Below is modification to an LDAP Authentication service I previously submitted
to this mailing list to authenticate users of LDAP/AD.
Add parameters section of text to you Jetspeed's JetspeedSecurity.properties
file and configure to use the class below. Drop the jar of the class into
/webapps/jetspeed/WEB-INF/lib and the properties file into
/webapps/jetspeed/WEB-INF/conf.
The modification I've recently made gets rid of the issues I had previously
and takes advantage of the recent logging changes.
In a nutshell:
No LDAP/AD schema modifications are needed for this authentication service
to work. There are a number of service configuration parameters (See code.)
that make the service fairly portable between schema configurations.
The user is authenticated off of LDAP/AD, the Jetspeed framework unmodified
requires caching the password, and other user attributes to the Jetpseed
database. So, the account is created with these attributes populated. Later,
logins update the password and additional attribute information in the
database to reflect changes in LDAP/AD.
SSL is untested and incomplete...
-Michael <[EMAIL PROTECTED]>
#########################################
# LDAPAuthentication Additions #
# --- #
# Additional parameters supported #
# check code. #
#########################################
services.JetspeedSecurity.browse.user.dn=CN=Michael J.
Walsh\,CN=Users\,DC=llameante\,DC=nemonik\,DC=com
services.JetspeedSecurity.browse.user.password=password
#services.JetspeedSecurity.server.port=389
services.JetspeedSecurity.server.host=127.0.0.1
services.JetspeedSecurity.server.type=3
services.JetspeedSecurity.user.search.base.dn=DC=llameante\,DC=nemonik\,DC=com
#services.JetspeedSecurity.user.match.attribute=sAMAccountName
package mil.jfcom.cie.jetspeed.security;
//2345678|012345678|012345678|012345678|012345678|012345678|012345678|012345
678|
/*
* LDAPAuthentication.java
*
* Created on June 4, 2003, 3:12 PM
*/
// Java imports
import java.util.*;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchResult;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.InitialLdapContext;
import javax.servlet.ServletConfig;
import org.apache.jetspeed.services.security.turbine.TurbineAuthentication;
import org.apache.jetspeed.services.security.LoginException;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
import org.apache.jetspeed.services.security.PortalAuthentication;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.security.UserNamePrincipal;
import org.apache.jetspeed.services.security.JetspeedSecurityException;
import org.apache.jetspeed.services.security.FailedLoginException;
import org.apache.jetspeed.services.security.UnknownUserException;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.security.JetspeedSecurityCache;
import org.apache.turbine.services.InitializationException;
import org.apache.turbine.services.resources.ResourceService;
import org.apache.turbine.services.TurbineServices;
import org.apache.jetspeed.services.security.JetspeedSecurityService;
//import org.apache.turbine.util.logger;
/**
* This class provides for LDAP authentication.<p>
*
*
*
[EMAIL PROTECTED] walsh <[EMAIL PROTECTED]>
[EMAIL PROTECTED] June 26, 2003
*/
public class LDAPAuthentication
extends TurbineAuthentication
implements PortalAuthentication {
/**
* Static initialization of the logger for this class
*/
private static final JetspeedLogger logger
=
JetspeedLogFactoryService.getLogger(LDAPAuthentication.class.getName());
private final static String DEFAULT_CTX = "com.sun.jndi.ldap.LdapCtxFactory";
private final static String CACHING_ENABLE = "caching.enable";
// If browseUserDN is set, then the LDAP directory is bound to
// using browseUserDN/browseUserPassword, a distinguished name
// matching the filter userMatchAttribute (Default is
// "sAMAccountName".) is searched for. Authentication fails, if one
// is not found. Otherwise, the distinguished name is used to
// to bind and authenticate the user.
