Examples with LdapEntry org.graylog2.shared.security.ldap.LdapEntry used on opensource projects

Search in sources :

Example 6 with LdapEntry

use of org.graylog2.shared.security.ldap.LdapEntry in project graylog2-server by Graylog2.

the class LdapConnectorTest method testGroupOfUniqueNamesLookup.

@Test
public void testGroupOfUniqueNamesLookup() throws Exception {
    final LdapEntry entry = connector.search(connection, "ou=users,dc=example,dc=com", "(&(objectClass=posixAccount)(uid={0}))", "cn", "john", false, "ou=groups,dc=example,dc=com", "cn", "(objectClass=groupOfUniqueNames)");
    assertThat(entry).isNotNull();
    assertThat(entry.getDn()).isNotNull().isEqualTo("cn=John Doe,ou=users,dc=example,dc=com");
    assertThat(entry.getGroups()).hasSize(2).contains("Engineers", "Whitespace Engineers");
}
Also used : LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) Test(org.junit.Test)

Example 7 with LdapEntry

use of org.graylog2.shared.security.ldap.LdapEntry in project graylog2-server by Graylog2.

the class LdapConnectorTest method testUserLookup.

@Test
public void testUserLookup() throws Exception {
    final LdapEntry entry = connector.search(connection, "ou=users,dc=example,dc=com", "(&(objectClass=posixAccount)(uid={0}))", "cn", "john", false, "ou=groups,dc=example,dc=com", "cn", "(|(objectClass=groupOfNames)(objectClass=posixGroup))");
    assertThat(entry).isNotNull();
    assertThat(entry.getDn()).isNotNull().isEqualTo("cn=John Doe,ou=users,dc=example,dc=com");
    assertThat(entry.getGroups()).hasSize(2).contains("QA", "Developers");
}
Also used : LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) Test(org.junit.Test)

Example 8 with LdapEntry

use of org.graylog2.shared.security.ldap.LdapEntry in project graylog2-server by Graylog2.

the class LdapConnectorTest method testPosixGroupLookup.

@Test
public void testPosixGroupLookup() throws Exception {
    final LdapEntry entry = connector.search(connection, "ou=users,dc=example,dc=com", "(&(objectClass=posixAccount)(uid={0}))", "cn", "john", false, "ou=groups,dc=example,dc=com", "cn", "(objectClass=posixGroup)");
    assertThat(entry).isNotNull();
    assertThat(entry.getDn()).isNotNull().isEqualTo("cn=John Doe,ou=users,dc=example,dc=com");
    assertThat(entry.getGroups()).hasSize(1).contains("Developers");
}
Also used : LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) Test(org.junit.Test)

Example 9 with LdapEntry

use of org.graylog2.shared.security.ldap.LdapEntry in project graylog2-server by Graylog2.

