Please open up a Bugzilla item and submit your changes as patches. Thanks! Best regards,
Mark Orciuch - [EMAIL PROTECTED] Jakarta Jetspeed - Enterprise Portal in Java http://jakarta.apache.org/jetspeed/ > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 14, 2003 12:39 PM > To: [EMAIL PROTECTED] > Subject: LDAP/AD Authentication Service > > > > Below is modification to an LDAP Authentication service I > previously submitted > to this mailing list to authenticate users of LDAP/AD. > > Add parameters section of text to you Jetspeed's > JetspeedSecurity.properties > file and configure to use the class below. Drop the jar of the > class into > /webapps/jetspeed/WEB-INF/lib and the properties file into > /webapps/jetspeed/WEB-INF/conf. > > The modification I've recently made gets rid of the issues I had > previously > and takes advantage of the recent logging changes. > > In a nutshell: > > No LDAP/AD schema modifications are needed for this authentication service > to work. There are a number of service configuration parameters > (See code.) > that make the service fairly portable between schema configurations. > > The user is authenticated off of LDAP/AD, the Jetspeed framework > unmodified > requires caching the password, and other user attributes to the Jetpseed > database. So, the account is created with these attributes > populated. Later, > logins update the password and additional attribute information in the > database to reflect changes in LDAP/AD. > > SSL is untested and incomplete... > > > -Michael <[EMAIL PROTECTED]> > > > ######################################### > # LDAPAuthentication Additions # > # --- # > # Additional parameters supported # > # check code. # > ######################################### > services.JetspeedSecurity.browse.user.dn=CN=Michael J. > Walsh\,CN=Users\,DC=llameante\,DC=nemonik\,DC=com > services.JetspeedSecurity.browse.user.password=password > #services.JetspeedSecurity.server.port=389 > services.JetspeedSecurity.server.host=127.0.0.1 > services.JetspeedSecurity.server.type=3 > services.JetspeedSecurity.user.search.base.dn=DC=llameante\,DC=nem > onik\,DC=com > #services.JetspeedSecurity.user.match.attribute=sAMAccountName > > > package mil.jfcom.cie.jetspeed.security; > > //2345678|012345678|012345678|012345678|012345678|012345678|012345 > 678|012345 > 678| > > /* > * LDAPAuthentication.java > * > * Created on June 4, 2003, 3:12 PM > */ > // Java imports > import java.util.*; > > import javax.naming.Context; > import javax.naming.NamingEnumeration; > import javax.naming.NamingException; > import javax.naming.directory.Attribute; > import javax.naming.directory.Attributes; > import javax.naming.directory.BasicAttribute; > import javax.naming.directory.BasicAttributes; > import javax.naming.directory.DirContext; > import javax.naming.directory.InitialDirContext; > import javax.naming.directory.SearchResult; > import javax.naming.directory.SearchControls; > import javax.naming.ldap.InitialLdapContext; > > import javax.servlet.ServletConfig; > > import > org.apache.jetspeed.services.security.turbine.TurbineAuthentication; > import org.apache.jetspeed.services.security.LoginException; > import org.apache.jetspeed.services.logging.JetspeedLogFactoryService; > import org.apache.jetspeed.services.logging.JetspeedLogger; > import org.apache.jetspeed.services.security.PortalAuthentication; > import org.apache.jetspeed.om.security.JetspeedUser; > import org.apache.jetspeed.om.security.UserNamePrincipal; > import org.apache.jetspeed.services.security.JetspeedSecurityException; > import org.apache.jetspeed.services.security.FailedLoginException; > import org.apache.jetspeed.services.security.UnknownUserException; > import org.apache.jetspeed.services.JetspeedSecurity; > import org.apache.jetspeed.services.security.JetspeedSecurityCache; > import org.apache.turbine.services.InitializationException; > import org.apache.turbine.services.resources.ResourceService; > import org.apache.turbine.services.TurbineServices; > import org.apache.jetspeed.services.security.JetspeedSecurityService; > > //import org.apache.turbine.util.logger; > > /** > * This class provides for LDAP authentication.