| 33 |
33 |
|
| 34 |
34 |
import javax.naming.AuthenticationException;
|
| 35 |
35 |
import javax.naming.Context;
|
|
36 |
import javax.naming.InitialContext;
|
| 36 |
37 |
import javax.naming.directory.Attribute;
|
| 37 |
38 |
import javax.naming.directory.Attributes;
|
| 38 |
39 |
import javax.naming.directory.BasicAttribute;
|
| ... | ... | |
| 46 |
47 |
import java.util.Iterator;
|
| 47 |
48 |
import java.util.HashMap;
|
| 48 |
49 |
import java.util.Hashtable;
|
|
50 |
import java.util.Enumeration;
|
| 49 |
51 |
import java.util.Set;
|
| 50 |
52 |
import java.util.Vector;
|
| 51 |
53 |
|
| ... | ... | |
| 70 |
72 |
this.util = new MetaCatUtil();
|
| 71 |
73 |
this.ldapUrl = util.getOption("ldapurl");
|
| 72 |
74 |
this.ldapBase = util.getOption("ldapbase");
|
| 73 |
|
|
| 74 |
75 |
}
|
| 75 |
76 |
|
| 76 |
77 |
/**
|
| ... | ... | |
| 84 |
85 |
public boolean authenticate(String user, String password)
|
| 85 |
86 |
throws ConnectException
|
| 86 |
87 |
{
|
| 87 |
|
String distName = null;
|
|
88 |
String ldapUrl = this.ldapUrl;
|
|
89 |
String ldapBase = this.ldapBase;
|
| 88 |
90 |
boolean authenticated = false;
|
| 89 |
|
|
|
91 |
|
| 90 |
92 |
// Identify service provider to use
|
| 91 |
93 |
Hashtable env = new Hashtable(11);
|
| 92 |
94 |
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
| 93 |
95 |
"com.sun.jndi.ldap.LdapCtxFactory");
|
| 94 |
|
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
|
|
96 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
97 |
// env.put(Context.SECURITY_PRINCIPAL, user);
|
| 95 |
98 |
|
| 96 |
99 |
try {
|
| 97 |
100 |
|
| 98 |
|
// Get the dn for this uid or cn
|
| 99 |
|
String identifier = getIdentifyingName(user);
|
| 100 |
|
if (identifier != null) {
|
| 101 |
|
distName = identifier + "," + ldapBase;
|
| 102 |
|
// Now that we have the dn, we can authenticate, so
|
| 103 |
|
// authenticate this time when opening the DirContext
|
| 104 |
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
| 105 |
|
env.put(Context.SECURITY_PRINCIPAL, distName);
|
| 106 |
|
env.put(Context.SECURITY_CREDENTIALS, password);
|
| 107 |
|
// If our auth credentials are invalid, an exception will be thrown
|
| 108 |
|
DirContext ctx = new InitialDirContext(env);
|
|
101 |
/*
|
|
102 |
* get all subtrees first in the current dir context
|
|
103 |
* and then the dn for this uid or cn
|
|
104 |
*/
|
|
105 |
Hashtable subtrees = getSubtrees(user,password,ldapUrl,ldapBase);
|
|
106 |
|
|
107 |
Enumeration enum = subtrees.keys();
|
|
108 |
while ( enum.hasMoreElements() ) {
|
|
109 |
ldapBase = (String)enum.nextElement();
|
|
110 |
ldapUrl = (String)subtrees.get(ldapBase);
|
|
111 |
System.out.println(ldapUrl + ldapBase);
|
|
112 |
String identifier = getIdentifyingName(user,ldapUrl,ldapBase);
|
| 109 |
113 |
|
| 110 |
|
// If no exception is thrown then authentication succeeded
|
| 111 |
|
authenticated = true;
|
|
114 |
if (identifier != null) {
|
|
115 |
// Now that we have the dn, we can authenticate, so
|
|
116 |
// authenticate this time when opening the DirContext
|
|
117 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
|
|
118 |
// env.put(Context.SECURITY_PROTOCOL, "ssl");
|
|
119 |
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
120 |
env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
|
121 |
env.put(Context.SECURITY_CREDENTIALS, password);
|
|
122 |
// If our auth credentials are invalid, an exception will be thrown
|
|
123 |
DirContext ctx = null;
|
|
124 |
try {
|
|
125 |
ctx = new InitialDirContext(env);
|
|
