Changed AuthLDAP to deal with cases where getAttributes encounters non-stringattributes (which used to cause a ClassCastException). Now, if an attributevalue can not be cast to string, we catch the class cast exception and justskip this value. This only typically occurs when an LDAP server is set to send...
changes for dataone .5 schema updates
when looking up group membership, skip referrals that have errorshttp://bugzilla.ecoinformatics.org/show_bug.cgi?id=4900
skip referrals that have errors (connection timeout, host down, etc)http://bugzilla.ecoinformatics.org/show_bug.cgi?id=4900
add method name to log statements
Separate code to do tls and non-tls authentication. Introduce AuthTLSException to make error handling easier.
Beefed up the logging
Change location of PropertyService to properties directory
Add back the auth.base variable to metacat.properties. Use this variable when creating ldap distinguished name.
Reformat file
Catch login errors and report the details via an exception.
change generic authentication properties from ldap.* to auth.*
Added validation that configured ldap admins actually exist in ldap
Change the encoding method of reponse of getPrincipal from ASCII to iso-8859-1.
Add support for separate LDAP and organization level configurations
Merge 1.9 changes into Head
Check into cvs head. Comment out an obsoleted code.
Check into CVS head. Add code to handle that referral server is down.
Add timeout parameter for searching user name. If some exception happens, it wouldnot throw it, just print it out.
fixed a bug in metacat that was preventing it from using non-TLS authentication. ldap was throwing a namingException which was causing the exception handling to go to the wrong block so non-tls auth never even got tried. this shoudl hopefully fix the problem with sanparks
Change a log level. Sometime it confuses people.
This is just a code cleanup patch that re-aligns some indentations and removessome debugging code.
As a partial fix to http://bugzilla.ecoinformatics.org/show_bug.cgi?id=2747,I've modified AuthLdap.getGroups() and removed the code that handles LDAPreferral connect and search timeout issues in a separate thread. I've replacedthis code with ReferralException code that uses two JNDI parameter settings:...
As a partial fix to http://bugzilla.ecoinformatics.org/show_bug.cgi?id=2747,
I'm applying 3 patches to AuthLdap.java that simplify the code that addressestimeout issues when connecting and searching referral LDAP databases, fixes thegetGroups() method to correctly get groups in referral LDAP databases, and does...
Removed the release ant token from all files in 'src'.
release
Cleaned up the code with proper debug statements..
Replaced getIdentifyingName and ldapAuthenticate with new code. ldapAuthenticate will first try to form a secure connection. If the secure connection fails then based on the value specifiedin metacat.properties, an insecure connection will be made. authenticate() function first tries to connect using the dn specified with the default ldap base and url. in case that fails,...
Changed the filter and ldapbase values in getUserInfo so that it works for both NCEAS and LTER ldap
Added a new function - getUserInfo to AuthInterface and AuthLdapThe function returns a string array for a given username. the array contains the name, organization name and email address of the user. In case of ldap, it is cn, o and mail attributes for ldapbase=username...
Changes in log levels of some commands mentioned in the previos commit.
Replacing MetaCatUtil.debugMessage or MetaCatUtil.logMetacat call with logMetacat (private Logger object) call
Replacing debugMessage in metacat code with log4j methods for logging
Modified the code so that users show up outside the groups also in the tree constructed by action=getPrincipals.
Removed occurence of enum which is a keyword in Java 1.5
Added ou also to getprincipal output. So now organizationUnitName is also returned in getprincipal output.
Made changes so that PISCO and NRS trees are also returned in getPrincipals action.
Fixed getprincipals output. Earlier DNs for LTER were in URL form. Now they appear in DN form.Earlier:ldap://knb.lternet.edu:389/DN,baseNow:DN
Have to make changes so that PISCO and NRS also show up.
Fixed two small bugs.
Made changes in XML that is sent back as result of action=getprincipals. Changes are as following:
1. <authSystem> tag contains organization attribute which specifies organization name2. <user> tag now has <organization> tag which specifies the organization name of the user. This is being generated as null for LTER as of now.
Made change in result tag that is returned in getprincipals action. Replaced userdn with username.
Made changes in these three files so that getPrincipal returns back more details about users and groups. Users now contain userDN, user Name and user Email. Groups now contain Group name and Group description. So some function calls which returned single string array earlier now returns multiple string arrays. AuthSession.java called one of these functions - so accordingly changes were made to fix that part of the code.
Restoring AuthLdap to previous search filter. Determined that the problem wasa missing o: attribute in the UCNRS LDAP directory. Adding it in makes the oldmethod work. The change I had made caused some confusion about authenticationbecause using just uid for a filter caused too many return dn's, and it was just...
Modified LDAP authentication to support a lookup for the NRS system. Ifthe auth on the provided string fails as a DN, try to look up a newDN based on the UID. If we get a match, use that DN for auth and seeif that works. This allows us to use a referral within the...
Change the debugMessage from (string) to (string int)
Change the debug message.
