X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=494d9c2dfaf0c0b78981f0615daf1719a93cb496;hb=6338d85d3f970dd0eb8845693ddad90a93b99d03;hp=f78da0af0d29aed943c3cda8831bb9d97bffef47;hpb=0243aa5633af84d8608ba912483dbaaaefac42f1;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
index f78da0af0..494d9c2df 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
@@ -26,6 +26,8 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.naming.LdapAttrs;
 import org.osgi.framework.Filter;
+import org.osgi.service.useradmin.Role;
+import org.osgi.service.useradmin.User;
 
 /**
  * A user admin based on a LDAP server. Requires a {@link TransactionManager}
@@ -37,7 +39,7 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 	private InitialLdapContext initialLdapContext = null;
 
 	public LdapUserAdmin(Dictionary<String, ?> properties) {
-		super(properties);
+		super(null, properties);
 		try {
 			Hashtable<String, Object> connEnv = new Hashtable<String, Object>();
 			connEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
@@ -48,7 +50,11 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 			// StartTlsResponse tls = (StartTlsResponse) ctx
 			// .extendedOperation(new StartTlsRequest());
 			// tls.negotiate();
-			initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
+			Object securityAuthentication = properties.get(Context.SECURITY_AUTHENTICATION);
+			if (securityAuthentication != null)
+				initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, securityAuthentication);
+			else
+				initialLdapContext.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
 			Object principal = properties.get(Context.SECURITY_PRINCIPAL);
 			if (principal != null) {
 				initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL, principal.toString());
@@ -58,10 +64,6 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 
 				}
 			}
-			// initialLdapContext.addToEnvironment(Context.SECURITY_PRINCIPAL,
-			// "uid=admin,ou=system");
-			// initialLdapContext.addToEnvironment(Context.SECURITY_CREDENTIALS,
-			// "secret");
 		} catch (Exception e) {
 			throw new UserDirectoryException("Cannot connect to LDAP", e);
 		}
@@ -76,6 +78,23 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 		}
 	}
 
+	@SuppressWarnings("unchecked")
+	@Override
+	protected AbstractUserDirectory scope(User user) {
+		Dictionary<String, Object> credentials = user.getCredentials();
+		// FIXME use arrays
+		String username = (String) credentials.get(SHARED_STATE_USERNAME);
+		if (username == null)
+			username = user.getName();
+		// byte[] pwd = (byte[]) credentials.get(SHARED_STATE_PASSWORD);
+		// char[] password = DigestUtils.bytesToChars(pwd);
+		Dictionary<String, Object> properties = cloneProperties();
+		properties.put(Context.SECURITY_PRINCIPAL, username.toString());
+		// properties.put(Context.SECURITY_CREDENTIALS, password);
+		properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
+		return new LdapUserAdmin(properties);
+	}
+
 	protected InitialLdapContext getLdapContext() {
 		return initialLdapContext;
 	}
@@ -91,15 +110,17 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 			Attributes attrs = getLdapContext().getAttributes(name);
 			if (attrs.size() == 0)
 				return null;
+			int roleType = roleType(name);
 			LdifUser res;
-			if (attrs.get(objectClass.name()).contains(getGroupObjectClass()))
+			if (roleType == Role.GROUP)
 				res = new LdifGroup(this, name, attrs);
-			else if (attrs.get(objectClass.name()).contains(getUserObjectClass()))
+			else if (roleType == Role.USER)
 				res = new LdifUser(this, name, attrs);
 			else
 				throw new UserDirectoryException("Unsupported LDAP type for " + name);
 			return res;
 		} catch (NamingException e) {
+			log.error("Cannot get role: " + name, e);
 			return null;
 		}
 	}
@@ -123,9 +144,11 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 				Attribute objectClassAttr = attrs.get(objectClass.name());
 				LdapName dn = toDn(searchBase, searchResult);
 				LdifUser role;
-				if (objectClassAttr.contains(getGroupObjectClass()))
+				if (objectClassAttr.contains(getGroupObjectClass())
+						|| objectClassAttr.contains(getGroupObjectClass().toLowerCase()))
 					role = new LdifGroup(this, dn, attrs);
-				else if (objectClassAttr.contains(getUserObjectClass()))
+				else if (objectClassAttr.contains(getUserObjectClass())
+						|| objectClassAttr.contains(getUserObjectClass().toLowerCase()))
 					role = new LdifUser(this, dn, attrs);
 				else {
 					log.warn("Unsupported LDAP type for " + searchResult.getName());