//
// For example:
// services.JetspeedSecurity.browse.user.dn=CN=Walsh\\,Michael\,OU=Admin
Users\,DC=ad\,DC=exer\,DC=jwfc\,DC=jfcom\,DC=mil
private final static String BROWSE_USER_DN = "browse.user.dn";
// The password to use to connect to the directory for the search.
private final static String BROWSE_USER_PASSWORD = "browse.user.password";
// The directory server port. Defaulted to port 389.
private final static String SERVER_PORT = "server.port";
// The directory server host address
private final static String SERVER_HOST = "server.host";
// The directory server type (1, 2, or 3). Default is 2.
private final static String SERVER_TYPE = "server.type";
// Toggle server connection security to SSL, if true.
// Otherwise, security is assumed to be simple.
private final static String SERVER_SSL_ENABLE = "server.ssl.enable";
// The base DN to search from.
//
// For example:
//
services.JetspeedSecurity.user.search.base.dn=CN=Users\,DC=ad\,DC=exer\,DC=jwfc\,DC=jfcom\,DC=mil
private final static String USER_SEARCH_BASE_DN = "user.search.base.dn";
// The user attribute to search for. The default is "sAMAccountName".
private final static String USER_MATCH_ATTRIBUTE = "user.match.attribute";
// A prefix to add to the username when forming the user's distinguished
// name (DN).
private final static String USER_DN_PREFIX = "user.dn.prefix";
// A postfix to add to the username when forming the user's distinguished
// name (DN).
private final static String USER_DN_POSTFIX = "user.dn.postfix";
// The user LDAP attribute for distinguished name. The default is
// "distinguishedName".
private final static String USER_DISTINGUISHED_NAME_ATTRIBUTE
= "user.distinguished.name.attribute";
// The user LDAP attribute for firstname. The default is "givenName".
private final static String USER_FIRST_NAME_ATTRIBUTE
= "user.last.name.attribute";
// The user LDAP attribute for lastname. The default is "sn".
private final static String USER_LAST_NAME_ATTRIBUTE
= "user.first.name.attribute";
// The user LDAP attribute for display name. The default is "displayName".
private final static String USER_DISPLAY_NAME_ATTRIBUTE
= "user.display.name.attribute";
// The user LDAP attribute for email address. The default is "mail".
private final static String USER_EMAIL_ATTRIBUTE
= "user.email.attribute";
private boolean _cachingEnable = true;
private String _browseUserDN = null;
private String _browseUserPassword = null;
private int _serverPort = 389;
private String _serverHost;
private int _serverType = 2;
private boolean _serverSSLEnable = false;
private String _userSearchBaseDN = "/";
private String _userMatchAttribute = "sAMAccountName";
private String _userDNPrefix;
private String _userDNPostfix;
private String _userDistinguishedNameAttribute = "distinguishedName";
private String _userFirstNameAttribute = "givenName";
private String _userLastNameAttribute = "sn";
private String _userDisplayNameAttribute = "displayName";
private String _userEmailAttribute = "mail";
/**
* logger in a Jetspeed user.
*
[EMAIL PROTECTED] username The username.
[EMAIL PROTECTED] password The password.
[EMAIL PROTECTED] JetspeedUser account object.
[EMAIL PROTECTED] LoginException Thrown, if unable to log in.
*/
public JetspeedUser login(String username, String password)
throws LoginException {
if (username == null || username.equals("")) {
logger.info("Username is null or empty.");
throw new FailedLoginException("Username is null or empty.");
}
if (password == null || password.equals("")) {
logger.info("Password is null or empty.");
throw new FailedLoginException("Password is null or empty.");
}
username = JetspeedSecurity.convertUserName(username);
password = JetspeedSecurity.convertPassword(password);
if (username.equals("turbine")
|| username.equals("admin")
|| username.matches("^_.*")) {
// These are special users, and therefore, don't exist in LDAP.
