X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FIpaLoginModule.java;h=0cbdc7d5b64a18c274271b5ec4a2987699b2fa06;hb=bf8bd05b74a873460a3ec5d5cf4b666a9ce2c372;hp=6cb6ab11de73eae41f2c6f6d59cbd923717fb506;hpb=76a7e65ffa515c0dbd7a5587b29ffc9bba449542;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/IpaLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/IpaLoginModule.java
index 6cb6ab11d..0cbdc7d5b 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/IpaLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/IpaLoginModule.java
@@ -4,7 +4,6 @@ import java.security.PrivilegedAction;
 import java.util.Map;
 import java.util.Set;
 
-import javax.naming.InvalidNameException;
 import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.CallbackHandler;
@@ -14,7 +13,7 @@ import javax.security.auth.spi.LoginModule;
 import javax.servlet.http.HttpServletRequest;
 
 import org.argeo.cms.CmsException;
-import org.argeo.naming.LdapAttrs;
+import org.argeo.osgi.useradmin.IpaUtils;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.service.useradmin.Authorization;
@@ -26,6 +25,7 @@ public class IpaLoginModule implements LoginModule {
 	private Map<String, Object> sharedState = null;
 	private CallbackHandler callbackHandler;
 
+	@SuppressWarnings("unchecked")
 	@Override
 	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
 			Map<String, ?> options) {
@@ -56,7 +56,7 @@ public class IpaLoginModule implements LoginModule {
 			authorization = userAdmin.getAuthorization(null);
 		} else {
 			KerberosPrincipal kerberosPrincipal = kerberosPrincipals.iterator().next();
-			LdapName dn = kerberosToIpa(kerberosPrincipal);
+			LdapName dn = IpaUtils.kerberosToDn(kerberosPrincipal.getName());
 			AuthenticatingUser authenticatingUser = new AuthenticatingUser(dn);
 			authorization = Subject.doAs(subject, new PrivilegedAction<Authorization>() {
 
@@ -78,21 +78,6 @@ public class IpaLoginModule implements LoginModule {
 		return true;
 	}
 
-	private LdapName kerberosToIpa(KerberosPrincipal kerberosPrincipal) {
-		String[] kname = kerberosPrincipal.getName().split("@");
-		String username = kname[0];
-		String[] dcs = kname[1].split("\\.");
-		StringBuilder sb = new StringBuilder();
-		for (String dc : dcs) {
-			sb.append(',').append(LdapAttrs.dc.name()).append('=').append(dc.toLowerCase());
-		}
-		String dn = LdapAttrs.uid + "=" + username + ",cn=users,cn=accounts" + sb;
-		try {
-			return new LdapName(dn);
-		} catch (InvalidNameException e) {
-			throw new CmsException("Badly formatted name for " + kerberosPrincipal + ": " + dn);
-		}
-	}
 
 	@Override
 	public boolean abort() throws LoginException {