Fixes #912: LDAP Base DN - allow specification of more than one base DN

JumpMind · Apr 11, 2019 · 9369376 · 9369376
1 parent cae1b9d
commit 9369376
Showing 1 changed file with 64 additions and 39 deletions.
diff --git a/metl-ui/src/main/java/org/jumpmind/metl/core/authentication/UserAuthenticationLDAP.java b/metl-ui/src/main/java/org/jumpmind/metl/core/authentication/UserAuthenticationLDAP.java
@@ -1,6 +1,8 @@
 package org.jumpmind.metl.core.authentication;
 
+import java.util.Arrays;
 import java.util.Hashtable;
+import java.util.List;
 
 import javax.naming.AuthenticationException;
 import javax.naming.CommunicationException;
@@ -29,72 +31,95 @@ public AuthenticationStatus authenticate(String user, String password, Applicati
         String searchAtr = operationsService.findGlobalSetting(GlobalSetting.LDAP_SEARCH_ATR).getValue();
         String securityPrincipal = operationsService.findGlobalSetting(GlobalSetting.LDAP_SECURITY_PRINCIPAL, GlobalSetting.LDAP_SECURITY_PRINCIPAL_DEFAULT).getValue();
 
-        boolean result = authenticate(user, password, hostName, baseDN, searchAtr, securityPrincipal);
+        boolean result = doAuthenticate(user, password, hostName, baseDN, searchAtr, securityPrincipal);
         if (result) {
             return AuthenticationStatus.VALID;
         } else {
             return AuthenticationStatus.INVALID;
         }
     }
-
+    
     public boolean authenticate(String user, String password, String hostName, String baseDN, String searchAtr, 
             String securityPrincipal) {
-
+    	return doAuthenticate(user, password, hostName, baseDN, searchAtr, securityPrincipal);
+    }
+
+    private boolean doAuthenticate(String user, String password, String hostName, String baseDNParameter, String searchAtr, 
+            String securityPrincipal) {
+    	boolean ret = false;
+        RuntimeException throwit = null;
         if (StringUtils.isEmpty(hostName)) {
             throw new ConsoleAuthenticationException("LDAP hostName is not configured.");
-        } else if (StringUtils.isEmpty(baseDN)) {
+        } else if (StringUtils.isEmpty(baseDNParameter)) {
             throw new ConsoleAuthenticationException("LDAP baseDN is not configured.");
         } else if (StringUtils.isEmpty(searchAtr)) {
             throw new ConsoleAuthenticationException("LDAP searchAtr is not configured.");
         } else if (StringUtils.isEmpty(password)) {
             throw new ConsoleAuthenticationCredentialException("No Password Provided."); // This code for some reason sails through MS Active directory when no password provided.
         }
 
