Examples with SimpleBindRequest com.unboundid.ldap.sdk.SimpleBindRequest used on opensource projects

Example 1 with SimpleBindRequest

use of com.unboundid.ldap.sdk.SimpleBindRequest in project gitblit by gitblit.

the class LdapConnection method isAuthenticated.

public boolean isAuthenticated(String userDn, String password) {
    verifyCurrentBinding();
    // If the currently bound DN is already the DN of the logging in user, authentication has already happened
    // during the previous bind operation. We accept this and return with the current bind left in place.
    // This could also be changed to always retry binding as the logging in user, to make sure that the
    // connection binding has not been tampered with in between. So far I see no way how this could happen
    // and thus skip the repeated binding.
    // This check also makes sure that the DN in realm.ldap.bindpattern actually matches the DN that was found
    // when searching the user entry.
    String boundDN = currentBindRequest.getBindDN();
    if (boundDN != null && boundDN.equals(userDn)) {
        return true;
    }
    // Bind a the logging in user to check for authentication.
    // Afterwards, bind as the original bound DN again, to restore the previous authorization.
    boolean isAuthenticated = false;
    try {
        // Binding will stop any LDAP-Injection Attacks since the searched-for user needs to bind to that DN
        SimpleBindRequest ubr = new SimpleBindRequest(userDn, password);
        conn.bind(ubr);
        isAuthenticated = true;
        userBindRequest = ubr;
    } catch (LDAPException e) {
        logger.error("Error authenticating user ({})", userDn, e);
    }
    try {
        conn.bind(currentBindRequest);
    } catch (LDAPException e) {
        logger.error("Error reinstating original LDAP authorization (code {}). Team information may be inaccurate for this log in.", e.getResultCode(), e);
    }
    return isAuthenticated;
}

Example 2 with SimpleBindRequest

use of com.unboundid.ldap.sdk.SimpleBindRequest in project gitblit by gitblit.

the class LdapConnection method verifyCurrentBinding.

private boolean verifyCurrentBinding() {
    BindRequest lastBind = conn.getLastBindRequest();
    if (lastBind == currentBindRequest) {
        return true;
    }
    logger.debug("Unexpected binding in LdapConnection. {} != {}", lastBind, currentBindRequest);
    String lastBoundDN = ((SimpleBindRequest) lastBind).getBindDN();
    String boundDN = currentBindRequest.getBindDN();
    logger.debug("Currently bound as '{}', check authentication for '{}'", lastBoundDN, boundDN);
    if (boundDN != null && !boundDN.equals(lastBoundDN)) {
        logger.warn("Unexpected binding DN in LdapConnection. '{}' != '{}'.", lastBoundDN, boundDN);
        logger.warn("Updated binding information in LDAP connection.");
        currentBindRequest = (SimpleBindRequest) lastBind;
        return false;
    }
    return true;
}

Example 3 with SimpleBindRequest

use of com.unboundid.ldap.sdk.SimpleBindRequest in project gitblit by gitblit.

the class LdapConnection method bind.

/**
	 * Bind using the given credentials, by filling in the username in the given {@code bindPattern} to
	 * create the DN.
	 * @return A bind result, or null if binding failed.
	 */
public BindResult bind(String bindPattern, String simpleUsername, String password) {
    BindResult result = null;
    try {
        String bindUser = StringUtils.replace(bindPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));
        SimpleBindRequest request = new SimpleBindRequest(bindUser, password);
        result = conn.bind(request);
        userBindRequest = request;
        currentBindRequest = userBindRequest;
    } catch (LDAPException e) {
        logger.error("Error authenticating to LDAP with user account to search the directory.");
        logger.error("  Please check your settings for realm.ldap.bindpattern.");
        logger.debug("  Received exception when binding to LDAP", e);
        return null;
    }
    return result;
}

Example 4 with SimpleBindRequest

use of com.unboundid.ldap.sdk.SimpleBindRequest in project oxCore by GluuFederation.

the class LDAPConnectionProvider method init.

/**
	 * This method is used to create LDAPConnectionPool
	 *
	 * @throws NumberFormatException
	 * @throws LDAPException
	 * @throws GeneralSecurityException
	 * @throws EncryptionException
	 * @throws EncryptionException
	 */
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
    String serverProp = props.getProperty("servers");
    this.servers = serverProp.split(",");
    this.addresses = new String[this.servers.length];
    this.ports = new int[this.servers.length];
    for (int i = 0; i < this.servers.length; i++) {
        String str = this.servers[i];
        this.addresses[i] = str.substring(0, str.indexOf(":")).trim();
        this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
    }
    BindRequest bindRequest = null;
    if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
        this.bindDn = null;
        this.bindPassword = null;
        bindRequest = new SimpleBindRequest();
    } else {
        this.bindDn = props.getProperty("bindDN");
        this.bindPassword = props.getProperty("bindPassword");
        bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
    }
    LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
    connectionOptions.setConnectTimeoutMillis(100 * 1000);
    connectionOptions.setAutoReconnect(true);
    this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
    SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
    FailoverServerSet failoverSet;
    if (this.useSSL) {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
    } else {
        failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
    }
    int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
    this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
    if (this.connectionPool != null) {
        this.connectionPool.setCreateIfNecessary(true);
        String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
        if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
            this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
        }
    }
    this.binaryAttributes = new ArrayList<String>();
    if (props.containsKey("binaryAttributes")) {
        String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
        this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
    }
    log.debug("Using next binary attributes: " + this.binaryAttributes);
    this.supportedLDAPVersion = determineSupportedLdapVersion();
    this.subschemaSubentry = determineSubschemaSubentry();
    this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
    this.creationResultCode = ResultCode.SUCCESS;
}