X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=22c178ef473916f6597ab471d8f69dd7dbb36b7a;hb=c38430e4dc4d8104162d7306675bc2f087d45a54;hp=a9e32fae5697708412eee9d953215c202803d843;hpb=a5459b7f0a4ce0463b950efd5c776368fe169256;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index a9e32fae5..22c178ef4 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -22,8 +22,6 @@ import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapName; import javax.transaction.TransactionManager; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.argeo.naming.LdapAttrs; import org.osgi.framework.Filter; import org.osgi.service.useradmin.Role; @@ -34,10 +32,11 @@ import org.osgi.service.useradmin.User; * and an open transaction for write access. */ public class LdapUserAdmin extends AbstractUserDirectory { - private final static Log log = LogFactory.getLog(LdapUserAdmin.class); - private InitialLdapContext initialLdapContext = null; +// private LdapName adminUserDn = null; +// private LdifUser adminUser = null; + public LdapUserAdmin(Dictionary properties) { super(null, properties); try { @@ -58,11 +57,15 @@ public class LdapUserAdmin extends AbstractUserDirectory { Object principal = properties.get(Context.SECURITY_PRINCIPAL); if (principal != null) { initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, principal.toString()); +// adminUserDn = new LdapName(principal.toString()); +// BasicAttributes adminUserAttrs = new BasicAttributes(); +// adminUser = new LdifUser(this, adminUserDn, adminUserAttrs); Object creds = properties.get(Context.SECURITY_CREDENTIALS); if (creds != null) { initialLdapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, creds.toString()); - +// adminUserAttrs.put(LdapAttrs.userPassword.name(), adminUser.hash(creds.toString().toCharArray())); } +// adminUserAttrs.put(LdapAttrs.memberOf.name(), "cn=admin,ou=roles,ou=node"); } } catch (Exception e) { throw new UserDirectoryException("Cannot connect to LDAP", e); @@ -74,11 +77,10 @@ public class LdapUserAdmin extends AbstractUserDirectory { // tls.close(); initialLdapContext.close(); } catch (NamingException e) { - log.error("Cannot destroy LDAP user admin", e); + e.printStackTrace(); } } - @SuppressWarnings("unchecked") @Override protected AbstractUserDirectory scope(User user) { Dictionary credentials = user.getCredentials(); @@ -127,15 +129,18 @@ public class LdapUserAdmin extends AbstractUserDirectory { throw new UserDirectoryException("Unsupported LDAP type for " + name); return res; } catch (NameNotFoundException e) { +// if (adminUserDn != null && adminUserDn.equals(name)) { +// return adminUser; +// } throw e; } catch (NamingException e) { - log.error("Cannot get role: " + name, e); return null; } } @Override protected List doGetRoles(Filter f) { + ArrayList res = new ArrayList(); try { String searchFilter = f != null ? f.toString() : "(|(" + objectClass + "=" + getUserObjectClass() + ")(" + objectClass + "=" @@ -146,7 +151,6 @@ public class LdapUserAdmin extends AbstractUserDirectory { LdapName searchBase = getBaseDn(); NamingEnumeration results = getLdapContext().search(searchBase, searchFilter, searchControls); - ArrayList res = new ArrayList(); results: while (results.hasMoreElements()) { SearchResult searchResult = results.next(); Attributes attrs = searchResult.getAttributes(); @@ -160,12 +164,14 @@ public class LdapUserAdmin extends AbstractUserDirectory { || objectClassAttr.contains(getUserObjectClass().toLowerCase())) role = new LdifUser(this, dn, attrs); else { - log.warn("Unsupported LDAP type for " + searchResult.getName()); +// log.warn("Unsupported LDAP type for " + searchResult.getName()); continue results; } res.add(role); } return res; +// } catch (NameNotFoundException e) { +// return res; } catch (Exception e) { throw new UserDirectoryException("Cannot get roles for filter " + f, e); }