X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.enterprise%2Fsrc%2Forg%2Fargeo%2Fosgi%2Fuseradmin%2FUserAdminConf.java;h=19426b6c5c072a8ee22108d22429597e0e1aa8a8;hb=5d39143d7ea77173300af60264d191101e310902;hp=1d377dcb65cfe1495383c806b9e00b32b99fc0e6;hpb=f820435de4afc623ab896ba98767f3502bbc8328;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/UserAdminConf.java b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/UserAdminConf.java
index 1d377dcb6..19426b6c5 100644
--- a/org.argeo.enterprise/src/org/argeo/osgi/useradmin/UserAdminConf.java
+++ b/org.argeo.enterprise/src/org/argeo/osgi/useradmin/UserAdminConf.java
@@ -1,15 +1,12 @@
 package org.argeo.osgi.useradmin;
 
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
+import java.net.InetAddress;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URLDecoder;
 import java.util.Dictionary;
 import java.util.Enumeration;
 import java.util.Hashtable;
-import java.util.LinkedHashMap;
-import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 
@@ -19,6 +16,7 @@ import javax.naming.NamingException;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.naming.DnsBrowser;
+import org.argeo.naming.NamingUtils;
 import org.osgi.framework.Constants;
 
 /** Properties used to configure user admins. */
@@ -42,7 +40,10 @@ public enum UserAdminConf {
 	groupBase("ou=Groups"),
 
 	/** Read-only source */
-	readOnly(null);
+	readOnly(null),
+
+	/** Authentication realm */
+	realm(null);
 
 	public final static String FACTORY_PID = "org.argeo.osgi.useradmin.config";
 	private final static Log log = LogFactory.getLog(UserAdminConf.class);
@@ -128,6 +129,7 @@ public enum UserAdminConf {
 				scheme = u.getScheme();
 			}
 			String path = u.getPath();
+			// base DN
 			String bDn = path.substring(path.lastIndexOf('/') + 1, path.length());
 			if (bDn.endsWith(".ldif"))
 				bDn = bDn.substring(0, bDn.length() - ".ldif".length());
@@ -146,7 +148,7 @@ public enum UserAdminConf {
 				} else if (scheme.equals("ipa")) {
 				} else
 					throw new UserDirectoryException("Unsupported scheme " + scheme);
-			Map<String, List<String>> query = splitQuery(u.getQuery());
+			Map<String, List<String>> query = NamingUtils.queryToMap(u);
 			for (String key : query.keySet()) {
 				UserAdminConf ldapProp = UserAdminConf.valueOf(key);
 				List<String> values = query.get(key);
@@ -161,7 +163,7 @@ public enum UserAdminConf {
 				res.put(Context.SECURITY_PRINCIPAL, principal);
 			if (credentials != null)
 				res.put(Context.SECURITY_CREDENTIALS, credentials);
-			if (scheme != null) {
+			if (scheme != null) {// relative URIs are dealt with externally
 				URI bareUri = new URI(scheme, null, u.getHost(), u.getPort(),
 						scheme.equals("file") ? u.getPath() : null, null, null);
 				res.put(uri.name(), bareUri.toString());
@@ -173,13 +175,20 @@ public enum UserAdminConf {
 	}
 
 	private static URI convertIpaConfig(URI uri) {
-		assert uri.getPath() != null;
-		assert uri.getPath().length() > 1;
-		String kerberosDomain = uri.getPath().substring(1);
+		String path = uri.getPath();
+		String kerberosRealm;
+		if (path == null || path.length() <= 1) {
+			kerberosRealm = kerberosDomainFromDns();
+		} else {
+			kerberosRealm = path.substring(1);
+		}
+
+		if (kerberosRealm == null)
+			throw new UserDirectoryException("No Kerberos domain available for " + uri);
 		try (DnsBrowser dnsBrowser = new DnsBrowser()) {
 			String ldapHostsStr = uri.getHost();
 			if (ldapHostsStr == null || ldapHostsStr.trim().equals("")) {
-				List<String> ldapHosts = dnsBrowser.getSrvRecordsAsHosts("_ldap._tcp." + kerberosDomain.toLowerCase());
+				List<String> ldapHosts = dnsBrowser.getSrvRecordsAsHosts("_ldap._tcp." + kerberosRealm.toLowerCase());
 				if (ldapHosts == null || ldapHosts.size() == 0) {
 					throw new UserDirectoryException("Cannot configure LDAP for IPA " + uri);
 				} else {
@@ -187,7 +196,7 @@ public enum UserAdminConf {
 				}
 			}
 			URI convertedUri = new URI(
-					"ldap://" + ldapHostsStr + "/" + IpaUtils.domainToUserDirectoryConfigPath(kerberosDomain));
+					"ldap://" + ldapHostsStr + "/" + IpaUtils.domainToUserDirectoryConfigPath(kerberosRealm));
 			if (log.isDebugEnabled())
 				log.debug("Converted " + uri + " to " + convertedUri);
 			return convertedUri;
@@ -196,24 +205,41 @@ public enum UserAdminConf {
 		}
 	}
 
-	private static Map<String, List<String>> splitQuery(String query) throws UnsupportedEncodingException {
-		final Map<String, List<String>> query_pairs = new LinkedHashMap<String, List<String>>();
-		if (query == null)
-			return query_pairs;
-		final String[] pairs = query.split("&");
-		for (String pair : pairs) {
-			final int idx = pair.indexOf("=");
-			final String key = idx > 0 ? URLDecoder.decode(pair.substring(0, idx), "UTF-8") : pair;
-			if (!query_pairs.containsKey(key)) {
-				query_pairs.put(key, new LinkedList<String>());
-			}
-			final String value = idx > 0 && pair.length() > idx + 1
-					? URLDecoder.decode(pair.substring(idx + 1), "UTF-8") : null;
-			query_pairs.get(key).add(value);
+	private static String kerberosDomainFromDns() {
+		String kerberosDomain;
+		try (DnsBrowser dnsBrowser = new DnsBrowser()) {
+			InetAddress localhost = InetAddress.getLocalHost();
+			String hostname = localhost.getHostName();
+			String dnsZone = hostname.substring(hostname.indexOf('.') + 1);
+			kerberosDomain = dnsBrowser.getRecord("_kerberos." + dnsZone, "TXT");
+			return kerberosDomain;
+		} catch (Exception e) {
+			throw new UserDirectoryException("Cannot determine Kerberos domain from DNS", e);
 		}
-		return query_pairs;
+
 	}
 
+	// private static Map<String, List<String>> splitQuery(String query) throws
+	// UnsupportedEncodingException {
+	// final Map<String, List<String>> query_pairs = new LinkedHashMap<String,
+	// List<String>>();
+	// if (query == null)
+	// return query_pairs;
+	// final String[] pairs = query.split("&");
+	// for (String pair : pairs) {
+	// final int idx = pair.indexOf("=");
+	// final String key = idx > 0 ? URLDecoder.decode(pair.substring(0, idx),
+	// "UTF-8") : pair;
+	// if (!query_pairs.containsKey(key)) {
+	// query_pairs.put(key, new LinkedList<String>());
+	// }
+	// final String value = idx > 0 && pair.length() > idx + 1
+	// ? URLDecoder.decode(pair.substring(idx + 1), "UTF-8") : null;
+	// query_pairs.get(key).add(value);
+	// }
+	// return query_pairs;
+	// }
+
 	public static void main(String[] args) {
 		Dictionary<String, ?> props = uriAsProperties("ldap://" + "uid=admin,ou=system:secret@localhost:10389"
 				+ "/dc=example,dc=com" + "?readOnly=false&userObjectClass=person");