From: Mathieu Baudier <mbaudier@argeo.org>
Date: Wed, 17 Mar 2010 11:28:34 +0000 (+0000)
Subject: Change default LDAP structure
X-Git-Tag: argeo-commons-2.1.30~1640
X-Git-Url: https://git.argeo.org/?a=commitdiff_plain;h=9f2aa390f921ccb05e0b6fbf1f2f25f0902d9705;p=lgpl%2Fargeo-commons.git

Change default LDAP structure

git-svn-id: https://svn.argeo.org/commons/trunk@3430 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---

diff --git a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
index b479f1560..bd0c9969e 100644
--- a/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
+++ b/security/modules/org.argeo.security.manager.ldap/META-INF/spring/ldap.xml
@@ -52,7 +52,7 @@
 		<constructor-arg ref="contextSource" />
 		<property name="userDnPatterns">
 			<list>
-				<value>uid={0},ou=users</value>
+				<value>uid={0},ou=People</value>
 			</list>
 		</property>
 		<property name="passwordEncoder">
@@ -60,25 +60,4 @@
 				class="org.springframework.security.providers.ldap.authenticator.LdapShaPasswordEncoder" />
 		</property>
 	</bean>
-
-
-	<!--
-		<bean id="authoritiesPopulator"
-		class="org.argeo.security.ldap.ArgeoLdapAuthoritiesPopulator">
-		<constructor-arg ref="contextSource" /> <constructor-arg
-		value="ou=groups" /> <property name="defaultRole" value="ROLE_USER" />
-		<property name="groupSearchFilter" value="uniqueMember={0}" /> </bean>
-
-		<bean id="userDetailsManager"
-		class="org.springframework.security.userdetails.ldap.LdapUserDetailsManager">
-		<constructor-arg ref="contextSource" /> <property
-		name="userDetailsMapper" ref="userDetailsMapper" /> <property
-		name="groupSearchBase" value="ou=groups" /> <property
-		name="usernameMapper"> <bean
-		class="org.springframework.security.ldap.DefaultLdapUsernameToDnMapper">
-		<constructor-arg value="ou=users" /> <constructor-arg value="uid" />
-		</bean> </property> </bean> <bean id="userDetailsMapper"
-		class="org.argeo.security.ldap.ArgeoUserDetailsContextMapper">
-		<property name="userNatureMappers" ref="userNatureMappers" /> </bean>
-	-->
 </beans>
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
index 29c2e743d..c9ba367c6 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
@@ -37,11 +37,12 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 
 	private UserDetailsManager userDetailsManager;
 	private LdapAuthoritiesPopulator authoritiesPopulator;
-	private String userBase = "ou=users";
+	private String userBase = "ou=People";
 	private String usernameAttributeName = "uid";
-	private String groupBase = "ou=groups";
+	private String groupBase = "ou=Roles";
+	private String[] groupClasses = { "top", "groupOfNames" };
 	private String groupRoleAttributeName = "cn";
-	private String groupMemberAttributeName = "uniquemember";
+	private String groupMemberAttributeName = "member";
 	private String defaultRole = "ROLE_USER";
 	private String rolePrefix = "ROLE_";
 
@@ -167,12 +168,12 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 
 		Name groupDn = buildGroupDn(group);
 		DirContextAdapter context = new DirContextAdapter();
-		context.setAttributeValues("objectClass", new String[] { "top",
-				"groupOfUniqueNames" });
+		context.setAttributeValues("objectClass", groupClasses);
 		context.setAttributeValue("cn", group);
 
 		// Add superuser because cannot create empty group
-		context.setAttributeValue("uniqueMember", superuserDn.toString());
+		context.setAttributeValue(groupMemberAttributeName, superuserDn
+				.toString());
 
 		ldapTemplate.bind(groupDn, context, null);
 	}
@@ -267,4 +268,8 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 	public String getDefaultRole() {
 		return defaultRole;
 	}
+
+	public void setGroupClasses(String[] groupClasses) {
+		this.groupClasses = groupClasses;
+	}
 }
diff --git a/server/modules/org.argeo.server.ads.server/init.ldif b/server/modules/org.argeo.server.ads.server/init.ldif
index 98b9944a0..f763b4e3e 100644
--- a/server/modules/org.argeo.server.ads.server/init.ldif
+++ b/server/modules/org.argeo.server.ads.server/init.ldif
@@ -4,17 +4,17 @@ objectClass: extensibleObject
 objectClass: top
 dc: demo
 
-dn: ou=groups,dc=demo,dc=argeo,dc=org
+dn: ou=Roles,dc=demo,dc=argeo,dc=org
 objectClass: organizationalUnit
 objectClass: top
-ou: groups
+ou: Roles
 
-dn: ou=users,dc=demo,dc=argeo,dc=org
+dn: ou=People,dc=demo,dc=argeo,dc=org
 objectClass: organizationalUnit
 objectClass: top
-ou: users
+ou: People
 
-dn: uid=demo,ou=users,dc=demo,dc=argeo,dc=org
+dn: uid=demo,ou=People,dc=demo,dc=argeo,dc=org
 objectClass: organizationalPerson
 objectClass: person
 objectClass: inetOrgPerson
@@ -27,7 +27,7 @@ sn: User
 uid: demo
 userpassword:: e1NIQX1pZVNWNTVRYytlUU9hWURSU2hhL0Fqek5USkU9
 
-dn: uid=root,ou=users,dc=demo,dc=argeo,dc=org
+dn: uid=root,ou=People,dc=demo,dc=argeo,dc=org
 objectClass: person
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
@@ -40,8 +40,8 @@ sn: Root
 uid: root
 userpassword:: e1NIQX1pZVNWNTVRYytlUU9hWURSU2hhL0Fqek5USkU9
 
-dn: cn=admin,ou=groups,dc=demo,dc=argeo,dc=org
-objectClass: groupOfUniqueNames
+dn: cn=admin,ou=Roles,dc=demo,dc=argeo,dc=org
+objectClass: groupOfNames
 objectClass: top
 cn: admin
-uniquemember: uid=root,ou=users,dc=demo,dc=argeo,dc=org
+member: uid=root,ou=People,dc=demo,dc=argeo,dc=org