| | |
|---|
| | | String bindUserName = settings.getString(Keys.realm.ldap.username, ""); |
|---|
| | | String bindPassword = settings.getString(Keys.realm.ldap.password, ""); |
|---|
| | | |
|---|
| | | |
|---|
| | | LDAPConnection conn; |
|---|
| | | if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) { |
|---|
| | | // SSL |
|---|
| | | SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager()); |
|---|
| | | conn = new LDAPConnection(sslUtil.createSSLSocketFactory()); |
|---|
| | | if (ldapPort == -1) { |
|---|
| | | ldapPort = 636; |
|---|
| | | } |
|---|
| | | } else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) { |
|---|
| | | // no encryption or StartTLS |
|---|
| | | conn = new LDAPConnection(); |
|---|
| | | if (ldapPort == -1) { |
|---|
| | | ldapPort = 389; |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme()); |
|---|
| | | return null; |
|---|
| | |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (!StringUtils.isEmpty(bindUserName) || !StringUtils.isEmpty(bindPassword)) { |
|---|
| | | if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) { |
|---|
| | | // anonymous bind |
|---|
| | | conn.bind(new SimpleBindRequest()); |
|---|
| | | } else { |
|---|
| | | // authenticated bind |
|---|
| | | conn.bind(new SimpleBindRequest(bindUserName, bindPassword)); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | UserModel user = null; |
|---|
| | | synchronized (this) { |
|---|
| | | user = userManager.getUserModel(simpleUsername); |
|---|
| | | if (user == null) // create user object for new authenticated user |
|---|
| | | if (user == null) { |
|---|
| | | // create user object for new authenticated user |
|---|
| | | user = new UserModel(simpleUsername); |
|---|
| | | |
|---|
| | | // create a user cookie |
|---|
| | | if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { |
|---|
| | | user.cookie = StringUtils.getSHA1(user.username + new String(password)); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (!supportsTeamMembershipChanges()) |
|---|
| | | // create a user cookie |
|---|
| | | setCookie(user, password); |
|---|
| | | |
|---|
| | | if (!supportsTeamMembershipChanges()) { |
|---|
| | | getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // Get User Attributes |
|---|
| | | setUserAttributes(user, loggingInUser); |
|---|
| | |
|---|
| | | updateUser(user); |
|---|
| | | |
|---|
| | | if (!supportsTeamMembershipChanges()) { |
|---|
| | | for (TeamModel userTeam : user.teams) |
|---|
| | | for (TeamModel userTeam : user.teams) { |
|---|
| | | updateTeam(userTeam); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | if (!ArrayUtils.isEmpty(admins)) { |
|---|
| | | user.canAdmin = false; |
|---|
| | | for (String admin : admins) { |
|---|
| | | if (admin.startsWith("@")) { // Team |
|---|
| | | if (user.getTeam(admin.substring(1)) != null) |
|---|
| | | user.canAdmin = true; |
|---|
| | | } else |
|---|
| | | if (user.getName().equalsIgnoreCase(admin)) |
|---|
| | | user.canAdmin = true; |
|---|
| | | if (admin.startsWith("@") && user.isTeamMember(admin.substring(1))) { |
|---|
| | | // admin team |
|---|
| | | user.canAdmin = true; |
|---|
| | | } else if (user.getName().equalsIgnoreCase(admin)) { |
|---|
| | | // admin user |
|---|
| | | user.canAdmin = true; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | |
|---|
| | | if (!StringUtils.isEmpty(displayName)) { |
|---|
| | | // Replace embedded ${} with attributes |
|---|
| | | if (displayName.contains("${")) { |
|---|
| | | for (Attribute userAttribute : userEntry.getAttributes()) |
|---|
| | | for (Attribute userAttribute : userEntry.getAttributes()) { |
|---|
| | | displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue()); |
|---|
| | | |
|---|
| | | } |
|---|
| | | user.displayName = displayName; |
|---|
| | | } else { |
|---|
| | | Attribute attribute = userEntry.getAttribute(displayName); |
|---|
| | |
|---|
| | | String email = settings.getString(Keys.realm.ldap.email, ""); |
|---|
| | | if (!StringUtils.isEmpty(email)) { |
|---|
| | | if (email.contains("${")) { |
|---|
| | | for (Attribute userAttribute : userEntry.getAttributes()) |
|---|
| | | for (Attribute userAttribute : userEntry.getAttributes()) { |
|---|
| | | email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue()); |
|---|
| | | |
|---|
| | | } |
|---|
| | | user.emailAddress = email; |
|---|
| | | } else { |
|---|
| | | Attribute attribute = userEntry.getAttribute(email); |
|---|
| | |
|---|
| | | private void getTeamsFromLdap(LDAPConnection ldapConnection, String simpleUsername, SearchResultEntry loggingInUser, UserModel user) { |
|---|
| | | String loggingInUserDN = loggingInUser.getDN(); |
|---|
| | | |
|---|
| | | user.teams.clear(); // Clear the users team memberships - we're going to get them from LDAP |
|---|
| | | // Clear the users team memberships - we're going to get them from LDAP |
|---|
| | | user.teams.clear(); |
|---|
| | | |
|---|
| | | String groupBase = settings.getString(Keys.realm.ldap.groupBase, ""); |
|---|
| | | String groupMemberPattern = settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))"); |
|---|
| | | |
|---|
