Improvements to LDAP provider compatibility with Samba, as per contribution by Robert Sanders.
This commit is contained in:
Ben Alex
parent
0b296e7cf0
commit
40bf65bdf8
|
|
@ -136,6 +136,9 @@
|
|||
<contributor>
|
||||
<name>Sergio Berna</name>
|
||||
</contributor>
|
||||
<contributor>
|
||||
<name>Robert Sanders</name>
|
||||
</contributor>
|
||||
</contributors>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* Copyright 2004 Acegi Technology Pty Limited
|
||||
/* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -50,9 +50,23 @@ import javax.naming.directory.SearchResult;
|
|||
/**
|
||||
* This is an example <code>PasswordAuthenticationDao</code> implementation
|
||||
* using LDAP service for user authentication.
|
||||
*
|
||||
* <p>Example use: <br/>
|
||||
* <bean id="ldapDaoImpl" class="net.sf.acegisecurity.providers.dao.ldap.LdapPasswordAuthenticationDao"> <br/>
|
||||
* <property name="host"><value>sydney.ipov.info</value></property> <br/>
|
||||
* <property name="rootContext"><value>dc=ipov,dc=info</value></property> <br/>
|
||||
* <property name="userContext"><alue>ou=Users</value></property> <br/>
|
||||
* <property name="userAttribute"><value>uid</value></property> <br/>
|
||||
* </bean> <br/>
|
||||
* ...<br/>
|
||||
* <bean id="authenticationProvider" class="net.sf.acegisecurity.providers.dao.PasswordDaoAuthenticationProvider"> <br/>
|
||||
* <property name="passwordAuthenticationDao"><ref local="ldapDaoImpl"/></property> <br/>
|
||||
* </bean> <br/>
|
||||
* </p>
|
||||
*
|
||||
* @author Karel Miarka
|
||||
* @author Daniel Miller
|
||||
* @author Robert Sanders
|
||||
*/
|
||||
public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao {
|
||||
//~ Static fields/initializers =============================================
|
||||
|
|
@ -63,7 +77,11 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|||
//~ Instance fields ========================================================
|
||||
|
||||
private String host;
|
||||
|
||||
/** The INITIAL_CONTEXT_FACTORY for use with JNDI. */
|
||||
private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
|
||||
private String rootContext;
|
||||
private String userAttribute = "CN"; // ??? is this the right code??
|
||||
private String userContext = "CN=Users";
|
||||
private String[] rolesAttributes = {"memberOf"};
|
||||
private int port = 389;
|
||||
|
|
@ -79,6 +97,33 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|||
this.host = hostname;
|
||||
}
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @return Returns the host.
|
||||
*/
|
||||
public String getHost() {
|
||||
return host;
|
||||
}
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @param initialContextFactory The initialContextFactory to set.
|
||||
*/
|
||||
public void setInitialContextFactory(String initialContextFactory) {
|
||||
this.initialContextFactory = initialContextFactory;
|
||||
}
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @return Returns the initialContextFactory.
|
||||
*/
|
||||
public String getInitialContextFactory() {
|
||||
return initialContextFactory;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the port on which is running the LDAP server. <br>Default value: 389
|
||||
*
|
||||
|
|
@ -88,6 +133,27 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|||
this.port = port;
|
||||
}
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @return Returns the port.
|
||||
*/
|
||||
public int getPort() {
|
||||
return port;
|
||||
}
|
||||
|
||||
public String getProviderURL() {
|
||||
StringBuffer providerUrl = new StringBuffer();
|
||||
providerUrl.append("ldap://");
|
||||
providerUrl.append(this.host);
|
||||
providerUrl.append(":");
|
||||
providerUrl.append(this.port);
|
||||
providerUrl.append("/");
|
||||
providerUrl.append(this.rootContext);
|
||||
|
||||
return providerUrl.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the name of user object's attribute(s) which contains the list of
|
||||
* user's role names. The role is converted to upper case and a "ROLE_"
|
||||
|
|
@ -110,6 +176,24 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|||
this.rootContext = rootContext;
|
||||
}
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @param userAttribute The userAttribute to set.
|
||||
*/
|
||||
public void setUserAttribute(String userAttribute) {
|
||||
this.userAttribute = userAttribute;
|
||||
}
|
||||
|
||||
/**
|
||||
* DOCUMENT ME!
|
||||
*
|
||||
* @return Returns the userAttribute.
|
||||
*/
|
||||
public String getUserAttribute() {
|
||||
return userAttribute;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the context in which all users reside relative to the root context. <br>
|
||||
* Defalut value: "CN=Users"
|
||||
|
|
@ -130,23 +214,14 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|||
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
||||
"com.sun.jndi.ldap.LdapCtxFactory");
|
||||
|
||||
StringBuffer providerUrl = new StringBuffer();
|
||||
providerUrl.append("ldap://");
|
||||
providerUrl.append(this.host);
|
||||
providerUrl.append(":");
|
||||
providerUrl.append(this.port);
|
||||
providerUrl.append("/");
|
||||
providerUrl.append(this.rootContext);
|
||||
|
||||
env.put(Context.PROVIDER_URL, providerUrl.toString());
|
||||
env.put(Context.PROVIDER_URL, getProviderURL());
|
||||
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
||||
env.put(Context.SECURITY_PRINCIPAL, getUserPrincipal(username));
|
||||
env.put(Context.SECURITY_CREDENTIALS, password);
|
||||
|
||||
try {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Connecting to " + providerUrl + " as "
|
||||
log.debug("Connecting to " + getProviderURL() + " as "
|
||||
+ getUserPrincipal(username));
|
||||
}
|
||||
|
||||
|
|
@ -293,17 +368,16 @@ public class LdapPasswordAuthenticationDao implements PasswordAuthenticationDao
|
|||
|
||||
/**
|
||||
* Get the <code>Context.SECURITY_PRINCIPAL</code> for the given username
|
||||
* string. This implementation returns a string composed of the following:
|
||||
* <usernamePrefix><username><usernameSufix. This function
|
||||
* may be overridden in a subclass.
|
||||
* string. This implementation returns the userBase for JNDI / LDAP
|
||||
* lookup.
|
||||
*
|
||||
* @param username DOCUMENT ME!
|
||||
*
|
||||
* @return DOCUMENT ME!
|
||||
*/
|
||||
protected String getUserPrincipal(String username) {
|
||||
StringBuffer principal = new StringBuffer();
|
||||
principal.append("CN=");
|
||||
StringBuffer principal = new StringBuffer(userAttribute);
|
||||
principal.append("=");
|
||||
principal.append(username);
|
||||
principal.append(",");
|
||||
principal.append(this.userContext);
|
||||
|
|
|
|||
Loading…
Reference in New Issue