Example 1 with LDAPUser
use of org.graylog.security.authservice.ldap.LDAPUser in project graylog2-server by Graylog2.
the class ADAuthServiceBackend method authenticateAndProvision.
@Override
public Optional<AuthenticationDetails> authenticateAndProvision(AuthServiceCredentials authCredentials, ProvisionerService provisionerService) {
try (final LDAPConnection connection = ldapConnector.connect(config.getLDAPConnectorConfig())) {
if (connection == null) {
return Optional.empty();
}
final Optional<LDAPUser> optionalUser = findUser(connection, authCredentials);
if (!optionalUser.isPresent()) {
LOG.debug("User <{}> not found in Active Directory", authCredentials.username());
return Optional.empty();
}
final LDAPUser userEntry = optionalUser.get();
if (!userEntry.accountIsEnabled()) {
LOG.warn("Account disabled within Active Directory for user <{}> (DN: {})", authCredentials.username(), userEntry.dn());
return Optional.empty();
}
if (!authCredentials.isAuthenticated()) {
if (!isAuthenticated(connection, userEntry, authCredentials)) {
LOG.debug("Invalid credentials for user <{}> (DN: {})", authCredentials.username(), userEntry.dn());
return Optional.empty();
}
}
final UserDetails userDetails = provisionerService.provision(provisionerService.newDetails(this).authServiceType(backendType()).authServiceId(backendId()).base64AuthServiceUid(userEntry.base64UniqueId()).username(userEntry.username()).accountIsEnabled(userEntry.accountIsEnabled()).fullName(userEntry.fullName()).email(userEntry.email()).defaultRoles(backend.defaultRoles()).build());
return Optional.of(AuthenticationDetails.builder().userDetails(userDetails).build());
} catch (GeneralSecurityException e) {
LOG.error("Error setting up TLS connection", e);
throw new AuthenticationServiceUnavailableException("Error setting up TLS connection", e);
} catch (LDAPException e) {
LOG.error("ActiveDirectory error", e);
throw new AuthenticationServiceUnavailableException("ActiveDirectory error", e);
}
}
Also used :
UserDetails(org.graylog.security.authservice.UserDetails)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
GeneralSecurityException(java.security.GeneralSecurityException)
LDAPUser(org.graylog.security.authservice.ldap.LDAPUser)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException)
Example 2 with LDAPUser
use of org.graylog.security.authservice.ldap.LDAPUser in project graylog2-server by Graylog2.
the class LDAPAuthServiceBackend method authenticateAndProvision.
@Override
public Optional<AuthenticationDetails> authenticateAndProvision(AuthServiceCredentials authCredentials, ProvisionerService provisionerService) {
try (final LDAPConnection connection = ldapConnector.connect(config.getLDAPConnectorConfig())) {
if (connection == null) {
return Optional.empty();
}
final Optional<LDAPUser> optionalUser = findUser(connection, authCredentials);
if (!optionalUser.isPresent()) {
LOG.debug("User <{}> not found in LDAP", authCredentials.username());
return Optional.empty();
}
final LDAPUser userEntry = optionalUser.get();
if (!authCredentials.isAuthenticated()) {
if (!isAuthenticated(connection, userEntry, authCredentials)) {
LOG.debug("Invalid credentials for user <{}> (DN: {})", authCredentials.username(), userEntry.dn());
return Optional.empty();
}
}
final UserDetails userDetails = provisionerService.provision(provisionerService.newDetails(this).authServiceType(backendType()).authServiceId(backendId()).accountIsEnabled(true).base64AuthServiceUid(userEntry.base64UniqueId()).username(userEntry.username()).fullName(userEntry.fullName()).email(userEntry.email()).defaultRoles(backend.defaultRoles()).build());
return Optional.of(AuthenticationDetails.builder().userDetails(userDetails).build());
} catch (GeneralSecurityException e) {
LOG.error("Error setting up TLS connection", e);
throw new AuthenticationServiceUnavailableException("Error setting up TLS connection", e);
} catch (LDAPException e) {
LOG.error("LDAP error", e);
throw new AuthenticationServiceUnavailableException("LDAP error", e);
}
}
Also used :
UserDetails(org.graylog.security.authservice.UserDetails)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
GeneralSecurityException(java.security.GeneralSecurityException)
LDAPUser(org.graylog.security.authservice.ldap.LDAPUser)
LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection)
AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException)
Aggregations
LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)2
LDAPException (com.unboundid.ldap.sdk.LDAPException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
UserDetails (org.graylog.security.authservice.UserDetails)2
LDAPUser (org.graylog.security.authservice.ldap.LDAPUser)2
AuthenticationServiceUnavailableException (org.graylog2.shared.security.AuthenticationServiceUnavailableException)2
