Example 1 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project zeppelin by apache.
the class GetUserList method getUserList.
/**
* function to extract users from LDAP
*/
public List<String> getUserList(JndiLdapRealm r, String searchText) {
List<String> userList = new ArrayList<>();
String userDnTemplate = r.getUserDnTemplate();
String[] userDn = userDnTemplate.split(",", 2);
String userDnPrefix = userDn[0].split("=")[0];
String userDnSuffix = userDn[1];
JndiLdapContextFactory CF = (JndiLdapContextFactory) r.getContextFactory();
try {
LdapContext ctx = CF.getSystemLdapContext();
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String[] attrIDs = { userDnPrefix };
constraints.setReturningAttributes(attrIDs);
NamingEnumeration result = ctx.search(userDnSuffix, "(" + userDnPrefix + "=*" + searchText + "*)", constraints);
while (result.hasMore()) {
Attributes attrs = ((SearchResult) result.next()).getAttributes();
if (attrs.get(userDnPrefix) != null) {
String currentUser = attrs.get(userDnPrefix).toString();
userList.add(currentUser.split(":")[1].trim());
}
}
} catch (Exception e) {
LOG.error("Error retrieving User list from Ldap Realm", e);
}
LOG.info("UserList: " + userList);
return userList;
}
Also used :
ArrayList(java.util.ArrayList)
Attributes(javax.naming.directory.Attributes)
SearchControls(javax.naming.directory.SearchControls)
NamingEnumeration(javax.naming.NamingEnumeration)
SearchResult(javax.naming.directory.SearchResult)
LdapContext(javax.naming.ldap.LdapContext)
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Example 2 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project neo4j by neo4j.
the class LdapAuthIT method modifyLDAPAttribute.
private void modifyLDAPAttribute(String username, Object credentials, String attribute, Object value) throws Throwable {
String principal = String.format("cn=%s,ou=users,dc=example,dc=com", username);
String principal1 = String.format("cn=%s,ou=users,dc=example,dc=com", username);
JndiLdapContextFactory contextFactory = new JndiLdapContextFactory();
contextFactory.setUrl("ldaps://localhost:10636");
LdapContext ctx = contextFactory.getLdapContext(principal1, credentials);
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(attribute, value));
// Perform the update
ctx.modifyAttributes(principal, mods);
ctx.close();
}
Also used :
BasicAttribute(javax.naming.directory.BasicAttribute)
ModificationItem(javax.naming.directory.ModificationItem)
LdapContext(javax.naming.ldap.LdapContext)
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Example 3 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project neo4j by neo4j.
the class LdapRealm method getLdapContextUsingStartTls.
private LdapContext getLdapContextUsingStartTls(LdapContextFactory ldapContextFactory, Object principal, Object credentials) throws NamingException {
JndiLdapContextFactory jndiLdapContextFactory = (JndiLdapContextFactory) ldapContextFactory;
Hashtable<String, Object> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, jndiLdapContextFactory.getContextFactoryClassName());
env.put(Context.PROVIDER_URL, jndiLdapContextFactory.getUrl());
LdapContext ctx = null;
try {
ctx = new InitialLdapContext(env, null);
StartTlsRequest startTlsRequest = new StartTlsRequest();
StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(startTlsRequest);
tls.negotiate();
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, jndiLdapContextFactory.getAuthenticationMechanism());
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials);
ctx.reconnect(ctx.getConnectControls());
return ctx;
} catch (IOException e) {
LdapUtils.closeContext(ctx);
securityLog.error(withRealm("Failed to negotiate TLS connection with '%s': ", server(jndiLdapContextFactory), e));
throw new CommunicationException(e.getMessage());
} catch (Throwable t) {
LdapUtils.closeContext(ctx);
securityLog.error(withRealm("Unexpected failure to negotiate TLS connection with '%s': ", server(jndiLdapContextFactory), t));
throw t;
}
}
Also used :
StartTlsResponse(javax.naming.ldap.StartTlsResponse)
CommunicationException(javax.naming.CommunicationException)
Hashtable(java.util.Hashtable)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
IOException(java.io.IOException)
StartTlsRequest(javax.naming.ldap.StartTlsRequest)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
LdapContext(javax.naming.ldap.LdapContext)
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Example 4 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project neo4j by neo4j.
the class LdapRealmTest method shouldLogSuccessfulAuthenticationQueries.
