Github user jmuehlner commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/68#discussion_r77439930
--- Diff:
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java
---
@@ -205,38 +214,80 @@ private LDAPConnection bindAs(Credentials credentials)
* denied.
*/
public AuthenticatedUser authenticateUser(Credentials credentials)
- throws GuacamoleException {
-
- // Attempt bind
- LDAPConnection ldapConnection;
- try {
- ldapConnection = bindAs(credentials);
- }
- catch (GuacamoleException e) {
- logger.error("Cannot bind with LDAP server: {}",
e.getMessage());
- logger.debug("Error binding with LDAP server.", e);
- ldapConnection = null;
- }
-
- // If bind fails, permission to login is denied
- if (ldapConnection == null)
- throw new GuacamoleInvalidCredentialsException("Permission
denied.", CredentialsInfo.USERNAME_PASSWORD);
-
- try {
-
- // Return AuthenticatedUser if bind succeeds
- AuthenticatedUser authenticatedUser =
authenticatedUserProvider.get();
- authenticatedUser.init(credentials);
- return authenticatedUser;
-
- }
-
- // Always disconnect
- finally {
- ldapService.disconnect(ldapConnection);
- }
-
+ throws GuacamoleException {
+
+ // Attempt bind
+ LDAPConnection ldapConnection;
+ try {
+ ldapConnection = bindAs(credentials);
+ }
+ catch (GuacamoleException e) {
+ logger.error("Cannot bind with LDAP server: {}",
e.getMessage());
+ logger.debug("Error binding with LDAP server.", e);
+ ldapConnection = null;
+ }
+
+ // If bind fails, permission to login is denied
+ if (ldapConnection == null)
+ throw new
GuacamoleInvalidCredentialsException("Permission denied.",
CredentialsInfo.USERNAME_PASSWORD);
+
+ boolean authenticated=true;
+ // check if login in user also meet additional search filter.
+ if(confService.getAdditionalSearchFilter().length()>0)
+ {
+ authenticated=false;
+ for (String usernameAttribute :
confService.getUsernameAttributes()) {
+ try{
+ String ldapSearchFilter=
"(&(objectClass=*)(" +
escapingService.escapeLDAPSearchFilter(usernameAttribute) +
"="+credentials.getUsername()+")"
+
+confService.getAdditionalSearchFilter().trim()+")";
+
+ logger.debug("ldap search filter is
:"+ldapSearchFilter);
+ // Find all Guacamole users underneath
base DN
+ LDAPSearchResults results =
ldapConnection.search(
+
confService.getUserBaseDN(),
+
LDAPConnection.SCOPE_SUB,
+ ldapSearchFilter,
+ null,
+ false
+ );
+
+ // Read all visible users
+ while (results.hasMore()) {
+ authenticated=true;
+ logger.debug("ldap search find
at least one match with filter: "+ldapSearchFilter);
+ break;
+ }
+ }
+ catch (LDAPException e) {
+ logger.warn("ldap search failed with
additional filter"+confService.getAdditionalSearchFilter());
+ throw new
GuacamoleServerException("Error while querying users with additional filter",
e);
+ }
+ }
+ }
+
+
+ try{
+ if(authenticated)
--- End diff --
There should be a space between "try" and the following curly bracket =>
"try {",
and a space between "if" and the following parenthesis => "if (".
In general, only function calls should appear with no space, .e.g.
"results.hasMore()".
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