// We roll upward to use Turbine Authentication on them
return (super.login(username, password));
}
String userDN = _userDNPrefix + username + _userDNPostfix;
// If the browse user DN is set then we need to attach to the
// directory and find the userDN, overwriting the above.
if (_browseUserDN != null) {
logger.debug("LDAPAuthentication: Browsing for user <"
+ username
+ ">.");
try {
userDN = findUserDN(username);
} catch (NamingException ne) {
// do nothing. use the userDN setting as set
}
}
JetspeedUser jetspeedUser = null;
// The user exists. Try to bind the user and log the user in.
try {
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
env.put(Context.PROVIDER_URL, "ldap://"; + _serverHost + ":"
+ String.valueOf(_serverPort));
env.put("java.naming.ldap.version", String.valueOf(_serverType));
if (_serverSSLEnable) {
// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.setProperty(Context.SECURITY_PRINCIPAL, userDN);
env.put(Context.SECURITY_CREDENTIALS, password);
logger.debug(
"LDAPAuthentication: logging into LDAP server, env = "
+ env);
DirContext ctx = new InitialDirContext(env);
try {
// Hit the Jetspeed database looking for the user
jetspeedUser =
JetspeedSecurity.getUser(
new UserNamePrincipal(username));
} catch(JetspeedSecurityException jse) {
// The user has never logged in before so
// generate a new JetspeedUser instance
jetspeedUser = JetspeedSecurity.getUserInstance();
jetspeedUser.setUserName(username);
jetspeedUser.setPassword(password);
jetspeedUser.setConfirmed("CONFIRMED");
jetspeedUser.setDisabled(false);
jetspeedUser.setLastLogin(new Date());
jetspeedUser.setCreateDate(new Date());
jetspeedUser.setAccessCounter(0);
}
String[] atrrIDs = new String[4];
atrrIDs[0] = _userFirstNameAttribute;
atrrIDs[1] = _userLastNameAttribute;
atrrIDs[2] = _userDisplayNameAttribute;
atrrIDs[3] = _userEmailAttribute;
Attributes attributes = null;
logger.debug("LDAPAuthentication: Pulling user attributes from"
+ " LDAP server");
attributes = ctx.getAttributes(userDN, atrrIDs);
jetspeedUser.setEmail(
getAttributeString(_userEmailAttribute,
attributes.get(_userEmailAttribute)));
jetspeedUser.setName(
getAttributeString(_userDisplayNameAttribute,
attributes.get(_userDisplayNameAttribute)));
jetspeedUser.setFirstName(
getAttributeString(_userFirstNameAttribute,
attributes.get(_userFirstNameAttribute)));
jetspeedUser.setLastName(
getAttributeString(_userLastNameAttribute,
attributes.get(_userLastNameAttribute)));
jetspeedUser.setAccessCounter(
jetspeedUser.getAccessCounter() + 1);
jetspeedUser.setAccessCounterForSession(0);
jetspeedUser.setHasLoggedIn(new Boolean(true));
jetspeedUser.setPassword(password);
// The user has never logged in before so add 'em to the
// Jetspeed database.
