Search in sources :

Example 1 with LDAPUser

use of org.graylog.security.authservice.ldap.LDAPUser in project graylog2-server by Graylog2.

the class ADAuthServiceBackend method authenticateAndProvision.

@Override
public Optional<AuthenticationDetails> authenticateAndProvision(AuthServiceCredentials authCredentials, ProvisionerService provisionerService) {
    try (final LDAPConnection connection = ldapConnector.connect(config.getLDAPConnectorConfig())) {
        if (connection == null) {
            return Optional.empty();
        }
        final Optional<LDAPUser> optionalUser = findUser(connection, authCredentials);
        if (!optionalUser.isPresent()) {
            LOG.debug("User <{}> not found in Active Directory", authCredentials.username());
            return Optional.empty();
        }
        final LDAPUser userEntry = optionalUser.get();
        if (!userEntry.accountIsEnabled()) {
            LOG.warn("Account disabled within Active Directory for user <{}> (DN: {})", authCredentials.username(), userEntry.dn());
            return Optional.empty();
        }
        if (!authCredentials.isAuthenticated()) {
            if (!isAuthenticated(connection, userEntry, authCredentials)) {
                LOG.debug("Invalid credentials for user <{}> (DN: {})", authCredentials.username(), userEntry.dn());
                return Optional.empty();
            }
        }
        final UserDetails userDetails = provisionerService.provision(provisionerService.newDetails(this).authServiceType(backendType()).authServiceId(backendId()).base64AuthServiceUid(userEntry.base64UniqueId()).username(userEntry.username()).accountIsEnabled(userEntry.accountIsEnabled()).fullName(userEntry.fullName()).email(userEntry.email()).defaultRoles(backend.defaultRoles()).build());
        return Optional.of(AuthenticationDetails.builder().userDetails(userDetails).build());
    } catch (GeneralSecurityException e) {
        LOG.error("Error setting up TLS connection", e);
        throw new AuthenticationServiceUnavailableException("Error setting up TLS connection", e);
    } catch (LDAPException e) {
        LOG.error("ActiveDirectory error", e);
        throw new AuthenticationServiceUnavailableException("ActiveDirectory error", e);
    }
}
Also used : UserDetails(org.graylog.security.authservice.UserDetails) LDAPException(com.unboundid.ldap.sdk.LDAPException) GeneralSecurityException(java.security.GeneralSecurityException) LDAPUser(org.graylog.security.authservice.ldap.LDAPUser) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException)

Example 2 with LDAPUser

use of org.graylog.security.authservice.ldap.LDAPUser in project graylog2-server by Graylog2.

the class LDAPAuthServiceBackend method authenticateAndProvision.

@Override
public Optional<AuthenticationDetails> authenticateAndProvision(AuthServiceCredentials authCredentials, ProvisionerService provisionerService) {
    try (final LDAPConnection connection = ldapConnector.connect(config.getLDAPConnectorConfig())) {
        if (connection == null) {
            return Optional.empty();
        }
        final Optional<LDAPUser> optionalUser = findUser(connection, authCredentials);
        if (!optionalUser.isPresent()) {
            LOG.debug("User <{}> not found in LDAP", authCredentials.username());
            return Optional.empty();
        }
        final LDAPUser userEntry = optionalUser.get();
        if (!authCredentials.isAuthenticated()) {
            if (!isAuthenticated(connection, userEntry, authCredentials)) {
                LOG.debug("Invalid credentials for user <{}> (DN: {})", authCredentials.username(), userEntry.dn());
                return Optional.empty();
            }
        }
        final UserDetails userDetails = provisionerService.provision(provisionerService.newDetails(this).authServiceType(backendType()).authServiceId(backendId()).accountIsEnabled(true).base64AuthServiceUid(userEntry.base64UniqueId()).username(userEntry.username()).fullName(userEntry.fullName()).email(userEntry.email()).defaultRoles(backend.defaultRoles()).build());
        return Optional.of(AuthenticationDetails.builder().userDetails(userDetails).build());
    } catch (GeneralSecurityException e) {
        LOG.error("Error setting up TLS connection", e);
        throw new AuthenticationServiceUnavailableException("Error setting up TLS connection", e);
    } catch (LDAPException e) {
        LOG.error("LDAP error", e);
        throw new AuthenticationServiceUnavailableException("LDAP error", e);
    }
}
Also used : UserDetails(org.graylog.security.authservice.UserDetails) LDAPException(com.unboundid.ldap.sdk.LDAPException) GeneralSecurityException(java.security.GeneralSecurityException) LDAPUser(org.graylog.security.authservice.ldap.LDAPUser) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) AuthenticationServiceUnavailableException(org.graylog2.shared.security.AuthenticationServiceUnavailableException)

Aggregations

LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)2 LDAPException (com.unboundid.ldap.sdk.LDAPException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 UserDetails (org.graylog.security.authservice.UserDetails)2 LDAPUser (org.graylog.security.authservice.ldap.LDAPUser)2 AuthenticationServiceUnavailableException (org.graylog2.shared.security.AuthenticationServiceUnavailableException)2