I finally got Turbine working with LDAP. This is the status now.
1.- User Authentication - Completed.
2.- Access Control Lists with Users in LDAP and the rest in DB. - Completed.
3.- User maintenance - Pending.
4.- Groups, Permissions, and Roles living in LDAP - Pending.
I added some flexiblity to map the turbine fields (e.g firstname, lastname)
with the LDAP fields. I also added some flexibility so a user can create its
own class to add new fields.
A current constraint is that there must exist an integer user_id field that
will be used as a foreign key with the tables in the DB.
Included is the patchfile.txt. I hope it comes in the correct format. If
this patch is accepted I will continuemy to make it work with everything in
LDAP.
Index: conf/TurbineResources.properties
===================================================================
RCS file: /home/cvspublic/jakarta-turbine-2/conf/TurbineResources.properties,v
retrieving revision 1.16
diff -u -r1.16 TurbineResources.properties
--- conf/TurbineResources.properties 11 Oct 2002 10:27:29 -0000 1.16
+++ conf/TurbineResources.properties 12 Dec 2002 01:46:54 -0000
@@ -785,14 +785,46 @@
# Configuration for the LDAP Security Service implementation
#services.SecurityService.ldap.security.athentication=simple
-#services.SecurityService.ldap.port=<LDAP PORT>
-#services.SecurityService.ldap.host=<LDAP HOST>
-#services.SecurityService.ldap.admin.username=<ADMIN USERNAME>
-#services.SecurityService.ldap.admin.password=<ADMIN PASSWORD>
-#services.SecurityService.ldap.user.basesearch=<SEARCH PATTERN>
-#services.SecurityService.ldap.user.search.filter=<SEARCH FILTER>
-#services.SecurityService.ldap.dn.attribute=userPrincipalName
+#services.SecurityService.ldap.port=389
+#services.SecurityService.ldap.host=itweb14.itweb.com.mx
+
+# The user name of the admin user.
+# '/' are replaced by '=' and '%' are replaced by ','.
+#services.SecurityService.ldap.admin.username=cn/Manager%dc/example%dc/com
+
+# The password of the admin user.
+#services.SecurityService.ldap.admin.password=secret
+
+# The class name of the ldap provider.
#services.SecurityService.ldap.provider=com.sun.jndi.ldap.LdapCtxFactory
+
+# The directory base to search.
+# '/' are replaced by '=' and '%' are replaced by ','.
+#services.SecurityService.ldap.user.basesearch=dc/example%dc/com
+
+# The attribute to search users from.
+#services.SecurityService.ldap.user.filter=cn
+
+# Allow the user to redefine this class.
+#services.SecurityService.ldap.user.class=org.apache.turbine.services.security.ldap.LDAPUser
+
+# The unique id. It must be an integer field.
+#services.SecurityService.ldap.user.userid=x121Address
+
+# The equivalent attribute for the username.
+#services.SecurityService.ldap.user.username=cn
+
+# The equivalent attribute for the firstname.
+#services.SecurityService.ldap.user.firstname=sn
+
+# The equivalent attribute for the lastname.
+#services.SecurityService.ldap.user.lastname=sn
+
+#Te equivalent attribute for the password.
+#services.SecurityService.ldap.user.password=userPassword
+
+#The equivalent attribute for the email.