if (jetspeedUser.getAccessCounter() == 1)
JetspeedSecurity.addUser(jetspeedUser);
ctx.close();
env.clear();
jetspeedUser.updateLastLogin();
putUserIntoContext(jetspeedUser);
if (_cachingEnable) {
JetspeedSecurityCache.load(username);
}
} catch(Exception e) {
// Catch all the uncaught expections and throw a LoginException
logger.error("Could not login Jetspeed user, <"
+ e.getClass().getName()
+ " -- "
+ e.getMessage() + ">");
throw new LoginException("Could not login "
+ " Jetspeed user.");
}
logger.debug(
"LDAPAuthentication: Leaving login method, returning"
+ " JetspeedUser object for <"
+ jetspeedUser.getUserName() + ">");
return(jetspeedUser);
}
/**
* Initialize the LDAP Authentication service
*
[EMAIL PROTECTED] conf Description of Parameter
[EMAIL PROTECTED] InitializationException Description of Exception
*/
public synchronized void init(ServletConfig conf)
throws InitializationException {
if (getInit()) {
return;
}
super.init(conf);
logger.info("LDAPAuthentication: Initializing...");
// get configuration parameters from Jetspeed Resources
ResourceService serviceConf
= ((TurbineServices) TurbineServices.getInstance())
.getResources(JetspeedSecurityService.SERVICE_NAME);
_cachingEnable = serviceConf.getBoolean(CACHING_ENABLE, _cachingEnable);
setBrowseUserDN(serviceConf.getString(BROWSE_USER_DN));
setBrowseUserPassword(serviceConf.getString(BROWSE_USER_PASSWORD));
setServerPort(serviceConf.getInt(SERVER_PORT, _serverPort));
setServerHost(serviceConf.getString(SERVER_HOST));
setServerType(serviceConf.getInt(SERVER_TYPE, _serverType));
setServerSSLEnable(
serviceConf.getBoolean(SERVER_SSL_ENABLE,
_serverSSLEnable));
setUserSearchBaseDN(
serviceConf.getString(USER_SEARCH_BASE_DN,
_userSearchBaseDN));
setUserMatchAttribute(
serviceConf.getString(USER_MATCH_ATTRIBUTE,
_userMatchAttribute));
setUserDNPrefix(serviceConf.getString(USER_DN_PREFIX));
setUserDNPostfix(serviceConf.getString(USER_DN_POSTFIX));
setUserDistinguishedNameAttribute(
serviceConf.getString(USER_DISTINGUISHED_NAME_ATTRIBUTE,
_userDistinguishedNameAttribute));
setUserFirstNameAttribute(
serviceConf.getString(USER_FIRST_NAME_ATTRIBUTE,
_userFirstNameAttribute));
setUserLastNameAttribute(
serviceConf.getString(USER_LAST_NAME_ATTRIBUTE,
_userLastNameAttribute));
setUserDisplayNameAttribute(
serviceConf.getString(USER_DISPLAY_NAME_ATTRIBUTE,
_userDisplayNameAttribute));
setUserEmailAttribute(
serviceConf.getString(USER_EMAIL_ATTRIBUTE,
_userEmailAttribute));
setInit(true);
}
/**
* Sets the application user account DN *
*
[EMAIL PROTECTED] browseUserDN The new browseUserDN value
*/
protected void setBrowseUserDN(String browseUserDN) {
_browseUserDN = browseUserDN;
}
/**
* Sets the application user account password *
*
[EMAIL PROTECTED] browseUserPassword The new browseUserPassword value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setBrowseUserPassword(String browseUserPassword)
throws IllegalArgumentException {
if ((_browseUserDN.length() > 1) && (browseUserPassword.length() < 1)) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ BROWSE_USER_PASSWORD + "value must be set, if "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ BROWSE_USER_DN + "is set.");
throw new IllegalArgumentException();
}
_browseUserPassword = browseUserPassword;
}
/**
* Sets whether or not the LDAP connection is SSL'ed *
*
[EMAIL PROTECTED] serverSSLEnable The new serverSSLEnable value
*/
protected void setServerSSLEnable(boolean serverSSLEnable) {
Boolean b = new Boolean(serverSSLEnable);
_serverSSLEnable = serverSSLEnable;
}
/**
* Sets the LDAP server port to connect to *
*
[EMAIL PROTECTED] port The new serverPort value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setServerPort(int port)
throws IllegalArgumentException {
// if the entered port is outside accepted
// port numbers, throw the exception
if (port > 65536 || port < 0) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME
+ "." + SERVER_PORT
+ "value must be between 0 and 65536.");
throw new IllegalArgumentException();
} else {
_serverPort = port;
}
}
/**
* Sets the LDAP server Host to connect to *
*
[EMAIL PROTECTED] serverHost The new serverHost value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setServerHost(String serverHost)
