Metacat

Beefed up the logging

Change location of PropertyService to properties directory

Add back the auth.base variable to metacat.properties. Use this variable when creating ldap distinguished name.

Reformat file

Catch login errors and report the details via an exception.

change generic authentication properties from ldap.* to auth.*

Added validation that configured ldap admins actually exist in ldap

Change the encoding method of reponse of getPrincipal from ASCII to iso-8859-1.

Add support for separate LDAP and organization level configurations

Merge 1.9 changes into Head

Check into cvs head. Comment out an obsoleted code.

Check into CVS head. Add code to handle that referral server is down.

Add timeout parameter for searching user name. If some exception happens, it wouldnot throw it, just print it out.

fixed a bug in metacat that was preventing it from using non-TLS authentication. ldap was throwing a namingException which was causing the exception handling to go to the wrong block so non-tls auth never even got tried. this shoudl hopefully fix the problem with sanparks

Change a log level. Sometime it confuses people.

This is just a code cleanup patch that re-aligns some indentations and removes
some debugging code.

As a partial fix to http://bugzilla.ecoinformatics.org/show_bug.cgi?id=2747,
I've modified AuthLdap.getGroups() and removed the code that handles LDAP
referral connect and search timeout issues in a separate thread. I've replaced
this code with ReferralException code that uses two JNDI parameter settings:...

As a partial fix to http://bugzilla.ecoinformatics.org/show_bug.cgi?id=2747,

I'm applying 3 patches to AuthLdap.java that simplify the code that addresses
timeout issues when connecting and searching referral LDAP databases, fixes the
getGroups() method to correctly get groups in referral LDAP databases, and does...

Removed the release ant token from all files in 'src'.

Cleaned up the code with proper debug statements..

Replaced getIdentifyingName and ldapAuthenticate with new code. ldapAuthenticate will first try to form a secure connection. If the secure connection fails then based on the value specified
in metacat.properties, an insecure connection will be made. authenticate() function first tries to connect using the dn specified with the default ldap base and url. in case that fails,...

Changed the filter and ldapbase values in getUserInfo so that it works for both NCEAS and LTER ldap

Added a new function - getUserInfo to AuthInterface and AuthLdap
The function returns a string array for a given username. the array contains the name, organization name and email address of the user. In case of ldap, it is cn, o and mail attributes for ldapbase=username...

Changes in log levels of some commands mentioned in the previos commit.

Replacing MetaCatUtil.debugMessage or MetaCatUtil.logMetacat call with logMetacat (private Logger object) call

Replacing debugMessage in metacat code with log4j methods for logging

Modified the code so that users show up outside the groups also in the tree constructed by action=getPrincipals.

Removed occurence of enum which is a keyword in Java 1.5

Added ou also to getprincipal output. So now organizationUnitName is also returned in getprincipal output.

Made changes so that PISCO and NRS trees are also returned in getPrincipals action.

Fixed getprincipals output. Earlier DNs for LTER were in URL form. Now they appear in DN form.
Earlier:
ldap://knb.lternet.edu:389/DN,base
Now:
DN

Have to make changes so that PISCO and NRS also show up.

Fixed two small bugs.

Made changes in XML that is sent back as result of action=getprincipals. Changes are as following:

1. <authSystem> tag contains organization attribute which specifies organization name
2. <user> tag now has <organization> tag which specifies the organization name of the user. This is being generated as null for LTER as of now.

Made change in result tag that is returned in getprincipals action. Replaced userdn with username.

Made changes in these three files so that getPrincipal returns back more details about users and groups. Users now contain userDN, user Name and user Email. Groups now contain Group name and Group description. So some function calls which returned single string array earlier now returns multiple string arrays. AuthSession.java called one of these functions - so accordingly changes were made to fix that part of the code.

Restoring AuthLdap to previous search filter. Determined that the problem was
a missing o: attribute in the UCNRS LDAP directory. Adding it in makes the old
method work. The change I had made caused some confusion about authentication
because using just uid for a filter caused too many return dn's, and it was just...

Modified LDAP authentication to support a lookup for the NRS system. If
the auth on the provided string fails as a DN, try to look up a new
DN based on the UID. If we get a match, use that DN for auth and see
if that works. This allows us to use a referral within the...

Change the debugMessage from (string) to (string int)

Change the debug message.

Fixed getGroup method return a exception and cause authenticate failed.

Fixed the getIdentifyingName() sub so that it properly looks up someones
DN if passed in a DN that is an alias. This is mainly important for
sites like PISCO that use a different root to their tree than the
ecoinformatics.org tree. Now we can successfully authenticate againast...

