| | |
|---|
| | | import java.net.URI;
|
|---|
| | | import java.net.URISyntaxException;
|
|---|
| | | import java.security.GeneralSecurityException;
|
|---|
| | | import java.util.Arrays;
|
|---|
| | | import java.util.HashMap;
|
|---|
| | | import java.util.List;
|
|---|
| | | import java.util.Map;
|
|---|
| | |
|---|
| | | import com.gitblit.utils.ArrayUtils;
|
|---|
| | | import com.gitblit.utils.StringUtils;
|
|---|
| | | import com.unboundid.ldap.sdk.Attribute;
|
|---|
| | | import com.unboundid.ldap.sdk.DereferencePolicy;
|
|---|
| | | import com.unboundid.ldap.sdk.ExtendedResult;
|
|---|
| | | import com.unboundid.ldap.sdk.LDAPConnection;
|
|---|
| | | import com.unboundid.ldap.sdk.LDAPException;
|
|---|
| | | import com.unboundid.ldap.sdk.LDAPSearchException;
|
|---|
| | | import com.unboundid.ldap.sdk.ResultCode;
|
|---|
| | | import com.unboundid.ldap.sdk.SearchRequest;
|
|---|
| | | import com.unboundid.ldap.sdk.SearchResult;
|
|---|
| | | import com.unboundid.ldap.sdk.SearchResultEntry;
|
|---|
| | | import com.unboundid.ldap.sdk.SearchScope;
|
|---|
| | |
|---|
| | | for (Attribute userAttribute : loggingInUser.getAttributes())
|
|---|
| | | groupMemberPattern = StringUtils.replace(groupMemberPattern, "${" + userAttribute.getName() + "}", escapeLDAPSearchFilter(userAttribute.getValue()));
|
|---|
| | |
|
|---|
| | | SearchResult teamMembershipResult = doSearch(ldapConnection, groupBase, groupMemberPattern);
|
|---|
| | | SearchResult teamMembershipResult = doSearch(ldapConnection, groupBase, true, groupMemberPattern, Arrays.asList("cn"));
|
|---|
| | | if (teamMembershipResult != null && teamMembershipResult.getEntryCount() > 0) {
|
|---|
| | | for (int i = 0; i < teamMembershipResult.getEntryCount(); i++) {
|
|---|
| | | SearchResultEntry teamEntry = teamMembershipResult.getSearchEntries().get(i);
|
|---|
| | |
|---|
| | | return null;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | private SearchResult doSearch(LDAPConnection ldapConnection, String base, boolean dereferenceAliases, String filter, List<String> attributes) {
|
|---|
| | | try {
|
|---|
| | | SearchRequest searchRequest = new SearchRequest(base, SearchScope.SUB, filter);
|
|---|
| | | if ( dereferenceAliases ) {
|
|---|
| | | searchRequest.setDerefPolicy(DereferencePolicy.SEARCHING);
|
|---|
| | | }
|
|---|
| | | if (attributes != null) {
|
|---|
| | | searchRequest.setAttributes(attributes);
|
|---|
| | | }
|
|---|
| | | return ldapConnection.search(searchRequest);
|
|---|
| | |
|
|---|
| | | } catch (LDAPSearchException e) {
|
|---|
| | | logger.error("Problem Searching LDAP", e);
|
|---|
| | |
|
|---|
| | | return null;
|
|---|
| | | } catch (LDAPException e) {
|
|---|
| | | logger.error("Problem creating LDAP search", e);
|
|---|
| | | return null;
|
|---|
| | | }
|
|---|
| | | }
|
|---|
| | | |
|---|
| | | private boolean isAuthenticated(LDAPConnection ldapConnection, String userDn, String password) {
|
|---|
| | | try {
|
|---|
| | | // Binding will stop any LDAP-Injection Attacks since the searched-for user needs to bind to that DN
|
|---|
