Example 6 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class InMemoryOperationInterceptorTestCase method testWithoutTransformations.
/**
* Tests to ensure that everything works properly without any transformations
* in place.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testWithoutTransformations() throws Exception {
final LDAPConnection conn = ds.getConnection();
final SimpleBindRequest simpleBind = new SimpleBindRequest("cn=Directory Manager", "password");
assertResultCodeEquals(conn, simpleBind, ResultCode.SUCCESS);
final PLAINBindRequest plainBind = new PLAINBindRequest("dn:cn=Directory Manager", "password");
assertResultCodeEquals(conn, plainBind, ResultCode.SUCCESS);
final WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
assertResultCodeEquals(whoAmIResult, ResultCode.SUCCESS);
assertTrue(whoAmIResult.getAuthorizationID().startsWith("dn:"));
assertDNsEqual(whoAmIResult.getAuthorizationID().substring(3), "cn=Directory Manager");
final AddRequest addRequest = new AddRequest("dn: ou=test,dc=example,dc=com", "objectClass: top", "objectClass: organizationalUnit", "ou: test");
assertResultCodeEquals(conn, addRequest, ResultCode.SUCCESS);
final SearchResult searchResult = conn.search("ou=test,dc=example,dc=com", SearchScope.SUB, "(objectClass=*)");
assertResultCodeEquals(searchResult, ResultCode.SUCCESS);
assertEntriesReturnedEquals(searchResult, 1);
assertDNsEqual(searchResult.getSearchEntries().get(0).getDN(), "ou=test,dc=example,dc=com");
final CompareRequest compareRequest = new CompareRequest("ou=test,dc=example,dc=com", "ou", "test");
assertResultCodeEquals(conn, compareRequest, ResultCode.COMPARE_TRUE);
final ModifyRequest modifyRequest = new ModifyRequest("dn: ou=test,dc=example,dc=com", "changetype: modify", "replace: description", "description: foo");
assertResultCodeEquals(conn, modifyRequest, ResultCode.SUCCESS);
final ModifyDNRequest modifyDNRequest = new ModifyDNRequest("ou=test,dc=example,dc=com", "ou=renamed test", true);
assertResultCodeEquals(conn, modifyDNRequest, ResultCode.SUCCESS);
final DeleteRequest deleteRequest = new DeleteRequest("ou=renamed test,dc=example,dc=com");
assertResultCodeEquals(conn, deleteRequest, ResultCode.SUCCESS);
conn.close();
}
Also used :
WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult)
AddRequest(com.unboundid.ldap.sdk.AddRequest)
ModifyDNRequest(com.unboundid.ldap.sdk.ModifyDNRequest)
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
CompareRequest(com.unboundid.ldap.sdk.CompareRequest)
WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
SearchResult(com.unboundid.ldap.sdk.SearchResult)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
ModifyRequest(com.unboundid.ldap.sdk.ModifyRequest)
DeleteRequest(com.unboundid.ldap.sdk.DeleteRequest)
Test(org.testng.annotations.Test)
Example 7 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class RetainIdentityRequestControlTestCase method testSendAuthenticatedPLAINRequest.
/**
* Sends a request to the server containing the retain identity request
* control. It will establish an unauthenticated connection, then send a SASL
* PLAIN bind including the retain identity request control It will verify
* that the identity of the client connection has not changed.
* <BR><BR>
* Access to a Directory Server instance is required for complete processing.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testSendAuthenticatedPLAINRequest() throws Exception {
if (!isDirectoryInstanceAvailable()) {
return;
}
LDAPConnection conn = getAdminConnection();
conn.add(getTestBaseDN(), getBaseEntryAttributes());
conn.add("dn: uid=test," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "givenName: Test", "sn: User", "cn: Test User", "uid: test", "userPassword: password");
// First, use the "Who Am I?" request to get the current authorization
// identity.
WhoAmIExtendedResult whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
String authzID = whoAmIResult.getAuthorizationID();
assertNotNull(authzID);
// Perform an authenticated simple bind that includes both the retain
// identity request control and the authorization identity request control.