Some changes for pisco.

fixed groups error, I hope.

fixed auth bug

updated authldap to get the groups to work (king of)

Method getGourps was revised. Attributes variables were set there. Other wise, when it caught a referral exception and started a thread, this will caused a exception problem. When string array groups were returned by method getGroups in getPrincipals method, we should check if the groups is null or not. Otherwise it will cause a exception problem. This revise is for bug 445.

Some code format problem was fixed.

The bug was fixed.
After a referral exception happend, we should set enviroment properties again before creating a contex. These environment properties include PROVIDER_URL, SECURITY_PRINCIPLE, SECURITY_CREDENTIALS, REFERRAL, and INITIAL_CONTEXT_FACOTRY. Otherwise, you couldn't get a naming exception.

Authentication bug was fixed (bug 408).
However, it needs to test if referral cotaining a referral.

Please check it.

In order to fix bug 408 (authentication), some important variables' values
were followed.

fixed error I introduced when I got postgres working

fixed bug with ampersands in the returned relations in the resultset.

added a manual timeout to counteract the hideously long ldap time out that is encountered when a referred ldap server is down.

updated the referral mechanism so that metacat doesn't crash when a referral server is not available

Fixed the getUsers() and getPrincipals() methods so that they no longer
fail when large result sets are requested. The problem was that the
LDAP server was returning a "size limit exceeded" message when the resultset
from the query exceeded the default limit of 500 entries. Now we...

Re-enabled referrals which I had turned off for debugging purposes.

Modified AuthLdap to fix the may problems associated with group and user
queries. Now the getGroups() and getUsers() methods work as advertised,
and there is a test of each of the methods in "main" for testing purposes.
Simplified the class substantially. Fixed the getAttributes method as...

fixed referral catching mechanism in authLdap.ldapAuthenticate() so that it will refer through a bunch of linked servers instead of just one....I still haven't figured out why the getGroups method wont work.

fixed the error where the ldap authenticate took 15 seconds to execute

I think i have fixed the ldap referral bug. the test lter account that david made for me works, however I would like matt or someone more knowedgeable with ldap to please check my code. the changes I made are around line 200 of AuthLdap. I put a comment in the source where the code needs to be checked.

Fix for bug #309 so that Metacat will now follow LDAP referrals. Previously
the default was to ignore referrals. Now we explictly set the JNDI
Context.REFERRAL value to the value in the metacat.propert "referral".
The metacat.properties file has been modified to add the "referral" property,...

Updated metacat login semantics. Now, metacat assumes the username passed
in is the 'full' distinguished name of the user. If that fails, then
instead it tries looking up the string and seeing if it can determine
what the DN is, then uses it. The preferred method of logging in via...

fixed to get groupnames for a user using any identifying name

added support for multiple group membership

fixed bug - hardcoded LDAP URL

made use of the new property for ldaps url;
it is used for secure connection to LDAP server listening on second port 636 by default with SSL sockets;
it is used from Metacat for the authetication process only;
all the rest communications with LDAP server are made on the default port 389 with plain sockets

fixed the problem with empy password authentication.
Ldap somehow allows DirContext to be created
when empty password is provided as in our case
instead of comlaining like with wrong password string.
So included a check for empty password in order to reject the login.

Changes related to running LDAP servers referred each other in one tree modeling the KNB tree.
Currently there are running LDAP server on dev that holds the KNB root and the NCEAS' s subtree.
It also refers to a subtree modeling the LTER's tree which is held by another LDAP server runnig on alpha .

fixes on getting information from LDAP services

fixes around getUsers and getGroups.
"getprincipals" action can now produce output like:

<principals>
<group>
<groupname>Administrators<groupname>
<user>
<username>uid=admin,o=NCEAS, c=US<username>
</user>
</group>...

Included back getting the list of users and groups stored in auth scheme
through new action="getprincipals". No extra parameters are needed.
Any logged in users are able to get this information

included missing implementation of getUsers(), getGroups() interfaces

added precise location information (class.method) to each catch statement so that errors are more easily traced.

Added license terms to source code files, and cleaned up some javadoc
documentation in a few places.

Updated the Javadoc documentation so that the current release can be provided
on the web site.

Fixed problem with AuthInterface, AuthLdap, and AuthMcat where the
sigantures of the methods of these classes were not in agreement, which was
causing AuthLdap to no longer compile. Changed parameter signatures so that
the 'user' parameter is used consistently in all of the methods.

Fixed the LDAP authentication adapter (AuthLdap.java) so that it now looks up
the distinguished name for a user before attempting to do authentication.
This is because the user's distinguished name can sometimes be based on
their uid attribute, but sometimes be based on their cn (common name)...

merge AUTH_LDAP to the main branch