svn commit: r1764705 - /jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java

Thu, 13 Oct 2016 08:13:53 -0700 

Author: baedke
Date: Thu Oct 13 15:13:12 2016
New Revision: 1764705

URL: http://svn.apache.org/viewvc?rev=1764705&view=rev
Log:
OAK-4931: LdapIdentityProvider doesn't use configured custom attributes for all 
searches

Modified:
    
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java

Modified: 
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1764705&r1=1764704&r2=1764705&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
 Thu Oct 13 15:13:12 2016
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
 
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -71,6 +72,7 @@ import org.apache.jackrabbit.commons.ite
 import org.apache.jackrabbit.oak.commons.DebugTimer;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
+import 
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroupRef;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
@@ -197,7 +199,22 @@ public class LdapIdentityProvider implem
 
         LdapConnection connection = connect();
         try {
-            Entry entry = connection.lookup(ref.getId(), "*");
+            String userIdAttr = config.getUserConfig().getIdAttribute();
+            String groupIdAttr = config.getGroupConfig().getIdAttribute();
+            String[] ca = config.getCustomAttributes();
+            Entry entry;
+            if (ca.length == 0) {
+                entry = connection.lookup(ref.getId(), 
SchemaConstants.ALL_USER_ATTRIBUTES);
+            }
+            else {
+                List<String> attributes = new ArrayList<>(Arrays.asList(ca));
+                attributes.add("objectClass");
+                attributes.add(userIdAttr);
+                attributes.add(groupIdAttr);
+                String[] attributeArray = new String[attributes.size()];
+                attributes.toArray(attributeArray);
+                entry = connection.lookup(ref.getId(), attributeArray);
+            }
             if (entry == null) {
                 return null;
             } else if 
(entry.hasObjectClass(config.getUserConfig().getObjectClasses())) {
@@ -387,11 +404,16 @@ public class LdapIdentityProvider implem
             // Create the SearchRequest object
             SearchRequest req = new SearchRequestImpl();
             req.setScope(SearchScope.SUBTREE);
-            req.addAttributes(SchemaConstants.NO_ATTRIBUTE);
+            String idAttribute = config.getGroupConfig().getIdAttribute();
+            req.addAttributes(idAttribute == null? 
SchemaConstants.NO_ATTRIBUTE : idAttribute);
             req.setTimeLimit((int) config.getSearchTimeout());
             req.setBase(new Dn(config.getGroupConfig().getBaseDN()));
             req.setFilter(searchFilter);
 
+            if (log.isDebugEnabled()) {
+                log.debug("getDeclaredGroupRefs: using SearchRequest {}.", 
req);
+            }
+
             Map<String, ExternalIdentityRef> groups = new HashMap<String, 
ExternalIdentityRef>();
             DebugTimer timer = new DebugTimer();
             connection = connect();
@@ -403,13 +425,13 @@ public class LdapIdentityProvider implem
                 Response response = searchCursor.get();
                 if (response instanceof SearchResultEntry) {
                     Entry resultEntry = ((SearchResultEntry) 
response).getEntry();
-                    ExternalIdentityRef groupRef = new 
ExternalIdentityRef(resultEntry.getDn().toString(), this.getName());
+                    ExternalIdentityRef groupRef = new 
ExternalGroupRef(resultEntry.getDn().toString(), this.getName());
                     groups.put(groupRef.getId(), groupRef);
                 }
             }
             timer.mark("iterate");
             if (log.isDebugEnabled()) {
-                log.debug("search below {} with {} found {} entries. {}",
+                log.debug("getDeclaredGroupRefs: search below {} with {} found 
{} entries. {}",
                         config.getGroupConfig().getBaseDN(), searchFilter, 
groups.size(), timer.getString());
             }
             return groups;
@@ -563,6 +585,10 @@ public class LdapIdentityProvider implem
         req.setBase(new Dn(idConfig.getBaseDN()));
         req.setFilter(searchFilter);
 
+        if (log.isDebugEnabled()) {
+            log.debug("getEntry: using SearchRequest {}.", req);
+        }
+
         // Process the request
         SearchCursor searchCursor = null;
         Entry resultEntry = null;
@@ -586,9 +612,9 @@ public class LdapIdentityProvider implem
         }
         if (log.isDebugEnabled()) {
             if (resultEntry == null) {
-                log.debug("search below {} with {} found 0 entries.", 
idConfig.getBaseDN(), searchFilter);
+                log.debug("getEntry: search below {} with {} found 0 
entries.", idConfig.getBaseDN(), searchFilter);
             } else {
-                log.debug("search below {} with {} found {}", 
idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
+                log.debug("getEntry: search below {} with {} found {}", 
idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
             }
         }
         return resultEntry;
@@ -698,7 +724,11 @@ public class LdapIdentityProvider implem
             timer.mark("connect");
             page = new ArrayList<Entry>();
             try {
-                searchCursor = 
connection.search(createSearchRequest(connection, cookie, 
config.getCustomAttributes()));
+                SearchRequest req = createSearchRequest(connection, cookie, 
config.getCustomAttributes());
+                if (log.isDebugEnabled()) {
+                    log.debug("loadNextPage: using SearchRequest {}.", req);
+                }
+                searchCursor = connection.search(req);
                 while (searchCursor.next()) {
                     Response response = searchCursor.get();
 
@@ -706,7 +736,7 @@ public class LdapIdentityProvider implem
                         Entry resultEntry = ((SearchResultEntry) 
response).getEntry();
                         page.add(resultEntry);
                         if (log.isDebugEnabled()) {
-                            log.debug("search below {} with {} found {}", 
idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
+                            log.debug("loadNextPage: search below {} with {} 
found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn());
                         }
                     }
                 }

Reply via email to