use of com.unboundid.ldap.sdk.BindRequest in project gitblit by gitblit.
the class LdapConnection method verifyCurrentBinding.
private boolean verifyCurrentBinding() {
BindRequest lastBind = conn.getLastBindRequest();
if (lastBind == currentBindRequest) {
return true;
}
logger.debug("Unexpected binding in LdapConnection. {} != {}", lastBind, currentBindRequest);
String lastBoundDN = ((SimpleBindRequest) lastBind).getBindDN();
String boundDN = currentBindRequest.getBindDN();
logger.debug("Currently bound as '{}', check authentication for '{}'", lastBoundDN, boundDN);
if (boundDN != null && !boundDN.equals(lastBoundDN)) {
logger.warn("Unexpected binding DN in LdapConnection. '{}' != '{}'.", lastBoundDN, boundDN);
logger.warn("Updated binding information in LDAP connection.");
currentBindRequest = (SimpleBindRequest) lastBind;
return false;
}
return true;
}
use of com.unboundid.ldap.sdk.BindRequest in project graylog2-server by Graylog2.
the class UnboundLDAPConnector method connect.
public LDAPConnection connect(LDAPConnectorConfig ldapConfig) throws GeneralSecurityException, LDAPException {
if (ldapConfig.serverList().isEmpty()) {
LOG.warn("Cannot connect with empty server list");
return null;
}
final String[] addresses = ldapConfig.serverList().stream().map(LDAPConnectorConfig.LDAPServer::hostname).toArray(String[]::new);
final int[] ports = ldapConfig.serverList().stream().mapToInt(LDAPConnectorConfig.LDAPServer::port).toArray();
final LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
connectionOptions.setUseReuseAddress(true);
connectionOptions.setConnectTimeoutMillis(connectionTimeout);
StartTLSExtendedRequest startTLSRequest = null;
SocketFactory socketFactory = null;
if (ldapConfig.transportSecurity() != LDAPTransportSecurity.NONE) {
SSLUtil.setEnabledSSLProtocols(tlsConfiguration.getEnabledTlsProtocols());
final SSLUtil sslUtil;
if (ldapConfig.verifyCertificates()) {
sslUtil = new SSLUtil(trustManagerProvider.create(Arrays.asList(addresses)));
} else {
sslUtil = new SSLUtil(new TrustAllX509TrustManager());
}
if (ldapConfig.transportSecurity() == LDAPTransportSecurity.START_TLS) {
// Use the StartTLS extended operation to secure the connection.
startTLSRequest = new StartTLSExtendedRequest(sslUtil.createSSLContext());
} else if (ldapConfig.transportSecurity() == LDAPTransportSecurity.TLS) {
socketFactory = sslUtil.createSSLSocketFactory();
}
}
final FailoverServerSet serverSet = new FailoverServerSet(addresses, ports, socketFactory, connectionOptions, null, null);
final LDAPConnection connection = serverSet.getConnection();
if (startTLSRequest != null) {
final ExtendedResult startTLSResult = connection.processExtendedOperation(startTLSRequest);
LDAPTestUtils.assertResultCodeEquals(startTLSResult, ResultCode.SUCCESS);
}
if (ldapConfig.systemUsername().isPresent()) {
if (ldapConfig.systemPassword().isSet()) {
final String systemPassword = encryptedValueService.decrypt(ldapConfig.systemPassword());
final BindRequest bindRequest = new SimpleBindRequest(ldapConfig.systemUsername().get(), systemPassword);
connection.bind(bindRequest);
} else {
LOG.warn("System username has been set to <{}> but no system password has been set. Skipping bind request.", ldapConfig.systemUsername().get());
}
}
return connection;
}
use of com.unboundid.ldap.sdk.BindRequest in project oxCore by GluuFederation.
the class LDAPConnectionProvider method init.
/**
* This method is used to create LDAPConnectionPool
*
* @throws NumberFormatException
* @throws LDAPException
* @throws GeneralSecurityException
* @throws EncryptionException
* @throws EncryptionException
*/
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
String serverProp = props.getProperty("servers");
this.servers = serverProp.split(",");
this.addresses = new String[this.servers.length];
this.ports = new int[this.servers.length];
for (int i = 0; i < this.servers.length; i++) {
String str = this.servers[i];
this.addresses[i] = str.substring(0, str.indexOf(":")).trim();
this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
}
BindRequest bindRequest = null;
if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
this.bindDn = null;
this.bindPassword = null;
bindRequest = new SimpleBindRequest();
} else {
this.bindDn = props.getProperty("bindDN");
this.bindPassword = props.getProperty("bindPassword");
bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
}
LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
connectionOptions.setConnectTimeoutMillis(100 * 1000);
connectionOptions.setAutoReconnect(true);
this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
FailoverServerSet failoverSet;
if (this.useSSL) {
failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
} else {
failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
}
int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
if (this.connectionPool != null) {
this.connectionPool.setCreateIfNecessary(true);
String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
}
}
this.binaryAttributes = new ArrayList<String>();
if (props.containsKey("binaryAttributes")) {
String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
}
log.debug("Using next binary attributes: " + this.binaryAttributes);
this.supportedLDAPVersion = determineSupportedLdapVersion();
this.subschemaSubentry = determineSubschemaSubentry();
this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
this.creationResultCode = ResultCode.SUCCESS;
}
use of com.unboundid.ldap.sdk.BindRequest in project oxCore by GluuFederation.
the class LdapConnectionProvider method init.