<p> > * > * > * > [EMAIL PROTECTED] walsh <[EMAIL PROTECTED]> > [EMAIL PROTECTED] June 26, 2003 > */ > public class LDAPAuthentication > extends TurbineAuthentication > implements PortalAuthentication { > > /** > * Static initialization of the logger for this class > */ > private static final JetspeedLogger logger > = > JetspeedLogFactoryService.getLogger(LDAPAuthentication.class.getName()); > > private final static String DEFAULT_CTX = > "com.sun.jndi.ldap.LdapCtxFactory"; > > private final static String CACHING_ENABLE = "caching.enable"; > > // If browseUserDN is set, then the LDAP directory is bound to > // using browseUserDN/browseUserPassword, a distinguished name > // matching the filter userMatchAttribute (Default is > // "sAMAccountName".) is searched for. Authentication fails, if one > // is not found. Otherwise, the distinguished name is used to > // to bind and authenticate the user. > // > // For example: > // > services.JetspeedSecurity.browse.user.dn=CN=Walsh\\,Michael\,OU=Ad > min Users\,DC=ad\,DC=exer\,DC=jwfc\,DC=jfcom\,DC=mil > private final static String BROWSE_USER_DN = "browse.user.dn"; > > // The password to use to connect to the directory for the search. > private final static String BROWSE_USER_PASSWORD = > "browse.user.password"; > > // The directory server port. Defaulted to port 389. > private final static String SERVER_PORT = "server.port"; > > // The directory server host address > private final static String SERVER_HOST = "server.host"; > > // The directory server type (1, 2, or 3). Default is 2. > private final static String SERVER_TYPE = "server.type"; > > // Toggle server connection security to SSL, if true. > // Otherwise, security is assumed to be simple. > private final static String SERVER_SSL_ENABLE = "server.ssl.enable"; > > // The base DN to search from. > // > // For example: > // > services.JetspeedSecurity.user.search.base.dn=CN=Users\,DC=ad\,DC= > exer\,DC=jwfc\,DC=jfcom\,DC=mil > private final static String USER_SEARCH_BASE_DN = > "user.search.base.dn"; > > // The user attribute to search for. The default is "sAMAccountName". > private final static String USER_MATCH_ATTRIBUTE = > "user.match.attribute"; > > // A prefix to add to the username when forming the user's > distinguished > // name (DN). > private final static String USER_DN_PREFIX = "user.dn.prefix"; > > // A postfix to add to the username when forming the user's > distinguished > // name (DN). > private final static String USER_DN_POSTFIX = "user.dn.postfix"; > > // The user LDAP attribute for distinguished name. The default is > // "distinguishedName". > private final static String USER_DISTINGUISHED_NAME_ATTRIBUTE > = "user.distinguished.name.attribute"; > > // The user LDAP attribute for firstname. The default is "givenName". > private final static String USER_FIRST_NAME_ATTRIBUTE > = "user.last.name.attribute"; > > // The user LDAP attribute for lastname. The default is "sn". > private final static String USER_LAST_NAME_ATTRIBUTE > = "user.first.name.attribute"; > > // The user LDAP attribute for display name. The default is > "displayName". > private final static String USER_DISPLAY_NAME_ATTRIBUTE > = "user.display.name.attribute"; > > // The user LDAP attribute for email address. The default is "mail". > private final static String USER_EMAIL_ATTRIBUTE > = "user.email.attribute"; > > private boolean _cachingEnable = true; > private String _browseUserDN = null; > private String _browseUserPassword = null; > private int _serverPort = 389; > private String _serverHost; > private int _serverType = 2; > private boolean _serverSSLEnable = false; > private String _userSearchBaseDN = "/"; > private String _userMatchAttribute = "sAMAccountName"; > private String _userDNPrefix; > private String _userDNPostfix; > private String _userDistinguishedNameAttribute = "distinguishedName"; > private String _userFirstNameAttribute = "givenName"; > private String _userLastNameAttribute = "sn"; > private String _userDisplayNameAttribute = "displayName"; > private String _userEmailAttribute = "mail"; > > /** > * logger in a Jetspeed user. > * > [EMAIL PROTECTED] username The username. > [EMAIL PROTECTED] password The password. > [EMAIL PROTECTED] JetspeedUser account object. > [EMAIL PROTECTED] LoginException Thrown, if unable to log in. > */ > public JetspeedUser login(String username, String password) > throws LoginException { > > if (username == null || username.equals("")) { > logger.info("Username is null or empty."); > throw new FailedLoginException("Username is null or empty."); > } > > if (password == null || password.equals("")) { > logger.info("Password is null or empty."); > throw new FailedLoginException("Password is null or empty."); > } > > username = JetspeedSecurity.convertUserName(username); > password = JetspeedSecurity.convertPassword(password); > > if (username.equals("turbine") > || username.equals("admin") > || username.matches("^_.