/src/edu/ucsb/nceas/metacat/AuthLdap.java - Annotate - Metacat - Ecoinformatics Redmine

metacat/src/edu/ucsb/nceas/metacat/AuthLdap.java @ 2723

-            bojilova
+/**
  *  '$RCSfile$'
  *    Purpose: An implementation of the AuthInterface interface that
  *             allows Metacat to use the LDAP protocol for
  *             directory services
  *  Copyright: 2000 Regents of the University of California and the
  *             National Center for Ecological Analysis and Synthesis
  *    Authors: Matt Jones
  *    Release: @release@
+ *
  *   '$Author$'
  *     '$Date$'
  * '$Revision$'
             jones
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
+ *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-            bojilova
+ */
 package edu.ucsb.nceas.metacat;
 import java.net.ConnectException;
 import javax.naming.AuthenticationException;
 import javax.naming.Context;
-            bojilova
+import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-            jones
+import javax.naming.SizeLimitExceededException;
-            bojilova
+import javax.naming.InitialContext;
-            bojilova
+import javax.naming.directory.InvalidSearchFilterException;
-            bojilova
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
-            jones
+import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import javax.naming.directory.SearchResult;
-            bojilova
+import javax.naming.directory.SearchControls;
-            berkley
+import javax.naming.ReferralException;
-            bojilova
+import javax.naming.ldap.*;
             sgarg
 import org.apache.log4j.Logger;
-            jones
+import java.net.URLDecoder;
-            bojilova
+import java.util.Iterator;
 import java.util.HashMap;
 import java.util.Hashtable;
-            bojilova
+import java.util.Enumeration;
-            bojilova
+import java.util.Set;
 import java.util.Vector;
 /**
  * An implementation of the AuthInterface interface that
  * allows Metacat to use the LDAP protocol for directory services.
-            sgarg
+ * The LDAP authentication service is used to determine if a user
-            bojilova
+ * is authenticated, and whether they are a member of a particular group.
  */
-            sgarg
+public class AuthLdap
     implements AuthInterface, Runnable {
-            bojilova
+  private MetaCatUtil util = new MetaCatUtil();
-            bojilova
+  private String ldapUrl;
-            bojilova
+  private String ldapsUrl;
-            bojilova
+  private String ldapBase;
-            jones
+  private String referral;
-            tao
+  private Context referralContext;
-            berkley
+  Hashtable env = new Hashtable(11);
   private Context rContext;
-            tao
+  private String userName;
   private String userPassword;
-            berkley
+  ReferralException refExc;
             bojilova
-            sgarg
+  private static Logger logMetacat = Logger.getLogger(AuthLdap.class);
-            sgarg
+  /**
-            bojilova
+   * Construct an AuthLdap
    */
   public AuthLdap() {
     // Read LDAP URI for directory service information
-            bojilova
+    this.ldapUrl = MetaCatUtil.getOption("ldapurl");
     this.ldapsUrl = MetaCatUtil.getOption("ldapsurl");
     this.ldapBase = MetaCatUtil.getOption("ldapbase");
-            jones
+    this.referral = MetaCatUtil.getOption("referral");
             bojilova
-            bojilova
+  /**
    * Determine if a user/password are valid according to the authentication
    * service.
+   *
    * @param user the name of the principal to authenticate
    * @param password the password to use for authentication
    * @returns boolean true if authentication successful, false otherwise
    */
-            sgarg
+  public boolean authenticate(String user, String password) throws
       ConnectException {
-            bojilova
+    String ldapUrl = this.ldapUrl;
-            bojilova
+    String ldapsUrl = this.ldapsUrl;
-            bojilova
+    String ldapBase = this.ldapBase;
-            bojilova
+    boolean authenticated = false;
-            bojilova
+    String identifier = user;
-            tao
+    //get uid here.
-            jones
+    //uid=user.substring(0, user.indexOf(","));
             sgarg
-            bojilova
+    try {
-            sgarg
+      // Check the usename as passed in
       authenticated = ldapAuthenticate(identifier, password);
       // if not found, try looking up a valid DN then auth again
       if (!authenticated) {
-            sgarg
+        logMetacat.info("Looking up DN for: " + identifier);
-            sgarg
+        identifier = getIdentifyingName(identifier, ldapUrl, ldapBase);
-            sgarg
+        logMetacat.info("DN found: " + identifier);
-            sgarg
+        String decoded = URLDecoder.decode(identifier);
-            sgarg
+        logMetacat.info("DN decoded: " + decoded);
-            sgarg
+        identifier = decoded;
         String refUrl = "";
         String refBase = "";
         if (identifier.startsWith("ldap")) {
           refUrl = identifier.substring(0,
                                         identifier.lastIndexOf("/") + 1);
-            sgarg
+          logMetacat.info("Ref ldapUrl: " + refUrl);
-            sgarg
+          int position = identifier.indexOf(",");
           int position2 = identifier.indexOf(",", position + 1);
           refBase = identifier.substring(position2 + 1);
-            sgarg
+          logMetacat.info("Ref ldapBase: " + refBase);
-            sgarg
+          identifier = identifier.substring(
               identifier.lastIndexOf("/") + 1);
-            sgarg
+          logMetacat.info("Trying: " + identifier);
-            sgarg
+          authenticated = ldapAuthenticate(identifier, password,
                                            refUrl, refBase);
             tao
-            sgarg
+        else {
           identifier = identifier + "," + ldapBase;
-            sgarg
+          logMetacat.info("Trying: " + identifier);
-            sgarg
+          authenticated = ldapAuthenticate(identifier, password);
+        }
         //authenticated = ldapAuthenticate(identifier, password);
+      }
             sgarg
             sgarg
     catch (NullPointerException e) {
-            sgarg
+      logMetacat.error("NullPointerException b' password is null");
       logMetacat.error("NullPointerException while authenticating in " +
-            sgarg
+                        "AuthLdap.authenticate: " + e);
-            bojilova
+      throw new ConnectException(
-            sgarg
+          "NullPointerException while authenticating in " +
           "AuthLdap.authenticate: " + e);
+    }
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Naming exception while authenticating in " +
-            sgarg
+                        "AuthLdap.authenticate: " + e);
-            jones
+      e.printStackTrace();
             sgarg
     catch (Exception e) {
-            sgarg
+      logMetacat.error(e.getMessage());
             bojilova
     return authenticated;
+  }
   /**
-            jones
+   * Connect to the LDAP directory and do the authentication using the
    * username and password as passed into the routine.
+   *
    * @param identifier the distinguished name to check against LDAP
    * @param password the password for authentication
    */
-            sgarg
+  private boolean ldapAuthenticate(String identifier, String password) throws
       ConnectException, NamingException, NullPointerException {
     return ldapAuthenticate(identifier, password,
                             this.ldapsUrl, this.ldapBase);
             jones
   /**
    * Connect to the LDAP directory and do the authentication using the
    * username and password as passed into the routine.