+#services.SecurityService.ldap.user.email=
# -------------------------------------------------------------------
#
Index: src/java/org/apache/turbine/om/security/peer/RolePeer.java
===================================================================
RCS file:
/home/cvspublic/jakarta-turbine-2/src/java/org/apache/turbine/om/security/peer/RolePeer.java,v
retrieving revision 1.3
diff -u -r1.3 RolePeer.java
--- src/java/org/apache/turbine/om/security/peer/RolePeer.java 11 Jul 2002 07:34:30
-0000 1.3
+++ src/java/org/apache/turbine/om/security/peer/RolePeer.java 12 Dec 2002 01:46:56
+-0000
@@ -139,6 +139,7 @@
* UserPeer up = TurbineSecurity.getUserPeerInstance();
*/
+/*
UserPeer up = ((DBSecurityService)TurbineSecurity.getService())
.getUserPeerInstance();
@@ -150,6 +151,13 @@
criteria.addJoin(up.getFullColumnName(UserPeer.USER_ID),
UserGroupRolePeer.USER_ID);
criteria.addJoin(UserGroupRolePeer.ROLE_ID, RolePeer.ROLE_ID);
+*/
+ criteria.add(UserGroupRolePeer.USER_ID,
+ ((Persistent)user).getPrimaryKey());
+ criteria.add(UserGroupRolePeer.GROUP_ID,
+ ((Persistent)group).getPrimaryKey());
+ criteria.addJoin(UserGroupRolePeer.ROLE_ID, RolePeer.ROLE_ID);
+
return retrieveSet(criteria);
}
Index: src/java/org/apache/turbine/services/security/ldap/LDAPSecurityConstants.java
===================================================================
RCS file:
/home/cvspublic/jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPSecurityConstants.java,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 LDAPSecurityConstants.java
--- src/java/org/apache/turbine/services/security/ldap/LDAPSecurityConstants.java
16 Aug 2001 05:09:19 -0000 1.1.1.1
+++ src/java/org/apache/turbine/services/security/ldap/LDAPSecurityConstants.java
+ 12 Dec 2002 01:46:58 -0000
@@ -54,21 +54,181 @@
* <http://www.apache.org/>.
*/
+import java.util.Properties;
+import org.apache.turbine.services.security.TurbineSecurity;
+
/**
* <p>This is a static class for defining the default ldap confiquration
* keys used by core Turbine components.</p>
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Jason van Zyl</a>
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Humberto Hernandez</a>
*
*/
-public interface LDAPSecurityConstants
+public class LDAPSecurityConstants
{
- public static final String LDAP_DN_ATTR = "ldap.dn.attribute";
- public static final String LDAP_SEARCH_FLTR = "ldap.user.search.filter";
- public static final String LDAP_BASE_SERACH = "ldap.user.basesearch";
- public static final String LDAP_ADMIN_USRNAME = "ldap.admin.username";
- public static final String LDAP_ADMIN_PASSWRD = "ldap.admin.password";
- public static final String LDAP_HOST = "ldap.host";
- public static final String LDAP_PORT = "ldap.port";
- public static final String LDAP_PROVIDER = "ldap.provider";
+ public static final String LDAP_BASE_SEARCH = "ldap.user.basesearch";
+ public static final String LDAP_SEARCH_FILTER = "ldap.user.filter";
+ public static final String LDAP_ADMIN_USERNAME = "ldap.admin.username";
+ public static final String LDAP_ADMIN_PASSWORD = "ldap.admin.password";
+ public static final String LDAP_HOST = "ldap.host";
+ public static final String LDAP_PORT = "ldap.port";
+ public static final String LDAP_PROVIDER = "ldap.provider";
+ public static final String LDAP_USER_CLASS = "ldap.user.class";
+ public static final String LDAP_USER_USERID = "ldap.user.userid";
+ public static final String LDAP_USER_USERNAME = "ldap.user.username";
+ public static final String LDAP_USER_FIRSTNAME = "ldap.user.firstname";
+ public static final String LDAP_USER_LASTNAME = "ldap.user.lastname";
+ public static final String LDAP_USER_PASSWORD = "ldap.user.password";
+ public static final String LDAP_USER_EMAIL = "ldap.user.email";
+
+ /**
+ * Get all the properties for the security service.
+ * @return all the properties of the security service.
+ */
+ public static Properties getProperties()
+ {
+ return TurbineSecurity.getService().getProperties();
+ }
+
+ /**
+ * Get the value of the property for the User Search Filter.
+ * @return the value of the property.