@Test
public void shouldLogSuccessfulAuthenticationQueries() throws NamingException {
// Given
when(config.get(SecuritySettings.ldap_use_starttls)).thenReturn(false);
when(config.get(SecuritySettings.ldap_authorization_use_system_account)).thenReturn(true);
LdapRealm realm = new TestLdapRealm(config, securityLog, false);
JndiLdapContextFactory jndiLdapContectFactory = mock(JndiLdapContextFactory.class);
when(jndiLdapContectFactory.getUrl()).thenReturn("ldap://myserver.org:12345");
when(jndiLdapContectFactory.getLdapContext(Any.ANY, Any.ANY)).thenReturn(null);
// When
realm.queryForAuthenticationInfo(new ShiroAuthToken(map("principal", "olivia", "credentials", "123")), jndiLdapContectFactory);
// Then
verify(securityLog).debug(contains("{LdapRealm}: Authenticated user 'olivia' against 'ldap://myserver.org:12345'"));
}
Also used :
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Test(org.junit.Test)
Example 5 with JndiLdapContextFactory
use of org.apache.shiro.realm.ldap.JndiLdapContextFactory in project neo4j by neo4j.
the class LdapRealmTest method shouldLogFailedAuthenticationQueries.
@Test
public void shouldLogFailedAuthenticationQueries() throws Exception {
// Given
when(config.get(SecuritySettings.ldap_use_starttls)).thenReturn(true);
LdapRealm realm = new TestLdapRealm(config, securityLog, true);
JndiLdapContextFactory jndiLdapContectFactory = mock(JndiLdapContextFactory.class);
when(jndiLdapContectFactory.getUrl()).thenReturn("ldap://myserver.org:12345");
// When
assertException(() -> realm.queryForAuthenticationInfo(new ShiroAuthToken(map("principal", "olivia", "credentials", "123")), jndiLdapContectFactory), NamingException.class, "");
// Then
verify(securityLog).error(contains("{LdapRealm}: Failed to authenticate user 'olivia' against 'ldap://myserver.org:12345' using StartTLS: " + "Simulated failure"));
}
Also used :
JndiLdapContextFactory(org.apache.shiro.realm.ldap.JndiLdapContextFactory)
Test(org.junit.Test)
Aggregations
JndiLdapContextFactory (org.apache.shiro.realm.ldap.JndiLdapContextFactory)16
LdapContext (javax.naming.ldap.LdapContext)8
ArrayList (java.util.ArrayList)6
Attributes (javax.naming.directory.Attributes)6
SearchControls (javax.naming.directory.SearchControls)6
SearchResult (javax.naming.directory.SearchResult)6
Test (org.junit.Test)5
NamingEnumeration (javax.naming.NamingEnumeration)4
NamingException (javax.naming.NamingException)2
UnavailableSecurityManagerException (org.apache.shiro.UnavailableSecurityManagerException)2
JndiLdapRealm (org.apache.shiro.realm.ldap.JndiLdapRealm)2
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2
IOException (java.io.IOException)1
Hashtable (java.util.Hashtable)1
CommunicationException (javax.naming.CommunicationException)1
BasicAttribute (javax.naming.directory.BasicAttribute)1
ModificationItem (javax.naming.directory.ModificationItem)1
InitialLdapContext (javax.naming.ldap.InitialLdapContext)1
StartTlsRequest (javax.naming.ldap.StartTlsRequest)1
StartTlsResponse (javax.naming.ldap.StartTlsResponse)1