+   *
    * @param identifier the distinguished name to check against LDAP
    * @param password the password for authentication
    */
   private boolean ldapAuthenticate(String identifier, String password,
-            sgarg
+                                   String directoryUrl, String searchBase) throws
       ConnectException, NamingException, NullPointerException {
-            berkley
+    double totStartTime = System.currentTimeMillis();
-            jones
+    boolean authenticated = false;
-            jones
+    if (identifier != null && !password.equals("")) {
             sgarg
-            sgarg
+      //Pass the username and password to run() method
       userName = identifier;
       userPassword = password;
       // Identify service provider to use
       Hashtable env = new Hashtable(11);
       env.put(Context.INITIAL_CONTEXT_FACTORY,
-            tao
+              "com.sun.jndi.ldap.LdapCtxFactory");
-            sgarg
+      env.put(Context.REFERRAL, "throw");
       env.put(Context.PROVIDER_URL, directoryUrl + searchBase);
-            sgarg
+      logMetacat.info("PROVIDER_URL set to: " + directoryUrl + searchBase);
-            sgarg
+      if (!ldapsUrl.equals(ldapUrl)) {
         // ldap is set on default port 389
         // ldaps is set on second port - 636 by default
-            sgarg
+        // env.put(Context.SECURITY_PROTOCOL, "ssl");
+       }
-            sgarg
+      env.put(Context.SECURITY_AUTHENTICATION, "simple");
       env.put(Context.SECURITY_PRINCIPAL, identifier);
       env.put(Context.SECURITY_CREDENTIALS, password);
       // If our auth credentials are invalid, an exception will be thrown
       DirContext ctx = null;
       try {
         double startTime = System.currentTimeMillis();
         //Here to check the authorization
         ctx = new InitialDirContext(env);
         double stopTime = System.currentTimeMillis();
-            sgarg
+        logMetacat.info("Connection time thru " + ldapsUrl + " was: " +
-            sgarg
+                          (stopTime - startTime) / 1000 + " seconds.");
-            sgarg
+        authenticated = true;
         //tls.close();
         ctx.close();
         this.ldapUrl = ldapUrl;
         this.ldapBase = ldapBase;
         //break;
+      }
       catch (AuthenticationException ae) {
         authenticated = false;
         if (ctx != null) {
           ctx.close();
             jones
             sgarg
       catch (javax.naming.InvalidNameException ine) {
-            sgarg
+        logMetacat.error("An invalid DN was provided!");
             sgarg
       catch (javax.naming.ReferralException re) {
-            sgarg
+        logMetacat.error("referral during authentication");
         logMetacat.error("Referral information: " + re.getReferralInfo());
-            jones
+        try {
-            sgarg
+          refExc = re;
             tao
-            sgarg
+          Thread t = new Thread(this);
           t.start();
           Thread.sleep(5000); //this is a manual override of ldap's
           //hideously long time out period.
-            sgarg
+          logMetacat.info("Awake after 5 seconds.");
-            sgarg
+          if (referralContext == null) {
             t.interrupt();
-            berkley
+            authenticated = false;
+          }
-            sgarg
+          else {
             authenticated = true;
+          }
             berkley
-            sgarg
+        catch (Exception e) {
           authenticated = false;
+        }
+      }
             jones
-            sgarg
+    else {
-            sgarg
+      logMetacat.info("User not found");
             sgarg
-            berkley
+    double totStopTime = System.currentTimeMillis();
-            sgarg
+    logMetacat.warn("total ldap authentication time: " +
-            sgarg
+                      (totStopTime - totStartTime) / 1000 + " seconds");
-            jones
+    return authenticated;
+  }
   /**
-            bojilova
+   * Get the identifying name for a given userid or name.  This is the name
    * that is used in conjunction withthe LDAP BaseDN to create a
    * distinguished name (dn) for the record
+   *
    * @param user the user for which the identifying name is requested
-            sgarg
+   * @returns String the identifying name for the user,
-            bojilova
+   *          or null if not found
    */
-            tao
+  private String getIdentifyingName(String user, String ldapUrl,
-            sgarg
+                                    String ldapBase) throws NamingException {
-            bojilova
+    String identifier = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
-            sgarg
+    logMetacat.info("setting referrals to: " + referral);
-            jones
+    env.put(Context.REFERRAL, referral);
-            bojilova
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
-            berkley
+    //    non-secure LDAP context; dn are publicly readable
-            bojilova
+    try {
             sgarg
-            bojilova
+      // Bind to the LDAP server, in order to search for the right
       // distinguished name (dn) based on userid (uid) or common name (cn)
       DirContext ctx = new InitialDirContext(env);
       SearchControls ctls = new SearchControls();
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
-            sgarg
+      // Search for the user id or name using the uid, then cn and sn
-            tao
+      //attributes
-            bojilova
+      // If we find a record, determine the dn for the record
-            jones
+      // The following blocks need to be refactored into a subroutine
       // they have a ridiculous amount of redundancy
             bojilova
-            jones
+      // Parse out the uid and org components and look up the real DN
       // This assumes a dn like "uid=x,o=y,dc=someinst,dc=org"
       int position = user.indexOf(",");
       String comp1 = user.substring(0, position);
-            sgarg
+      logMetacat.info("First comp is: " + comp1);
-            sgarg
+      String comp2 = user.substring(position + 1,
                                     user.indexOf(",", position + 1));
-            sgarg
+      logMetacat.info("Second comp is: " + comp2);
             jones
-            jones
+      //String filter = "(&(" + comp1 + "))";
       String filter = "(&(" + comp1 + ")(" + comp2 + "))";
-            sgarg
+      logMetacat.info("Filter is: " + filter);
       logMetacat.info("Provider URL is: " + ldapUrl + ldapBase);
-            bojilova
+      NamingEnumeration answer;
       try {
-            sgarg
+        logMetacat.info("Trying search 1: " + filter);
-            bojilova
+        answer = ctx.search("", filter, ctls);
-            sgarg
+        logMetacat.info("Search 1 complete");
-            jones
+        if (answer == null) {
-            sgarg
+          logMetacat.info("Search 1 answer is null.");
             jones
-            bojilova
+        if (answer.hasMore()) {
-            sgarg
+          logMetacat.info("Search 1 has answers.");
-            sgarg
+          SearchResult sr = (SearchResult) answer.next();
-            bojilova
+          identifier = sr.getName();
-            sgarg
+          logMetacat.info("Originally Found: " + identifier);
-            jones
+          return identifier;
+        }
             jones
-            sgarg
+      catch (InvalidSearchFilterException e) {
-            sgarg
+        logMetacat.error("Invalid Filter exception thrown (if1)");
             sgarg
             jones
       // That failed, so check if it is just a username
       filter = "(" + user + ")";
       try {
-            sgarg
+        logMetacat.info("Trying again: " + filter);
-            jones
+        answer = ctx.search("", filter, ctls);
         if (answer.hasMore()) {
-            sgarg
+          SearchResult sr = (SearchResult) answer.next();
-            jones
+          identifier = sr.getName();
-            sgarg
+          if (!sr.isRelative()) {
-            tao
+            this.ldapUrl = identifier.substring(0,
-            sgarg
+                                                identifier.lastIndexOf("/") + 1);
             this.ldapBase = identifier.substring(identifier.indexOf(",") + 1);
             identifier = identifier.substring(identifier.lastIndexOf("/") + 1,
-            bojilova
+                                              identifier.indexOf(","));
+          }
-            sgarg
+          logMetacat.info("Found: " + identifier);
-            bojilova
+          return identifier;
