Example 1 with BindResult
use of com.unboundid.ldap.sdk.BindResult in project spring-boot by spring-projects.
the class EmbeddedLdapAutoConfigurationTests method testSetCredentials.
@Test
public void testSetCredentials() throws LDAPException {
load("spring.ldap.embedded.base-dn:dc=spring,dc=org", "spring.ldap.embedded.credential.username:uid=root", "spring.ldap.embedded.credential.password:boot");
InMemoryDirectoryServer server = this.context.getBean(InMemoryDirectoryServer.class);
BindResult result = server.bind("uid=root", "boot");
assertThat(result).isNotNull();
}
Also used :
InMemoryDirectoryServer(com.unboundid.ldap.listener.InMemoryDirectoryServer)
BindResult(com.unboundid.ldap.sdk.BindResult)
Test(org.junit.Test)
Example 2 with BindResult
use of com.unboundid.ldap.sdk.BindResult in project gitblit by gitblit.
the class LdapKeyManager method getKeysImpl.
@Override
protected List<SshKey> getKeysImpl(String username) {
try (LdapConnection conn = new LdapConnection(settings)) {
if (conn.connect()) {
log.info("loading ssh key for {} from LDAP directory", username);
BindResult bindResult = conn.bind();
if (bindResult == null) {
conn.close();
return null;
}
// Search the user entity
// Support prefixing the key data, e.g. when using altSecurityIdentities in AD.
String pubKeyAttribute = settings.getString(Keys.realm.ldap.sshPublicKey, "sshPublicKey");
String pkaPrefix = null;
int idx = pubKeyAttribute.indexOf(':');
if (idx > 0) {
pkaPrefix = pubKeyAttribute.substring(idx + 1);
pubKeyAttribute = pubKeyAttribute.substring(0, idx);
}
SearchResult result = conn.searchUser(getSimpleUsername(username), Arrays.asList(pubKeyAttribute));
conn.close();
if (result != null && result.getResultCode() == ResultCode.SUCCESS) {
if (result.getEntryCount() > 1) {
log.info("Found more than one entry for user {} in LDAP. Cannot retrieve SSH key.", username);
return null;
} else if (result.getEntryCount() < 1) {
log.info("Found no entry for user {} in LDAP. Cannot retrieve SSH key.", username);
return null;
}
// Retrieve the SSH key attributes
SearchResultEntry foundUser = result.getSearchEntries().get(0);
String[] attrs = foundUser.getAttributeValues(pubKeyAttribute);
if (attrs == null || attrs.length == 0) {
log.info("found no keys for user {} under attribute {} in directory", username, pubKeyAttribute);
return null;
}
// Filter resulting list to match with required special prefix in entry
List<GbAuthorizedKeyEntry> authorizedKeys = new ArrayList<>(attrs.length);
Matcher m = PREFIX_PATTERN.matcher("");
for (int i = 0; i < attrs.length; ++i) {
// strip out line breaks
String keyEntry = Joiner.on("").join(attrs[i].replace("\r\n", "\n").split("\n"));
m.reset(keyEntry);
try {
if (m.lookingAt()) {
// Key is prefixed in LDAP
if (pkaPrefix == null) {
continue;
}
String prefix = m.group(1).trim();
if (!pkaPrefix.equalsIgnoreCase(prefix)) {
continue;
}
// Strip prefix off
String s = keyEntry.substring(m.end());
authorizedKeys.add(GbAuthorizedKeyEntry.parseAuthorizedKeyEntry(s));
} else {
// Key is not prefixed in LDAP
if (pkaPrefix != null) {
continue;
}
// Strip prefix off
String s = keyEntry;
authorizedKeys.add(GbAuthorizedKeyEntry.parseAuthorizedKeyEntry(s));
}
} catch (IllegalArgumentException e) {
log.info("Failed to parse key entry={}:", keyEntry, e.getMessage());
}
}
List<SshKey> keyList = new ArrayList<>(authorizedKeys.size());
for (GbAuthorizedKeyEntry keyEntry : authorizedKeys) {
try {
SshKey key = new SshKey(keyEntry.resolvePublicKey());
key.setComment(keyEntry.getComment());
setKeyPermissions(key, keyEntry);
keyList.add(key);
} catch (GeneralSecurityException | IOException e) {
log.warn("Error resolving key entry for user {}. Entry={}", username, keyEntry, e);
}
}
return keyList;
}
}
}
return null;
}
Also used :
Matcher(java.util.regex.Matcher)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
SearchResult(com.unboundid.ldap.sdk.SearchResult)
IOException(java.io.IOException)
BindResult(com.unboundid.ldap.sdk.BindResult)
LdapConnection(com.gitblit.ldap.LdapConnection)
SearchResultEntry(com.unboundid.ldap.sdk.SearchResultEntry)
Example 3 with BindResult
use of com.unboundid.ldap.sdk.BindResult in project gitblit by gitblit.
the class LdapConnectionTest method testRebindAsUser.