Fixed getGroup method return a exception and cause authenticate failed.
Fixed the getIdentifyingName() sub so that it properly looks up someonesDN if passed in a DN that is an alias. This is mainly important forsites like PISCO that use a different root to their tree than theecoinformatics.org tree. Now we can successfully authenticate againast...
Some changes for pisco.
fixed groups error, I hope.
fixed auth bug
updated authldap to get the groups to work (king of)
Method getGourps was revised. Attributes variables were set there. Other wise, when it caught a referral exception and started a thread, this will caused a exception problem. When string array groups were returned by method getGroups in getPrincipals method, we should check if the groups is null or not. Otherwise it will cause a exception problem. This revise is for bug 445.
Some code format problem was fixed.
The bug was fixed.After a referral exception happend, we should set enviroment properties again before creating a contex. These environment properties include PROVIDER_URL, SECURITY_PRINCIPLE, SECURITY_CREDENTIALS, REFERRAL, and INITIAL_CONTEXT_FACOTRY. Otherwise, you couldn't get a naming exception.
Authentication bug was fixed (bug 408).However, it needs to test if referral cotaining a referral.
Please check it.
In order to fix bug 408 (authentication), some important variables' valueswere followed.
fixed error I introduced when I got postgres working
fixed bug with ampersands in the returned relations in the resultset.
added a manual timeout to counteract the hideously long ldap time out that is encountered when a referred ldap server is down.
updated the referral mechanism so that metacat doesn't crash when a referral server is not available
Fixed the getUsers() and getPrincipals() methods so that they no longerfail when large result sets are requested. The problem was that theLDAP server was returning a "size limit exceeded" message when the resultsetfrom the query exceeded the default limit of 500 entries. Now we...
Re-enabled referrals which I had turned off for debugging purposes.
Modified AuthLdap to fix the may problems associated with group and userqueries. Now the getGroups() and getUsers() methods work as advertised,and there is a test of each of the methods in "main" for testing purposes.Simplified the class substantially. Fixed the getAttributes method as...
fixed referral catching mechanism in authLdap.ldapAuthenticate() so that it will refer through a bunch of linked servers instead of just one....I still haven't figured out why the getGroups method wont work.
fixed the error where the ldap authenticate took 15 seconds to execute
I think i have fixed the ldap referral bug. the test lter account that david made for me works, however I would like matt or someone more knowedgeable with ldap to please check my code. the changes I made are around line 200 of AuthLdap. I put a comment in the source where the code needs to be checked.
Fix for bug #309 so that Metacat will now follow LDAP referrals. Previouslythe default was to ignore referrals. Now we explictly set the JNDIContext.REFERRAL value to the value in the metacat.propert "referral".The metacat.properties file has been modified to add the "referral" property,...
Updated metacat login semantics. Now, metacat assumes the username passedin is the 'full' distinguished name of the user. If that fails, theninstead it tries looking up the string and seeing if it can determinewhat the DN is, then uses it. The preferred method of logging in via...
fixed to get groupnames for a user using any identifying name
added support for multiple group membership
fixed bug - hardcoded LDAP URL
made use of the new property for ldaps url;it is used for secure connection to LDAP server listening on second port 636 by default with SSL sockets;it is used from Metacat for the authetication process only;all the rest communications with LDAP server are made on the default port 389 with plain sockets
fixed the problem with empy password authentication.Ldap somehow allows DirContext to be createdwhen empty password is provided as in our caseinstead of comlaining like with wrong password string.So included a check for empty password in order to reject the login.
Changes related to running LDAP servers referred each other in one tree modeling the KNB tree.Currently there are running LDAP server on dev that holds the KNB root and the NCEAS' s subtree.It also refers to a subtree modeling the LTER's tree which is held by another LDAP server runnig on alpha .
fixes on getting information from LDAP services
fixes around getUsers and getGroups."getprincipals" action can now produce output like:<principals> <group> <groupname>Administrators<groupname> <user> <username>uid=admin,o=NCEAS, c=US<username> </user> </group>...
Included back getting the list of users and groups stored in auth schemethrough new action="getprincipals". No extra parameters are needed.Any logged in users are able to get this information
included missing implementation of getUsers(), getGroups() interfaces
added precise location information (class.method) to each catch statement so that errors are more easily traced.
Added license terms to source code files, and cleaned up some javadocdocumentation in a few places.
Updated the Javadoc documentation so that the current release can be providedon the web site.
Fixed problem with AuthInterface, AuthLdap, and AuthMcat where thesigantures of the methods of these classes were not in agreement, which wascausing AuthLdap to no longer compile. Changed parameter signatures so thatthe 'user' parameter is used consistently in all of the methods.
Fixed the LDAP authentication adapter (AuthLdap.java) so that it now looks upthe distinguished name for a user before attempting to do authentication.This is because the user's distinguished name can sometimes be based ontheir uid attribute, but sometimes be based on their cn (common name)...
merge AUTH_LDAP to the main branch