+        }
             sgarg
       catch (InvalidSearchFilterException e) {}
             jones
       // Maybe its a user id (uid)
-            bojilova
+      filter = "(uid=" + user + ")";
-            sgarg
+      logMetacat.info("Trying again: " + filter);
-            bojilova
+      answer = ctx.search("", filter, ctls);
-            bojilova
+      if (answer.hasMore()) {
-            sgarg
+        SearchResult sr = (SearchResult) answer.next();
-            bojilova
+        identifier = sr.getName();
-            sgarg
+        if (!sr.isRelative()) {
           this.ldapUrl = identifier.substring(0,
                                               identifier.lastIndexOf("/") + 1);
           this.ldapBase = identifier.substring(identifier.indexOf(",") + 1);
           identifier = identifier.substring(identifier.lastIndexOf("/") + 1,
-            bojilova
+                                            identifier.indexOf(","));
+        }
-            sgarg
+        logMetacat.info("Found: " + identifier);
             sgarg
       else {
             jones
         // maybe its just a common name
-            bojilova
+        filter = "(cn=" + user + ")";
-            sgarg
+        logMetacat.info("Trying again: " + filter);
-            bojilova
+        NamingEnumeration answer2 = ctx.search("", filter, ctls);
         if (answer2.hasMore()) {
-            sgarg
+          SearchResult sr = (SearchResult) answer2.next();
-            bojilova
+          identifier = sr.getName();
-            sgarg
+          if (!sr.isRelative()) {
-            tao
+            this.ldapUrl = identifier.substring(0,
-            sgarg
+                                                identifier.lastIndexOf("/") + 1);
             this.ldapBase = identifier.substring(identifier.indexOf(",") + 1);
             identifier = identifier.substring(identifier.lastIndexOf("/") + 1,
-            bojilova
+                                              identifier.indexOf(","));
+          }
-            sgarg
+          logMetacat.info("Found: " + identifier);
             sgarg
         else {
             jones
           // ok, last resort, is it a surname?
-            bojilova
+          filter = "(sn=" + user + ")";
-            sgarg
+          logMetacat.info("Trying again: " + filter);
-            bojilova
+          NamingEnumeration answer3 = ctx.search("", filter, ctls);
           if (answer3.hasMore()) {
-            sgarg
+            SearchResult sr = (SearchResult) answer3.next();
-            bojilova
+            identifier = sr.getName();
-            sgarg
+            if (!sr.isRelative()) {
-            tao
+              this.ldapUrl = identifier.substring(0,
-            sgarg
+                                                  identifier.lastIndexOf("/") +
 );
               this.ldapBase = identifier.substring(identifier.indexOf(",") + 1);
               identifier = identifier.substring(identifier.lastIndexOf("/") + 1,
-            bojilova
+                                                identifier.indexOf(","));
+            }
-            sgarg
+            logMetacat.info("Found: " + identifier);
             bojilova
+        }
+      }
       // Close the context when we're done the initial search
       ctx.close();
             sgarg
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Naming exception while getting dn: " + e);
-            bojilova
+      throw new NamingException(
-            sgarg
+          "Naming exception in AuthLdap.getIdentifyingName: " + e);
             bojilova
-            sgarg
+    logMetacat.error("Returning found identifier as: " + identifier);
-            bojilova
+    return identifier;
+  }
   /**
-            bojilova
+   * Get all users from the authentication service
             jones
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @returns string array of all of the user names
-            bojilova
+   */
-            sgarg
+  public String[][] getUsers(String user, String password) throws
       ConnectException {
-            sgarg
+    String[][] users = null;
             bojilova
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            bojilova
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl);
             sgarg
-            bojilova
+    try {
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
             bojilova
-            sgarg
+      // Specify the attributes to match.
       // Users are objects that have the attribute objectclass=InetOrgPerson.
       SearchControls ctls = new SearchControls();
       String[] attrIDs = {
-            sgarg
+          "dn", "cn", "o", "ou", "mail"};
-            sgarg
+      ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
       //ctls.setCountLimit(1000);
       String filter = "(objectClass=inetOrgPerson)";
-            sgarg
+      NamingEnumeration namingEnum = ctx.search(ldapBase, filter, ctls);
             sgarg
-            sgarg
+      // Store the users in a vector
       Vector uvec = new Vector();
       Vector uname = new Vector();
       Vector uorg = new Vector();
-            sgarg
+      Vector uou = new Vector();
-            sgarg
+      Vector umail = new Vector();
       Attributes tempAttr = null;
       try {
-            sgarg
+        while (namingEnum.hasMore()) {
           SearchResult sr = (SearchResult) namingEnum.next();
-            sgarg
+          tempAttr = sr.getAttributes();
             sgarg
-            sgarg
+          if ( (tempAttr.get("cn") + "").startsWith("cn: ")) {
             uname.add( (tempAttr.get("cn") + "").substring(4));
+          }
           else {
             uname.add(tempAttr.get("cn") + "");
+          }
             sgarg
-            sgarg
+          if ( (tempAttr.get("o") + "").startsWith("o: ")) {
             uorg.add( (tempAttr.get("o") + "").substring(3));
+          }
           else {
             uorg.add(tempAttr.get("o") + "");
+          }
             sgarg
-            sgarg
+          if ( (tempAttr.get("ou") + "").startsWith("ou: ")) {
             uou.add( (tempAttr.get("ou") + "").substring(4));
+          }
           else {
             uou.add(tempAttr.get("ou") + "");
+          }
-            sgarg
+          if ( (tempAttr.get("mail") + "").startsWith("mail: ")) {
             umail.add( (tempAttr.get("mail") + "").substring(6));
+          }
           else {
             umail.add(tempAttr.get("mail") + "");
+          }
             sgarg
-            sgarg
+          uvec.add(sr.getName() + "," + ldapBase);
             bojilova
             sgarg
       catch (SizeLimitExceededException slee) {
-            sgarg
+        logMetacat.error("LDAP Server size limit exceeded. " +
-            sgarg
+                          "Returning incomplete record set.");
             sgarg
             bojilova
-            sgarg
+      // initialize users[]; fill users[]
-            sgarg
+      users = new String[uvec.size()][5];
-            sgarg
+      for (int i = 0; i < uvec.size(); i++) {
         users[i][0] = (String) uvec.elementAt(i);
         users[i][1] = (String) uname.elementAt(i);
         users[i][2] = (String) uorg.elementAt(i);
-            sgarg
+        users[i][3] = (String) uorg.elementAt(i);
         users[i][4] = (String) umail.elementAt(i);
             sgarg
             bojilova
-            sgarg
+      // Close the context when we're done
       ctx.close();
             bojilova
             sgarg
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Problem getting users in AuthLdap.getUsers:" + e);
-            tao
+      //e.printStackTrace(System.err);
-            bojilova
+      throw new ConnectException(
-            sgarg
+          "Problem getting users in AuthLdap.getUsers:" + e);
             bojilova
     return users;
             bojilova
             sgarg
-            bojilova
+  /**
-            sgarg
+   * Get all users from the authentication service
+   *
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @returns string array of all of the user names
    */
   public String[] getUserInfo(String user, String password) throws
       ConnectException {
     String[] userinfo = new String[3];
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
     env.put(Context.INITIAL_CONTEXT_FACTORY,
             "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.REFERRAL, referral);
     env.put(Context.PROVIDER_URL, ldapUrl);
     try {
             sgarg
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
       // Specify the attributes to match.