+ */
+ public static String getUserSearchFilter()
+ {
+ return getProperties().getProperty(LDAP_SEARCH_FILTER);
+ }
+
+ /**
+ * Get value of the property for the User Base Search.
+ * @return the value of the property.
+ */
+ public static String getUserBaseSearch()
+ {
+ String str = getProperties().getProperty(LDAP_BASE_SEARCH);
+ /*
+ * The userBaseSearch string contains some
+ * characters that need to be transformed.
+ */
+ str = str.replace('/','=');
+ str = str.replace('%',',');
+ return str;
+ }
+
+ /**
+ * Get the name of the class of the LDAP User.
+ * @return the value of the property.
+ */
+ public static String getUserClass()
+ {
+ return getProperties().getProperty(LDAP_USER_CLASS);
+ }
+
+ /**
+ * Get the value of the User id Attribute.
+ * @return the value of the property.
+ */
+ public static String getUserIdAttribute()
+ {
+ return getProperties().getProperty(LDAP_USER_USERID);
+ }
+
+ /**
+ * Get the value of the Username Attribute.
+ * @return the value of the property.
+ */
+ public static String getUsernameAttribute()
+ {
+ return getProperties().getProperty(LDAP_USER_USERNAME);
+ }
+
+ /**
+ * Get the value of the Firstname Attribute.
+ * @return the value of the property.
+ */
+ public static String getFirstnameAttribute()
+ {
+ return getProperties().getProperty(LDAP_USER_FIRSTNAME);
+ }
+
+ /**
+ * Get the value of the Lastname Attribute.
+ * @return the value of the property.
+ */
+ public static String getLastnameAttribute()
+ {
+ return getProperties().getProperty(LDAP_USER_LASTNAME);
+ }
+
+ /**
+ * Get the value of the Password Attribute.
+ * @return the value of the property.
+ */
+ public static String getPasswordAttribute()
+ {
+ return getProperties().getProperty(LDAP_USER_PASSWORD);
+ }
+
+ /**
+ * Get the value of the E-Mail Attribute.
+ * @return the value of the property.
+ */
+ public static String getEmailAttribute()
+ {
+ return getProperties().getProperty(LDAP_USER_EMAIL);
+ }
+
+ /**
+ * Get the value of the property for the administration username.
+ * @return the value of the property.
+ */
+ public static String getAdminUsername()
+ {
+ String str = getProperties().getProperty(LDAP_ADMIN_USERNAME);
+ /*
+ * The adminUsername string contains some
+ * characters that need to be transformed.
+ */
+ str = str.replace('/','=');
+ str = str.replace('%',',');
+ return str;
+ }
+
+ /**
+ * Get the value of the property for the administration password.
+ * @return the value of the property.
+ */
+ public static String getAdminPassword()
+ {
+ return getProperties().getProperty(LDAP_ADMIN_PASSWORD);
+ }
+
+ /**
+ * Get the value of the property for the LDAP Host.
+ * @return the value of the property.
+ */
+ public static String getLDAPHost()
+ {
+ return getProperties().getProperty(LDAP_HOST);
+ }
+
+ /**
+ * Get the value of the property for the LDAP Port.
+ * @return the value of the property.
+ */
+ public static String getLDAPPort()
+ {
+ return getProperties().getProperty(LDAP_PORT);
+ }
+
+ /**
+ * Get the value of the property for the LDAP Provider.
+ * @return the value of the property.
