parser = context.getNameParser("");
Name contextName = parser.parse(context.getNameInNamespace());
Name baseName = parser.parse(getLDAPPropertyValue(USER_BASE));
Name entryName = parser.parse(result.getName());
Name name = contextName.addAll(baseName);
name = name.addAll(entryName);
String dn = name.toString();
String dn;
if (result.isRelative()) {
log.debug("LDAP returned a relative name: {}", result.getName());
NameParser parser = context.getNameParser("");
Name contextName = parser.parse(context.getNameInNamespace());
Name baseName = parser.parse(getLDAPPropertyValue(USER_BASE));
Name entryName = parser.parse(result.getName());
Name name = contextName.addAll(baseName);
name = name.addAll(entryName);
dn = name.toString();
} else {
log.debug("LDAP returned an absolute name: {}", result.getName());
try {
URI uri = new URI(result.getName());
String path = uri.getPath();
if (path.startsWith("/")) {
dn = path.substring(1);
} else {
dn = path;
}
} catch (URISyntaxException e) {
if (context != null) {
close(context);
}
FailedLoginException ex = new FailedLoginException("Error parsing absolute name as URI.");
ex.initCause(e);
throw ex;
}
}
if (log.isDebugEnabled()) {
log.debug("Using DN [" + dn + "] for binding.");
}
Attributes attrs = result.getAttributes();
if (attrs == null) {

View File

@ -21,6 +21,7 @@
log4j.rootLogger=INFO, out, stdout
log4j.logger.org.apache.activemq=INFO
#log4j.logger.org.apache.activemq.jaas.LDAPLoginModule=DEBUG
# CONSOLE appender not used by default
log4j.appender.stdout=org.apache.log4j.ConsoleAppender