X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=22c178ef473916f6597ab471d8f69dd7dbb36b7a;hb=94ec9b5a0282c8119ee9831688124bc96f3a62b8;hp=10a75feb02bd220b7ffdcb46092479ebe133b302;hpb=31d7eccd2b0effdadaaa5b6349e5b6b6ea753e3c;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index 10a75feb0..22c178ef4 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -22,8 +22,6 @@ import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapName; import javax.transaction.TransactionManager; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.argeo.naming.LdapAttrs; import org.osgi.framework.Filter; import org.osgi.service.useradmin.Role; @@ -34,10 +32,11 @@ import org.osgi.service.useradmin.User; * and an open transaction for write access. */ public class LdapUserAdmin extends AbstractUserDirectory { - private final static Log log = LogFactory.getLog(LdapUserAdmin.class); - private InitialLdapContext initialLdapContext = null; +// private LdapName adminUserDn = null; +// private LdifUser adminUser = null; + public LdapUserAdmin(Dictionary properties) { super(null, properties); try { @@ -58,11 +57,15 @@ public class LdapUserAdmin extends AbstractUserDirectory { Object principal = properties.get(Context.SECURITY_PRINCIPAL); if (principal != null) { initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, principal.toString()); +// adminUserDn = new LdapName(principal.toString()); +// BasicAttributes adminUserAttrs = new BasicAttributes(); +// adminUser = new LdifUser(this, adminUserDn, adminUserAttrs); Object creds = properties.get(Context.SECURITY_CREDENTIALS); if (creds != null) { initialLdapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, creds.toString()); - +// adminUserAttrs.put(LdapAttrs.userPassword.name(), adminUser.hash(creds.toString().toCharArray())); } +// adminUserAttrs.put(LdapAttrs.memberOf.name(), "cn=admin,ou=roles,ou=node"); } } catch (Exception e) { throw new UserDirectoryException("Cannot connect to LDAP", e); @@ -74,7 +77,7 @@ public class LdapUserAdmin extends AbstractUserDirectory { // tls.close(); initialLdapContext.close(); } catch (NamingException e) { - log.error("Cannot destroy LDAP user admin", e); + e.printStackTrace(); } } @@ -126,16 +129,18 @@ public class LdapUserAdmin extends AbstractUserDirectory { throw new UserDirectoryException("Unsupported LDAP type for " + name); return res; } catch (NameNotFoundException e) { +// if (adminUserDn != null && adminUserDn.equals(name)) { +// return adminUser; +// } throw e; } catch (NamingException e) { - if (log.isTraceEnabled()) - log.error("Cannot get role: " + name, e); return null; } } @Override protected List doGetRoles(Filter f) { + ArrayList res = new ArrayList(); try { String searchFilter = f != null ? f.toString() : "(|(" + objectClass + "=" + getUserObjectClass() + ")(" + objectClass + "=" @@ -146,7 +151,6 @@ public class LdapUserAdmin extends AbstractUserDirectory { LdapName searchBase = getBaseDn(); NamingEnumeration results = getLdapContext().search(searchBase, searchFilter, searchControls); - ArrayList res = new ArrayList(); results: while (results.hasMoreElements()) { SearchResult searchResult = results.next(); Attributes attrs = searchResult.getAttributes(); @@ -160,12 +164,14 @@ public class LdapUserAdmin extends AbstractUserDirectory { || objectClassAttr.contains(getUserObjectClass().toLowerCase())) role = new LdifUser(this, dn, attrs); else { - log.warn("Unsupported LDAP type for " + searchResult.getName()); +// log.warn("Unsupported LDAP type for " + searchResult.getName()); continue results; } res.add(role); } return res; +// } catch (NameNotFoundException e) { +// return res; } catch (Exception e) { throw new UserDirectoryException("Cannot get roles for filter " + f, e); }