Work with users defined in LDAP posixGroups.

Add a configuration key LDAP_DN_ATTRIBUTE
2014-10-07 13:18:41 +02:00 · 2014-10-07 13:18:41 +02:00 · 1e5c5675a7
parent 2d60bfe26b
commit 1e5c5675a7
3 changed files with 30 additions and 10 deletions
--- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
+++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
@ -97,6 +97,8 @@ public class DefaultLdapRoleMapper

    private boolean useDefaultRoleName = false;

+    private String dnAttr = "dn";
+
    /**
     * possible to user cn=beer or uid=beer or sn=beer etc
     * so make it configurable
@ -123,6 +125,8 @@ public class DefaultLdapRoleMapper
        this.userIdAttribute = userConf.getString( UserConfigurationKeys.LDAP_USER_ID_ATTRIBUTE, this.userIdAttribute );

        this.ldapGroupMember = userConf.getString( UserConfigurationKeys.LDAP_GROUPS_MEMBER, this.ldapGroupMember );
+
+        this.dnAttr = userConf.getString( UserConfigurationKeys.LDAP_DN_ATTRIBUTE, this.dnAttr );
    }

    public List<String> getAllGroups( DirContext context )
@ -346,7 +350,7 @@ public class DefaultLdapRoleMapper

            searchControls.setDerefLinkFlag( true );
            searchControls.setSearchScope( SearchControls.SUBTREE_SCOPE );
-            String dn = null;
+            String groupEntry = null;
            try
            {
                //try to look the user up
@ -354,10 +358,10 @@ public class DefaultLdapRoleMapper
                if ( user instanceof LdapUser )
                {
                    LdapUser ldapUser = LdapUser.class.cast( user );
-                    Attribute dnAttribute = ldapUser.getOriginalAttributes().get( "distinguishedName" );
+                    Attribute dnAttribute = ldapUser.getOriginalAttributes().get( getLdapDnAttribute() );
                    if ( dnAttribute != null )
                    {
-                        dn = String.class.cast( dnAttribute.get() );
+                        groupEntry = String.class.cast( dnAttribute.get() );
                    }

                }
@ -370,17 +374,25 @@ public class DefaultLdapRoleMapper
            {
                log.warn( "Failed to look up user {}. Computing distinguished name manually", username, e );
            }
-            if ( dn == null )
+            if ( groupEntry == null )
            {
-                //failed to look up the user directly
+                //failed to look up the user's groupEntry directly
                StringBuilder builder = new StringBuilder();
-                builder.append( this.userIdAttribute ).append( "=" ).append( username ).append( "," ).append(
-                    getBaseDn() );
-                dn = builder.toString();
+                String posixGroup = "posixGroup";
+                if (posixGroup.equals(getLdapGroupClass()))
+                {
+                    builder.append( username );
+                }
+                else
+                {
+                    builder.append( this.userIdAttribute ).append( "=" ).append( username ).append( "," ).append(
+                        getBaseDn() );
+                }
+                groupEntry = builder.toString();
            }
            String filter =
                new StringBuilder().append( "(&" ).append( "(objectClass=" + getLdapGroupClass() + ")" ).append(
-                    "(" ).append( getLdapGroupMember() ).append( "=" ).append( dn ).append( ")" ).append(
+                    "(" ).append( getLdapGroupMember() ).append( "=" ).append( groupEntry ).append( ")" ).append(
                    ")" ).toString();

            log.debug( "filter: {}", filter );
@ -420,7 +432,7 @@ public class DefaultLdapRoleMapper
                    userGroups.add( groupName );

                }
-                else if ( allMembers.contains( dn ) )
+                else if ( allMembers.contains( groupEntry ) )
                {
                    String groupName = searchResult.getName();
                    // cn=blabla we only want bla bla
@ -500,6 +512,10 @@ public class DefaultLdapRoleMapper
        return this.ldapGroupClass;
    }

+    public String getLdapDnAttribute()
+    {
+        return this.dnAttr;
+    }

    public boolean saveRole( String roleName, DirContext context )
        throws MappingException
--- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/user/LdapUserMapper.java
+++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/user/LdapUserMapper.java
@ -78,6 +78,8 @@ public class LdapUserMapper
            userConf.getString( UserConfigurationKeys.LDAP_MAPPER_USER_ATTRIBUTE_OBJECT_CLASS, userObjectClass );
        userFilter = userConf.getConcatenatedList( UserConfigurationKeys.LDAP_MAPPER_USER_ATTRIBUTE_FILTER, userFilter );
        maxResultCount = userConf.getInt( UserConfigurationKeys.LDAP_MAX_RESULT_COUNT, maxResultCount );
+
+        distinguishedNameAttribute = userConf.getString( UserConfigurationKeys.LDAP_DN_ATTRIBUTE, distinguishedNameAttribute );
    }

    public Attributes getCreationAttributes( User user, boolean encodePasswordIfChanged )
--- a/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java
+++ b/redback-configuration/src/main/java/org/apache/archiva/redback/configuration/UserConfigurationKeys.java
@ -74,6 +74,8 @@ public interface UserConfigurationKeys

    String LDAP_AUTHENTICATION_METHOD = "ldap.config.authentication.method";

+    String LDAP_DN_ATTRIBUTE = "ldap.config.dn";
+
    String LDAP_BASEDN = "ldap.config.base.dn";

    String LDAP_BINDDN = "ldap.config.bind.dn";