*")) { > // These are special users, and therefore, don't > exist in LDAP. > // We roll upward to use Turbine Authentication on them > return (super.login(username, password)); > } > > String userDN = _userDNPrefix + username + _userDNPostfix; > > // If the browse user DN is set then we need to attach to the > // directory and find the userDN, overwriting the above. > if (_browseUserDN != null) { > logger.debug("LDAPAuthentication: Browsing for user <" > + username > + ">."); > try { > userDN = findUserDN(username); > } catch (NamingException ne) { > // do nothing. use the userDN setting as set > } > } > > JetspeedUser jetspeedUser = null; > > // The user exists. Try to bind the user and log the user in. > try { > > Properties env = new Properties(); > > env.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX); > env.put(Context.PROVIDER_URL, "ldap://" + _serverHost + ":" > + String.valueOf(_serverPort)); > env.put("java.naming.ldap.version", > String.valueOf(_serverType)); > > if (_serverSSLEnable) { > // Specify SSL > env.put(Context.SECURITY_PROTOCOL, "ssl"); > } > > env.put(Context.SECURITY_AUTHENTICATION, "simple"); > env.setProperty(Context.SECURITY_PRINCIPAL, userDN); > env.put(Context.SECURITY_CREDENTIALS, password); > > logger.debug( > "LDAPAuthentication: logging into LDAP > server, env = " > + env); > DirContext ctx = new InitialDirContext(env); > > try { > // Hit the Jetspeed database looking for the user > jetspeedUser = > JetspeedSecurity.getUser( > new UserNamePrincipal(username)); > } catch(JetspeedSecurityException jse) { > // The user has never logged in before so > // generate a new JetspeedUser instance > jetspeedUser = JetspeedSecurity.getUserInstance(); > > jetspeedUser.setUserName(username); > jetspeedUser.setPassword(password); > > jetspeedUser.setConfirmed("CONFIRMED"); > jetspeedUser.setDisabled(false); > > jetspeedUser.setLastLogin(new Date()); > > jetspeedUser.setCreateDate(new Date()); > jetspeedUser.setAccessCounter(0); > } > > String[] atrrIDs = new String[4]; > atrrIDs[0] = _userFirstNameAttribute; > atrrIDs[1] = _userLastNameAttribute; > atrrIDs[2] = _userDisplayNameAttribute; > atrrIDs[3] = _userEmailAttribute; > > Attributes attributes = null; > > logger.debug("LDAPAuthentication: Pulling user > attributes from" > + " LDAP server"); > > attributes = ctx.getAttributes(userDN, atrrIDs); > > jetspeedUser.setEmail( > getAttributeString(_userEmailAttribute, > attributes.get(_userEmailAttribute))); > > jetspeedUser.setName( > getAttributeString(_userDisplayNameAttribute, > attributes.get(_userDisplayNameAttribute))); > > jetspeedUser.setFirstName( > getAttributeString(_userFirstNameAttribute, > attributes.get(_userFirstNameAttribute))); > > jetspeedUser.setLastName( > getAttributeString(_userLastNameAttribute, > attributes.get(_userLastNameAttribute))); > > jetspeedUser.setAccessCounter( > jetspeedUser.getAccessCounter() + 1); > > jetspeedUser.setAccessCounterForSession(0); > jetspeedUser.setHasLoggedIn(new Boolean(true)); > > jetspeedUser.setPassword(password); > > // The user has never logged in before so add 'em to the > // Jetspeed database. > if (jetspeedUser.getAccessCounter() == 1) > JetspeedSecurity.addUser(jetspeedUser); > > ctx.close(); > env.clear(); > > jetspeedUser.updateLastLogin(); > putUserIntoContext(jetspeedUser); > > if (_cachingEnable) { > JetspeedSecurityCache.load(username); > } > > } catch(Exception e) { > // Catch all the uncaught expections and throw a > LoginException > logger.error("Could not login Jetspeed user, <" > + e.getClass().getName() > + " -- " > + e.getMessage() + ">"); > throw new LoginException("Could not login " > + " Jetspeed