Multiple user referentials working with IPA.

[lgpl/argeo-commons.git] / org.argeo.util / src / org / argeo / util / directory / ldap / AbstractLdapDirectory.java

diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
index 74dd15edec4c658ca9df5af3a3446e7b0cb1cf4e..5cd4ac1a57e30da57efb844e1358a15b8efd79d8 100644 (file)
--- a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
+++ b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
@@ -14,6 +14,7 @@ import java.util.Locale;
 import java.util.Optional;
 import java.util.StringJoiner;
 
+import javax.naming.Context;
 import javax.naming.InvalidNameException;
 import javax.naming.NameNotFoundException;
 import javax.naming.NamingEnumeration;
@@ -62,6 +63,9 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv
 
        private LdapDirectoryDao directoryDao;
 
+       /** Whether the the directory has is authenticated via a service user. */
+       private boolean authenticated = false;
+
        public AbstractLdapDirectory(URI uriArg, Dictionary<String, ?> props, boolean scoped) {
                this.configProperties = new Hashtable<String, Object>();
                for (Enumeration<String> keys = props.keys(); keys.hasMoreElements();) {
@@ -130,10 +134,13 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv
                                if (DirectoryConf.SCHEME_LDAP.equals(u.getScheme())
                                                || DirectoryConf.SCHEME_LDAPS.equals(u.getScheme())) {
                                        directoryDao = new LdapDao(this);
+                                       authenticated = configProperties.get(Context.SECURITY_PRINCIPAL) != null;
                                } else if (DirectoryConf.SCHEME_FILE.equals(u.getScheme())) {
                                        directoryDao = new LdifDao(this);
+                                       authenticated = true;
                                } else if (DirectoryConf.SCHEME_OS.equals(u.getScheme())) {
                                        directoryDao = new OsUserDirectory(this);
+                                       authenticated = true;
                                        // singleUser = true;
                                } else {
                                        throw new IllegalArgumentException("Unsupported scheme " + u.getScheme());
@@ -378,7 +385,8 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv
                        for (int i = 0; i < segments.length; i++) {
                                String segment = segments[i];
                                // TODO make attr names configurable ?
-                               String attr = path.startsWith("accounts/")/* IPA */ ? LdapAttrs.cn.name() : LdapAttrs.ou.name();
+                               String attr = getDirectory().getRealm().isPresent()/* IPA */ ? LdapAttrs.cn.name()
+                                               : LdapAttrs.ou.name();
                                if (parentRdn != null) {
                                        if (getUserBaseRdn().equals(parentRdn))
                                                attr = LdapAttrs.uid.name();
@@ -490,6 +498,10 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv
                return disabled;
        }
 
+       public boolean isAuthenticated() {
+               return authenticated;
+       }
+
        public Rdn getUserBaseRdn() {
                return userBaseRdn;
        }