X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=456342e04e35f06b432f1f7c91193d28cba85914;hb=a2ad417ed1d0219ac29d70ae985939764c13ce38;hp=f78da0af0d29aed943c3cda8831bb9d97bffef47;hpb=0243aa5633af84d8608ba912483dbaaaefac42f1;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java index f78da0af0..456342e04 100644 --- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java +++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java @@ -26,6 +26,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.naming.LdapAttrs; import org.osgi.framework.Filter; +import org.osgi.service.useradmin.Role; +import org.osgi.service.useradmin.User; /** * A user admin based on a LDAP server. Requires a {@link TransactionManager} @@ -48,7 +50,11 @@ public class LdapUserAdmin extends AbstractUserDirectory { // StartTlsResponse tls = (StartTlsResponse) ctx // .extendedOperation(new StartTlsRequest()); // tls.negotiate(); - initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); + Object securityAuthentication = properties.get(Context.SECURITY_AUTHENTICATION); + if (securityAuthentication != null) + initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, securityAuthentication); + else + initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple"); Object principal = properties.get(Context.SECURITY_PRINCIPAL); if (principal != null) { initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, principal.toString()); @@ -58,10 +64,6 @@ public class LdapUserAdmin extends AbstractUserDirectory { } } - // initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, - // "uid=admin,ou=system"); - // initialLdapContext.addToEnvironment(Context.SECURITY_CREDENTIALS, - // "secret"); } catch (Exception e) { throw new UserDirectoryException("Cannot connect to LDAP", e); } @@ -76,6 +78,23 @@ public class LdapUserAdmin extends AbstractUserDirectory { } } + @SuppressWarnings("unchecked") + @Override + protected AbstractUserDirectory scope(User user) { + Dictionary credentials = user.getCredentials(); + // FIXME use arrays + String username = (String) credentials.get(SHARED_STATE_USERNAME); + if (username == null) + username = user.getName(); + // byte[] pwd = (byte[]) credentials.get(SHARED_STATE_PASSWORD); + // char[] password = DigestUtils.bytesToChars(pwd); + Dictionary properties = cloneProperties(); + properties.put(Context.SECURITY_PRINCIPAL, username.toString()); + // properties.put(Context.SECURITY_CREDENTIALS, password); + properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI"); + return new LdapUserAdmin(properties); + } + protected InitialLdapContext getLdapContext() { return initialLdapContext; } @@ -91,15 +110,17 @@ public class LdapUserAdmin extends AbstractUserDirectory { Attributes attrs = getLdapContext().getAttributes(name); if (attrs.size() == 0) return null; + int roleType = roleType(name); LdifUser res; - if (attrs.get(objectClass.name()).contains(getGroupObjectClass())) + if (roleType == Role.GROUP) res = new LdifGroup(this, name, attrs); - else if (attrs.get(objectClass.name()).contains(getUserObjectClass())) + else if (roleType == Role.USER) res = new LdifUser(this, name, attrs); else throw new UserDirectoryException("Unsupported LDAP type for " + name); return res; } catch (NamingException e) { + log.error("Cannot get role: "+e.getMessage()); return null; } }