From 9369376715e8de042baccdf5e0b204afe657d104 Mon Sep 17 00:00:00 2001 From: Philip Marzullo Date: Thu, 11 Apr 2019 12:03:42 -0400 Subject: [PATCH] Fixes #912: LDAP Base DN - allow specification of more than one base DN --- .../UserAuthenticationLDAP.java | 103 +++++++++++------- 1 file changed, 64 insertions(+), 39 deletions(-) diff --git a/metl-ui/src/main/java/org/jumpmind/metl/core/authentication/UserAuthenticationLDAP.java b/metl-ui/src/main/java/org/jumpmind/metl/core/authentication/UserAuthenticationLDAP.java index ca06b20e0..9d3ad7a00 100644 --- a/metl-ui/src/main/java/org/jumpmind/metl/core/authentication/UserAuthenticationLDAP.java +++ b/metl-ui/src/main/java/org/jumpmind/metl/core/authentication/UserAuthenticationLDAP.java @@ -1,6 +1,8 @@ package org.jumpmind.metl.core.authentication; +import java.util.Arrays; import java.util.Hashtable; +import java.util.List; import javax.naming.AuthenticationException; import javax.naming.CommunicationException; @@ -29,20 +31,26 @@ public AuthenticationStatus authenticate(String user, String password, Applicati String searchAtr = operationsService.findGlobalSetting(GlobalSetting.LDAP_SEARCH_ATR).getValue(); String securityPrincipal = operationsService.findGlobalSetting(GlobalSetting.LDAP_SECURITY_PRINCIPAL, GlobalSetting.LDAP_SECURITY_PRINCIPAL_DEFAULT).getValue(); - boolean result = authenticate(user, password, hostName, baseDN, searchAtr, securityPrincipal); + boolean result = doAuthenticate(user, password, hostName, baseDN, searchAtr, securityPrincipal); if (result) { return AuthenticationStatus.VALID; } else { return AuthenticationStatus.INVALID; } } - + public boolean authenticate(String user, String password, String hostName, String baseDN, String searchAtr, String securityPrincipal) { - + return doAuthenticate(user, password, hostName, baseDN, searchAtr, securityPrincipal); + } + + private boolean doAuthenticate(String user, String password, String hostName, String baseDNParameter, String searchAtr, + String securityPrincipal) { + boolean ret = false; + RuntimeException throwit = null; if (StringUtils.isEmpty(hostName)) { throw new ConsoleAuthenticationException("LDAP hostName is not configured."); - } else if (StringUtils.isEmpty(baseDN)) { + } else if (StringUtils.isEmpty(baseDNParameter)) { throw new ConsoleAuthenticationException("LDAP baseDN is not configured."); } else if (StringUtils.isEmpty(searchAtr)) { throw new ConsoleAuthenticationException("LDAP searchAtr is not configured."); @@ -50,51 +58,68 @@ public boolean authenticate(String user, String password, String hostName, Strin throw new ConsoleAuthenticationCredentialException("No Password Provided."); // This code for some reason sails through MS Active directory when no password provided. } - if (StringUtils.isEmpty(securityPrincipal)) { - securityPrincipal = String.format("%s=%s,%s", searchAtr, user, baseDN); - } else { - securityPrincipal = StringUtils.replace(securityPrincipal, "${baseDN}", baseDN); - securityPrincipal = StringUtils.replace(securityPrincipal, "${searchAttribute}", searchAtr); - securityPrincipal = StringUtils.replace(securityPrincipal, "${username}", user); - } - - try { - // Set up the environment for creating the initial context - Hashtable env = new Hashtable(); - env.put(Context.INITIAL_CONTEXT_FACTORY, - "com.sun.jndi.ldap.LdapCtxFactory"); - env.put(Context.PROVIDER_URL, hostName); - env.put(Context.SECURITY_AUTHENTICATION, "simple"); - env.put(Context.SECURITY_PRINCIPAL, securityPrincipal); - env.put(Context.SECURITY_CREDENTIALS, password); - - DirContext ctx = new InitialDirContext(env); - boolean result = ctx != null; - if (result) { - ctx.close(); + String originalSecurityPrincipal = securityPrincipal; + List baseDNList = Arrays.asList(baseDNParameter.split("\\|")); + for(String baseDN : baseDNList) { + securityPrincipal = originalSecurityPrincipal; + + if (StringUtils.isEmpty(securityPrincipal)) { + securityPrincipal = String.format("%s=%s,%s", searchAtr, user, baseDN); + } else { + securityPrincipal = StringUtils.replace(securityPrincipal, "${baseDN}", baseDN); + securityPrincipal = StringUtils.replace(securityPrincipal, "${searchAttribute}", searchAtr); + securityPrincipal = StringUtils.replace(securityPrincipal, "${username}", user); } - return result; - } catch (AuthenticationException ex) { - logException(ex, user, hostName, baseDN, searchAtr); - throw new ConsoleAuthenticationCredentialException(ex); - } catch (CommunicationException ex) { - logException(ex, user, hostName, baseDN, searchAtr); - throw new ConsoleAuthenticationConnectionException(ex); - } catch (NamingException ex) { - logException(ex, user, hostName, baseDN, searchAtr); - throw new ConsoleAuthenticationException(ex); + + try { + // Set up the environment for creating the initial context + Hashtable env = new Hashtable(); + env.put(Context.INITIAL_CONTEXT_FACTORY, + "com.sun.jndi.ldap.LdapCtxFactory"); + env.put(Context.PROVIDER_URL, hostName); + env.put(Context.SECURITY_AUTHENTICATION, "simple"); + env.put(Context.SECURITY_PRINCIPAL, securityPrincipal); + env.put(Context.SECURITY_CREDENTIALS, password); + + DirContext ctx = new InitialDirContext(env); + boolean result = ctx != null; + if (result) { + ctx.close(); + } + throwit = null; + ret = result; + if(ret == true) { + break; + } + } catch (AuthenticationException ex) { + logException(ex, user, hostName, baseDN, searchAtr, securityPrincipal); + throwit = new ConsoleAuthenticationCredentialException(ex); + // throw new ConsoleAuthenticationCredentialException(ex); + } catch (CommunicationException ex) { + logException(ex, user, hostName, baseDN, searchAtr, securityPrincipal); + throwit = new ConsoleAuthenticationConnectionException(ex); + // throw new ConsoleAuthenticationConnectionException(ex); + } catch (NamingException ex) { + logException(ex, user, hostName, baseDN, searchAtr, securityPrincipal); + throwit = new ConsoleAuthenticationException(ex); + // throw new ConsoleAuthenticationException(ex); + } + } + if(throwit != null) { + throw throwit; } + return ret; } public boolean authenticate(String user, String password, String hostName, String baseDN, String searchAtr) throws ConsoleAuthenticationException { - return authenticate(user, password, hostName, baseDN, searchAtr, null); + return doAuthenticate(user, password, hostName, baseDN, searchAtr, null); } protected void logException(Exception ex, String user, String hostName, String baseDN, - String searchAtr) { - logger.warn("LDAP AuthenticationException (hostname= '" + hostName + "',searchAtr= '" + + String searchAtr, String securityPrincipal) { + logger.warn("LDAP AuthenticationException (securityPrincipal= '\" + securityPrincipal + \"', hostname= '" + hostName + "',searchAtr= '" + searchAtr + "', baseDN='" + baseDN + "', user='" + user + "')", ex); }