-        if (StringUtils.isEmpty(securityPrincipal)) {
-            securityPrincipal = String.format("%s=%s,%s", searchAtr, user, baseDN);
-        } else {
-            securityPrincipal = StringUtils.replace(securityPrincipal, "${baseDN}", baseDN);    
-            securityPrincipal = StringUtils.replace(securityPrincipal, "${searchAttribute}", searchAtr);    
-            securityPrincipal = StringUtils.replace(securityPrincipal, "${username}", user);    
-        }
-
-        try {
-            // Set up the environment for creating the initial context
-            Hashtable<String, String> env = new Hashtable<String, String>();
-            env.put(Context.INITIAL_CONTEXT_FACTORY, 
-                    "com.sun.jndi.ldap.LdapCtxFactory");
-            env.put(Context.PROVIDER_URL, hostName);
-            env.put(Context.SECURITY_AUTHENTICATION, "simple");
-            env.put(Context.SECURITY_PRINCIPAL, securityPrincipal);
-            env.put(Context.SECURITY_CREDENTIALS, password);
-
-            DirContext ctx = new InitialDirContext(env);
-            boolean result = ctx != null;
-            if (result) {
-                ctx.close();
+        String originalSecurityPrincipal = securityPrincipal;
+        List<String> baseDNList = Arrays.asList(baseDNParameter.split("\\|"));
+        for(String baseDN : baseDNList) {
+            securityPrincipal = originalSecurityPrincipal;
+
+            if (StringUtils.isEmpty(securityPrincipal)) {
+                securityPrincipal = String.format("%s=%s,%s", searchAtr, user, baseDN);
+            } else {
+                securityPrincipal = StringUtils.replace(securityPrincipal, "${baseDN}", baseDN);    
+                securityPrincipal = StringUtils.replace(securityPrincipal, "${searchAttribute}", searchAtr);    
+                securityPrincipal = StringUtils.replace(securityPrincipal, "${username}", user);    
             }
-            return result;
-        } catch (AuthenticationException ex) {
-            logException(ex, user, hostName, baseDN, searchAtr);
-            throw new ConsoleAuthenticationCredentialException(ex);
-        } catch (CommunicationException ex) {
-            logException(ex, user, hostName, baseDN, searchAtr);
-            throw new ConsoleAuthenticationConnectionException(ex);
-        } catch (NamingException ex) {
-            logException(ex, user, hostName, baseDN, searchAtr);
-            throw new ConsoleAuthenticationException(ex);
+
+	        try {
+	            // Set up the environment for creating the initial context
+	            Hashtable<String, String> env = new Hashtable<String, String>();
+	            env.put(Context.INITIAL_CONTEXT_FACTORY, 
+	                    "com.sun.jndi.ldap.LdapCtxFactory");
+	            env.put(Context.PROVIDER_URL, hostName);
+	            env.put(Context.SECURITY_AUTHENTICATION, "simple");
+	            env.put(Context.SECURITY_PRINCIPAL, securityPrincipal);
+	            env.put(Context.SECURITY_CREDENTIALS, password);
+
+	            DirContext ctx = new InitialDirContext(env);
+	            boolean result = ctx != null;
+	            if (result) {
+	                ctx.close();
+	            }
+	            throwit = null;
+                ret = result;
+                if(ret == true) {
+                    break;
+                }
+	        } catch (AuthenticationException ex) {
+	            logException(ex, user, hostName, baseDN, searchAtr, securityPrincipal);
+	            throwit = new ConsoleAuthenticationCredentialException(ex);
+	            // throw new ConsoleAuthenticationCredentialException(ex);
+	        } catch (CommunicationException ex) {
+	            logException(ex, user, hostName, baseDN, searchAtr, securityPrincipal);
+	            throwit = new ConsoleAuthenticationConnectionException(ex);
+	            // throw new ConsoleAuthenticationConnectionException(ex);
+	        } catch (NamingException ex) {
+	            logException(ex, user, hostName, baseDN, searchAtr, securityPrincipal);
+	            throwit = new ConsoleAuthenticationException(ex);
+	            // throw new ConsoleAuthenticationException(ex);
+	        }
+        }
+        if(throwit != null) {
+            throw throwit;
         }
+        return ret;
     }
 
     public boolean authenticate(String user, String password, String hostName, String baseDN, 
             String searchAtr) throws ConsoleAuthenticationException {
 
-        return authenticate(user, password, hostName, baseDN, searchAtr, null);
+        return doAuthenticate(user, password, hostName, baseDN, searchAtr, null);
     }
 
     protected void logException(Exception ex, String user, String hostName, String baseDN, 
-            String searchAtr) {
-            logger.warn("LDAP AuthenticationException (hostname= '" + hostName + "',searchAtr= '" + 
+            String searchAtr, String securityPrincipal) {
+            logger.warn("LDAP AuthenticationException (securityPrincipal= '\" + securityPrincipal + \"', hostname= '" + hostName + "',searchAtr= '" + 
                     searchAtr + "', baseDN='" + baseDN + "', user='" + user + "')", ex);            
     }