+ */
+ public static String getLDAPProvider()
+ {
+ return getProperties().getProperty(LDAP_PROVIDER);
+ }
+
}
Index: src/java/org/apache/turbine/services/security/ldap/LDAPUser.java
===================================================================
RCS file:
/home/cvspublic/jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPUser.java,v
retrieving revision 1.3
diff -u -r1.3 LDAPUser.java
--- src/java/org/apache/turbine/services/security/ldap/LDAPUser.java 11 Jul 2002
07:34:31 -0000 1.3
+++ src/java/org/apache/turbine/services/security/ldap/LDAPUser.java 12 Dec 2002
+01:47:00 -0000
@@ -58,10 +58,18 @@
import java.io.PrintWriter;
import java.sql.Connection;
import java.util.Hashtable;
+import java.util.Properties;
import javax.servlet.http.HttpSessionBindingEvent;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.Attribute;
+import javax.naming.NamingException;
import org.apache.torque.om.BaseObject;
import org.apache.turbine.om.security.User;
import org.apache.turbine.services.security.TurbineSecurity;
+import org.apache.turbine.util.Log;
+import org.apache.torque.om.ObjectKey;
+import org.apache.torque.om.NumberKey;
+import org.apache.torque.om.StringKey;
/**
* LDAPUser implements User and provides access to a user who accesses the
@@ -71,6 +79,7 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>Tracy M. Adewunmi</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Leonard J. Flournoy </a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Daniel Rall</a>
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Humberto Hernandez</a>
*/
public class LDAPUser extends BaseObject implements User
{
@@ -96,6 +105,108 @@
permStorage = new Hashtable(10);
setHasLoggedIn(new Boolean(false));
}
+
+
+ /**
+ * Populates the user with values obtained from the LDAP Service.
+ * This method could be redefined in subclasses.
+ * @param attribs The attributes obtained from LDAP.
+ * @throws NamingException if there was an error with JNDI.
+ */
+ public void setAttributes(Attributes attribs)
+ throws NamingException
+ {
+
+ Attribute attr;
+ String attrName;
+
+ // Set the User id.
+ attrName = LDAPSecurityConstants.getUserIdAttribute();
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ try
+ {
+ setPrimaryKey(new StringKey(attr.get().toString()));
+ }
+ catch(Exception ex)
+ {
+ Log.error("Exception caught:",ex);
+ }
+ }
+ }
+ else
+ {
+ Log.error("There is no LDAP attribute for the user_id.");
+ }
+
+ // Set the Username.
+ attrName = LDAPSecurityConstants.getUsernameAttribute();
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ setUserName(attr.get().toString());
+ }
+ }
+ else
+ {
+ Log.error("There is no LDAP attribute for the username.");
+ }
+
+ // Set the Firstname.
+ attrName = LDAPSecurityConstants.getFirstnameAttribute();
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ setFirstName(attr.get().toString());
+ }
+ }
+
+ // Set the Lastname.
+ attrName = LDAPSecurityConstants.getLastnameAttribute();
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ setLastName(attr.get().toString());
+ }
+ }
+
+ // Set the E-Mail
+ attrName = LDAPSecurityConstants.getEmailAttribute();
+ if (attrName != null)
+ {
+ attr = attribs.get(attrName);
+ if (attr != null && attr.get() != null)
+ {
+ setEmail(attr.get().toString());
+ }
+ }
+ }
+
+ /**
+ * Gets the distinguished name (DN) of the User.
+ * This method could be redefined in a subclass.
+ * @return The Distinguished Name of the user.
+ */
+ public String getDN()
+ {
+ String filterAttribute = LDAPSecurityConstants.getUserSearchFilter();
+ String userBaseSearch = LDAPSecurityConstants.getUserBaseSearch();
+ String userName = getUserName();
+ Log.debug("userName ="+userName);
+
+ String dn = filterAttribute + "=" + userName + "," + userBaseSearch;
+ Log.debug("dn ="+dn);
+ return dn;
+ }
/**
* Gets the access counter for a user during a session.