       // Users are objects that have the attribute objectclass=InetOrgPerson.
       SearchControls ctls = new SearchControls();
       String[] attrIDs = {
           "cn", "o", "mail"};
       ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
       //ctls.setCountLimit(1000);
-            sgarg
+      // create the filter based on the uid
       String filter = null;
       if(user.indexOf("o=")>0){
     	  String tempStr = user.substring(user.indexOf("o="));
     	  filter = "(&(" + user.substring(0, user.indexOf(","))
 			+ ")(" + tempStr.substring(0, tempStr.indexOf(","))
 			+ "))";
       } else{
     	  filter = "(&(" + user.substring(0, user.indexOf(","))
 			+ "))";
+      }
    	  filter = "(&(" + user.substring(0, user.indexOf(","))
 		+ "))";
-            sgarg
+      NamingEnumeration namingEnum = ctx.search(user, filter, ctls);
             sgarg
-            sgarg
+      Attributes tempAttr = null;
       try {
         while (namingEnum.hasMore()) {
           SearchResult sr = (SearchResult) namingEnum.next();
           tempAttr = sr.getAttributes();
           if ( (tempAttr.get("cn") + "").startsWith("cn: ")) {
         	  userinfo[0] = (tempAttr.get("cn") + "").substring(4);
+          }
           else {
         	  userinfo[0] = (tempAttr.get("cn") + "");
+          }
           if ( (tempAttr.get("o") + "").startsWith("o: ")) {
         	  userinfo[1] = (tempAttr.get("o") + "").substring(3);
+          }
           else {
         	  userinfo[1] = (tempAttr.get("o") + "");
+          }
           if ( (tempAttr.get("mail") + "").startsWith("mail: ")) {
         	  userinfo[2] =  (tempAttr.get("mail") + "").substring(6);
+          }
           else {
         	  userinfo[2] = (tempAttr.get("mail") + "");
+          }
+        }
+      }
       catch (SizeLimitExceededException slee) {
         logMetacat.error("LDAP Server size limit exceeded. " +
                           "Returning incomplete record set.");
+      }
       // Close the context when we're done
       ctx.close();
+    }
     catch (NamingException e) {
       logMetacat.error("Problem getting users in AuthLdap.getUsers:" + e);
       //e.printStackTrace(System.err);
       throw new ConnectException(
           "Problem getting users in AuthLdap.getUsers:" + e);
+    }
     return userinfo;
+  }
   /**
-            bojilova
+   * Get the users for a particular group from the authentication service
             jones
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @param group the group whose user list should be returned
    * @returns string array of the user names belonging to the group
-            bojilova
+   */
-            sgarg
+  public String[] getUsers(String user, String password, String group) throws
       ConnectException {
-            bojilova
+    String[] users = null;
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            bojilova
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl);
             bojilova
     try {
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
             bojilova
-            sgarg
+      // Specify the ids of the attributes to return
       String[] attrIDs = {
           "uniqueMember"};
             bojilova
-            sgarg
+      Attributes answer = ctx.getAttributes(group, attrIDs);
             bojilova
-            sgarg
+      Vector uvec = new Vector();
       try {
         for (NamingEnumeration ae = answer.getAll(); ae.hasMore(); ) {
           Attribute attr = (Attribute) ae.next();
           for (NamingEnumeration e = attr.getAll();
                e.hasMore();
                uvec.add(e.next())
                ) {
+            ;
+          }
             bojilova
             sgarg
       catch (SizeLimitExceededException slee) {
-            sgarg
+        logMetacat.error("LDAP Server size limit exceeded. " +
-            sgarg
+                          "Returning incomplete record set.");
             sgarg
             bojilova
-            sgarg
+      // initialize users[]; fill users[]
       users = new String[uvec.size()];
       for (int i = 0; i < uvec.size(); i++) {
         users[i] = (String) uvec.elementAt(i);
+      }
             bojilova
-            sgarg
+      // Close the context when we're done
       ctx.close();
             bojilova
             sgarg
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Problem getting users for a group in " +
-            sgarg
+                        "AuthLdap.getUsers:" + e);
-            bojilova
+      throw new ConnectException(
-            sgarg
+          "Problem getting users for a group in AuthLdap.getUsers:" + e);
             bojilova
     return users;
             bojilova
   /**
    * Get all groups from the authentication service
             jones
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @returns string array of the group names
-            bojilova
+   */
-            sgarg
+  public String[][] getGroups(String user, String password) throws
       ConnectException {
     return getGroups(user, password, null);
             bojilova
   /**
    * Get the groups for a particular user from the authentication service
             jones
    * @param user the user for authenticating against the service
    * @param password the password for authenticating against the service
    * @param foruser the user whose group list should be returned
    * @returns string array of the group names
-            bojilova
+   */
-            sgarg
+  public String[][] getGroups(String user, String password, String foruser) throws
       ConnectException {
-            sgarg
+    Vector gvec = new Vector();
-            sgarg
+    Vector desc = new Vector();
     Attributes tempAttr = null;
-            tao
+    //Pass the username and password to run() method
-            sgarg
+    userName = user;
     userPassword = password;
-            bojilova
+    // Identify service provider to use
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            bojilova
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            berkley
+    env.put(Context.REFERRAL, "throw");
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl);
-            bojilova
+    try {
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
       // Specify the ids of the attributes to return
       String[] attrIDs = {
           "cn", "o", "description"};
       // Specify the attributes to match.
       // Groups are objects with attribute objectclass=groupofuniquenames.
       // and have attribute uniquemember: uid=foruser,ldapbase.
