use of org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException in project mxisd by kamax-io.
the class LdapAuthProvider method authenticate.
@Override
public BackendAuthResult authenticate(_MatrixID mxid, String password) {
log.info("Performing auth for {}", mxid);
try (LdapConnection conn = getConn()) {
bind(conn);
String uidType = getAt().getUid().getType();
String userFilterValue = StringUtils.equals(LdapBackend.UID, uidType) ? mxid.getLocalPart() : mxid.getId();
if (StringUtils.isBlank(userFilterValue)) {
log.warn("Username is empty, failing auth");
return BackendAuthResult.failure();
}
String userFilter = "(" + getUidAtt() + "=" + userFilterValue + ")";
userFilter = buildWithFilter(userFilter, getCfg().getAuth().getFilter());
Set<String> attributes = new HashSet<>();
attributes.add(getUidAtt());
attributes.add(getAt().getName());
getAt().getThreepid().forEach((k, v) -> attributes.addAll(v));
String[] attArray = new String[attributes.size()];
attributes.toArray(attArray);
log.debug("Base DN: {}", getBaseDn());
log.debug("Query: {}", userFilter);
log.debug("Attributes: {}", GsonUtil.build().toJson(attArray));
try (EntryCursor cursor = conn.search(getBaseDn(), userFilter, SearchScope.SUBTREE, attArray)) {
while (cursor.next()) {
Entry entry = cursor.get();
String dn = entry.getDn().getName();
log.info("Checking possible match, DN: {}", dn);
if (!getAttribute(entry, getUidAtt()).isPresent()) {
continue;
}
log.info("Attempting authentication on LDAP for {}", dn);
try {
conn.bind(entry.getDn(), password);
} catch (LdapException e) {
log.info("Unable to bind using {} because {}", entry.getDn().getName(), e.getMessage());
return BackendAuthResult.failure();
}
Attribute nameAttribute = entry.get(getAt().getName());
String name = nameAttribute != null ? nameAttribute.get().toString() : null;
log.info("Authentication successful for {}", entry.getDn().getName());
log.info("DN {} is a valid match", dn);
// TODO should we canonicalize the MXID?
BackendAuthResult result = BackendAuthResult.success(mxid.getId(), UserIdType.MatrixID, name);
log.info("Processing 3PIDs for profile");
getAt().getThreepid().forEach((k, v) -> {
log.info("Processing 3PID type {}", k);
v.forEach(attId -> {
List<String> values = getAttributes(entry, attId);
log.info("\tAttribute {} has {} value(s)", attId, values.size());
getAttributes(entry, attId).forEach(tpidValue -> {
if (ThreePidMedium.PhoneNumber.is(k)) {
tpidValue = getMsisdn(tpidValue).orElse(tpidValue);
}
result.withThreePid(new ThreePid(k, tpidValue));
});
});
});
log.info("Found {} 3PIDs", result.getProfile().getThreePids().size());
return result;
}
} catch (CursorLdapReferralException e) {
log.warn("Entity for {} is only available via referral, skipping", mxid);
}
log.info("No match were found for {}", mxid);
return BackendAuthResult.failure();
} catch (LdapException | IOException | CursorException e) {
throw new RuntimeException(e);
}
}
use of org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException in project mxisd by kamax-io.
the class LdapDirectoryProvider method search.
protected UserDirectorySearchResult search(String query, List<String> attributes) {
UserDirectorySearchResult result = new UserDirectorySearchResult();
result.setLimited(false);
try (LdapConnection conn = getConn()) {
bind(conn);
LdapConfig.Attribute atCfg = getCfg().getAttribute();
attributes = new ArrayList<>(attributes);
attributes.add(getUidAtt());
String[] attArray = new String[attributes.size()];
attributes.toArray(attArray);
String searchQuery = buildOrQueryWithFilter(getCfg().getDirectory().getFilter(), "*" + query + "*", attArray);
log.debug("Base DN: {}", getBaseDn());
log.debug("Query: {}", searchQuery);
log.debug("Attributes: {}", GsonUtil.build().toJson(attArray));
try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, attArray)) {
while (cursor.next()) {
Entry entry = cursor.get();
log.info("Found possible match, DN: {}", entry.getDn().getName());
getAttribute(entry, getUidAtt()).ifPresent(uid -> {
log.info("DN {} is a valid match", entry.getDn().getName());
try {
UserDirectorySearchResult.Result entryResult = new UserDirectorySearchResult.Result();
entryResult.setUserId(buildMatrixIdFromUid(uid));
getAttribute(entry, atCfg.getName()).ifPresent(entryResult::setDisplayName);
result.addResult(entryResult);
} catch (IllegalArgumentException e) {
log.warn("Bind was found but type {} is not supported", atCfg.getUid().getType());
}
});
}
}
} catch (CursorLdapReferralException e) {
log.warn("An entry is only available via referral, skipping");
} catch (IOException | LdapException | CursorException e) {
throw new InternalServerError(e);
}
return result;
}
use of org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException in project openmeetings by apache.
the class LdapLoginManager method login.