throws IllegalArgumentException {
if (serverHost.length() < 1) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME
+ "." + SERVER_HOST
+ "value must be set.");
throw new IllegalArgumentException();
}
_serverHost = serverHost;
}
/**
* Sets the LDAP server type *
*
[EMAIL PROTECTED] serverType The new serverType value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setServerType(int serverType)
throws IllegalArgumentException {
// if the entered server type is outside accepted
// range, throw the exception
if ((serverType < 0) || (serverType > 4)) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME
+ "." + SERVER_TYPE
+ " value must be between 1 and 3.");
throw new IllegalArgumentException();
} else {
_serverType = serverType;
}
}
/**
* Sets the user search base DN *
*
[EMAIL PROTECTED] userSearchBaseDN The new userSearchBaseDN value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setUserSearchBaseDN(String userSearchBaseDN)
throws IllegalArgumentException {
if ((_browseUserDN.length() > 1) && (userSearchBaseDN.length() < 1)) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_MATCH_ATTRIBUTE + "value must be set, if "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_SEARCH_BASE_DN + "is set.");
throw new IllegalArgumentException();
}
_userSearchBaseDN = userSearchBaseDN;
}
/**
* Sets the user match attribute value *
*
[EMAIL PROTECTED] userMatchAttribute The new userMatchAttribute value
[EMAIL PROTECTED] IllegalArgumentException Description of Exception
*/
protected void setUserMatchAttribute(String userMatchAttribute)
throws IllegalArgumentException {
if ((_browseUserDN.length() > 1) && (userMatchAttribute.length() < 1)) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_MATCH_ATTRIBUTE + "value must be set, if "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ BROWSE_USER_DN + "is set.");
throw new IllegalArgumentException();
}
_userMatchAttribute = userMatchAttribute;
}
/**
* Sets the user DN prefix value *
*
[EMAIL PROTECTED] userDNPrefix The new userDNPrefix value
*/
protected void setUserDNPrefix(String userDNPrefix) {
if (userDNPrefix == null) {
userDNPrefix = "";
}
_userDNPrefix = userDNPrefix;
}
/**
* Sets the user DN prefix value *
*
[EMAIL PROTECTED] userDNPostfix The new userDNPostfix value
*/
protected void setUserDNPostfix(String userDNPostfix) {
if (userDNPostfix == null) {
userDNPostfix = "";
}
_userDNPostfix = userDNPostfix;
}
/**
* Sets the user distinguished name attribute value *
*
[EMAIL PROTECTED] userDistinguishedNameAttribute The new
userDistinguishedNameAttribute value
*/
protected void setUserDistinguishedNameAttribute(
String userDistinguishedNameAttribute)
throws IllegalArgumentException {
if (userDistinguishedNameAttribute.length() < 1) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_DISTINGUISHED_NAME_ATTRIBUTE
+ "value must be set.");
throw new IllegalArgumentException();
}
_userDistinguishedNameAttribute = userDistinguishedNameAttribute;
}
protected void setUserFirstNameAttribute(String userFirstNameAttribute)
throws IllegalArgumentException {
if (userFirstNameAttribute.length() < 1) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_FIRST_NAME_ATTRIBUTE + "value must be set.");
throw new IllegalArgumentException();
}
_userFirstNameAttribute = userFirstNameAttribute;
}
protected void setUserLastNameAttribute(String userLastNameAttribute)
throws IllegalArgumentException {
if (userLastNameAttribute.length() < 1) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_LAST_NAME_ATTRIBUTE + "value must be set.");
throw new IllegalArgumentException();
}
_userLastNameAttribute = userLastNameAttribute;
}
protected void setUserDisplayNameAttribute(String userDisplayNameAttribute)
throws IllegalArgumentException {
if (userDisplayNameAttribute.length() < 1) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_DISPLAY_NAME_ATTRIBUTE + "value must be set.");
throw new IllegalArgumentException();
}
_userDisplayNameAttribute = userDisplayNameAttribute;
}
protected void setUserEmailAttribute(String userEmailAttribute)
throws IllegalArgumentException {
if (userEmailAttribute.length() < 1) {
logger.error(
"LDAPAuthentication: "
+ JetspeedSecurityService.SERVICE_NAME + "."