       SearchControls ctls = new SearchControls();
       ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
             sgarg
-            sgarg
+      String filter = null;
       String gfilter = "(objectClass=groupOfUniqueNames)";
       if (null == foruser) {
         filter = gfilter;
+      }
       else {
         filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))";
+      }
-            sgarg
+      logMetacat.info("searching for groups: " + filter);
-            sgarg
+      NamingEnumeration namingEnum = ctx.search(ldapBase, filter, ctls);
             tao
-            sgarg
+      // Print the groups
-            sgarg
+      logMetacat.info("getting group results.");
-            sgarg
+      while (namingEnum.hasMore()) {
         SearchResult sr = (SearchResult) namingEnum.next();
-            sgarg
+        tempAttr = sr.getAttributes();
             sgarg
-            sgarg
+        if ( (tempAttr.get("description") + "").startsWith("description: ")) {
           desc.add( (tempAttr.get("description") + "").substring(13));
             bojilova
-            sgarg
+        else {
           desc.add(tempAttr.get("description") + "");
+        }
             tao
-            sgarg
+        gvec.add(sr.getName() + "," + ldapBase);
-            sgarg
+        logMetacat.info("group " + sr.getName() +
-            sgarg
+                                 " added to Group vector");
             sgarg
       // Close the context when we're done
       ctx.close();
             sgarg
-            sgarg
+    catch (ReferralException re) {
-            berkley
+      refExc = re;
       Thread t = new Thread(new GetGroup());
-            sgarg
+      logMetacat.info("Starting thread...");
-            berkley
+      t.start();
-            sgarg
+      logMetacat.info("sleeping for 5 seconds.");
-            sgarg
+      try {
-            berkley
+        Thread.sleep(5000);
+      }
-            sgarg
+      catch (InterruptedException ie) {
-            sgarg
+        logMetacat.error("main thread interrupted: " + ie.getMessage());
             berkley
       //this is a manual override of jndi's hideously long time
       //out period.
-            sgarg
+      logMetacat.info("Awake after 5 seconds.");
-            sgarg
+      if (referralContext == null) {
-            sgarg
+        logMetacat.info("thread timed out...returning groups: " +
-            sgarg
+                          gvec.toString());
-            sgarg
+        String groups[][] = new String[gvec.size()][2];
-            sgarg
+        for (int i = 0; i < gvec.size(); i++) {
           groups[i][0] = (String) gvec.elementAt(i);
           groups[i][1] = (String) desc.elementAt(i);
             tao
-            berkley
+        t.interrupt();
         return groups;
+      }
-            sgarg
+      DirContext dc = (DirContext) referralContext;
       String[] attrIDs = {
           "cn", "o", "description"};
-            berkley
+      // Specify the attributes to match.
       // Groups are objects with attribute objectclass=groupofuniquenames.
       // and have attribute uniquemember: uid=foruser,ldapbase.
       SearchControls ctls = new SearchControls();
       ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
             sgarg
-            berkley
+      String filter = null;
       String gfilter = "(objectClass=groupOfUniqueNames)";
       if (null == foruser) {
-            sgarg
+        filter = gfilter;
             berkley
-            sgarg
+      else {
         filter = "(& " + gfilter + "(uniqueMember=" + foruser + "))";
+      }
             sgarg
-            sgarg
+      try {
-            sgarg
+        NamingEnumeration namingEnum = dc.search(ldapBase, filter, ctls);
-            tao
+        // Print the groups
-            sgarg
+        while (namingEnum.hasMore()) {
           SearchResult sr = (SearchResult) namingEnum.next();
-            sgarg
+          tempAttr = sr.getAttributes();
-            sgarg
+          if ( (tempAttr.get("description") + "").startsWith("description: ")) {
-            sgarg
+            desc.add( (tempAttr.get("description") + "").substring(13));
+          }
-            sgarg
+          else {
             desc.add(tempAttr.get("description") + "");
+          }
             sgarg
-            sgarg
+          gvec.add(sr.getName() + "," + ldapBase);
             tao
             sgarg
-            tao
+        referralContext.close();
         dc.close();
+      }
-            sgarg
+      catch (NamingException ne) {
-            sgarg
+        logMetacat.warn("Naming Exception in AuthLdap.getGroups" +
-            sgarg
+                                 ne.getExplanation() + ne.getMessage());
             tao
             sgarg
     catch (NamingException e) {
-            berkley
+      e.printStackTrace(System.err);
-            sgarg
+      String groups[][] = new String[gvec.size()][2];
-            sgarg
+      for (int i = 0; i < gvec.size(); i++) {
         groups[i][0] = (String) gvec.elementAt(i);
         groups[i][1] = (String) desc.elementAt(i);
             tao
       return groups;
-            sgarg
+      /*throw new ConnectException(
              "Problem getting groups for a user in AuthLdap.getGroups:" + e);*/
             sgarg
-            sgarg
+    logMetacat.warn("The user is in the following groups: " +
-            sgarg
+                             gvec.toString());
-            sgarg
+    String groups[][] = new String[gvec.size()][2];
-            sgarg
+    for (int i = 0; i < gvec.size(); i++) {
       groups[i][0] = (String) gvec.elementAt(i);
       groups[i][1] = (String) desc.elementAt(i);
             berkley
-            bojilova
+    return groups;
             bojilova
   /**
    * Get attributes describing a user or group
+   *
-            jones
+   * @param foruser the user for which the attribute list is requested
-            bojilova
+   * @returns HashMap a map of attribute name to a Vector of values
    */
-            sgarg
+  public HashMap getAttributes(String foruser) throws ConnectException {
-            jones
+    return getAttributes(null, null, foruser);
             bojilova
   /**
    * Get attributes describing a user or group
+   *
-            jones
+   * @param user the user for authenticating against the service
-            bojilova
+   * @param password the password for authenticating against the service
-            jones
+   * @param foruser the user whose attributes should be returned
-            bojilova
+   * @returns HashMap a map of attribute name to a Vector of values
    */
-            sgarg
+  public HashMap getAttributes(String user, String password, String foruser) throws
       ConnectException {
-            bojilova
+    HashMap attributes = new HashMap();
-            bojilova
+    String ldapUrl = this.ldapUrl;
     String ldapBase = this.ldapBase;
     String userident = foruser;
             sgarg
-            bojilova
+    // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            sgarg
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            jones
+    env.put(Context.REFERRAL, referral);
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl);
             bojilova
     try {
             sgarg
-            bojilova
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
             sgarg
       // Ask for all attributes of the user
-            jones
+      //Attributes attrs = ctx.getAttributes(userident);
       Attributes attrs = ctx.getAttributes(foruser);
             sgarg
-            bojilova
+      // Print all of the attributes
       NamingEnumeration en = attrs.getAll();
       while (en.hasMore()) {
-            sgarg
+        Attribute att = (Attribute) en.next();
-            bojilova
+        Vector values = new Vector();
         String attName = att.getID();
         NamingEnumeration attvalues = att.getAll();
         while (attvalues.hasMore()) {
-            sgarg
+          String value = (String) attvalues.next();
-            bojilova
+          values.add(value);
+        }
         attributes.put(attName, values);
+      }
             sgarg
-            bojilova
+      // Close the context when we're done
       ctx.close();
             sgarg
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Problem getting attributes in " +
-            sgarg
+                        "AuthLdap.getAttributes:" + e);
-            bojilova
+      throw new ConnectException(
-            sgarg
+          "Problem getting attributes in AuthLdap.getAttributes:" + e);
             bojilova
     return attributes;
+  }
   /**
-            bojilova
+   * Get list of all subtrees holding Metacat's groups and users
-            sgarg
+   * starting from the Metacat LDAP root,
-            bojilova
+   * i.e. ldap://dev.nceas.ucsb.edu/dc=ecoinformatics,dc=org
-            jones
+   */
-            bojilova
+  private Hashtable getSubtrees(String user, String password,
-            sgarg
+                                String ldapUrl, String ldapBase) throws
       ConnectException {
-            bojilova
+    Hashtable trees = new Hashtable();
             jones
     // Identify service provider to use
     Hashtable env = new Hashtable(11);
-            sgarg
+    env.put(Context.INITIAL_CONTEXT_FACTORY,
-            jones
+            "com.sun.jndi.ldap.LdapCtxFactory");
-            sgarg
+    // env.put(Context.REFERRAL, referral);
     // Using 'ignore' here instead of 'follow' as 'ignore' seems
     // to do the job better. 'follow' was not bringing up the UCNRS
     // and PISCO tree whereas 'ignore' brings up the tree.