Index: src/java/org/apache/turbine/services/security/ldap/LDAPUserManager.java
===================================================================
RCS file:
/home/cvspublic/jakarta-turbine-2/src/java/org/apache/turbine/services/security/ldap/LDAPUserManager.java,v
retrieving revision 1.3
diff -u -r1.3 LDAPUserManager.java
--- src/java/org/apache/turbine/services/security/ldap/LDAPUserManager.java 11 Jul
2002 16:53:24 -0000 1.3
+++ src/java/org/apache/turbine/services/security/ldap/LDAPUserManager.java 12 Dec
+2002 01:47:01 -0000
@@ -53,13 +53,14 @@
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
-
+import java.util.Properties;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
+import javax.naming.AuthenticationException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
@@ -68,6 +69,7 @@
import org.apache.turbine.om.security.User;
import org.apache.turbine.services.resources.TurbineResources;
import org.apache.turbine.services.security.UserManager;
+import org.apache.turbine.services.security.TurbineSecurity;
import org.apache.turbine.services.security.ldap.util.ParseExceptionMessage;
import org.apache.turbine.util.Log;
import org.apache.turbine.util.security.DataBackendException;
@@ -93,9 +95,10 @@
* @author <a href="mailto:[EMAIL PROTECTED]";>Leonard J. Flournoy</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Jason van Zyl</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Daniel Rall</a>
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Humberto Hernandez</a>
* @version $Id: LDAPUserManager.java,v 1.3 2002/07/11 16:53:24 mpoeschl Exp $
*/
-public class LDAPUserManager implements UserManager, LDAPSecurityConstants
+public class LDAPUserManager implements UserManager
{
/**
* Check wether a specified user's account exists.
@@ -123,21 +126,13 @@
public boolean accountExists(String username)
throws DataBackendException
{
- /*!
- * Is it possible to retrieve more then one user?
- * Possibly the check for multiple users that is
- * employed in the DBUserManager can be employed
- * here.
- */
-
try
{
User ldapUser = retrieve(username);
}
- catch (Exception e)
+ catch (UnknownEntityException ex)
{
- throw new DataBackendException(
- "Failed to check account's presence", e);
+ return false;
}
return true;
@@ -156,83 +151,55 @@
public User retrieve(String username)
throws UnknownEntityException, DataBackendException
{
- String dNAttribute = TurbineResources.getString(LDAP_DN_ATTR);
- String filter = TurbineResources.getString(LDAP_SEARCH_FLTR);
- String userBaseSearch = TurbineResources.getString(LDAP_BASE_SERACH);
- String dN = null;
- String adminUser = TurbineResources.getString(LDAP_ADMIN_USRNAME);
- String adminPassword = TurbineResources.getString(LDAP_ADMIN_PASSWRD);
-
- adminUser = adminUser.replace('/', '=');
- adminUser = adminUser.replace('%', ',');
-
- User ldapUser = null;
-
- /*
- * The userBaseSearch string contains some
- * characters that need to be transformed.
- */
- userBaseSearch = userBaseSearch.replace('/', '=');
- userBaseSearch = userBaseSearch.replace('%', ',');
-
try
{
- DirContext ctx = bind(adminUser, adminPassword);
+ DirContext ctx = bindAsAdmin();
/*
- * Create the default search controls.
+ * Define the search.
*/
- SearchControls ctls = new SearchControls();
+ String userBaseSearch = LDAPSecurityConstants.getUserBaseSearch();
+ String filter = LDAPSecurityConstants.getUserSearchFilter();
+ filter = "("+filter + "="+username + ")";
/*
- * Create filter.
+ * Create the default search controls.