Control[] controls = { new RetainIdentityRequestControl(), new AuthorizationIdentityRequestControl() };
PLAINBindRequest bindRequest = new PLAINBindRequest("dn:uid=test," + getTestBaseDN(), "password", controls);
BindResult bindResult = conn.bind(bindRequest);
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
boolean authzIDFound = false;
for (Control c : bindResult.getResponseControls()) {
if (c instanceof AuthorizationIdentityResponseControl) {
authzIDFound = true;
String bindAuthzID = ((AuthorizationIdentityResponseControl) c).getAuthorizationID();
assertNotNull(bindAuthzID);
assertFalse(bindAuthzID.equals(authzID));
break;
}
}
assertTrue(authzIDFound);
// Use the "Who Am I?" request again to verify that the client identity
// hasn't really changed.
whoAmIResult = (WhoAmIExtendedResult) conn.processExtendedOperation(new WhoAmIExtendedRequest());
assertNotNull(whoAmIResult.getAuthorizationID());
assertEquals(whoAmIResult.getAuthorizationID(), authzID);
conn.delete("uid=test," + getTestBaseDN());
conn.delete(getTestBaseDN());
conn.close();
}
Also used :
WhoAmIExtendedResult(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedResult)
AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)
Control(com.unboundid.ldap.sdk.Control)
AuthorizationIdentityResponseControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)
WhoAmIExtendedRequest(com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)
AuthorizationIdentityResponseControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)
BindResult(com.unboundid.ldap.sdk.BindResult)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
Test(org.testng.annotations.Test)
Example 8 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class MultiServerLDAPCommandLineToolTestCase method testThreeServersWithSuffix.
/**
* Tests the ability to work with three servers using only a name suffix.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testThreeServersWithSuffix() throws Exception {
final File resourceDir = new File(System.getProperty("unit.resource.dir"));
final File passwordFile2 = createTempFile("password2");
final File keyStoreFile2 = new File(resourceDir, "client.keystore");
final File trustStoreFile2 = new File(resourceDir, "client.truststore");
final File keyStoreFile3 = new File(resourceDir, "keystore.p12");
final File pinFile3 = createTempFile("password");
final File trustStoreFile3 = new File(resourceDir, "client.truststore");
final String[] prefixes = null;
final String[] suffixes = { "1", "2", "3" };
final TestMultiServerLDAPCommandLineTool t = new TestMultiServerLDAPCommandLineTool(prefixes, suffixes);
final ResultCode resultCode = t.runTool("--hostname1", "ds1.example.com", "--port1", "1389", "--bindDN1", "uid=user.1,ou=People,dc=example,dc=com", "--bindPassword1", "password1", "--hostname2", "ds2.example.com", "--port2", "2636", "--useSSL2", "--saslOption2", "mech=PLAIN", "--saslOption2", "authID=dn:uid=user.2,ou=People,dc=example,dc=com", "--bindPasswordFile2", passwordFile2.getAbsolutePath(), "--keyStorePath2", keyStoreFile2.getAbsolutePath(), "--keyStorePassword2", "password", "--keyStoreFormat2", "JKS", "--trustStorePath2", trustStoreFile2.getAbsolutePath(), "--trustStorePassword2", "password", "--trustStoreFormat2", "JKS", "--certNickname2", "client-cert", "--hostname3", "ds3.example.com", "--port3", "3389", "--useStartTLS3", "--keyStorePath3", keyStoreFile3.getAbsolutePath(), "--keyStorePasswordFile3", pinFile3.getAbsolutePath(), "--keyStoreFormat3", "PKCS12", "--trustStorePath3", trustStoreFile3.getAbsolutePath(), "--trustStorePasswordFile3", pinFile3.getAbsolutePath(), "--trustStoreFormat3", "PKCS12");
assertEquals(resultCode, ResultCode.SUCCESS);
assertNotNull(t.getConnectionOptions());
final ServerSet set1 = t.createServerSet(0);
assertNotNull(set1);
assertTrue(set1 instanceof SingleServerSet);
final SingleServerSet singleSet1 = (SingleServerSet) set1;
assertEquals(singleSet1.getAddress(), "ds1.example.com");
assertEquals(singleSet1.getPort(), 1389);
assertNotNull(singleSet1.getSocketFactory());
final ServerSet set2 = t.createServerSet(1);
assertNotNull(set2);
assertTrue(set2 instanceof SingleServerSet);
final SingleServerSet singleSet2 = (SingleServerSet) set2;
assertEquals(singleSet2.getAddress(), "ds2.example.com");
assertEquals(singleSet2.getPort(), 2636);
assertNotNull(singleSet2.getSocketFactory());
final ServerSet set3 = t.createServerSet(2);
assertNotNull(set3);
assertTrue(set3 instanceof SingleServerSet);
final SingleServerSet singleSet3 = (SingleServerSet) set3;
assertEquals(singleSet3.getAddress(), "ds3.example.com");
assertEquals(singleSet3.getPort(), 3389);
assertNotNull(singleSet3.getSocketFactory());
assertNull(t.createSSLUtil(0));
assertNotNull(t.createSSLUtil(1));
assertNotNull(t.createSSLUtil(2));
