From 021000e4d8bf38384a75251a438fc03d627dcb53 Mon Sep 17 00:00:00 2001 From: jaymode Date: Mon, 23 Feb 2015 14:09:54 -0500 Subject: [PATCH] [ldap] move bind user settings out of the user_search settings The bind user can be used for other operations in the future, so it is being moved out of the user_search settings into the top level ldap realm settings. Closes elastic/elasticsearch#729 Original commit: elastic/x-pack-elasticsearch@babc5ece0bc2ea782d1cdd963965d86c03f8c7df --- .../ldap/LdapUserSearchSessionFactory.java | 6 +-- .../shield/authc/ldap/LdapRealmTest.java | 4 +- .../LdapUserSearchSessionFactoryTests.java | 54 +++++++++---------- 3 files changed, 32 insertions(+), 32 deletions(-) diff --git a/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java b/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java index 5dd62db77a5..d48892dc03a 100644 --- a/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java +++ b/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java @@ -67,7 +67,7 @@ public class LdapUserSearchSessionFactory extends SessionFactory { String entryDn = settings.get("user_search.pool.health_check.dn", (bindRequest == null) ? null : bindRequest.getBindDN()); if (entryDn == null) { pool.close(); - throw new ShieldSettingsException("[user_search.bind_dn] has not been specified so a value must be specified for [user_search.pool.health_check.dn] or [user_search.pool.health_check.enabled] must be set to false"); + throw new ShieldSettingsException("[bind_dn] has not been specified so a value must be specified for [user_search.pool.health_check.dn] or [user_search.pool.health_check.enabled] must be set to false"); } long healthCheckInterval = settings.getAsTime("user_search.pool.health_check.interval", DEFAULT_HEALTH_CHECK_INTERVAL).millis(); // Checks the status of the LDAP connection at a specified interval in the background. We do not check on @@ -85,9 +85,9 @@ public class LdapUserSearchSessionFactory extends SessionFactory { static SimpleBindRequest bindRequest(Settings settings) { SimpleBindRequest request = null; - String bindDn = settings.get("user_search.bind_dn"); + String bindDn = settings.get("bind_dn"); if (bindDn != null) { - request = new SimpleBindRequest(bindDn, settings.get("user_search.bind_password")); + request = new SimpleBindRequest(bindDn, settings.get("bind_password")); } return request; } diff --git a/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTest.java b/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTest.java index 0b1290f8c73..6f11ccec966 100644 --- a/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTest.java +++ b/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTest.java @@ -180,8 +180,8 @@ public class LdapRealmTest extends LdapTest { Settings settings = ImmutableSettings.builder() .putArray(URLS_SETTING, ldapUrl()) .put("user_search.base_dn", "") - .put("user_search.bind_dn", "cn=Thomas Masterman Hardy,ou=people,o=sevenSeas") - .put("user_search.bind_password", PASSWORD) + .put("bind_dn", "cn=Thomas Masterman Hardy,ou=people,o=sevenSeas") + .put("bind_password", PASSWORD) .put("group_search.base_dn", groupSearchBase) .put("group_search.scope", LdapSearchScope.SUB_TREE) .put(HOSTNAME_VERIFICATION_SETTING, false) diff --git a/src/test/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactoryTests.java b/src/test/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactoryTests.java index d2b113b58ec..7dfcf0cb43c 100644 --- a/src/test/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactoryTests.java +++ b/src/test/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactoryTests.java @@ -57,8 +57,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") - .put("user_search.bind_password", "pass") + .put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") + .put("bind_password", "pass") .put("user_search.attribute", "cn") .build()); @@ -83,8 +83,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") - .put("user_search.bind_password", "pass") + .put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") + .put("bind_password", "pass") .put("user_search.scope", LdapSearchScope.BASE) .put("user_search.attribute", "cn") .build()); @@ -111,8 +111,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") - .put("user_search.bind_password", "pass") + .put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") + .put("bind_password", "pass") .put("user_search.scope", LdapSearchScope.BASE) .put("user_search.attribute", "cn") .build()); @@ -138,8 +138,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") - .put("user_search.bind_password", "pass") + .put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") + .put("bind_password", "pass") .put("user_search.scope", LdapSearchScope.ONE_LEVEL) .put("user_search.attribute", "cn") .build()); @@ -166,8 +166,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") - .put("user_search.bind_password", "pass") + .put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") + .put("bind_password", "pass") .put("user_search.scope", LdapSearchScope.ONE_LEVEL) .put("user_search.attribute", "cn") .build()); @@ -193,8 +193,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") - .put("user_search.bind_password", "pass") + .put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") + .put("bind_password", "pass") .put("user_search.attribute", "uid1") .build()); @@ -220,8 +220,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") - .put("user_search.bind_password", "pass") + .put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") + .put("bind_password", "pass") .build()); LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, null); @@ -244,8 +244,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { Settings settings = settingsBuilder() .put(LdapTest.buildLdapSettings(ActiveDirectorySessionFactoryTests.AD_LDAP_URL, Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "ironman@ad.test.elasticsearch.com") - .put("user_search.bind_password", ActiveDirectorySessionFactoryTests.PASSWORD) + .put("bind_dn", "ironman@ad.test.elasticsearch.com") + .put("bind_password", ActiveDirectorySessionFactoryTests.PASSWORD) .put("user_search.attribute", "cn") .build(); RealmConfig config = new RealmConfig("ad-as-ldap-test", settings); @@ -272,8 +272,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("oldap-test", settingsBuilder() .put(LdapTest.buildLdapSettings(OpenLdapTests.OPEN_LDAP_URL, Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.ONE_LEVEL)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "uid=blackwidow,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com") - .put("user_search.bind_password", OpenLdapTests.PASSWORD) + .put("bind_dn", "uid=blackwidow,ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com") + .put("bind_password", OpenLdapTests.PASSWORD) .build()); LdapUserSearchSessionFactory sessionFactory = new LdapUserSearchSessionFactory(config, clientSSLService); @@ -297,8 +297,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") - .put("user_search.bind_password", "pass") + .put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") + .put("bind_password", "pass") .build()); LDAPConnectionPool connectionPool = LdapUserSearchSessionFactory.connectionPool(config.settings(), new SingleServerSet("localhost", ldapServer.getListenPort()), TimeValue.timeValueSeconds(5)); @@ -321,8 +321,8 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") - .put("user_search.bind_password", "pass") + .put("bind_dn", "cn=Horatio Hornblower,ou=people,o=sevenSeas") + .put("bind_password", "pass") .put("user_search.pool.initial_size", 10) .put("user_search.pool.size", 12) .put("user_search.pool.health_check.enabled", false) @@ -346,27 +346,27 @@ public class LdapUserSearchSessionFactoryTests extends LdapTest { RealmConfig config = new RealmConfig("ldap_realm", settingsBuilder() .put(buildLdapSettings(ldapUrl(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put("user_search.base_dn", userSearchBase) - .put("user_search.bind_password", "pass") + .put("bind_password", "pass") .build()); try { new LdapUserSearchSessionFactory(config, null); } catch (ShieldSettingsException e) { - assertThat(e.getMessage(), containsString("[user_search.bind_dn] has not been specified so a value must be specified for [user_search.pool.health_check.dn] or [user_search.pool.health_check.enabled] must be set to false")); + assertThat(e.getMessage(), containsString("[bind_dn] has not been specified so a value must be specified for [user_search.pool.health_check.dn] or [user_search.pool.health_check.enabled] must be set to false")); } } @Test public void testEmptyBindDNReturnsNullBindRequest() { - BindRequest request = LdapUserSearchSessionFactory.bindRequest(settingsBuilder().put("user_search.bind_password", "password").build()); + BindRequest request = LdapUserSearchSessionFactory.bindRequest(settingsBuilder().put("bind_password", "password").build()); assertThat(request, is(nullValue())); } @Test public void testThatBindRequestReturnsSimpleBindRequest() { BindRequest request = LdapUserSearchSessionFactory.bindRequest(settingsBuilder() - .put("user_search.bind_password", "password") - .put("user_search.bind_dn", "cn=ironman") + .put("bind_password", "password") + .put("bind_dn", "cn=ironman") .build()); assertEquals(request.getClass(), SimpleBindRequest.class); SimpleBindRequest simpleBindRequest = (SimpleBindRequest) request;