@Test
public void testRebindAsUser() {
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
assertFalse(conn.rebindAsUser());
BindResult br = conn.bind();
assertNotNull(br);
assertFalse(conn.rebindAsUser());
String bindPattern = "CN=${username},OU=Canada," + ACCOUNT_BASE;
br = conn.bind(bindPattern, "UserThree", "userThreePassword");
assertNotNull(br);
assertFalse(conn.rebindAsUser());
br = conn.bind();
assertNotNull(br);
assertTrue(conn.rebindAsUser());
assertEquals(ResultCode.SUCCESS, br.getResultCode());
assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, authMode.getBindTracker().getLastSuccessfulBindDN());
} finally {
conn.close();
}
}
Also used :
BindResult(com.unboundid.ldap.sdk.BindResult)
LdapConnection(com.gitblit.ldap.LdapConnection)
Test(org.junit.Test)
Example 4 with BindResult
use of com.unboundid.ldap.sdk.BindResult in project gitblit by gitblit.
the class LdapConnectionTest method testBindToBindpattern.
@Test
public void testBindToBindpattern() {
LdapConnection conn = new LdapConnection(settings);
try {
assertTrue(conn.connect());
String bindPattern = "CN=${username},OU=Canada," + ACCOUNT_BASE;
BindResult br = conn.bind(bindPattern, "UserThree", "userThreePassword");
assertNotNull(br);
assertEquals(ResultCode.SUCCESS, br.getResultCode());
assertEquals("CN=UserThree,OU=Canada," + ACCOUNT_BASE, authMode.getBindTracker().getLastSuccessfulBindDN(br.getMessageID()));
br = conn.bind(bindPattern, "UserFour", "userThreePassword");
assertNull(br);
br = conn.bind(bindPattern, "UserTwo", "userTwoPassword");
assertNull(br);
} finally {
conn.close();
}
}
Also used :
BindResult(com.unboundid.ldap.sdk.BindResult)
LdapConnection(com.gitblit.ldap.LdapConnection)
Test(org.junit.Test)
Example 5 with BindResult
use of com.unboundid.ldap.sdk.BindResult in project gitblit by gitblit.
the class LdapConnection method bind.
/**
* Bind using the manager credentials set in realm.ldap.username and ..password
* @return A bind result, or null if binding failed.
*/
public BindResult bind() {
BindResult result = null;
try {
result = conn.bind(managerBindRequest);
currentBindRequest = managerBindRequest;
} catch (LDAPException e) {
logger.error("Error authenticating to LDAP with manager account to search the directory.");
logger.error(" Please check your settings for realm.ldap.username and realm.ldap.password.");
logger.debug(" Received exception when binding to LDAP", e);
return null;
}
return result;
}
Also used :
LDAPException(com.unboundid.ldap.sdk.LDAPException)
BindResult(com.unboundid.ldap.sdk.BindResult)
Aggregations
BindResult (com.unboundid.ldap.sdk.BindResult)13
LdapConnection (com.gitblit.ldap.LdapConnection)9
Test (org.junit.Test)8
SearchResult (com.unboundid.ldap.sdk.SearchResult)5
SearchResultEntry (com.unboundid.ldap.sdk.SearchResultEntry)5
LDAPException (com.unboundid.ldap.sdk.LDAPException)3
ArrayList (java.util.ArrayList)2
TeamModel (com.gitblit.models.TeamModel)1
UserModel (com.gitblit.models.UserModel)1
InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)1
ExtendedResult (com.unboundid.ldap.sdk.ExtendedResult)1
LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)1
SearchRequest (com.unboundid.ldap.sdk.SearchRequest)1
SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)1
StartTLSExtendedRequest (com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)1
IOException (java.io.IOException)1
GeneralSecurityException (java.security.GeneralSecurityException)1
Matcher (java.util.regex.Matcher)1
SSLContext (javax.net.ssl.SSLContext)1