/**
* Ldap Login
*
* Connection Data is retrieved from ConfigurationFile
*
* @param _login - user login
* @param passwd - user password
* @param domainId - user domain id
* @return - {@link User} with this credentials or <code>null</code>
* @throws OmException - in case of any error
*/
public User login(String _login, String passwd, Long domainId) throws OmException {
log.debug("LdapLoginmanager.doLdapLogin");
if (!userDao.validLogin(_login)) {
log.error("Invalid login provided");
return null;
}
User u = null;
try (LdapWorker w = new LdapWorker(domainId)) {
String login = w.options.useLowerCase ? _login.toLowerCase() : _login;
boolean authenticated = true;
Dn userDn = null;
Entry entry = null;
switch(w.options.type) {
case SEARCHANDBIND:
{
bindAdmin(w.conn, w.options);
Dn baseDn = new Dn(w.options.searchBase);
String searchQ = String.format(w.options.searchQuery, login);
try (EntryCursor cursor = new EntryCursorImpl(w.conn.search(new SearchRequestImpl().setBase(baseDn).setFilter(searchQ).setScope(w.options.scope).addAttributes("*").setDerefAliases(w.options.derefMode)))) {
while (cursor.next()) {
try {
Entry e = cursor.get();
if (userDn != null) {
log.error("more than 1 user found in LDAP");
throw UNKNOWN;
}
userDn = e.getDn();
if (w.options.useAdminForAttrs) {
entry = e;
}
} catch (CursorLdapReferralException cle) {
log.warn("Referral LDAP entry found, ignore it");
}
}
}
if (userDn == null) {
log.error("NONE users found in LDAP");
throw BAD_CREDENTIALS;
}
w.conn.bind(userDn, passwd);
}
break;
case SIMPLEBIND:
userDn = new Dn(String.format(w.options.userDn, login));
w.conn.bind(userDn, passwd);
break;
case NONE:
default:
authenticated = false;
break;
}
u = authenticated ? userDao.getByLogin(login, Type.ldap, domainId) : userDao.login(login, passwd);
log.debug("getByLogin:: authenticated ? {}, login = '{}', domain = {}, user = {}", authenticated, login, domainId, u);
if (u == null && Provisionning.AUTOCREATE != w.options.prov) {
log.error("User not found in OM DB and Provisionning.AUTOCREATE was not set");
throw BAD_CREDENTIALS;
}
if (authenticated && entry == null) {
if (w.options.useAdminForAttrs) {
bindAdmin(w.conn, w.options);
}
entry = w.conn.lookup(userDn);
}
switch(w.options.prov) {
case AUTOUPDATE:
case AUTOCREATE:
u = w.getUser(entry, u);
if (w.options.syncPasswd) {
u.updatePassword(cfgDao, passwd);
}
u = userDao.update(u, null);
break;
case NONE:
default:
break;
}
} catch (LdapAuthenticationException ae) {
log.error("Not authenticated.", ae);
throw BAD_CREDENTIALS;
} catch (OmException e) {
throw e;
} catch (Exception e) {
log.error("Unexpected exception.", e);
throw new OmException(e);
}
return u;
}
use of org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException in project mxisd by kamax-io.
the class LdapThreePidProvider method lookup.
private Optional<String> lookup(LdapConnection conn, String medium, String value) {
Optional<String> tPidQueryOpt = getCfg().getIdentity().getQuery(medium);
if (!tPidQueryOpt.isPresent()) {
log.warn("{} is not a configured 3PID type for LDAP lookup", medium);
return Optional.empty();
}
// we merge 3PID specific query with global/specific filter, if one exists.
String tPidQuery = tPidQueryOpt.get().replaceAll(getCfg().getIdentity().getToken(), value);
String searchQuery = buildWithFilter(tPidQuery, getCfg().getIdentity().getFilter());
log.debug("Base DN: {}", getBaseDn());
log.debug("Query: {}", searchQuery);
log.debug("Attributes: {}", GsonUtil.build().toJson(getUidAtt()));
try (EntryCursor cursor = conn.search(getBaseDn(), searchQuery, SearchScope.SUBTREE, getUidAtt())) {
while (cursor.next()) {
Entry entry = cursor.get();
log.info("Found possible match, DN: {}", entry.getDn().getName());
Optional<String> data = getAttribute(entry, getUidAtt());
if (!data.isPresent()) {
continue;
}
log.info("DN {} is a valid match", entry.getDn().getName());
return Optional.of(buildMatrixIdFromUid(data.get()));
}
} catch (CursorLdapReferralException e) {
log.warn("3PID {} is only available via referral, skipping", value);
} catch (IOException | LdapException | CursorException e) {
throw new InternalServerError(e);
}
return Optional.empty();
}
use of org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException in project openmeetings by apache.
the class LdapLoginManager method importUsers.
public void importUsers(Long domainId, boolean print) throws OmException {
try (LdapWorker w = new LdapWorker(domainId)) {
bindAdmin(w.conn, w.options);
Dn baseDn = new Dn(w.options.searchBase);
try (EntryCursor cursor = new EntryCursorImpl(w.conn.search(new SearchRequestImpl().setBase(baseDn).setFilter(w.options.importQuery).setScope(w.options.scope).addAttributes("*").setDerefAliases(w.options.derefMode)))) {
while (cursor.next()) {
try {
Entry e = cursor.get();
User u = userDao.getByLogin(getLogin(w.config, e), Type.ldap, domainId);
u = w.getUser(e, u);
if (print) {
log.info("Going to import user: {}", u);
} else {
userDao.update(u, null);
log.info("User {}, was imported", u);
}
} catch (CursorLdapReferralException cle) {
log.warn("Referral LDAP entry found, ignore it");
}
}
}
} catch (LdapAuthenticationException ae) {
log.error("Not authenticated.", ae);
throw BAD_CREDENTIALS;
} catch (OmException e) {
throw e;
} catch (Exception e) {
log.error("Unexpected exception.", e);
throw new OmException(e);
}
}
Aggregations