final BindRequest sourceBindRequest = t.createBindRequest(0);
assertTrue(sourceBindRequest instanceof SimpleBindRequest);
final SimpleBindRequest sourceSimpleRequest = (SimpleBindRequest) sourceBindRequest;
assertEquals(new DN(sourceSimpleRequest.getBindDN()), new DN("uid=user.1,ou=People,dc=example,dc=com"));
assertEquals(sourceSimpleRequest.getPassword().stringValue(), "password1");
final BindRequest targetBindRequest = t.createBindRequest(1);
assertTrue(targetBindRequest instanceof PLAINBindRequest);
final PLAINBindRequest targetPLAINRequest = (PLAINBindRequest) targetBindRequest;
assertEquals(targetPLAINRequest.getAuthenticationID(), "dn:uid=user.2,ou=People,dc=example,dc=com");
assertEquals(targetPLAINRequest.getPasswordString(), "password2");
assertNull(t.createBindRequest(2));
}
Also used :
SingleServerSet(com.unboundid.ldap.sdk.SingleServerSet)
ServerSet(com.unboundid.ldap.sdk.ServerSet)
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
SingleServerSet(com.unboundid.ldap.sdk.SingleServerSet)
BindRequest(com.unboundid.ldap.sdk.BindRequest)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
DN(com.unboundid.ldap.sdk.DN)
File(java.io.File)
ResultCode(com.unboundid.ldap.sdk.ResultCode)
Test(org.testng.annotations.Test)
Example 9 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class InMemoryDirectoryServer method bind.
/**
* Processes the provided bind request. Only simple and SASL PLAIN bind
* requests are supported. Note that the bind processing will verify that the
* provided credentials are valid, but it will not alter the server in any
* way.
*
* @param bindRequest The bind request to be processed. It must not be
* {@code null}.
*
* @return The result of processing the bind operation.
*
* @throws LDAPException If the server rejects the bind request, or if a
* problem occurs while sending the request or reading
* the response.
*/
@NotNull()
public BindResult bind(@NotNull final BindRequest bindRequest) throws LDAPException {
final ArrayList<Control> requestControlList = new ArrayList<>(bindRequest.getControlList());
requestControlList.add(new Control(InMemoryRequestHandler.OID_INTERNAL_OPERATION_REQUEST_CONTROL, false));
final BindRequestProtocolOp bindOp;
if (bindRequest instanceof SimpleBindRequest) {
final SimpleBindRequest r = (SimpleBindRequest) bindRequest;
bindOp = new BindRequestProtocolOp(r.getBindDN(), r.getPassword().getValue());
} else if (bindRequest instanceof PLAINBindRequest) {
final PLAINBindRequest r = (PLAINBindRequest) bindRequest;
// Create the byte array that should comprise the credentials.
final byte[] authZIDBytes = StaticUtils.getBytes(r.getAuthorizationID());
final byte[] authNIDBytes = StaticUtils.getBytes(r.getAuthenticationID());
final byte[] passwordBytes = r.getPasswordBytes();
final byte[] credBytes = new byte[2 + authZIDBytes.length + authNIDBytes.length + passwordBytes.length];
System.arraycopy(authZIDBytes, 0, credBytes, 0, authZIDBytes.length);
int pos = authZIDBytes.length + 1;
System.arraycopy(authNIDBytes, 0, credBytes, pos, authNIDBytes.length);
pos += authNIDBytes.length + 1;
System.arraycopy(passwordBytes, 0, credBytes, pos, passwordBytes.length);
bindOp = new BindRequestProtocolOp(null, "PLAIN", new ASN1OctetString(credBytes));
} else {
throw new LDAPException(ResultCode.AUTH_METHOD_NOT_SUPPORTED, ERR_MEM_DS_UNSUPPORTED_BIND_TYPE.get());
}
final LDAPMessage responseMessage = inMemoryHandler.processBindRequest(1, bindOp, requestControlList);
final BindResponseProtocolOp bindResponse = responseMessage.getBindResponseProtocolOp();
final BindResult bindResult = new BindResult(new LDAPResult(responseMessage.getMessageID(), ResultCode.valueOf(bindResponse.getResultCode()), bindResponse.getDiagnosticMessage(), bindResponse.getMatchedDN(), bindResponse.getReferralURLs(), responseMessage.getControls()));
switch(bindResponse.getResultCode()) {
case ResultCode.SUCCESS_INT_VALUE:
return bindResult;
default:
throw new LDAPException(bindResult);
}
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
Control(com.unboundid.ldap.sdk.Control)
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
BindResponseProtocolOp(com.unboundid.ldap.protocol.BindResponseProtocolOp)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
ArrayList(java.util.ArrayList)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
LDAPMessage(com.unboundid.ldap.protocol.LDAPMessage)
LDAPResult(com.unboundid.ldap.sdk.LDAPResult)
BindRequestProtocolOp(com.unboundid.ldap.protocol.BindRequestProtocolOp)
BindResult(com.unboundid.ldap.sdk.BindResult)
NotNull(com.unboundid.util.NotNull)
Example 10 with PLAINBindRequest
use of com.unboundid.ldap.sdk.PLAINBindRequest in project ldapsdk by pingidentity.
the class InMemoryDirectoryControlsTestCase method testAuthorizationIdentityControl.