126 |
authenticated = true;
|
|
127 |
ctx.close();
|
|
128 |
this.ldapUrl = ldapUrl;
|
|
129 |
this.ldapBase = ldapBase;
|
|
130 |
break;
|
|
131 |
} catch (AuthenticationException ae) {
|
|
132 |
authenticated = false;
|
|
133 |
if ( ctx != null ) {
|
|
134 |
ctx.close();
|
|
135 |
}
|
|
136 |
}
|
|
137 |
} else {
|
|
138 |
util.debugMessage("User not found");
|
|
139 |
//System.out.println("NOT FOUND HERE");
|
|
140 |
}
|
|
141 |
} /* while ( enum.hasMore() ) */
|
| 112 |
142 |
|
| 113 |
|
// Close the context when we're done
|
| 114 |
|
ctx.close();
|
| 115 |
|
} else {
|
| 116 |
|
util.debugMessage("User not found!");
|
| 117 |
|
}
|
| 118 |
|
|
| 119 |
|
} catch (AuthenticationException ae) {
|
| 120 |
|
util.debugMessage("Error authenticating in AuthLdap.authenticate: " + ae);
|
| 121 |
|
throw new ConnectException(
|
| 122 |
|
"Error authenticating in AuthLdap.authenticate: " + ae);
|
| 123 |
143 |
} catch (NamingException e) {
|
| 124 |
144 |
util.debugMessage("Naming exception while authenticating in " +
|
| 125 |
145 |
"AuthLdap.authenticate: " + e);
|
| 126 |
146 |
throw new ConnectException(
|
| 127 |
147 |
"Naming exception while authenticating in " +
|
| 128 |
148 |
"AuthLdap.authenticate: " + e);
|
|
149 |
} catch (Exception e) {
|
|
150 |
System.out.println(e.getMessage());
|
| 129 |
151 |
}
|
| 130 |
152 |
|
| 131 |
153 |
return authenticated;
|
| 132 |
154 |
}
|
| 133 |
155 |
|
| 134 |
156 |
/**
|
|
157 |
* Get the identifying name for a given userid or name. This is the name
|
|
158 |
* that is used in conjunction withthe LDAP BaseDN to create a
|
|
159 |
* distinguished name (dn) for the record
|
|
160 |
*
|
|
161 |
* @param user the user for which the identifying name is requested
|
|
162 |
* @returns String the identifying name for the user,
|
|
163 |
* or null if not found
|
|
164 |
*/
|
|
165 |
private String getIdentifyingName(String user, String ldapUrl, String ldapBase)
|
|
166 |
throws NamingException
|
|
167 |
{
|
|
168 |
String identifier = null;
|
|
169 |
|
|
170 |
// Identify service provider to use
|
|
171 |
Hashtable env = new Hashtable(11);
|
|
172 |
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
|
173 |
"com.sun.jndi.ldap.LdapCtxFactory");
|
|
174 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
|
|
175 |
// env.put(Context.SECURITY_AUTHENTICATION, "EXTERNAL");
|
|
176 |
// env.put(Context.SECURITY_PROTOCOL, "ssl");
|
|
177 |
|
|
178 |
try {
|
|
179 |
|
|
180 |
// Bind to the LDAP server, in order to search for the right
|
|
181 |
// distinguished name (dn) based on userid (uid) or common name (cn)
|
|
182 |
DirContext ctx = new InitialDirContext(env);
|
|
183 |
|
|
184 |
SearchControls ctls = new SearchControls();
|
|
185 |
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
|
186 |
|
|
187 |
// Search for the user id or name using the uid, then cn and sn attributes
|
|
188 |
// If we find a record, determine the dn for the record
|
|
189 |
util.debugMessage("\nStarting search phase...\n");
|
|
190 |
|
|
191 |
String filter = "(uid=" + user + ")";
|
|
192 |
NamingEnumeration answer = ctx.search("", filter, ctls);
|
|
193 |
if (answer.hasMore()) {
|
|
194 |
SearchResult sr = (SearchResult)answer.next();
|
|
195 |
identifier = sr.getName();
|
|
196 |
if ( !sr.isRelative() ) {
|
|
197 |
this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
|
|
198 |
this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
|
|
199 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1,
|
|
200 |
identifier.indexOf(","));
|
|
201 |
}
|
