X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FLdapUserAdmin.java;h=a9e32fae5697708412eee9d953215c202803d843;hb=77935b7e3c0cb16a295af7059ed48ed1b916de2d;hp=456342e04e35f06b432f1f7c91193d28cba85914;hpb=a2ad417ed1d0219ac29d70ae985939764c13ce38;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
index 456342e04..a9e32fae5 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/LdapUserAdmin.java
@@ -39,7 +39,7 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 	private InitialLdapContext initialLdapContext = null;
 
 	public LdapUserAdmin(Dictionary<String, ?> properties) {
-		super(properties);
+		super(null, properties);
 		try {
 			Hashtable<String, Object> connEnv = new Hashtable<String, Object>();
 			connEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
@@ -82,16 +82,19 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 	@Override
 	protected AbstractUserDirectory scope(User user) {
 		Dictionary<String, Object> credentials = user.getCredentials();
-		// FIXME use arrays
 		String username = (String) credentials.get(SHARED_STATE_USERNAME);
 		if (username == null)
 			username = user.getName();
-		// byte[] pwd = (byte[]) credentials.get(SHARED_STATE_PASSWORD);
-		// char[] password = DigestUtils.bytesToChars(pwd);
 		Dictionary<String, Object> properties = cloneProperties();
 		properties.put(Context.SECURITY_PRINCIPAL, username.toString());
-		// properties.put(Context.SECURITY_CREDENTIALS, password);
-		properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
+		Object pwdCred = credentials.get(SHARED_STATE_PASSWORD);
+		byte[] pwd = (byte[]) pwdCred;
+		if (pwd != null) {
+			char[] password = DigestUtils.bytesToChars(pwd);
+			properties.put(Context.SECURITY_CREDENTIALS, new String(password));
+		} else {
+			properties.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
+		}
 		return new LdapUserAdmin(properties);
 	}
 
@@ -101,11 +104,15 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 
 	@Override
 	protected Boolean daoHasRole(LdapName dn) {
-		return daoGetRole(dn) != null;
+		try {
+			return daoGetRole(dn) != null;
+		} catch (NameNotFoundException e) {
+			return false;
+		}
 	}
 
 	@Override
-	protected DirectoryUser daoGetRole(LdapName name) {
+	protected DirectoryUser daoGetRole(LdapName name) throws NameNotFoundException {
 		try {
 			Attributes attrs = getLdapContext().getAttributes(name);
 			if (attrs.size() == 0)
@@ -119,8 +126,10 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 			else
 				throw new UserDirectoryException("Unsupported LDAP type for " + name);
 			return res;
+		} catch (NameNotFoundException e) {
+			throw e;
 		} catch (NamingException e) {
-			log.error("Cannot get role: "+e.getMessage());
+			log.error("Cannot get role: " + name, e);
 			return null;
 		}
 	}
@@ -144,9 +153,11 @@ public class LdapUserAdmin extends AbstractUserDirectory {
 				Attribute objectClassAttr = attrs.get(objectClass.name());
 				LdapName dn = toDn(searchBase, searchResult);
 				LdifUser role;
-				if (objectClassAttr.contains(getGroupObjectClass()))
+				if (objectClassAttr.contains(getGroupObjectClass())
+						|| objectClassAttr.contains(getGroupObjectClass().toLowerCase()))
 					role = new LdifGroup(this, dn, attrs);
-				else if (objectClassAttr.contains(getUserObjectClass()))
+				else if (objectClassAttr.contains(getUserObjectClass())
+						|| objectClassAttr.contains(getUserObjectClass().toLowerCase()))
 					role = new LdifUser(this, dn, attrs);
 				else {
 					log.warn("Unsupported LDAP type for " + searchResult.getName());