*/
- filter = "("+filter + "="+username + ")";
+ SearchControls ctls = new SearchControls();
NamingEnumeration answer =
ctx.search(userBaseSearch, filter, ctls);
- while (answer.hasMore())
+ if (answer.hasMore())
{
SearchResult sr = (SearchResult) answer.next();
Attributes attribs = sr.getAttributes();
- Log.debug("attribs: " + attribs.get(dNAttribute));
- dN = attribs.get(dNAttribute).toString();
- Log.debug("dN: " + dN);
- }
+ LDAPUser ldapUser = createLDAPUser();
+ ldapUser.setAttributes(attribs);
+ ldapUser.setTemp("turbine.user", ldapUser);
- if (dN == null)
+ return ldapUser;
+ } else
{
+ Log.debug("User "+username+" not found");
+ Log.debug("filter='"+filter+"'");
+ Log.debug("userBaseSearch='"+userBaseSearch+"'");
+
throw new UnknownEntityException("The given user: " +
username + "\n does not exist.");
}
-
- StringTokenizer sT = new StringTokenizer(dN, ":");
-
- while (sT.hasMoreElements())
- {
- dN = sT.nextToken();
- }
-
- dN = dN.trim();
-
- ldapUser = new LDAPUser();
- ldapUser.setUserName(dN);
-
- ldapUser.setTemp("turbine.user", ldapUser);
-
}
- catch (NamingException nameEx)
+ catch (NamingException ex)
{
+ Log.error("NamingException caught:",ex);
throw new DataBackendException(
"The LDAP server specified is unavailable");
}
- return ldapUser;
}
/**
- * This is currently not implemented to behave as expected. It is
- * just here to support the interface requirement.
+ * This is currently not implemented to behave as expected. It
+ * ignores the Criteria argument and returns all the users.
*
* Retrieve a set of users that meet the specified criteria.
*
@@ -246,10 +213,45 @@
* @return a List of users meeting the criteria.
* @throws DataBackendException Error accessing the data backend.
*/
- public User[] retrieve(Criteria criteria) throws DataBackendException
+ public User[] retrieve(Criteria criteria)
+ throws DataBackendException
{
+
Vector users = new Vector(0);
- return (User[]) users.toArray(new User[0]);
+ try
+ {
+ DirContext ctx = bindAsAdmin();
+
+ String userBaseSearch = LDAPSecurityConstants.getUserBaseSearch();
+ String filter = LDAPSecurityConstants.getUserSearchFilter();
+ filter = "("+filter+"=*)";
+
+ /*
+ * Create the default search controls.
+ */
+ SearchControls ctls = new SearchControls();
+
+ NamingEnumeration answer =
+ ctx.search(userBaseSearch, filter, ctls);
+
+ while (answer.hasMore())
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ Attributes attribs = sr.getAttributes();
+ LDAPUser ldapUser = createLDAPUser();
+ ldapUser.setAttributes(attribs);
+ ldapUser.setTemp("turbine.user", ldapUser);
+ users.add(ldapUser);
+ }
+ }
+ catch (NamingException ex)
+ {
+ Log.error("NamingException caught",ex);
+ throw new DataBackendException(
+ "The LDAP server specified is unavailable",ex);
+ }
+
+ return (User[]) users.toArray(new User[users.size()]);
}
/**
@@ -271,7 +273,6 @@
throws PasswordMismatchException,
UnknownEntityException,DataBackendException
{
-
User user = retrieve(username);
authenticate(user, password);
return user;
@@ -313,17 +314,25 @@
*/
public void authenticate(User user, String password)
throws PasswordMismatchException,
- UnknownEntityException, DataBackendException
+ UnknownEntityException,
+ DataBackendException
{
+ LDAPUser ldapUser = (LDAPUser)user;
try
{
- bind(user.getUserName(), password);
+ bind(ldapUser.getDN(), password);
}
- catch (NamingException authEx)
+ catch (AuthenticationException ex)
{
throw new PasswordMismatchException(
"The given password for: " +
- user.getUserName() + " is invalid\n");
+ ldapUser.getDN() + " is invalid\n");
+ }
+ catch (NamingException ex)
+ {
+ Log.error("NamingException caught",ex);
+ throw new DataBackendException(
+ "The LDAP server specified is unavailable");
}
}
@@ -399,67 +408,83 @@
"The method removeAccount has no implementation.");
}
+ /**
+ * Bind as the admin user.
+ * @throws NamingException when an error occurs with the named server.