     env.put(Context.REFERRAL, "ignore");
-            jones
+    env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
     try {
-            sgarg
+      // Create the initial directory context
       DirContext ctx = new InitialDirContext(env);
             bojilova
-            sgarg
+      // Specify the ids of the attributes to return
       String[] attrIDs = {
           "o", "ref"};
       SearchControls ctls = new SearchControls();
       ctls.setReturningAttributes(attrIDs);
       ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
             sgarg
-            sgarg
+      // Specify the attributes to match.
       // Subtrees from the main server are found as objects with attribute
       // objectclass=organization or objectclass=referral to the subtree
       // resided on other server.
       String filter = "(|(objectclass=organization)(objectclass=referral))";
             bojilova
-            sgarg
+      // Search for objects in the current context
-            sgarg
+      NamingEnumeration namingEnum = ctx.search("", filter, ctls);
             bojilova
-            sgarg
+      // Print the subtrees' <ldapURL, baseDN>
-            sgarg
+      while (namingEnum.hasMore()) {
             sgarg
-            sgarg
+        SearchResult sr = (SearchResult) namingEnum.next();
             sgarg
         Attributes attrs = sr.getAttributes();
         NamingEnumeration enum1 = attrs.getAll(); // "dc" and "ref" attrs
         if (enum1.hasMore()) {
           Attribute attr = (Attribute) enum1.next();
           String attrValue = (String) attr.get();
           String attrName = (String) attr.getID();
-            bojilova
+          if (enum1.hasMore()) {
-            sgarg
+            attr = (Attribute) enum1.next();
             String refValue = (String) attr.get();
             String refName = (String) attr.getID();
             if (ldapBase.startsWith(refName + "=" + refValue)) {
               trees.put(ldapBase,
                         attrValue.substring(0, attrValue.lastIndexOf("/") + 1));
+            }
             else {
-            sgarg
+              // this is a referral - so organization name is appended in
               // front of the ldapbase.... later it is stripped out
               // in getPrincipals
               trees.put("[" + refName + "=" + refValue + "]" +
                         attrValue.substring(attrValue.lastIndexOf("/") + 1,
                                             attrValue.length()),
-            sgarg
+                        attrValue.substring(0, attrValue.lastIndexOf("/") + 1));
             sgarg
               // trees.put(refName + "=" + refValue + "," + ldapBase,
               //           attrValue.substring(0, attrValue.lastIndexOf("/") + 1));
             sgarg
             sgarg
             sgarg
           else if (ldapBase.startsWith(attrName + "=" + attrValue)) {
             trees.put(ldapBase, ldapUrl);
+          }
           else {
-            sgarg
+            if (sr.isRelative()) {
-            sgarg
+              trees.put(attrName + "=" + attrValue + "," + ldapBase, ldapUrl);
             sgarg
             else {
-            sgarg
+              String referenceURL = sr.getName();
-            sgarg
+              referenceURL = referenceURL.substring(0,
                   referenceURL.lastIndexOf("/") + 1);
               trees.put(attrName + "=" + attrValue + "," + ldapBase,
                         referenceURL);
             bojilova
             sgarg
             jones
+        }
             sgarg
             bojilova
-            sgarg
+      // Close the context when we're done
       ctx.close();
             bojilova
             sgarg
     catch (NamingException e) {
-            sgarg
+      logMetacat.error("Problem getting subtrees in AuthLdap.getSubtrees:"
-            sgarg
+                        + e);
-            bojilova
+      throw new ConnectException(
-            sgarg
+          "Problem getting subtrees in AuthLdap.getSubtrees:" + e);
             jones
-            bojilova
+    return trees;
             jones
   /**
-            bojilova
+   * Get all groups and users from authentication scheme.
-            bojilova
+   * The output is formatted in XML.
-            bojilova
+   * @param user the user which requests the information
    * @param password the user's password
-            bojilova
+   */
-            sgarg
+  public String getPrincipals(String user, String password) throws
       ConnectException {
-            bojilova
+    StringBuffer out = new StringBuffer();
             sgarg
-            sgarg
+    out.append("<?xml version=\"1.0\" encoding=\"US-ASCII\"?>\n");
-            bojilova
+    out.append("<principals>\n");
             sgarg
-            bojilova
+    /*
-            sgarg
+     * get all subtrees first in the current dir context
-            bojilova
+     * and then the Metacat users under them
      */
-            sgarg
+    Hashtable subtrees = getSubtrees(user, password, this.ldapUrl,
                                      this.ldapBase);
             sgarg
-            sgarg
+    Enumeration keyEnum = subtrees.keys();
     while (keyEnum.hasMoreElements()) {
       this.ldapBase = (String) keyEnum.nextElement();
-            sgarg
+      this.ldapUrl = (String) subtrees.get(ldapBase);
             sgarg
-            sgarg
+      /*
        * code to get the organization name from ldapBase
        */
-            sgarg
+      String orgName = this.ldapBase;
-            sgarg
+      if (orgName.startsWith("[")) {
-            sgarg
+        // if orgName starts with [ then it is a referral URL...
