X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=0d8f8d62933847ee7e8e59189db0d75330ef22a6;hb=81d9084e2c9fd9d33ca1d864171d28f9564647d8;hp=ea7d1f37082bf17f335dc27b4c02a89ffc74266c;hpb=c2366f32052deada7d96f635e86f745f438f094e;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index ea7d1f370..0d8f8d629 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -26,12 +26,11 @@ import javax.security.auth.spi.LoginModule;
 
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsLog;
-import org.argeo.cms.internal.osgi.NodeUserAdmin;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
 import org.argeo.cms.security.CryptoKeyring;
 import org.argeo.osgi.useradmin.AuthenticatingUser;
-import org.argeo.osgi.useradmin.IpaUtils;
 import org.argeo.osgi.useradmin.TokenUtils;
+import org.argeo.util.directory.ldap.IpaUtils;
 import org.argeo.util.naming.LdapAttrs;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
@@ -52,8 +51,8 @@ public class UserAdminLoginModule implements LoginModule {
 	private CallbackHandler callbackHandler;
 	private Map<String, Object> sharedState = null;
 
-	private List<String> indexedUserProperties = Arrays
-			.asList(new String[] { LdapAttrs.mail.name(), LdapAttrs.uid.name(), LdapAttrs.authPassword.name() });
+	private List<String> indexedUserProperties = Arrays.asList(new String[] { LdapAttrs.mail.name(),
+			LdapAttrs.uid.name(), LdapAttrs.employeeNumber.name(), LdapAttrs.authPassword.name() });
 
 	// private state
 	private BundleContext bc;
@@ -237,6 +236,8 @@ public class UserAdminLoginModule implements LoginModule {
 					throw new LoginException("Kerberos login " + authenticatingUser.getName()
 							+ " is inconsistent with user admin login " + authenticatedUser.getName());
 			}
+			if (log.isTraceEnabled())
+				log.trace("Retrieve authorization for " + authenticatingUser + "... ");
 			authorization = Subject.doAs(subject, new PrivilegedAction<Authorization>() {
 
 				@Override