Repository: karaf Updated Branches: refs/heads/karaf-3.0.x c31edca04 -> dca779192
[KARAF-3105] Introduce the fqdn pattern in the LDAPLoginModule and update the documentation with the available patterns Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/3675cf32 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/3675cf32 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/3675cf32 Branch: refs/heads/karaf-3.0.x Commit: 3675cf324d60deef7e33b32e6a4f2a16b07828d6 Parents: c31edca Author: Jean-Baptiste Onofré <[email protected]> Authored: Sat Jul 12 14:13:48 2014 +0200 Committer: Jean-Baptiste Onofré <[email protected]> Committed: Sat Jul 12 14:20:32 2014 +0200 ---------------------------------------------------------------------- .../org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java | 4 +++- .../src/main/webapp/developers-guide/security-framework.conf | 7 +++++++ manual/src/main/webapp/users-guide/security.conf | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/3675cf32/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java index 0ddc83f..2c587a8 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java @@ -191,6 +191,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule { } logger.debug("Get the user DN."); String userDN; + String userDNNamespace; DirContext context = null; try { logger.debug("Initialize the JNDI LDAP Dir Context."); @@ -224,7 +225,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule { // // the second escapes the slashes correctly. userDN = result.getNameInNamespace().replace("," + userBaseDN, ""); - + userDNNamespace = (String) result.getNameInNamespace(); namingEnumeration.close(); } catch (Exception e) { throw new LoginException("Can't connect to the LDAP server: " + e.getMessage()); @@ -288,6 +289,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule { roleFilter = roleFilter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); roleFilter = roleFilter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDN)); roleFilter = roleFilter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDN + "," + userBaseDN)); + roleFilter = roleFilter.replaceAll(Pattern.quote("%nsdn"), Matcher.quoteReplacement(userDNNamespace)); roleFilter = roleFilter.replace("\\", "\\\\"); logger.debug(" filter: " + roleFilter); NamingEnumeration namingEnumeration = context.search(roleBaseDN, roleFilter, controls); http://git-wip-us.apache.org/repos/asf/karaf/blob/3675cf32/manual/src/main/webapp/developers-guide/security-framework.conf ---------------------------------------------------------------------- diff --git a/manual/src/main/webapp/developers-guide/security-framework.conf b/manual/src/main/webapp/developers-guide/security-framework.conf index 8283cbd..dee5b81 100644 --- a/manual/src/main/webapp/developers-guide/security-framework.conf +++ b/manual/src/main/webapp/developers-guide/security-framework.conf @@ -266,6 +266,13 @@ If you wish to use an SSL connection, the following configuration can be used as keystorePassword="secret" /> {pygmentize} +The LDAPLoginModule supports the following patterns that you can use in the filter (user and role filters): + +* {{%u}} is replaced by the user +* {{%dn}} is replaced by the user DN +* {{%fqdn}} is replaced by the user full qualified DN ({{userDN,userBaseDN}}). +* {{%nsdn}} is replaced by the userDNNamespace (interesting especially for ActiveDirectory). + h2. Encryption service The [EncryptionService|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java] is a service registered in the OSGi registry providing means to encrypt and check encrypted passwords. This service acts as a factory for [Encryption|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/Encryption.java] objects actually performing the encryption. http://git-wip-us.apache.org/repos/asf/karaf/blob/3675cf32/manual/src/main/webapp/users-guide/security.conf ---------------------------------------------------------------------- diff --git a/manual/src/main/webapp/users-guide/security.conf b/manual/src/main/webapp/users-guide/security.conf index ad0df97..8a4ee6c 100644 --- a/manual/src/main/webapp/users-guide/security.conf +++ b/manual/src/main/webapp/users-guide/security.conf @@ -39,7 +39,7 @@ This realm has two login modules: * the {{PublickeyLoginModule}} is especially used by the SSHd. It uses the {{etc/keys.properties}} file. This file contains the users and a public key associated to each user. -Apache Karaf provides additional login modules (see later): +Apache Karaf provides additional login modules (see the developer guide for details): * JDBCLoginModule uses a database as backend * LDAPLoginModule uses a LDAP server as backend