+ USER_EMAIL_ATTRIBUTE + "value must be set.");
throw new IllegalArgumentException();
}
_userEmailAttribute = userEmailAttribute;
}
/**
* Find the user for a given username
*
[EMAIL PROTECTED] username The user submitted username
[EMAIL PROTECTED] The distinguished name String for the user
[EMAIL PROTECTED] NamingException Returned, if unable to bind.
*/
protected String findUserDN(String username)
throws NamingException {
String userDN = null;
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX);
env.put(Context.PROVIDER_URL, "ldap://"; + _serverHost + ":"
+ String.valueOf(_serverPort));
env.put("java.naming.ldap.version", String.valueOf(_serverType));
if (_serverSSLEnable) {
// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "ssl");
}
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.setProperty(Context.SECURITY_PRINCIPAL, _browseUserDN);
env.put(Context.SECURITY_CREDENTIALS, _browseUserPassword);
InitialLdapContext ctx;
try {
logger.debug(
"LDAPAuthentication: logging into LDAP server, " + env);
ctx = new InitialLdapContext(env, null);
logger.debug(
"LDAPAuthentication: logged into LDAP server, " + ctx);
} catch (NamingException e) {
logger.error(
"LDAPAuthentication: <"
+ _browseUserDN
+ "> failed to connect to "
+ _serverHost
+ ", "
+ e.getMessage());
env.clear();
throw new NamingException();
}
// set up subtree scope
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
// only interested in distinguishedName attribute
String attrList[] = {"distinguishedName"};
constraints.setReturningAttributes(attrList);
constraints.setDerefLinkFlag(true);
Attributes matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute(_userMatchAttribute, username));
String filter = "(" + _userMatchAttribute + "=" + username + ")";
logger.debug("LDAPAuthentication: Searching with filter = " + filter);
NamingEnumeration response
= ctx.search(_userSearchBaseDN, filter, constraints);
int numFound = 0;
// tromp through results. last match returned
if (response.hasMore()) {
SearchResult result = (SearchResult) response.next();
Attributes attributes = result.getAttributes();
if (attributes != null) {
Attribute dn = attributes.get("distinguishedName");
if (dn != null) {
userDN = (String) dn.get();
numFound++;
}
}
}
// close connection for browse user
ctx.close();
if (numFound > 1) {
logger.warn(
"LDAPAuthentication: Not an error, but we found "
+ numFound + " matches for "
+ username + ".");
env.clear();
throw new NamingException();
}
logger.debug(
"LDAPAuthentication: Returning user DN = <" + userDN + ">");
env.clear();
return (userDN);
}
/**
* Returns the String value for the specified LDAP attribute ID.
*
[EMAIL PROTECTED] attributeID Ued for error reporting.
[EMAIL PROTECTED] attribute The Attribute of interest
[EMAIL PROTECTED] The String value of the attribute.
*/
protected String getAttributeString(String attributeID,
Attribute attribute) {
if (attribute != null) {
try {
if (attribute.get() != null) {
logger.debug(
"LDAPAuthentication: " + attribute.getID()
+ " = " + (String) attribute.get());
return ((String) attribute.get());
} else {
logger.debug(
"LDAPAuthentication: " + attribute.getID()
+ " = null, returning empty string.");
return ("EMPTY");
}
} catch (NamingException ne) {
logger.debug(
"LDAPAuthentication: Unable to access "
+ attribute.getID() + " attribute, returning"
+ " empty string.");
return ("EMPTY");
}
} else {
logger.debug(
"LDAPAuthentication: " + attributeID
+ " attribute does not exist for this user, returning"
+ " empty string.");
return ("EMPTY");
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