/**
* Provides test coverage for the authorization identity request control.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testAuthorizationIdentityControl() throws Exception {
final InMemoryDirectoryServer ds = getTestDS(true, true);
final LDAPConnection conn = ds.getConnection();
final AuthorizationIdentityRequestControl authzIDRequest = new AuthorizationIdentityRequestControl();
conn.add(generateUserEntry("another.user", "ou=People,dc=example,dc=com", "Another", "User", "password"));
// Test a simple bind without the authorization identity request control.
BindResult bindResult = conn.bind(new SimpleBindRequest("uid=test.user,ou=People,dc=example,dc=com", "password"));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
assertFalse(bindResult.hasResponseControl(AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID));
// Test an anonymous simple bind.
bindResult = conn.bind(new SimpleBindRequest("", "", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
AuthorizationIdentityResponseControl authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertEquals(authzIDResponse.getAuthorizationID(), "");
// Test a valid simple bind as a normal user.
bindResult = conn.bind(new SimpleBindRequest("uid=test.user,ou=People,dc=example,dc=com", "password", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertTrue(authzIDResponse.getAuthorizationID().startsWith("dn:"));
assertEquals(new DN(authzIDResponse.getAuthorizationID().substring(3)), new DN("uid=test.user,ou=People,dc=example,dc=com"));
// Test a valid simple bind as an additional bind user.
bindResult = conn.bind(new SimpleBindRequest("cn=Directory Manager", "password", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertTrue(authzIDResponse.getAuthorizationID().startsWith("dn:"));
assertEquals(new DN(authzIDResponse.getAuthorizationID().substring(3)), new DN("cn=Directory Manager"));
// Test a failed simple bind as a normal user.
try {
conn.bind(new SimpleBindRequest("uid=test.user,ou=People,dc=example,dc=com", "wrongPassword", authzIDRequest));
fail("Expected an exception from a failed simple bind as a normal user.");
} catch (final LDAPException le) {
assertEquals(le.getResultCode(), ResultCode.INVALID_CREDENTIALS);
assertFalse(le.hasResponseControl(AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID));
}
// Test a failed simple bind as an additional bind user.
try {
conn.bind(new SimpleBindRequest("cn=Directory Manager", "wrongPassword", authzIDRequest));
fail("Expected an exception from a failed simple bind as an additional " + "bind user.");
} catch (final LDAPException le) {
assertEquals(le.getResultCode(), ResultCode.INVALID_CREDENTIALS);
assertFalse(le.hasResponseControl(AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID));
}
// Test a SASL PLAIN bind without the authorization identity request
// control.
bindResult = conn.bind(new PLAINBindRequest("dn:uid=test.user,ou=People,dc=example,dc=com", "password"));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
assertFalse(bindResult.hasResponseControl(AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID));
// Test a valid SASL PLAIN bind as an anonymous user.
bindResult = conn.bind(new PLAINBindRequest("dn:", "", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertEquals(authzIDResponse.getAuthorizationID(), "dn:");
// Test a valid SASL PLAIN bind as a normal user with a dn-style auth ID and
// no authz ID.
bindResult = conn.bind(new PLAINBindRequest("dn:uid=test.user,ou=People,dc=example,dc=com", "password", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertTrue(authzIDResponse.getAuthorizationID().startsWith("dn:"));
assertEquals(new DN(authzIDResponse.getAuthorizationID().substring(3)), new DN("uid=test.user,ou=People,dc=example,dc=com"));
// Test a valid SASL PLAIN bind as an additional bind user with a dn-style
// auth ID and no authz ID.
bindResult = conn.bind(new PLAINBindRequest("dn:cn=Directory Manager", "password", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertTrue(authzIDResponse.getAuthorizationID().startsWith("dn:"));
assertEquals(new DN(authzIDResponse.getAuthorizationID().substring(3)), new DN("cn=Directory Manager"));
// Test a valid SASL PLAIN bind as a normal user with a u-style auth ID and
// no authz ID.
bindResult = conn.bind(new PLAINBindRequest("u:test.user", "password", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertTrue(authzIDResponse.getAuthorizationID().startsWith("dn:"));
assertEquals(new DN(authzIDResponse.getAuthorizationID().substring(3)), new DN("uid=test.user,ou=People,dc=example,dc=com"));
// Test a valid SASL PLAIN bind as a normal user with a dn-style authz ID.
bindResult = conn.bind(new PLAINBindRequest("dn:uid=test.user,ou=People,dc=example,dc=com", "dn:uid=another.user,ou=People,dc=example,dc=com", "password", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertTrue(authzIDResponse.getAuthorizationID().startsWith("dn:"));
assertEquals(new DN(authzIDResponse.getAuthorizationID().substring(3)), new DN("uid=another.user,ou=People,dc=example,dc=com"));
// Test a valid SASL PLAIN bind as an additional bind user with a dn-style
// authz ID.
bindResult = conn.bind(new PLAINBindRequest("dn:cn=Directory Manager", "dn:cn=Manager", "password", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertTrue(authzIDResponse.getAuthorizationID().startsWith("dn:"));
assertEquals(new DN(authzIDResponse.getAuthorizationID().substring(3)), new DN("cn=Manager"));
// Test a valid SASL PLAIN bind as a normal user with a u-style authz ID.
bindResult = conn.bind(new PLAINBindRequest("u:test.user", "u:another.user", "password", authzIDRequest));
assertEquals(bindResult.getResultCode(), ResultCode.SUCCESS);
authzIDResponse = AuthorizationIdentityResponseControl.get(bindResult);
assertNotNull(authzIDResponse);
assertTrue(authzIDResponse.getAuthorizationID().startsWith("dn:"));
assertEquals(new DN(authzIDResponse.getAuthorizationID().substring(3)), new DN("uid=another.user,ou=People,dc=example,dc=com"));
// Test a failed SASL PLAIN bind as a normal user.
try {
conn.bind(new PLAINBindRequest("dn:uid=test.user,ou=People,dc=example,dc=com", "wrongPassword", authzIDRequest));
fail("Expected an exception from a failed PLAIN bind as a normal user.");
} catch (final LDAPException le) {
assertEquals(le.getResultCode(), ResultCode.INVALID_CREDENTIALS);
assertFalse(le.hasResponseControl(AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID));
}
// Test a failed SASL PLAIN bind as an additional bind user.
try {
conn.bind(new PLAINBindRequest("dn:cn=Directory Manager", "wrongPassword", authzIDRequest));
fail("Expected an exception from a failed PLAIN bind as an additional " + "bind user.");
} catch (final LDAPException le) {
assertEquals(le.getResultCode(), ResultCode.INVALID_CREDENTIALS);
assertFalse(le.hasResponseControl(AuthorizationIdentityResponseControl.AUTHORIZATION_IDENTITY_RESPONSE_OID));
}
conn.close();
}
Also used :
SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
AuthorizationIdentityResponseControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)
PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest)
AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)
BindResult(com.unboundid.ldap.sdk.BindResult)
DN(com.unboundid.ldap.sdk.DN)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
Test(org.testng.annotations.Test)
Aggregations
PLAINBindRequest (com.unboundid.ldap.sdk.PLAINBindRequest)22
Test (org.testng.annotations.Test)18
SimpleBindRequest (com.unboundid.ldap.sdk.SimpleBindRequest)12
LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)11
LDAPException (com.unboundid.ldap.sdk.LDAPException)8
BindRequest (com.unboundid.ldap.sdk.BindRequest)7
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)6
BindResult (com.unboundid.ldap.sdk.BindResult)6
CRAMMD5BindRequest (com.unboundid.ldap.sdk.CRAMMD5BindRequest)5
DN (com.unboundid.ldap.sdk.DN)5
DIGESTMD5BindRequest (com.unboundid.ldap.sdk.DIGESTMD5BindRequest)4
AuthorizationIdentityRequestControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)4
Control (com.unboundid.ldap.sdk.Control)3
EXTERNALBindRequest (com.unboundid.ldap.sdk.EXTERNALBindRequest)3
ModifyRequest (com.unboundid.ldap.sdk.ModifyRequest)3
ResultCode (com.unboundid.ldap.sdk.ResultCode)3
AuthorizationIdentityResponseControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)3
WhoAmIExtendedRequest (com.unboundid.ldap.sdk.extensions.WhoAmIExtendedRequest)3
InMemoryDirectoryServer (com.unboundid.ldap.listener.InMemoryDirectoryServer)2
BindResponseProtocolOp (com.unboundid.ldap.protocol.BindResponseProtocolOp)2