+ */
+ public DirContext bindAsAdmin()
+ throws NamingException
+ {
+ String adminUser = LDAPSecurityConstants.getAdminUsername();
+ String adminPassword = LDAPSecurityConstants.getAdminPassword();
+ return bind(adminUser, adminPassword);
+ }
/**
- * Creats an initial context.
+ * Creates an initial context.
*
* @param ldap admin username supplied in TRP.
* @param ldap admin password supplied in TRP
- * @throws DataBackendException Error accessing the data backend.
- * @throws UnknownEntityException if the user account is not present.
* @throws NamingException when an error occurs with the named server.
*/
public DirContext bind(String username, String password)
- throws NamingException, DataBackendException, UnknownEntityException
+ throws NamingException
{
- DirContext ctx = null;
+ String host = LDAPSecurityConstants.getLDAPHost();
+ String port = LDAPSecurityConstants.getLDAPPort();
+ String providerURL = new String("ldap://"; + host + ":" + port);
- try
- {
- String host = TurbineResources.getString(LDAP_HOST);
- String port = TurbineResources.getString(LDAP_PORT);
-
- String providerURL = new String("ldap://"; + host + ":" + port);
+ String ldapProvider = LDAPSecurityConstants.getLDAPProvider();
- /*
- * creating an initial context using Sun's client
- * LDAP Provider.
- */
- Hashtable env = new Hashtable();
- env.put(Context.INITIAL_CONTEXT_FACTORY, LDAP_PROVIDER);
+ /*
+ * creating an initial context using Sun's client
+ * LDAP Provider.
+ */
+ Hashtable env = new Hashtable();
+ env.put(Context.INITIAL_CONTEXT_FACTORY, ldapProvider);
+ env.put(Context.PROVIDER_URL, providerURL);
+ env.put(Context.SECURITY_AUTHENTICATION, "simple");
+ env.put(Context.SECURITY_PRINCIPAL, username);
+ env.put(Context.SECURITY_CREDENTIALS, password);
- env.put(Context.PROVIDER_URL, providerURL);
- env.put(Context.SECURITY_AUTHENTICATION, "simple");
- env.put(Context.SECURITY_PRINCIPAL, username);
- env.put(Context.SECURITY_CREDENTIALS, password);
+ DirContext ctx = new javax.naming.directory.InitialDirContext(env);
+ return ctx;
+ }
- ctx = new javax.naming.directory.InitialDirContext(env);
- Log.debug("CTX: " + ctx.toString());
+ /**
+ * Create a new instance of the LDAP User according to the value
+ * configured in TurbineResources.properties.
+ * @return a new instance of the LDAP User.
+ * @throws DataBackendException if there is an error creating the
+ * instance.
+ */
+ private LDAPUser createLDAPUser()
+ throws DataBackendException
+ {
+ String className = LDAPSecurityConstants.getUserClass();
+ try
+ {
+ Class c = Class.forName(className);
+ return (LDAPUser) c.newInstance();
}
- catch (NamingException ne)
+ catch(ClassNotFoundException ex)
{
- String errno = ParseExceptionMessage.findErrno(ne.getExplanation());
-
- if (errno.equals("49"))
- {
- throw new UnknownEntityException(
- "The given credentials for the administrator are invalid");
- }
- else if (errno.equals("22"))
- {
- throw new DataBackendException(
- "The LDAP server specified is unavailable");
- }
- else
- {
- throw ne;
- }
+ String msg = "Class "+className+" not found";
+ Log.error(msg);
+ throw new DataBackendException(msg, ex);
+ }
+ catch(InstantiationException ex)
+ {
+ String msg = "Cannot instantiate "+className;
+ Log.error(msg);
+ throw new DataBackendException(msg, ex);
}
- catch (Exception e)
+ catch(IllegalAccessException ex)
{
- Log.error(e);
+ String msg = "Cannot instantiate "+className;
+ Log.error(msg);
+ throw new DataBackendException(msg, ex);
}
+ }
- return ctx;
- }
}
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