user."); > > } > > logger.debug( > "LDAPAuthentication: Leaving login method, returning" > + " JetspeedUser object for <" > + jetspeedUser.getUserName() + ">"); > > return(jetspeedUser); > } > > > /** > * Initialize the LDAP Authentication service > * > [EMAIL PROTECTED] conf Description of Parameter > [EMAIL PROTECTED] InitializationException Description of Exception > */ > public synchronized void init(ServletConfig conf) > throws InitializationException { > if (getInit()) { > return; > } > > super.init(conf); > > logger.info("LDAPAuthentication: Initializing..."); > > // get configuration parameters from Jetspeed Resources > ResourceService serviceConf > = ((TurbineServices) TurbineServices.getInstance()) > .getResources(JetspeedSecurityService.SERVICE_NAME); > > _cachingEnable = serviceConf.getBoolean(CACHING_ENABLE, > _cachingEnable); > > setBrowseUserDN(serviceConf.getString(BROWSE_USER_DN)); > > setBrowseUserPassword(serviceConf.getString(BROWSE_USER_PASSWORD)); > setServerPort(serviceConf.getInt(SERVER_PORT, _serverPort)); > setServerHost(serviceConf.getString(SERVER_HOST)); > setServerType(serviceConf.getInt(SERVER_TYPE, _serverType)); > setServerSSLEnable( > serviceConf.getBoolean(SERVER_SSL_ENABLE, > _serverSSLEnable)); > setUserSearchBaseDN( > serviceConf.getString(USER_SEARCH_BASE_DN, > _userSearchBaseDN)); > setUserMatchAttribute( > serviceConf.getString(USER_MATCH_ATTRIBUTE, > _userMatchAttribute)); > setUserDNPrefix(serviceConf.getString(USER_DN_PREFIX)); > setUserDNPostfix(serviceConf.getString(USER_DN_POSTFIX)); > > setUserDistinguishedNameAttribute( > serviceConf.getString(USER_DISTINGUISHED_NAME_ATTRIBUTE, > _userDistinguishedNameAttribute)); > setUserFirstNameAttribute( > serviceConf.getString(USER_FIRST_NAME_ATTRIBUTE, > _userFirstNameAttribute)); > setUserLastNameAttribute( > serviceConf.getString(USER_LAST_NAME_ATTRIBUTE, > _userLastNameAttribute)); > setUserDisplayNameAttribute( > serviceConf.getString(USER_DISPLAY_NAME_ATTRIBUTE, > _userDisplayNameAttribute)); > setUserEmailAttribute( > serviceConf.getString(USER_EMAIL_ATTRIBUTE, > _userEmailAttribute)); > > setInit(true); > } > > > /** > * Sets the application user account DN * > * > [EMAIL PROTECTED] browseUserDN The new browseUserDN value > */ > protected void setBrowseUserDN(String browseUserDN) { > _browseUserDN = browseUserDN; > } > > > /** > * Sets the application user account password * > * > [EMAIL PROTECTED] browseUserPassword The new > browseUserPassword value > [EMAIL PROTECTED] IllegalArgumentException Description of Exception > */ > protected void setBrowseUserPassword(String browseUserPassword) > throws IllegalArgumentException { > if ((_browseUserDN.length() > 1) && > (browseUserPassword.length() < 1)) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME + "." > + BROWSE_USER_PASSWORD + "value must be set, if " > + JetspeedSecurityService.SERVICE_NAME + "." > + BROWSE_USER_DN + "is set."); > throw new IllegalArgumentException(); > } > > _browseUserPassword = browseUserPassword; > } > > > /** > * Sets whether or not the LDAP connection is SSL'ed * > * > [EMAIL PROTECTED] serverSSLEnable The new serverSSLEnable value > */ > protected void setServerSSLEnable(boolean serverSSLEnable) { > Boolean b = new Boolean(serverSSLEnable); > _serverSSLEnable = serverSSLEnable; > } > > > /** > * Sets the LDAP server port to connect to * > * > [EMAIL PROTECTED] port The new serverPort value > [EMAIL PROTECTED] IllegalArgumentException Description of Exception > */ > protected void setServerPort(int port) > throws IllegalArgumentException { > // if the entered port is outside accepted > // port numbers, throw the exception > if (port > 65536 || port < 0) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME > + "." + SERVER_PORT > + "value must be between 0 and 65536."); > throw new IllegalArgumentException(); > } else { > _serverPort = port; > } > } > > > /** > * Sets the LDAP server Host to connect to * > * > [EMAIL PROTECTED] serverHost The new serverHost value > [EMAIL PROTECTED] IllegalArgumentException Description of Exception > */ > protected void setServerHost(String serverHost) > throws IllegalArgumentException { > if (serverHost.length() < 1) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME > + "." + SERVER_HOST > + "value must be set."); > throw new IllegalArgumentException(); > } > _serverHost = serverHost; > } > > > /** > * Sets the LDAP server type * > * > [EMAIL PROTECTED] serverType The new serverType value > [EMAIL PROTECTED] IllegalArgumentException Description of Exception > */ > protected void setServerType(int serverType) > throws IllegalArgumentException { > // if the entered server type is outside accepted > // range, throw the exception > > if ((serverType < 0) || (serverType > 4)) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME > + "." + SERVER_TYPE > + " value must be between 1 and 3."); > throw new IllegalArgumentException(); > } else { > _serverType = serverType; > } > } > > > /** > * Sets the user search base DN * > * > [EMAIL PROTECTED] userSearchBaseDN The new userSearchBaseDN value > [EMAIL PROTECTED] IllegalArgumentException Description of Exception > */ > protected void setUserSearchBaseDN(String userSearchBaseDN) > throws IllegalArgumentException { > if ((_browseUserDN.length() > 1) && > (userSearchBaseDN.length() < 1)) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME + "." > + USER_MATCH_ATTRIBUTE + "value must be set, if " > + JetspeedSecurityService.SERVICE_NAME + "." > + USER_SEARCH_BASE_DN + "is set."); > throw new IllegalArgumentException(); > } > _userSearchBaseDN = userSearchBaseDN; > } > > > /** > * Sets the user match attribute value * > * > [EMAIL PROTECTED] userMatchAttribute The new > userMatchAttribute value > [EMAIL PROTECTED] IllegalArgumentException Description of Exception > */ > protected void setUserMatchAttribute(String userMatchAttribute) > throws IllegalArgumentException { > if ((_browseUserDN.length() > 1) && > (userMatchAttribute.length() < 1)) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME + "." > + USER_MATCH_ATTRIBUTE + "value must be set, if " > + JetspeedSecurityService.SERVICE_NAME + "." > + BROWSE_USER_DN + "is set."); > throw new IllegalArgumentException(); > } > _userMatchAttribute = userMatchAttribute; > } > > > /** > * Sets the user DN prefix value * > * > [EMAIL PROTECTED] userDNPrefix The new userDNPrefix value > */ > protected void setUserDNPrefix(String userDNPrefix) { > if (userDNPrefix == null) { > userDNPrefix = ""; > } > _userDNPrefix = userDNPrefix; > } > > /** > * Sets the user DN prefix value * > * > [EMAIL PROTECTED] userDNPostfix The new userDNPostfix value > */ > protected void setUserDNPostfix(String userDNPostfix) { > if (userDNPostfix == null) { > userDNPostfix = ""; > } > _userDNPostfix = userDNPostfix; > } > > > /** > * Sets the user distinguished name attribute value * > * > [EMAIL PROTECTED] userDistinguishedNameAttribute The new > userDistinguishedNameAttribute value > */ > protected void setUserDistinguishedNameAttribute( > String userDistinguishedNameAttribute) > throws IllegalArgumentException { > if (userDistinguishedNameAttribute.length() < 1) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME + "." > + USER_DISTINGUISHED_NAME_ATTRIBUTE > + "value must be set."); > throw new IllegalArgumentException(); > } > _userDistinguishedNameAttribute = userDistinguishedNameAttribute; > } > > > protected void setUserFirstNameAttribute(String > userFirstNameAttribute) > throws IllegalArgumentException { > if (userFirstNameAttribute.length() < 1) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME + "." > + USER_FIRST_NAME_ATTRIBUTE + "value must be set."); > throw new IllegalArgumentException(); > } > _userFirstNameAttribute = userFirstNameAttribute; > } > > protected void setUserLastNameAttribute(String userLastNameAttribute) > throws IllegalArgumentException { > if (userLastNameAttribute.length() < 1) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME + "." > + USER_LAST_NAME_ATTRIBUTE + "value must be set."); > throw new IllegalArgumentException(); > } > _userLastNameAttribute = userLastNameAttribute; > } > > protected void setUserDisplayNameAttribute(String > userDisplayNameAttribute) > throws IllegalArgumentException { > if (userDisplayNameAttribute.length() < 1) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME + "." > + USER_DISPLAY_NAME_ATTRIBUTE + "value must > be set."); > throw new IllegalArgumentException(); > } > _userDisplayNameAttribute = userDisplayNameAttribute; > } > > protected void setUserEmailAttribute(String userEmailAttribute) > throws IllegalArgumentException { > if (userEmailAttribute.length() < 1) { > logger.error( > "LDAPAuthentication: " > + JetspeedSecurityService.SERVICE_NAME + "." > + USER_EMAIL_ATTRIBUTE + "value must be set."); > throw new IllegalArgumentException(); > } > _userEmailAttribute = userEmailAttribute; > } > > > /** > * Find the user for a given username > * > [EMAIL PROTECTED] username The user submitted username > [EMAIL PROTECTED] The distinguished name String > for the user > [EMAIL PROTECTED] NamingException Returned, if unable to bind. > */ > protected String findUserDN(String username) > throws NamingException { > String userDN = null; > > Properties env = new Properties(); > > env.put(Context.INITIAL_CONTEXT_FACTORY, DEFAULT_CTX); > env.put(Context.PROVIDER_URL, "ldap://" + _serverHost + ":" > + String.valueOf(_serverPort)); > env.put("java.naming.ldap.version", String.valueOf(_serverType)); > > if (_serverSSLEnable) { > // Specify SSL > env.put(Context.SECURITY_PROTOCOL, "ssl"); > } > > env.put(Context.SECURITY_AUTHENTICATION, "simple"); > env.setProperty(Context.SECURITY_PRINCIPAL, _browseUserDN); > env.put(Context.SECURITY_CREDENTIALS, _browseUserPassword); > > InitialLdapContext ctx; > > try { > logger.debug( > "LDAPAuthentication: logging into LDAP > server, " + env); > ctx = new InitialLdapContext(env, null); > logger.debug( > "LDAPAuthentication: logged into LDAP > server, " + ctx); > } catch (NamingException e) { > logger.error( > "LDAPAuthentication: <" > + _browseUserDN > + "> failed to connect to " > + _serverHost > + ", " > + e.getMessage()); > env.clear(); > throw new NamingException(); > } > > // set up subtree scope > SearchControls constraints = new SearchControls(); > constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); > > // only interested in distinguishedName attribute > String attrList[] = {"distinguishedName"}; > constraints.setReturningAttributes(attrList); > constraints.setDerefLinkFlag(true); > > Attributes matchAttrs = new BasicAttributes(true); > matchAttrs.put(new BasicAttribute(_userMatchAttribute, username)); > > String filter = "(" + _userMatchAttribute + "=" + username + ")"; > > logger.debug("LDAPAuthentication: Searching with filter > = " + filter); > > NamingEnumeration response > = ctx.search(_userSearchBaseDN, filter, constraints); > > int numFound = 0; > > // tromp through results. last match returned > if (response.hasMore()) { > SearchResult result = (SearchResult) response.next(); > Attributes attributes = result.getAttributes(); > if (attributes != null) { > Attribute dn = attributes.get("distinguishedName"); > if (dn != null) { > userDN = (String) dn.get(); > numFound++; > } > } > } > > // close connection for browse user > ctx.close(); > > if (numFound > 1) { > logger.warn( > "LDAPAuthentication: Not an error, but we found " > + numFound + " matches for " > + username + "."); > env.clear(); > throw new NamingException(); > } > > logger.debug( > "LDAPAuthentication: Returning user DN = <" + > userDN + ">"); > env.clear(); > return (userDN); > } > > /** > * Returns the String value for the specified LDAP attribute ID. > * > [EMAIL PROTECTED] attributeID Ued for error reporting. > [EMAIL PROTECTED] attribute The Attribute of interest > [EMAIL PROTECTED] The String value of the attribute. > */ > protected String getAttributeString(String attributeID, > Attribute attribute) { > if (attribute != null) { > try { > if (attribute.get() != null) { > logger.debug( > "LDAPAuthentication: " + attribute.getID() > + " = " + (String) attribute.get()); > return ((String) attribute.get()); > } else { > logger.debug( > "LDAPAuthentication: " + attribute.getID() > + " = null, returning empty string."); > return ("EMPTY"); > } > } catch (NamingException ne) { > logger.debug( > "LDAPAuthentication: Unable to access " > + attribute.getID() + " attribute, returning" > + " empty string."); > return ("EMPTY"); > } > } else { > logger.debug( > "LDAPAuthentication: " + attributeID > + " attribute does not exist for this user, > returning" > + " empty string."); > return ("EMPTY"); > } > } > } > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]