Author: baedke Date: Thu Oct 13 15:13:12 2016 New Revision: 1764705 URL: http://svn.apache.org/viewvc?rev=1764705&view=rev Log: OAK-4931: LdapIdentityProvider doesn't use configured custom attributes for all searches
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1764705&r1=1764704&r2=1764705&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original) +++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Thu Oct 13 15:13:12 2016 @@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi import java.security.NoSuchAlgorithmException; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.Iterator; @@ -71,6 +72,7 @@ import org.apache.jackrabbit.commons.ite import org.apache.jackrabbit.oak.commons.DebugTimer; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup; +import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroupRef; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider; @@ -197,7 +199,22 @@ public class LdapIdentityProvider implem LdapConnection connection = connect(); try { - Entry entry = connection.lookup(ref.getId(), "*"); + String userIdAttr = config.getUserConfig().getIdAttribute(); + String groupIdAttr = config.getGroupConfig().getIdAttribute(); + String[] ca = config.getCustomAttributes(); + Entry entry; + if (ca.length == 0) { + entry = connection.lookup(ref.getId(), SchemaConstants.ALL_USER_ATTRIBUTES); + } + else { + List<String> attributes = new ArrayList<>(Arrays.asList(ca)); + attributes.add("objectClass"); + attributes.add(userIdAttr); + attributes.add(groupIdAttr); + String[] attributeArray = new String[attributes.size()]; + attributes.toArray(attributeArray); + entry = connection.lookup(ref.getId(), attributeArray); + } if (entry == null) { return null; } else if (entry.hasObjectClass(config.getUserConfig().getObjectClasses())) { @@ -387,11 +404,16 @@ public class LdapIdentityProvider implem // Create the SearchRequest object SearchRequest req = new SearchRequestImpl(); req.setScope(SearchScope.SUBTREE); - req.addAttributes(SchemaConstants.NO_ATTRIBUTE); + String idAttribute = config.getGroupConfig().getIdAttribute(); + req.addAttributes(idAttribute == null? SchemaConstants.NO_ATTRIBUTE : idAttribute); req.setTimeLimit((int) config.getSearchTimeout()); req.setBase(new Dn(config.getGroupConfig().getBaseDN())); req.setFilter(searchFilter); + if (log.isDebugEnabled()) { + log.debug("getDeclaredGroupRefs: using SearchRequest {}.", req); + } + Map<String, ExternalIdentityRef> groups = new HashMap<String, ExternalIdentityRef>(); DebugTimer timer = new DebugTimer(); connection = connect(); @@ -403,13 +425,13 @@ public class LdapIdentityProvider implem Response response = searchCursor.get(); if (response instanceof SearchResultEntry) { Entry resultEntry = ((SearchResultEntry) response).getEntry(); - ExternalIdentityRef groupRef = new ExternalIdentityRef(resultEntry.getDn().toString(), this.getName()); + ExternalIdentityRef groupRef = new ExternalGroupRef(resultEntry.getDn().toString(), this.getName()); groups.put(groupRef.getId(), groupRef); } } timer.mark("iterate"); if (log.isDebugEnabled()) { - log.debug("search below {} with {} found {} entries. {}", + log.debug("getDeclaredGroupRefs: search below {} with {} found {} entries. {}", config.getGroupConfig().getBaseDN(), searchFilter, groups.size(), timer.getString()); } return groups; @@ -563,6 +585,10 @@ public class LdapIdentityProvider implem req.setBase(new Dn(idConfig.getBaseDN())); req.setFilter(searchFilter); + if (log.isDebugEnabled()) { + log.debug("getEntry: using SearchRequest {}.", req); + } + // Process the request SearchCursor searchCursor = null; Entry resultEntry = null; @@ -586,9 +612,9 @@ public class LdapIdentityProvider implem } if (log.isDebugEnabled()) { if (resultEntry == null) { - log.debug("search below {} with {} found 0 entries.", idConfig.getBaseDN(), searchFilter); + log.debug("getEntry: search below {} with {} found 0 entries.", idConfig.getBaseDN(), searchFilter); } else { - log.debug("search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn()); + log.debug("getEntry: search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn()); } } return resultEntry; @@ -698,7 +724,11 @@ public class LdapIdentityProvider implem timer.mark("connect"); page = new ArrayList<Entry>(); try { - searchCursor = connection.search(createSearchRequest(connection, cookie, config.getCustomAttributes())); + SearchRequest req = createSearchRequest(connection, cookie, config.getCustomAttributes()); + if (log.isDebugEnabled()) { + log.debug("loadNextPage: using SearchRequest {}.", req); + } + searchCursor = connection.search(req); while (searchCursor.next()) { Response response = searchCursor.get(); @@ -706,7 +736,7 @@ public class LdapIdentityProvider implem Entry resultEntry = ((SearchResultEntry) response).getEntry(); page.add(resultEntry); if (log.isDebugEnabled()) { - log.debug("search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn()); + log.debug("loadNextPage: search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn()); } } }