the class LdapUserAuthenticator method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authtoken) throws AuthenticationException {
    // safe, we only handle this type
    final UsernamePasswordToken token = (UsernamePasswordToken) authtoken;
    final LdapSettings ldapSettings = ldapSettingsService.load();
    if (ldapSettings == null || !ldapSettings.isEnabled()) {
        LOG.trace("LDAP is disabled, skipping");
        return null;
    }
    final LdapConnectionConfig config = new LdapConnectionConfig();
    config.setLdapHost(ldapSettings.getUri().getHost());
    config.setLdapPort(ldapSettings.getUri().getPort());
    config.setUseSsl(ldapSettings.getUri().getScheme().startsWith("ldaps"));
    config.setUseTls(ldapSettings.isUseStartTls());
    if (ldapSettings.isTrustAllCertificates()) {
        config.setTrustManagers(new TrustAllX509TrustManager());
    }
    config.setName(ldapSettings.getSystemUserName());
    config.setCredentials(ldapSettings.getSystemPassword());
    final String principal = (String) token.getPrincipal();
    final char[] tokenPassword = firstNonNull(token.getPassword(), new char[0]);
    final String password = String.valueOf(tokenPassword);
    // do not try to look a token up in LDAP if there is no principal or password
    if (isNullOrEmpty(principal) || isNullOrEmpty(password)) {
        LOG.debug("Principal or password were empty. Not trying to look up a token in LDAP.");
        return null;
    }
    try (final LdapNetworkConnection connection = ldapConnector.connect(config)) {
        if (null == connection) {
            LOG.error("Couldn't connect to LDAP directory");
            return null;
        }
        final LdapEntry userEntry = ldapConnector.search(connection, ldapSettings.getSearchBase(), ldapSettings.getSearchPattern(), ldapSettings.getDisplayNameAttribute(), principal, ldapSettings.isActiveDirectory(), ldapSettings.getGroupSearchBase(), ldapSettings.getGroupIdAttribute(), ldapSettings.getGroupSearchPattern());
        if (userEntry == null) {
            LOG.debug("User {} not found in LDAP", principal);
            return null;
        }
        // needs to use the DN of the entry, not the parameter for the lookup filter we used to find the entry!
        final boolean authenticated = ldapConnector.authenticate(connection, userEntry.getDn(), password);
        if (!authenticated) {
            LOG.info("Invalid credentials for user {} (DN {})", principal, userEntry.getDn());
            return null;
        }
        // user found and authenticated, sync the user entry with mongodb
        final User user = syncFromLdapEntry(userEntry, ldapSettings, principal);
        if (user == null) {
            // in case there was an error reading, creating or modifying the user in mongodb, we do not authenticate the user.
            LOG.error("Unable to sync LDAP user {} (DN {})", userEntry.getBindPrincipal(), userEntry.getDn());
            return null;
        }
        return new SimpleAccount(principal, null, "ldap realm");
    } catch (LdapException e) {
        LOG.error("LDAP error", e);
    } catch (CursorException e) {
        LOG.error("Unable to read LDAP entry", e);
    } catch (Exception e) {
        LOG.error("Error during LDAP user account sync. Cannot log in user {}", principal, e);
    }
    // Return null by default to ensure a login failure if anything goes wrong.
    return null;
}
Also used : SimpleAccount(org.apache.shiro.authc.SimpleAccount) User(org.graylog2.plugin.database.users.User) LdapConnectionConfig(org.apache.directory.ldap.client.api.LdapConnectionConfig) LdapEntry(org.graylog2.shared.security.ldap.LdapEntry) LdapNetworkConnection(org.apache.directory.ldap.client.api.LdapNetworkConnection) TrustAllX509TrustManager(org.graylog2.security.TrustAllX509TrustManager) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) NotFoundException(org.graylog2.database.NotFoundException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) ValidationException(org.graylog2.plugin.database.ValidationException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) CursorException(org.apache.directory.api.ldap.model.cursor.CursorException) LdapException(org.apache.directory.api.ldap.model.exception.LdapException) LdapSettings(org.graylog2.shared.security.ldap.LdapSettings)

Example 10 with LdapEntry

use of org.graylog2.shared.security.ldap.LdapEntry in project graylog2-server by Graylog2.

the class LdapUserAuthenticator method syncFromLdapEntry.

@Nullable
@VisibleForTesting
User syncFromLdapEntry(LdapEntry userEntry, LdapSettings ldapSettings, String username) {
    User user = userService.load(username);
    // create new user object if necessary
    if (user == null) {
        user = userService.create();
    }
    // update user attributes from ldap entry
    updateFromLdap(user, userEntry, ldapSettings, username);
    try {
        userService.save(user);
    } catch (ValidationException e) {
        LOG.error("Cannot save user.", e);
        return null;
    }
    return user;
}
Also used : User(org.graylog2.plugin.database.users.User) ValidationException(org.graylog2.plugin.database.ValidationException) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Nullable(javax.annotation.Nullable)

Aggregations

LdapEntry (org.graylog2.shared.security.ldap.LdapEntry)12 Test (org.junit.Test)8 CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)4 LdapException (org.apache.directory.api.ldap.model.exception.LdapException)4 User (org.graylog2.plugin.database.users.User)4 IOException (java.io.IOException)3 ValidationException (org.graylog2.plugin.database.ValidationException)3 LdapSettings (org.graylog2.shared.security.ldap.LdapSettings)3 UserImpl (org.graylog2.users.UserImpl)3 UncheckedTimeoutException (com.google.common.util.concurrent.UncheckedTimeoutException)2 UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)2 Nullable (javax.annotation.Nullable)2 EntryCursor (org.apache.directory.api.ldap.model.cursor.EntryCursor)2 Attribute (org.apache.directory.api.ldap.model.entry.Attribute)2 Entry (org.apache.directory.api.ldap.model.entry.Entry)2 LdapInvalidDnException (org.apache.directory.api.ldap.model.exception.LdapInvalidDnException)2 LdapConnectionConfig (org.apache.directory.ldap.client.api.LdapConnectionConfig)2 LdapNetworkConnection (org.apache.directory.ldap.client.api.LdapNetworkConnection)2 NotFoundException (org.graylog2.database.NotFoundException)2 TrustAllX509TrustManager (org.graylog2.security.TrustAllX509TrustManager)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial