Search in sources :

Example 36 with LdapContext

use of javax.naming.ldap.LdapContext in project Openfire by igniterealtime.

the class LdapGroupProvider method getGroup.

@Override
public Group getGroup(String groupName) throws GroupNotFoundException {
    LdapContext ctx = null;
    try {
        String groupDN = manager.findGroupDN(groupName);
        // Load record.
        ctx = manager.getContext(manager.getGroupsBaseDN(groupName));
        Attributes attrs = ctx.getAttributes(groupDN, standardAttributes);
        return processGroup(ctx, attrs);
    } catch (Exception e) {
        Log.error(e.getMessage(), e);
        throw new GroupNotFoundException("Group with name " + groupName + " not found.", e);
    } finally {
        try {
            if (ctx != null) {
                ctx.setRequestControls(null);
                ctx.close();
            }
        } catch (Exception ignored) {
        // Ignore.
        }
    }
}
Also used : Attributes(javax.naming.directory.Attributes) GroupNotFoundException(org.jivesoftware.openfire.group.GroupNotFoundException) LdapContext(javax.naming.ldap.LdapContext) NamingException(javax.naming.NamingException) GroupNotFoundException(org.jivesoftware.openfire.group.GroupNotFoundException) UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)

Example 37 with LdapContext

use of javax.naming.ldap.LdapContext in project neo4j by neo4j.

the class LdapRealm method queryForAuthenticationInfoUsingStartTls.

protected AuthenticationInfo queryForAuthenticationInfoUsingStartTls(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
    Object principal = getLdapPrincipal(token);
    Object credentials = token.getCredentials();
    LdapContext ctx = null;
    try {
        ctx = getLdapContextUsingStartTls(ldapContextFactory, principal, credentials);
        return createAuthenticationInfo(token, principal, credentials, ctx);
    } finally {
        LdapUtils.closeContext(ctx);
    }
}
Also used : InitialLdapContext(javax.naming.ldap.InitialLdapContext) LdapContext(javax.naming.ldap.LdapContext)

Example 38 with LdapContext

use of javax.naming.ldap.LdapContext in project neo4j by neo4j.

the class LdapRealmTest method shouldWarnAboutGroupMembershipsBeingEmpty.

@Test
public void shouldWarnAboutGroupMembershipsBeingEmpty() throws Exception {
    when(config.get(SecuritySettings.ldap_authorization_group_membership_attribute_names)).thenReturn(Collections.emptyList());
    LdapContext ldapContext = mock(LdapContext.class);
    NamingEnumeration result = mock(NamingEnumeration.class);
    when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
    when(result.hasMoreElements()).thenReturn(false);
    assertException(this::makeAndInit, IllegalArgumentException.class, "Illegal LDAP user search settings, see security log for details.");
    verify(securityLog).error(contains("LDAP group membership attribute names are empty. " + "Authorization will not be possible."));
}
Also used : NamingEnumeration(javax.naming.NamingEnumeration) LdapContext(javax.naming.ldap.LdapContext) Test(org.junit.Test)

Example 39 with LdapContext

use of javax.naming.ldap.LdapContext in project neo4j by neo4j.

the class LdapRealmTest method shouldWarnAboutUserSearchFilterWithoutArgument.

@Test
public void shouldWarnAboutUserSearchFilterWithoutArgument() throws Exception {
    when(config.get(SecuritySettings.ldap_authorization_user_search_filter)).thenReturn("");
    LdapContext ldapContext = mock(LdapContext.class);
    NamingEnumeration result = mock(NamingEnumeration.class);
    when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
    when(result.hasMoreElements()).thenReturn(false);
    makeAndInit();
    verify(securityLog).warn(contains("LDAP user search filter does not contain the argument placeholder {0}"));
}
Also used : NamingEnumeration(javax.naming.NamingEnumeration) LdapContext(javax.naming.ldap.LdapContext) Test(org.junit.Test)

Example 40 with LdapContext

use of javax.naming.ldap.LdapContext in project neo4j by neo4j.

the class LdapRealmTest method shouldAllowMultipleGroupMembershipAttributes.

@Test
public void shouldAllowMultipleGroupMembershipAttributes() throws NamingException {
    when(config.get(SecuritySettings.ldap_authorization_user_search_filter)).thenReturn("{0}");
    when(config.get(SecuritySettings.ldap_authorization_group_membership_attribute_names)).thenReturn(asList("attr0", "attr1", "attr2"));
    when(config.get(SecuritySettings.ldap_authorization_group_to_role_mapping)).thenReturn("group1=role1;group2=role2,role3");
    LdapContext ldapContext = mock(LdapContext.class);
    NamingEnumeration result = mock(NamingEnumeration.class);
    SearchResult searchResult = mock(SearchResult.class);
    Attributes attributes = mock(Attributes.class);
    Attribute attribute1 = mock(Attribute.class);
    Attribute attribute2 = mock(Attribute.class);
    Attribute attribute3 = mock(Attribute.class);
    NamingEnumeration attributeEnumeration = mock(NamingEnumeration.class);
    NamingEnumeration groupEnumeration1 = mock(NamingEnumeration.class);
    NamingEnumeration groupEnumeration2 = mock(NamingEnumeration.class);
    NamingEnumeration groupEnumeration3 = mock(NamingEnumeration.class);
    // Mock ldap search result "attr1" contains "group1" and "attr2" contains "group2" (a bit brittle...)
    // "attr0" is non-existing and should have no effect
    when(ldapContext.search(anyString(), anyString(), anyObject(), anyObject())).thenReturn(result);
    when(result.hasMoreElements()).thenReturn(true, false);
    when(result.next()).thenReturn(searchResult);
    when(searchResult.getAttributes()).thenReturn(attributes);
    when(attributes.getAll()).thenReturn(attributeEnumeration);
    when(attributeEnumeration.hasMore()).thenReturn(true, true, false);
    when(attributeEnumeration.next()).thenReturn(attribute1, attribute2, attribute3);
    // This attribute should yield role1
    when(attribute1.getID()).thenReturn("attr1");
    when(attribute1.getAll()).thenReturn(groupEnumeration1);
    when(groupEnumeration1.hasMore()).thenReturn(true, false);
    when(groupEnumeration1.next()).thenReturn("group1");
    // This attribute should yield role2 and role3
    when(attribute2.getID()).thenReturn("attr2");
    when(attribute2.getAll()).thenReturn(groupEnumeration2);
    when(groupEnumeration2.hasMore()).thenReturn(true, false);
    when(groupEnumeration2.next()).thenReturn("group2");
    // This attribute should have no effect
    when(attribute3.getID()).thenReturn("attr3");
    when(attribute3.getAll()).thenReturn(groupEnumeration3);
    when(groupEnumeration3.hasMore()).thenReturn(true, false);
    when(groupEnumeration3.next()).thenReturn("groupWithNoRole");
    // When
    LdapRealm realm = new LdapRealm(config, securityLog, secureHasher);
    Set<String> roles = realm.findRoleNamesForUser("username", ldapContext);
    // Then
    assertThat(roles, hasItems("role1", "role2", "role3"));
}
Also used : Attribute(javax.naming.directory.Attribute) Attributes(javax.naming.directory.Attributes) NamingEnumeration(javax.naming.NamingEnumeration) SearchResult(javax.naming.directory.SearchResult) Matchers.anyString(org.mockito.Matchers.anyString) LdapContext(javax.naming.ldap.LdapContext) Test(org.junit.Test)

Aggregations

LdapContext (javax.naming.ldap.LdapContext)43 NamingException (javax.naming.NamingException)14 SearchResult (javax.naming.directory.SearchResult)13 NamingEnumeration (javax.naming.NamingEnumeration)10 SearchControls (javax.naming.directory.SearchControls)9 InitialLdapContext (javax.naming.ldap.InitialLdapContext)9 IOException (java.io.IOException)8 Attributes (javax.naming.directory.Attributes)8 Test (org.junit.Test)7 ArrayList (java.util.ArrayList)6 Control (javax.naming.ldap.Control)6 Hashtable (java.util.Hashtable)5 SortControl (javax.naming.ldap.SortControl)4 JndiLdapContextFactory (org.apache.shiro.realm.ldap.JndiLdapContextFactory)4 Attribute (javax.naming.directory.Attribute)3 BasicAttribute (javax.naming.directory.BasicAttribute)3 BasicAttributes (javax.naming.directory.BasicAttributes)3 DirContext (javax.naming.directory.DirContext)3 StartTlsRequest (javax.naming.ldap.StartTlsRequest)3 GroupNotFoundException (org.jivesoftware.openfire.group.GroupNotFoundException)3