         // (see code in getSubtress)
         // hence orgName can be retrieved  by getting the string between
         // 'o=' and ']'
         // also the string between [ and ] needs to be striped out from
         // this.ldapBase
         this.ldapBase = orgName.substring(orgName.indexOf("]") + 1);
         if (orgName != null && orgName.indexOf("o=") > -1) {
           orgName = orgName.substring(orgName.indexOf("o=") + 2);
           orgName = orgName.substring(0, orgName.indexOf("]"));
+        }
             sgarg
       else {
-            sgarg
+        // else it is not referral
         // hence orgName can be retrieved  by getting the string between
         // 'o=' and ','
         if (orgName != null && orgName.indexOf("o=") > -1) {
           orgName = orgName.substring(orgName.indexOf("o=") + 2);
           if (orgName.indexOf(",") > -1) {
             orgName = orgName.substring(0, orgName.indexOf(","));
+          }
+        }
             sgarg
-            sgarg
+      out.append("  <authSystem URI=\"" +
-            sgarg
+                 this.ldapUrl + this.ldapBase + "\" organization=\"" + orgName +
                  "\">\n");
             bojilova
       // get all groups for directory context
-            sgarg
+      String[][] groups = getGroups(user, password);
       String[][] users = getUsers(user, password);
       int userIndex = 0;
             bojilova
       // for the groups and users that belong to them
-            sgarg
+      if (groups != null && groups.length > 0) {
         for (int i = 0; i < groups.length; i++) {
-            bojilova
+          out.append("    <group>\n");
-            sgarg
+          out.append("      <groupname>" + groups[i][0] + "</groupname>\n");
           out.append("      <description>" + groups[i][1] + "</description>\n");
-            sgarg
+          String[] usersForGroup = getUsers(user, password, groups[i][0]);
           for (int j = 0; j < usersForGroup.length; j++) {
             sgarg
-            sgarg
+            userIndex = searchUser(usersForGroup[j], users);
-            bojilova
+            out.append("      <user>\n");
             sgarg
-            sgarg
+            if (userIndex < 0) {
-            sgarg
+              out.append("        <username>" + usersForGroup[j] +
                          "</username>\n");
             sgarg
             else {
-            sgarg
+              out.append("        <username>" + users[userIndex][0] +
-            sgarg
+                         "</username>\n");
-            sgarg
+              out.append("        <name>" + users[userIndex][1] + "</name>\n");
               out.append("        <organization>" + users[userIndex][2] +
-            sgarg
+                         "</organization>\n");
-            sgarg
+              if (users[userIndex][3].compareTo("null") != 0) {
                 out.append("      <organizationUnitName>" + users[userIndex][3] +
                            "</organizationUnitName>\n");
+              }
               out.append("        <email>" + users[userIndex][4] + "</email>\n");
             sgarg
-            bojilova
+            out.append("      </user>\n");
+          }
           out.append("    </group>\n");
+        }
+      }
             sgarg
-            sgarg
+      // for the users not belonging to any grou8p
-            sgarg
+      for (int j = 0; j < users.length; j++) {
-            bojilova
+          out.append("    <user>\n");
-            sgarg
+          out.append("      <username>" + users[j][0] + "</username>\n");
           out.append("      <name>" + users[j][1] + "</name>\n");
-            sgarg
+          out.append("      <organization>" + users[j][2] +
                      "</organization>\n");
           if (users[j][3].compareTo("null") != 0) {
             out.append("      <organizationUnitName>" + users[j][3] +
                        "</organizationUnitName>\n");
+          }
           out.append("      <email>" + users[j][4] + "</email>\n");
-            bojilova
+          out.append("    </user>\n");
+      }
             sgarg
-            bojilova
+      out.append("  </authSystem>\n");
             bojilova
     out.append("</principals>");
     return out.toString();
+  }
   /**
-            sgarg
+   * Method for getting index of user DN in User info array
    */
-            sgarg
+  int searchUser(String user, String userGroup[][]) {
     for (int j = 0; j < userGroup.length; j++) {
       if (user.compareTo(userGroup[j][0]) == 0) {
-            sgarg
+        return j;
+      }
+    }
     return -1;
+  }
   /**
-            bojilova
+   * Test method for the class
    */
   public static void main(String[] args) {
-            jones
+    // Provide a user, such as: "Matt Jones", or "jones"
-            bojilova
+    String user = args[0];
     String password = args[1];
-            sgarg
+    logMetacat.warn("Creating session...");
-            bojilova
+    AuthLdap authservice = new AuthLdap();
-            sgarg
+    logMetacat.warn("Session exists...");
             sgarg
-            bojilova
+    boolean isValid = false;
     try {
-            sgarg
+      logMetacat.warn("Authenticating...");
-            bojilova
+      isValid = authservice.authenticate(user, password);
       if (isValid) {
-            sgarg
+    	  logMetacat.warn("Authentication successful for: " + user);
             sgarg
       else {
-            sgarg
+        logMetacat.warn("Authentication failed for: " + user);
             bojilova
             bojilova
-            jones
+      // Get attributes for the user
-            bojilova
+      if (isValid) {
-            sgarg
+        logMetacat.info("\nGetting attributes for user....");
-            tao
+        HashMap userInfo = authservice.getAttributes(user, password, user);
-            bojilova
+        // Print all of the attributes
-            sgarg
+        Iterator attList = (Iterator) ( ( (Set) userInfo.keySet()).iterator());
-            bojilova
+        while (attList.hasNext()) {
-            sgarg
+          String att = (String) attList.next();
           Vector values = (Vector) userInfo.get(att);
-            bojilova
+          Iterator attvalues = values.iterator();
           while (attvalues.hasNext()) {
-            sgarg
+            String value = (String) attvalues.next();
-            sgarg
+            logMetacat.warn(att + ": " + value);
             bojilova
+        }
             jones
             bojilova
-            jones
+      // get the groups
       if (isValid) {
-            sgarg
+        logMetacat.warn("\nGetting all groups....");
-            sgarg
+        String[][] groups = authservice.getGroups(user, password);
-            sgarg
+        logMetacat.info("Groups found: " + groups.length);
-            sgarg
+        for (int i = 0; i < groups.length; i++) {
-            sgarg
+          logMetacat.info("Group " + i + ": " + groups[i][0]);
             jones
             bojilova
             bojilova
-            jones
+      // get the groups for the user
       String savedGroup = null;
       if (isValid) {
-            sgarg
+        logMetacat.warn("\nGetting groups for user....");
-            sgarg
+        String[][] groups = authservice.getGroups(user, password, user);
-            sgarg
+        logMetacat.info("Groups found: " + groups.length);
-            sgarg
+        for (int i = 0; i < groups.length; i++) {
-            sgarg
+          logMetacat.info("Group " + i + ": " + groups[i][0]);
-            sgarg
+          savedGroup = groups[i][0];
             jones
+      }
       // get the users for a group
       if (isValid) {
-            sgarg
+        logMetacat.warn("\nGetting users for group....");
         logMetacat.info("Group: " + savedGroup);
-            jones
+        String[] users = authservice.getUsers(user, password, savedGroup);
-            sgarg
+        logMetacat.info("Users found: " + users.length);
-            sgarg
+        for (int i = 0; i < users.length; i++) {
-            sgarg
+          logMetacat.warn("User " + i + ": " + users[i]);
             jones
+      }
       // get all users
       if (isValid) {
-            sgarg
+        logMetacat.warn("\nGetting all users ....");
-            sgarg
+        String[][] users = authservice.getUsers(user, password);
-            sgarg
+        logMetacat.info("Users found: " + users.length);
             sgarg
             jones
             jones
-            bojilova
+      // get the whole list groups and users in XML format
-            bojilova
+      if (isValid) {
-            sgarg
+        logMetacat.warn("\nTrying principals....");
-            bojilova
+        authservice = new AuthLdap();
-            bojilova
+        String out = authservice.getPrincipals(user, password);
-            bojilova
+        java.io.File f = new java.io.File("principals.xml");
-            bojilova
+        java.io.FileWriter fw = new java.io.FileWriter(f);
         java.io.BufferedWriter buff = new java.io.BufferedWriter(fw);
         buff.write(out);
         buff.flush();
         buff.close();
         fw.close();
-            sgarg
+        logMetacat.warn("\nFinished getting principals.");
             bojilova
             jones
             sgarg
     catch (ConnectException ce) {
-            sgarg
+      logMetacat.error(ce.getMessage());
             sgarg
     catch (java.io.IOException ioe) {
-            sgarg
+      logMetacat.error("I/O Error writing to file principals.txt");
             bojilova
+  }
             sgarg
-            tao
+  /**
    * This method will be called by start a thread.
