X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FUserAdminLoginModule.java;h=2fbf8c232cd2ed89c125f403681a4552e56a11fb;hb=98d5fd2b03d86c9e76d04187385c0fada262fca2;hp=0ae84ff8ac7f294b4b891ac5d77c7281eb10e162;hpb=da78fca0c8b99cabab454d704136e0313342292c;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
index 0ae84ff8a..2fbf8c232 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/UserAdminLoginModule.java
@@ -1,6 +1,6 @@
 package org.argeo.cms.auth;
 
-import static org.argeo.util.naming.LdapAttrs.cn;
+import static org.argeo.api.acr.ldap.LdapAttrs.cn;
 
 import java.io.IOException;
 import java.security.PrivilegedAction;
@@ -24,13 +24,13 @@ import javax.security.auth.login.CredentialNotFoundException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
+import org.argeo.api.acr.ldap.LdapAttrs;
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsLog;
+import org.argeo.cms.directory.ldap.IpaUtils;
 import org.argeo.cms.internal.runtime.CmsContextImpl;
-import org.argeo.osgi.useradmin.AuthenticatingUser;
-import org.argeo.osgi.useradmin.TokenUtils;
-import org.argeo.util.directory.ldap.IpaUtils;
-import org.argeo.util.naming.LdapAttrs;
+import org.argeo.cms.osgi.useradmin.AuthenticatingUser;
+import org.argeo.cms.osgi.useradmin.TokenUtils;
 import org.osgi.service.useradmin.Authorization;
 import org.osgi.service.useradmin.Group;
 import org.osgi.service.useradmin.User;
@@ -155,20 +155,24 @@ public class UserAdminLoginModule implements LoginModule {
 			return true;// expect Kerberos
 
 		if (password != null) {
+			//  TODO disabling bind for the time being,
+			// as it requires authorisations to be set at LDAP level
+			boolean tryBind = false;
 			// try bind first
-			try {
-				AuthenticatingUser authenticatingUser = new AuthenticatingUser(user.getName(), password);
-				bindAuthorization = userAdmin.getAuthorization(authenticatingUser);
-				// TODO check tokens as well
-				if (bindAuthorization != null) {
-					authenticatedUser = user;
-					return true;
+			if (tryBind)
+				try {
+					AuthenticatingUser authenticatingUser = new AuthenticatingUser(user.getName(), password);
+					bindAuthorization = userAdmin.getAuthorization(authenticatingUser);
+					// TODO check tokens as well
+					if (bindAuthorization != null) {
+						authenticatedUser = user;
+						return true;
+					}
+				} catch (Exception e) {
+					// silent
+					if (log.isTraceEnabled())
+						log.trace("Bind failed", e);
 				}
-			} catch (Exception e) {
-				// silent
-				if (log.isTraceEnabled())
-					log.trace("Bind failed", e);
-			}
 
 			// works only if a connection password is provided
 			if (!user.hasCredential(null, password)) {