ActiveDirectoryAuthority.java

kwright Sat, 13 Aug 2016 14:48:45 -0700

Author: kwright
Date: Sat Aug 13 21:48:09 2016
New Revision: 1756296

URL: http://svn.apache.org/viewvc?rev=1756296&view=rev
Log:
Fix for CONNECTORS-1333.


Modified:
    
manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java

Modified: 
manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
URL: 
http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java?rev=1756296&r1=1756295&r2=1756296&view=diff
==============================================================================
--- 
manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
 (original)
+++ 
manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
 Sat Aug 13 21:48:09 2016
@@ -324,6 +324,7 @@ public class ActiveDirectoryAuthority ex
     if (domainController == null)
     {
       // No domain controller found for the user, so return "user not found".
+      Logging.authorityConnectors.info("User not found: " + userName);
       return RESPONSE_USERNOTFOUND;
     }
     
@@ -332,6 +333,7 @@ public class ActiveDirectoryAuthority ex
     if (dcParams == null)
     {
       // No domain controller, even though it's mentioned in a rule
+      Logging.authorityConnectors.info("User not found: " + userName);
       return RESPONSE_USERNOTFOUND;
     }
     
@@ -366,8 +368,10 @@ public class ActiveDirectoryAuthority ex
     
       //Get DistinguishedName (for this method we are using DomainPart as a 
searchBase ie: DC=qa-ad-76,DC=metacarta,DC=com")
       String searchBase = getDistinguishedName(ctx, userPart, 
domainsb.toString(), userACLsUsername);
-      if (searchBase == null)
+      if (searchBase == null) {
+        Logging.authorityConnectors.info("User not found: " + userName);
         return RESPONSE_USERNOTFOUND;
+      }
 
       //specify the LDAP search filter
       String searchFilter = "(objectClass=user)";
@@ -411,15 +415,18 @@ public class ActiveDirectoryAuthority ex
           }     
           catch (NamingException e)
           {
+            Logging.authorityConnectors.error("Naming exception: " + 
e.getMessage(), e);
             throw new ManifoldCFException(e.getMessage(),e);
           }
                                
         }
       }
 
-      if (theGroups.size() == 0)
+      if (theGroups.size() == 0) {
+        Logging.authorityConnectors.info("User not found: " + userName);
         return RESPONSE_USERNOTFOUND;
-      
+      }
+
       // All users get certain well-known groups
       theGroups.add("S-1-1-0");
 
@@ -437,11 +444,13 @@ public class ActiveDirectoryAuthority ex
     catch (NameNotFoundException e)
     {
       // This means that the user doesn't exist
+      Logging.authorityConnectors.error("User not found: " + userName + " 
Exception: " + e.getMessage(), e);
       return RESPONSE_USERNOTFOUND;
     }
     catch (NamingException e)
     {
       // Unreachable
+      Logging.authorityConnectors.error("Response Unreachable: " + 
e.getMessage(), e);
       return RESPONSE_UNREACHABLE;
     }
   }
@@ -710,6 +719,7 @@ public class ActiveDirectoryAuthority ex
       }
       catch (NumberFormatException e)
       {
+        Logging.authorityConnectors.error("Cache lifetime or Cache LRU size 
must be an integer: " + e.getMessage(), e);
         throw new ManifoldCFException("Cache lifetime or Cache LRU size must 
be an integer: "+e.getMessage(),e);
       }
       hasSessionParameters = true;
@@ -752,6 +762,7 @@ public class ActiveDirectoryAuthority ex
     }
     catch (NamingException e)
     {
+      Logging.authorityConnectors.error("Naming exception: " + e.getMessage(), 
e);
       throw new ManifoldCFException(e.getMessage(),e);
     }
   }
@@ -851,6 +862,7 @@ public class ActiveDirectoryAuthority ex
           // Now, try the connection...
           try
           {
+            Logging.authorityConnectors.info("LDAP Context environment 
properties: " + printLdapContextEnvironment(env));
             ctx = new InitialLdapContext(env,null);
             // If successful, break
             break;
@@ -858,15 +870,18 @@ public class ActiveDirectoryAuthority ex
           catch (AuthenticationException e)
           {
             // This means we couldn't authenticate!
+            Logging.authorityConnectors.error("Authentication problem 
authenticating admin user '"+userName+"': "+e.getMessage(),e);
             throw new ManifoldCFException("Authentication problem 
authenticating admin user '"+userName+"': "+e.getMessage(),e);
           }
           catch (CommunicationException e)
           {
             // This means we couldn't connect, most likely
+            Logging.authorityConnectors.error("Couldn't communicate with 
domain controller '"+domainControllerName+"': "+e.getMessage(),e);
             throw new ManifoldCFException("Couldn't communicate with domain 
controller '"+domainControllerName+"': "+e.getMessage(),e);
           }
           catch (NamingException e)
           {
+            Logging.authorityConnectors.error("Naming exception: " + 
e.getMessage(), e);
             throw new ManifoldCFException(e.getMessage(),e);
           }
         }
@@ -882,16 +897,16 @@ public class ActiveDirectoryAuthority ex
           catch (AuthenticationException e)
           {
             // This means we couldn't authenticate!  Log it and retry creating 
a whole new context.
-            Logging.authorityConnectors.warn("Reconnect: Authentication 
problem authenticating admin user '"+userName+"': "+e.getMessage(),e);
+            Logging.authorityConnectors.error("Authentication exception: " + 
e.getMessage() + ", explanation: " + e.getExplanation(), e);
           }
           catch (CommunicationException e)
           {
             // This means we couldn't connect, most likely.  Log it and retry 
creating a whole new context.
-            Logging.authorityConnectors.warn("Reconnect: Couldn't communicate 
with domain controller '"+domainControllerName+"': "+e.getMessage(),e);
+            Logging.authorityConnectors.error("Communication exception: " + 
e.getMessage() + ", explanation: " + e.getExplanation(), e);
           }
           catch (NamingException e)
           {
-            Logging.authorityConnectors.warn("Reconnect: Naming exception: 
"+e.getMessage(),e);
+            Logging.authorityConnectors.error("Naming exception: " + 
e.getMessage() + ", explanation: " + e.getExplanation(), e);
           }
           
           // So we have no chance of leaking resources, attempt to close the 
context.
@@ -936,6 +951,19 @@ public class ActiveDirectoryAuthority ex
     {
       return ctx != null;
     }
+
+    /**
+     * Stringifies LDAP Context environment variable
+     * @param env LDAP Context environment variable
+     * @return Stringified LDAP Context environment. Password is masked if 
exists.
+     */
+    private String printLdapContextEnvironment(Hashtable env) {
+      Hashtable copyEnv = new Hashtable<>(env);
+      if (copyEnv.contains(Context.SECURITY_CREDENTIALS)){
+        copyEnv.put(Context.SECURITY_CREDENTIALS, "********");
+      }
+      return Arrays.toString(copyEnv.entrySet().toArray());
+    }
   }
 
   /** Class describing a domain suffix and corresponding domain controller 
name rule.

svn commit: r1756296 - /manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java

Reply via email to