|
202 |
util.debugMessage("Found: " + identifier);
|
|
203 |
} else {
|
|
204 |
//Attributes matchAttrs2 = new BasicAttributes(true);
|
|
205 |
//matchAttrs2.put(new BasicAttribute("cn", user));
|
|
206 |
//NamingEnumeration answer2 = ctx.search("", matchAttrs2);
|
|
207 |
filter = "(cn=" + user + ")";
|
|
208 |
NamingEnumeration answer2 = ctx.search("", filter, ctls);
|
|
209 |
if (answer2.hasMore()) {
|
|
210 |
SearchResult sr = (SearchResult)answer2.next();
|
|
211 |
identifier = sr.getName();
|
|
212 |
if ( !sr.isRelative() ) {
|
|
213 |
this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
|
|
214 |
this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
|
|
215 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1,
|
|
216 |
identifier.indexOf(","));
|
|
217 |
}
|
|
218 |
util.debugMessage("Found: " + identifier);
|
|
219 |
} else {
|
|
220 |
//Attributes matchAttrs3 = new BasicAttributes(true);
|
|
221 |
//matchAttrs3.put(new BasicAttribute("sn", user));
|
|
222 |
//NamingEnumeration answer3 = ctx.search("", matchAttrs3);
|
|
223 |
filter = "(sn=" + user + ")";
|
|
224 |
NamingEnumeration answer3 = ctx.search("", filter, ctls);
|
|
225 |
if (answer3.hasMore()) {
|
|
226 |
SearchResult sr = (SearchResult)answer3.next();
|
|
227 |
identifier = sr.getName();
|
|
228 |
if ( !sr.isRelative() ) {
|
|
229 |
this.ldapUrl = identifier.substring(0,identifier.lastIndexOf("/")+1);
|
|
230 |
this.ldapBase = identifier.substring(identifier.indexOf(",")+1);
|
|
231 |
identifier = identifier.substring(identifier.lastIndexOf("/")+1,
|
|
232 |
identifier.indexOf(","));
|
|
233 |
}
|
|
234 |
util.debugMessage("Found: " + identifier);
|
|
235 |
}
|
|
236 |
}
|
|
237 |
}
|
|
238 |
// Close the context when we're done the initial search
|
|
239 |
ctx.close();
|
|
240 |
} catch (NamingException e) {
|
|
241 |
util.debugMessage("Naming exception while getting dn: " + e);
|
|
242 |
throw new NamingException(
|
|
243 |
"Naming exception in AuthLdap.getIdentifyingName: " + e);
|
|
244 |
}
|
|
245 |
|
|
246 |
//System.out.println("context: " + identifier);
|
|
247 |
return identifier;
|
|
248 |
}
|
|
249 |
|
|
250 |
/**
|
| 135 |
251 |
* Get all users from the authentication service
|
| 136 |
252 |
*/
|
| 137 |
253 |
public String[] getUsers(String user, String password)
|
| ... | ... | |
| 147 |
263 |
|
| 148 |
264 |
try {
|
| 149 |
265 |
|
| 150 |
|
// Get the dn for this uid or cn
|
| 151 |
|
String identifier = getIdentifyingName(user);
|
| 152 |
|
if (identifier != null) {
|
| 153 |
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
| 154 |
|
env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
| 155 |
|
env.put(Context.SECURITY_CREDENTIALS, password);
|
|
266 |
//// Get the dn for this uid or cn
|
|
267 |
//String identifier = getIdentifyingName(user);
|
|
268 |
//if (identifier != null) {
|
|
269 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
270 |
// env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
|
271 |
// env.put(Context.SECURITY_CREDENTIALS, password);
|
| 156 |
272 |
|
| 157 |
273 |
// Create the initial directory context
|
| 158 |
274 |
DirContext ctx = new InitialDirContext(env);
|
| ... | ... | |
| 188 |
304 |
|
| 189 |
305 |
// Close the context when we're done
|
| 190 |
306 |
ctx.close();
|
| 191 |
|
} else {
|
| 192 |
|
util.debugMessage("User not found!");
|
| 193 |
|
}
|
|
307 |
//} else {
|
|
308 |
// util.debugMessage("User not found!");
|
|
309 |
//}
|
| 194 |
310 |
|
| 195 |
311 |
} catch (NamingException e) {
|
| 196 |
312 |
System.err.println("Problem getting users in AuthLdap.getUsers:" + e);
|
| ... | ... | |
| 217 |
333 |
|
| 218 |
334 |
try {
|
| 219 |
335 |
|
| 220 |
|
// Get the dn for this uid or cn
|
| 221 |
|
String identifier = getIdentifyingName(user);
|
| 222 |
|
if (identifier != null) {
|
| 223 |
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
| 224 |
|
env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
| 225 |
|
env.put(Context.SECURITY_CREDENTIALS, password);
|
|
336 |
//// Get the dn for this uid or cn
|
|
337 |
//String identifier = getIdentifyingName(user);
|
|
338 |
//if (identifier != null) {
|
|
339 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
340 |
// env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
|
341 |
// env.put(Context.SECURITY_CREDENTIALS, password);
|
| 226 |
342 |
|
| 227 |
343 |
// Create the initial directory context
|
| 228 |
344 |
DirContext ctx = new InitialDirContext(env);
|
| ... | ... | |
| 280 |
396 |
|
| 281 |
397 |
// Close the context when we're done
|
| 282 |
398 |
ctx.close();
|
| 283 |
|
} else {
|
| 284 |
|
util.debugMessage("User not found!");
|
| 285 |
|
}
|
|
399 |
//} else {
|
|
400 |
// util.debugMessage("User not found!");
|
|
401 |
//}
|
| 286 |
402 |
|
| 287 |
403 |
} catch (NamingException e) {
|
| 288 |
404 |
System.err.println("Problem getting users for a group in AuthLdap.getUsers:" + e);
|
| ... | ... | |
| 345 |
461 |
} catch (NamingException ne) {
|
| 346 |
462 |
System.err.println("Problem getting userID by \"dn\" in AuthLdap.getUserID:" + ne);
|
| 347 |
463 |
throw ne;
|
| 348 |
|
//throw new ConnectException(
|
| 349 |
|
//"Problem getting userID searching by \"dn\" in AuthLdap.getUserID:" + e);
|
| 350 |
|
//return null;
|
| 351 |
464 |
}
|
| 352 |
465 |
|
| 353 |
466 |
if ( users.length > 0 ) {
|
| ... | ... | |
| 408 |
521 |
} catch (NamingException ne) {
|
| 409 |
522 |
System.err.println("Problem getting groupID by \"dn\" in AuthLdap.getGroupID:" + ne);
|
| 410 |
523 |
throw ne;
|
| 411 |
|
//throw new ConnectException(
|
| 412 |
|
//"Problem getting groupID searching by \"dn\" in AuthLdap.getGroupID:" + e);
|
| 413 |
|
//return null;
|
| 414 |
524 |
}
|
| 415 |
525 |
|
| 416 |
526 |
if ( groups.length > 0 ) {
|
| ... | ... | |
| 435 |
545 |
|
| 436 |
546 |
try {
|
| 437 |
547 |
|
| 438 |
|
// Get the dn for this uid or cn
|
| 439 |
|
String identifier = getIdentifyingName(user);
|
| 440 |
|
if (identifier != null) {
|
| 441 |
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
| 442 |
|
env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
| 443 |
|
env.put(Context.SECURITY_CREDENTIALS, password);
|
|
548 |
//// Get the dn for this uid or cn
|
|
549 |
//String identifier = getIdentifyingName(user);
|
|
550 |
//if (identifier != null) {
|
|
551 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
552 |
// env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
|
553 |
// env.put(Context.SECURITY_CREDENTIALS, password);
|
| 444 |
554 |
|
| 445 |
555 |
// Create the initial directory context
|
| 446 |
556 |
DirContext ctx = new InitialDirContext(env);
|
| ... | ... | |
| 476 |
586 |
|
| 477 |
587 |
// Close the context when we're done
|
| 478 |
588 |
ctx.close();
|
| 479 |
|
} else {
|
| 480 |
|
util.debugMessage("User not found!");
|
| 481 |
|
}
|
|
589 |
//} else {
|
|
590 |
// util.debugMessage("User not found!");
|
|
591 |
//}
|
| 482 |
592 |
|
| 483 |
593 |
} catch (NamingException e) {
|
| 484 |
594 |
System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
|
| ... | ... | |
| 505 |
615 |
|
| 506 |
616 |
try {
|
| 507 |
617 |
|
| 508 |
|
// Get the dn for this uid or cn
|
| 509 |
|
String identifier = getIdentifyingName(user);
|
| 510 |
|
if (identifier != null) {
|
| 511 |
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
| 512 |
|
env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
| 513 |
|
env.put(Context.SECURITY_CREDENTIALS, password);
|
|
618 |
//// Get the dn for this uid or cn
|
|
619 |
//String identifier = getIdentifyingName(user);
|
|
620 |
//if (identifier != null) {
|
|
621 |
// env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
622 |
// env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
|
623 |
// env.put(Context.SECURITY_CREDENTIALS, password);
|
| 514 |
624 |
|
| 515 |
625 |
// Create the initial directory context
|
| 516 |
626 |
DirContext ctx = new InitialDirContext(env);
|
| ... | ... | |
| 548 |
658 |
|
| 549 |
659 |
// Close the context when we're done
|
| 550 |
660 |
ctx.close();
|
| 551 |
|
} else {
|
| 552 |
|
util.debugMessage("User not found!");
|
| 553 |
|
}
|
|
661 |
//} else {
|
|
662 |
// util.debugMessage("User not found!");
|
|
663 |
//}
|
| 554 |
664 |
|
| 555 |
665 |
} catch (NamingException e) {
|
| 556 |
666 |
System.err.println("Problem getting groups in AuthLdap.getGroups:" + e);
|
| ... | ... | |
| 597 |
707 |
try {
|
| 598 |
708 |
|
| 599 |
709 |
if ((user != null) && (password != null)) {
|
| 600 |
|
String identifier = getIdentifyingName(user);
|
|
710 |
String identifier = getIdentifyingName(user,this.ldapUrl,this.ldapBase);
|
| 601 |
711 |
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
| 602 |
712 |
env.put(Context.SECURITY_PRINCIPAL, identifier + "," + ldapBase);
|
| 603 |
713 |
env.put(Context.SECURITY_CREDENTIALS, password);
|
| ... | ... | |
| 607 |
717 |
DirContext ctx = new InitialDirContext(env);
|
| 608 |
718 |
|
| 609 |
719 |
// Find out the identifying attribute for the user
|
| 610 |
|
String userident = getIdentifyingName(foruser);
|
|
720 |
String userident = getIdentifyingName(foruser,this.ldapUrl,this.ldapBase);
|
| 611 |
721 |
|
| 612 |
722 |
// Ask for all attributes of the user
|
| 613 |
723 |
Attributes attrs = ctx.getAttributes(userident);
|
| ... | ... | |
| 639 |
749 |
}
|
| 640 |
750 |
|
| 641 |
751 |
/**
|
| 642 |
|
* Get the identifying name for a given userid or name. This is the name
|
| 643 |
|
* that is used in conjunction withthe LDAP BaseDN to create a
|
| 644 |
|
* distinguished name (dn) for the record
|
| 645 |
|
*
|
| 646 |
|
* @param user the user for which the identifying name is requested
|
| 647 |
|
* @returns String the identifying name for the user,
|
| 648 |
|
* or null if not found
|
|
752 |
* Get list of all subtrees holding Metacat's groups and users
|
|
753 |
* starting from the Metacat LDAP root,
|
|
754 |
* i.e. ldap://dev.nceas.ucsb.edu/dc=ecoinformatics,dc=org
|
| 649 |
755 |
*/
|
| 650 |
|
private String getIdentifyingName(String user)
|
| 651 |
|
throws NamingException
|
|
756 |
private Hashtable getSubtrees(String user, String password,
|
|
757 |
String ldapUrl, String ldapBase)
|
|
758 |
throws ConnectException
|
| 652 |
759 |
{
|
| 653 |
|
String identifier = null;
|
|
760 |
Hashtable trees = new Hashtable();
|
| 654 |
761 |
|
| 655 |
762 |
// Identify service provider to use
|
| 656 |
763 |
Hashtable env = new Hashtable(11);
|
| 657 |
|
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
|
764 |
env.put(Context.INITIAL_CONTEXT_FACTORY,
|
| 658 |
765 |
"com.sun.jndi.ldap.LdapCtxFactory");
|
| 659 |
766 |