    * It can handle if a referral exception happend.
-            sgarg
+   */
-            sgarg
+  public void run() {
-            berkley
+    referralContext = null;
-            sgarg
+    DirContext refDirContext = null;
     boolean moreReferrals = true;
     String referralInfo = null;
-            tao
+    //set a while loop is because we don't know if a referral excption contains
     //another referral exception
-            sgarg
+    while (moreReferrals) {
       try {
-            tao
+        //revise environment variable
-            sgarg
+        referralInfo = (String) refExc.getReferralInfo();
-            sgarg
+        logMetacat.info("Processing referral (pr0): ");
         logMetacat.info("PROVIDER_URL set to (pr1): " + referralInfo);
-            jones
+        //env.put(Context.PROVIDER_URL,referralInfo);
         //env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
         //env.put(Context.SECURITY_PRINCIPAL, userName);
         //env.put(Context.SECURITY_CREDENTIALS, userPassword);
         //env.put(Context.REFERRAL, "throw");
-            sgarg
+        //logMetacat.info("Processing referral (pr1.info): " + userName,35);
         //logMetacat.info("Processing referral (pr2)",35);
-            jones
+        //rContext = refExc.getReferralContext(env);
         rContext = refExc.getReferralContext();
-            sgarg
+        logMetacat.info("Processing referral (pr3)");
-            tao
+        //casting the context to dircontext and it will create a
         //autherntication or naming exception if DN and password is incorrect
-            sgarg
+        referralContext = rContext;
         refDirContext = (DirContext) rContext;
-            tao
+        refDirContext.close();
-            tao
+        //get context and jump out the while loop
-            sgarg
+        moreReferrals = false;
-            sgarg
+        logMetacat.info("Processing referral (pr4)");
-            sgarg
+      } //try
-            tao
+      //if referral have another referral excption
-            sgarg
+      catch (ReferralException re) {
-            sgarg
+        logMetacat.warn("GOT referral exception (re1): " + re.getMessage());
         logMetacat.warn("RE details (re2): " + re.toString(true));
-            tao
+        //keep running in while loop
-            sgarg
+        moreReferrals = true;
-            tao
+        //assign refExc to new referral exception re
-            sgarg
+        refExc = re;
             tao
-            tao
+      //catch a authentication exception
-            sgarg
+      catch (AuthenticationException ae) {
-            sgarg
+        logMetacat.error("Error running referral handler thread (ae1): " +
-            sgarg
+                          ae.getMessage());
-            tao
+        //check if has another referral
-            sgarg
+        moreReferrals = refExc.skipReferral();
-            tao
+        //don't get the context
         referralContext = null;
+      }
-            tao
+      //catch a naming exception
-            sgarg
+      catch (NamingException ne) {
-            sgarg
+        logMetacat.error("Error running referral handler thread (ne1): " +
-            sgarg
+                          ne.getMessage());
-            tao
+        //check if has another referral
-            sgarg
+        moreReferrals = refExc.skipReferral();
-            tao
+        //don't get context
-            sgarg
+        referralContext = null;
             tao
-            sgarg
+    } //while
   } //run()
             sgarg
-            sgarg
+  private class GetGroup
       implements Runnable {
     public void run() {
-            tao
+      referralContext = null;
-            sgarg
+      logMetacat.info("getting groups context");
-            sgarg
+      DirContext refDirContext = null;
       boolean moreReferrals = true;
-            sgarg
+      //set a while loop is because we don't know if a referral excption
-            tao
+      //contains another referral exception
-            sgarg
+      while (moreReferrals) {
         try {
-            tao
+          //revise environment variable
           String refInfo = null;
-            sgarg
+          refInfo = (String) refExc.getReferralInfo();
           if (refInfo != null) {
-            sgarg
+            logMetacat.info("Referral in thread to: " +
-            sgarg
+                                     refInfo.toString());
             tao
-            sgarg
+          else {
-            sgarg
+            logMetacat.info("getting refInfo Manually");
-            sgarg
+            refInfo = (String) refExc.getReferralContext().getEnvironment().
                 get(Context.PROVIDER_URL);
             tao
-            sgarg
+          logMetacat.info("refInfo: " + refInfo);
             sgarg
           env.put(Context.INITIAL_CONTEXT_FACTORY,
-            sgarg
+                  "com.sun.jndi.ldap.LdapCtxFactory");
-            tao
+          env.put(Context.REFERRAL, "throw");
           env.put(Context.PROVIDER_URL, refInfo);
             sgarg
-            sgarg
+          logMetacat.info("creating referralContext");
-            tao
+          referralContext = new InitialDirContext(env);
-            sgarg
+          logMetacat.info("referralContext created");
-            tao
+          //get context and jump out the while loop
-            sgarg
+          moreReferrals = false;
         } //try
         catch (ReferralException re) {
-            tao
+          //keep running in while loop
-            sgarg
+          moreReferrals = true;
-            tao
+          //assign refExc to new referral exception re
-            sgarg
+          refExc = re;
             tao
-            sgarg
+        catch (AuthenticationException ae) {
-            sgarg
+          logMetacat.error("Error running referral handler thread (ae2): " +
-            sgarg
+                            ae.getMessage());
-            tao
+          //check if has another referral
-            sgarg
+          moreReferrals = refExc.skipReferral();
-            tao
+          //don't get the context
           referralContext = null;
+        }
-            sgarg
+        catch (NamingException ne) {
-            sgarg
+          logMetacat.error("Error running referral handler thread (ne2): " +
-            sgarg
+                            ne.getMessage());
-            tao
+          //check if has another referral
-            sgarg
+          moreReferrals = refExc.skipReferral();
-            tao
+          //don't get context
-            sgarg
+          referralContext = null;
             tao
-            sgarg
+      } //while
     } //run()
+  }
             bojilova

Project

General

Profile

Metacat