/**
* This method is used to create LDAPConnectionPool
*
* @throws NumberFormatException
* @throws LDAPException
* @throws GeneralSecurityException
* @throws EncryptionException
* @throws EncryptionException
*/
public void init(Properties props) throws NumberFormatException, LDAPException, GeneralSecurityException {
String serverProp = props.getProperty("servers");
this.servers = serverProp.split(",");
this.addresses = new String[this.servers.length];
this.ports = new int[this.servers.length];
for (int i = 0; i < this.servers.length; i++) {
String str = this.servers[i];
int idx = str.indexOf(":");
if (idx == -1) {
throw new InvalidConfigurationException("Ldap server settings should be in format server:port");
}
this.addresses[i] = str.substring(0, idx).trim();
this.ports[i] = Integer.parseInt(str.substring(str.indexOf(":") + 1, str.length()));
}
BindRequest bindRequest = null;
if (StringHelper.isEmpty(props.getProperty("bindDN"))) {
this.bindDn = null;
this.bindPassword = null;
bindRequest = new SimpleBindRequest();
} else {
this.bindDn = props.getProperty("bindDN");
this.bindPassword = props.getProperty("bindPassword");
bindRequest = new SimpleBindRequest(this.bindDn, this.bindPassword);
}
LDAPConnectionOptions connectionOptions = new LDAPConnectionOptions();
connectionOptions.setConnectTimeoutMillis(100 * 1000);
connectionOptions.setAutoReconnect(true);
this.useSSL = Boolean.valueOf(props.getProperty("useSSL")).booleanValue();
SSLUtil sslUtil = null;
FailoverServerSet failoverSet;
if (this.useSSL) {
String sslTrustStoreFile = props.getProperty("ssl.trustStoreFile");
String sslTrustStorePin = props.getProperty("ssl.trustStorePin");
String sslTrustStoreFormat = props.getProperty("ssl.trustStoreFormat");
if (StringHelper.isEmpty(sslTrustStoreFile) && StringHelper.isEmpty(sslTrustStorePin)) {
sslUtil = new SSLUtil(new TrustAllTrustManager());
} else {
TrustStoreTrustManager trustStoreTrustManager = new TrustStoreTrustManager(sslTrustStoreFile, sslTrustStorePin.toCharArray(), sslTrustStoreFormat, true);
sslUtil = new SSLUtil(trustStoreTrustManager);
}
failoverSet = new FailoverServerSet(this.addresses, this.ports, sslUtil.createSSLSocketFactory(SSL_PROTOCOLS[0]), connectionOptions);
} else {
failoverSet = new FailoverServerSet(this.addresses, this.ports, connectionOptions);
}
int maxConnections = Integer.parseInt(props.getProperty("maxconnections"));
this.connectionPool = createConnectionPoolWithWaitImpl(props, failoverSet, bindRequest, connectionOptions, maxConnections, sslUtil);
if (this.connectionPool != null) {
this.connectionPool.setCreateIfNecessary(true);
String connectionMaxWaitTime = props.getProperty("connection-max-wait-time");
if (StringHelper.isNotEmpty(connectionMaxWaitTime)) {
this.connectionPool.setMaxWaitTimeMillis(Long.parseLong(connectionMaxWaitTime));
}
}
this.binaryAttributes = new ArrayList<String>();
if (props.containsKey("binaryAttributes")) {
String[] binaryAttrs = StringHelper.split(props.get("binaryAttributes").toString().toLowerCase(), ",");
this.binaryAttributes.addAll(Arrays.asList(binaryAttrs));
}
LOG.debug("Using next binary attributes: " + this.binaryAttributes);
this.certificateAttributes = new ArrayList<String>();
if (props.containsKey("certificateAttributes")) {
String[] binaryAttrs = StringHelper.split(props.get("certificateAttributes").toString().toLowerCase(), ",");
this.certificateAttributes.addAll(Arrays.asList(binaryAttrs));
}
LOG.debug("Using next binary certificateAttributes: " + this.certificateAttributes);
this.supportedLDAPVersion = determineSupportedLdapVersion();
this.subschemaSubentry = determineSubschemaSubentry();
this.supportsSubtreeDeleteRequestControl = supportsSubtreeDeleteRequestControl();
this.creationResultCode = ResultCode.SUCCESS_INT_VALUE;
}
use of com.unboundid.ldap.sdk.BindRequest in project zm-mailbox by Zimbra.
the class LdapConnectionPool method createConnPool.
private static LDAPConnectionPool createConnPool(LdapServerConfig config) throws LdapException {
LdapServerPool serverPool = new LdapServerPool(config);
ServerSet serverSet = serverPool.getServerSet();
BindRequest bindRequest = createBindRequest(config);
PostConnectProcessor postConnectProcessor = null;
if (serverPool.getConnectionType() == LdapConnType.STARTTLS) {
SSLContext startTLSContext = LdapSSLUtil.createSSLContext(config.sslAllowUntrustedCerts());
postConnectProcessor = new StartTLSPostConnectProcessor(startTLSContext);
}
LDAPConnectionPool connPool = null;
try {
connPool = new LDAPConnectionPool(serverSet, bindRequest, config.getConnPoolInitSize(), config.getConnPoolMaxSize(), postConnectProcessor);
connPool.setRetryFailedOperationsDueToInvalidConnections(true);
} catch (LDAPException e) {
throw UBIDLdapException.mapToLdapException(e);
}
return connPool;
}
Aggregations