env.put(Context.PROVIDER_URL, ldapUrl + ldapBase);
|
| 660 |
767 |
|
| 661 |
768 |
try {
|
| 662 |
769 |
|
| 663 |
|
// Bind to the LDAP server, in order to search for the right
|
| 664 |
|
// distinguished name (dn) based on userid (uid) or common name (cn)
|
| 665 |
|
DirContext ctx = new InitialDirContext(env);
|
|
770 |
//if ( this.authenticate(user, password) ) {
|
| 666 |
771 |
|
| 667 |
|
// Search for the user id or name using the uid, then cn and sn attributes
|
| 668 |
|
// If we find a record, determine the dn for the record
|
| 669 |
|
util.debugMessage("\nStarting search phase...\n");
|
| 670 |
|
Attributes matchAttrs = new BasicAttributes(true);
|
| 671 |
|
matchAttrs.put(new BasicAttribute("uid", user));
|
| 672 |
|
NamingEnumeration answer = ctx.search("", matchAttrs);
|
| 673 |
|
if (answer.hasMore()) {
|
| 674 |
|
SearchResult sr = (SearchResult)answer.next();
|
| 675 |
|
identifier = sr.getName();
|
| 676 |
|
util.debugMessage("Found: " + identifier);
|
| 677 |
|
} else {
|
| 678 |
|
Attributes matchAttrs2 = new BasicAttributes(true);
|
| 679 |
|
matchAttrs2.put(new BasicAttribute("cn", user));
|
| 680 |
|
NamingEnumeration answer2 = ctx.search("", matchAttrs2);
|
| 681 |
|
if (answer2.hasMore()) {
|
| 682 |
|
SearchResult sr = (SearchResult)answer2.next();
|
| 683 |
|
identifier = sr.getName();
|
| 684 |
|
util.debugMessage("Found: " + identifier);
|
| 685 |
|
} else {
|
| 686 |
|
Attributes matchAttrs3 = new BasicAttributes(true);
|
| 687 |
|
matchAttrs3.put(new BasicAttribute("sn", user));
|
| 688 |
|
NamingEnumeration answer3 = ctx.search("", matchAttrs3);
|
| 689 |
|
if (answer3.hasMore()) {
|
| 690 |
|
SearchResult sr = (SearchResult)answer3.next();
|
| 691 |
|
identifier = sr.getName();
|
| 692 |
|
util.debugMessage("Found: " + identifier);
|
|
772 |
// Create the initial directory context
|
|
773 |
DirContext ctx = new InitialDirContext(env);
|
|
774 |
|
|
775 |
// Specify the ids of the attributes to return
|
|
776 |
String[] attrIDs = {"o","ref"};
|
|
777 |
SearchControls ctls = new SearchControls();
|
|
778 |
ctls.setReturningAttributes(attrIDs);
|
|
779 |
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
|
780 |
|
|
781 |
// Specify the attributes to match.
|
|
782 |
// Subtrees from the main server are found as objects with attribute
|
|
783 |
// objectclass=organization or objectclass=referral to the subtree
|
|
784 |
// resided on other server.
|
|
785 |
String filter = "(|(objectclass=organization)(objectclass=referral))";
|
|
786 |
|
|
787 |
// Search for objects in the current context
|
|
788 |
NamingEnumeration enum = ctx.search("", filter, ctls);
|
|
789 |
|
|
790 |
// Print the subtrees' <ldapURL, baseDN>
|
|
791 |
while (enum.hasMore()) {
|
|
792 |
SearchResult sr = (SearchResult)enum.next();
|
|
793 |
Attributes attrs = sr.getAttributes();
|
|
794 |
NamingEnumeration enum1 = attrs.getAll(); // "dc" and "ref" attrs
|
|
795 |
if (enum1.hasMore()) {
|
|
796 |
Attribute attr = (Attribute)enum1.next();
|
|
797 |
String attrValue = (String)attr.get();
|
|
798 |
String attrName = (String)attr.getID();
|
|
799 |
//System.out.println(attrName + "=" + attrValue);
|
|
800 |
if ( enum1.hasMore() ) {
|
|
801 |
attr = (Attribute)enum1.next();
|
|
802 |
String refValue = (String)attr.get();
|
|
803 |
String refName = (String)attr.getID();
|
|
804 |
//System.out.println(refName + "=" + refValue);
|
|
805 |
if ( ldapBase.startsWith(refName + "=" + refValue) ) {
|
|
806 |
trees.put(ldapBase,
|
|
807 |
attrValue.substring(0,attrValue.lastIndexOf("/")+1) );
|
|
808 |
} else {
|
|
809 |
trees.put(refName + "=" + refValue + "," + ldapBase,
|
|
810 |
attrValue.substring(0,attrValue.lastIndexOf("/")+1) );
|
|
811 |
}
|
|
812 |
//System.out.println("REFERRAL:" + attrValue);
|
|
813 |
} else if ( ldapBase.startsWith(attrName + "=" + attrValue) ) {
|
|
814 |
trees.put(ldapBase, ldapUrl);
|
|
815 |
} else {
|
|
816 |
trees.put(attrName + "=" + attrValue + "," + ldapBase, ldapUrl);
|
|
817 |
//System.out.println(ldapUrl + attrName + "=" + attrValue + "," + ldapBase);
|
|
818 |
}
|
| 693 |
819 |
}
|
| 694 |
820 |
}
|
| 695 |
|
}
|
| 696 |
|
// Close the context when we're done the initial search
|
| 697 |
|
ctx.close();
|
|
821 |
|
|
822 |
// Close the context when we're done
|
|
823 |
ctx.close();
|
|
824 |
//} else {
|
|
825 |
// System.out.println("Not authenticated user: " + user + "@" + ldapUrl + ldapBase);
|
|
826 |
//}
|
|
827 |
|
| 698 |
828 |
} catch (NamingException e) {
|
| 699 |
|
util.debugMessage("Naming exception while getting dn: " + e);
|
| 700 |
|
System.out.println("Naming exception in AuthLdap.getIdentifyingName");
|
| 701 |
|
throw new NamingException(
|
| 702 |
|
"Naming exception in AuthLdap.getIdentifyingName: " + e);
|
|
829 |
System.err.println("Problem getting subtrees in AuthLdap.getSubtrees:" + e);
|
|
830 |
throw new ConnectException(
|
|
831 |
"Problem getting subtrees in AuthLdap.getSubtrees:" + e);
|
| 703 |
832 |
}
|
| 704 |
833 |
|
| 705 |
|
return identifier;
|
|
834 |
//System.out.println("number of subtrees:" + trees.size());
|
|
835 |
return trees;
|
| 706 |
836 |
}
|
| 707 |
837 |
|
| 708 |
838 |
/**
|
| 709 |
|
* Get list of all groups and users from authentication scheme.
|
|
839 |
* Get all groups and users from authentication scheme.
|
| 710 |
840 |
* The output is formatted in XML.
|
|
841 |
* @param user the user which requests the information
|
|
842 |
* @param password the user's password
|
| 711 |
843 |
*/
|
| 712 |
|
private String getPrincipals(String user, String password)
|
|
844 |
public String getPrincipals(String user, String password)
|
| 713 |
845 |
throws ConnectException
|
| 714 |
846 |
{
|
| 715 |
847 |
StringBuffer out = new StringBuffer();
|
| 716 |
|
String[] groups = getGroups(user, password);
|
| 717 |
848 |
Vector usersIn = new Vector();
|
| 718 |
849 |
|
|
850 |
//String ldapUrl = "ldap://dev.nceas.ucsb.edu/";
|
|
851 |
//String ldapBase = "dc=ecoinformatics,dc=org";
|
|
852 |
//String ldapUrl = "ldap://ldap.nceas.ucsb.edu/";
|
|
853 |
//String ldapBase = "o=NCEAS,c=US";
|
|
854 |
|
| 719 |
855 |
out.append("<?xml version=\"1.0\"?>\n");
|
| 720 |
|
out.append("<principals authSystemURI=\"" + ldapUrl + ldapBase + "\">\n");
|
|
856 |
out.append("<principals>\n");
|
| 721 |
857 |
|
| 722 |
|
// for the groups and users that belong to them
|
| 723 |
|
if ( groups.length > 0 ) {
|
| 724 |
|
for (int i=0; i < groups.length; i++ ) {
|
| 725 |
|
out.append(" <group>\n");
|
| 726 |
|
out.append(" <groupname>" + groups[i] + "<groupname>\n");
|
| 727 |
|
String[] usersForGroup = getUsers(user,password,groups[i]);
|
| 728 |
|
for (int j=0; j < usersForGroup.length; j++ ) {
|
| 729 |
|
usersIn.addElement(usersForGroup[j]);
|
|
858 |
/*
|
|
859 |
* get all subtrees first in the current dir context
|
|
860 |
* and then the Metacat users under them
|
|
861 |
*/
|
|
862 |
Hashtable subtrees = getSubtrees(user,password,this.ldapUrl,this.ldapBase);
|
|
863 |
|
|
864 |
Enumeration enum = subtrees.keys();
|
|
865 |
while ( enum.hasMoreElements() ) {
|
|
866 |
this.ldapBase = (String)enum.nextElement();
|
|
867 |
this.ldapUrl = (String)subtrees.get(ldapBase);
|
|
868 |
|
|
869 |
out.append(" <authSystem URI=\"" +
|
|
870 |
this.ldapUrl + this.ldapBase + "\">\n");
|
|
871 |
|
|
872 |
// get all groups for directory context
|
|
873 |
String[] groups = getGroups(user, password);
|
|
874 |
|
|
875 |
// for the groups and users that belong to them
|
|
876 |
if ( groups.length > 0 ) {
|
|
877 |
for (int i=0; i < groups.length; i++ ) {
|
|
878 |
out.append(" <group>\n");
|
|
879 |
out.append(" <groupname>" + groups[i] + "<groupname>\n");
|
|
880 |
String[] usersForGroup = getUsers(user,password,groups[i]);
|
|
881 |
for (int j=0; j < usersForGroup.length; j++ ) {
|
|
882 |
usersIn.addElement(usersForGroup[j]);
|
|
883 |
out.append(" <user>\n");
|
|
884 |
out.append(" <username>" + usersForGroup[j] + "<username>\n");
|
|
885 |
out.append(" </user>\n");
|
|
886 |
}
|
|
887 |
out.append(" </group>\n");
|
|
888 |
}
|
|
889 |
}
|
|
890 |
// for the users not belonging to any group
|
|
891 |
String[] users = getUsers(user, password);
|
|
892 |
for (int j=0; j < users.length; j++ ) {
|
|
893 |
if ( !usersIn.contains(users[j]) ) {
|
| 730 |
894 |
out.append(" <user>\n");
|
| 731 |
|
out.append(" <username>" + usersForGroup[j] + "<username>\n");
|
|
895 |
out.append(" <username>" + users[j] + "<username>\n");
|
| 732 |
896 |
out.append(" </user>\n");
|
| 733 |
897 |
}
|
| 734 |
|
out.append(" </group>\n");
|
| 735 |
898 |
}
|
| 736 |
|
}
|
| 737 |
|
// for the users not belonging to any group
|
| 738 |
|
String[] users = getUsers(user, password);
|
| 739 |
|
for (int j=0; j < users.length; j++ ) {
|
| 740 |
|
if ( !usersIn.contains(users[j]) ) {
|
| 741 |
|
out.append(" <user>\n");
|
| 742 |
|
out.append(" <username>" + users[j] + "<username>\n");
|
| 743 |
|
out.append(" </user>\n");
|
|
899 |
|
|
900 |
out.append(" </authSystem>\n");
|
|
901 |
if ( !usersIn.isEmpty() ) {
|
|
902 |
usersIn.removeAllElements();
|
|
903 |
usersIn.trimToSize();
|
| 744 |
904 |
}
|
|
905 |
|
| 745 |
906 |
}
|
| 746 |
|
|
| 747 |
907 |
out.append("</principals>");
|
| 748 |
908 |
return out.toString();
|
| 749 |
909 |
}
|
| ... | ... | |
| 781 |
941 |
Iterator attvalues = values.iterator();
|
| 782 |
942 |
while (attvalues.hasNext()) {
|
| 783 |
943 |
String value = (String)attvalues.next();
|
| 784 |
|
System.out.println(att + ": " + value);
|
|
944 |
// System.out.println(att + ": " + value);
|
| 785 |
945 |
}
|
| 786 |
946 |
}
|
| 787 |
947 |
|
| ... | ... | |
| 809 |
969 |
*/
|
| 810 |
970 |
// get the whole list groups and users in XML format
|
| 811 |
971 |
if (isValid) {
|
|
972 |
authservice = new AuthLdap();
|
| 812 |
973 |
String out = authservice.getPrincipals(user, password);
|
| 813 |
974 |
java.io.File f = new java.io.File("principals.txt");
|
| 814 |
975 |
java.io.FileWriter fw = new java.io.FileWriter(f);
|
| ... | ... | |
| 820 |
981 |
}
|
| 821 |
982 |
|
| 822 |
983 |
} catch (ConnectException ce) {
|
| 823 |
|
System.err.println("Error connecting to LDAP server in authldap.main");
|
|
984 |
System.err.println(ce.getMessage());
|
| 824 |
985 |
} catch (java.io.IOException ioe) {
|
| 825 |
986 |
System.err.println("I/O Error writing to file principals.txt");
|
| 826 |
987 |
}
|
Changes related to running LDAP servers referred each other in one tree modeling the KNB tree.
Currently there are running LDAP server on dev that holds the KNB root and the NCEAS' s subtree.
It also refers to a subtree modeling the LTER's tree which is held by another LDAP server runnig on alpha .