Author: baedke Date: Thu Oct 13 15:21:35 2016 New Revision: 1764706 URL: http://svn.apache.org/viewvc?rev=1764706&view=rev Log: OAK-4931: LdapIdentityProvider doesn't use configured custom attributes for all searches
Modified: jackrabbit/oak/branches/1.4/ (props changed) jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Propchange: jackrabbit/oak/branches/1.4/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Thu Oct 13 15:21:35 2016 @@ -1,3 +1,3 @@ /jackrabbit/oak/branches/1.0:1665962 -/jackrabbit/oak/trunk:1733615,1733875,1733913,1733929,1734230,1734254,1734279,1734941,1735052,1735081,1735141,1735267,1735405,1735484,1735549,1735564,1735588,1735622,1735638,1735919,1735983,1736176,1737309-1737310,1737334,1737349,1737998,1738004,1738136,1738138,1738207,1738234,1738252,1738775,1738795,1738833,1738950,1738957,1738963,1739712,1739760,1739867,1739894,1739959-1739960,1740114,1740116,1740250,1740333,1740349,1740360,1740625-1740626,1740774,1740837,1740879,1740971,1741016,1741032,1741339,1741343,1742077,1742117,1742125,1742363,1742520,1742888,1742916,1743097,1743172,1743343,1743674,1744265,1744292,1744589,1744670,1744672,1744959,1745038,1745127,1745197,1745336,1745368,1746086,1746117,1746342,1746345,1746408,1746696,1746981,1747198,1747200,1747341-1747342,1747380,1747387,1747406,1747492,1747512,1747654,1748505,1748553,1748722,1748870,1749275,1749350,1749424,1749443,1749464,1749475,1749645,1749662,1749815,1749872,1749875,1749899,1750052,1750076-1750077,1750287,1750457,1750462 ,1750465,1750495,1750626,1750809,1750886,1751410,1751445-1751446,1751478,1751753,1751755,1751871,1752198,1752202,1752259,1752273-1752274,1752283,1752292,1752438,1752447-1752448,1752508,1752596,1752616,1752659,1752672,1753262,1753331-1753332,1753335-1753336,1753355,1753444,1754117,1754239,1755157,1755191,1756520,1756580,1757119,1757166,1758213,1758713,1759433,1760340,1760373,1760387,1760661-1760662,1761412,1761444,1761571,1761762,1761787,1761876,1762453,1762612,1762632,1762635,1763347,1763355-1763356,1763378,1763465,1763735,1764678 +/jackrabbit/oak/trunk:1733615,1733875,1733913,1733929,1734230,1734254,1734279,1734941,1735052,1735081,1735141,1735267,1735405,1735484,1735549,1735564,1735588,1735622,1735638,1735919,1735983,1736176,1737309-1737310,1737334,1737349,1737998,1738004,1738136,1738138,1738207,1738234,1738252,1738775,1738795,1738833,1738950,1738957,1738963,1739712,1739760,1739867,1739894,1739959-1739960,1740114,1740116,1740250,1740333,1740349,1740360,1740625-1740626,1740774,1740837,1740879,1740971,1741016,1741032,1741339,1741343,1742077,1742117,1742125,1742363,1742520,1742888,1742916,1743097,1743172,1743343,1743674,1744265,1744292,1744589,1744670,1744672,1744959,1745038,1745127,1745197,1745336,1745368,1746086,1746117,1746342,1746345,1746408,1746696,1746981,1747198,1747200,1747341-1747342,1747380,1747387,1747406,1747492,1747512,1747654,1748505,1748553,1748722,1748870,1749275,1749350,1749424,1749443,1749464,1749475,1749645,1749662,1749815,1749872,1749875,1749899,1750052,1750076-1750077,1750287,1750457,1750462 ,1750465,1750495,1750626,1750809,1750886,1751410,1751445-1751446,1751478,1751753,1751755,1751871,1752198,1752202,1752259,1752273-1752274,1752283,1752292,1752438,1752447-1752448,1752508,1752596,1752616,1752659,1752672,1753262,1753331-1753332,1753335-1753336,1753355,1753444,1754117,1754239,1755157,1755191,1756520,1756580,1757119,1757166,1758213,1758713,1759433,1760340,1760373,1760387,1760661-1760662,1761412,1761444,1761571,1761762,1761787,1761876,1762453,1762612,1762632,1762635,1763347,1763355-1763356,1763378,1763465,1763735,1764678,1764705 /jackrabbit/trunk:1345480 Modified: jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1764706&r1=1764705&r2=1764706&view=diff ============================================================================== --- jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original) +++ jackrabbit/oak/branches/1.4/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Thu Oct 13 15:21:35 2016 @@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi import java.security.NoSuchAlgorithmException; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.Iterator; @@ -65,6 +66,7 @@ import org.apache.jackrabbit.commons.ite import org.apache.jackrabbit.oak.commons.DebugTimer; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup; +import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroupRef; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider; @@ -191,7 +193,22 @@ public class LdapIdentityProvider implem LdapConnection connection = connect(); try { - Entry entry = connection.lookup(ref.getId(), "*"); + String userIdAttr = config.getUserConfig().getIdAttribute(); + String groupIdAttr = config.getGroupConfig().getIdAttribute(); + String[] ca = config.getCustomAttributes(); + Entry entry; + if (ca.length == 0) { + entry = connection.lookup(ref.getId(), SchemaConstants.ALL_USER_ATTRIBUTES); + } + else { + List<String> attributes = new ArrayList<>(Arrays.asList(ca)); + attributes.add("objectClass"); + attributes.add(userIdAttr); + attributes.add(groupIdAttr); + String[] attributeArray = new String[attributes.size()]; + attributes.toArray(attributeArray); + entry = connection.lookup(ref.getId(), attributeArray); + } if (entry == null) { return null; } else if (entry.hasObjectClass(config.getUserConfig().getObjectClasses())) { @@ -381,11 +398,16 @@ public class LdapIdentityProvider implem // Create the SearchRequest object SearchRequest req = new SearchRequestImpl(); req.setScope(SearchScope.SUBTREE); - req.addAttributes(SchemaConstants.NO_ATTRIBUTE); + String idAttribute = config.getGroupConfig().getIdAttribute(); + req.addAttributes(idAttribute == null? SchemaConstants.NO_ATTRIBUTE : idAttribute); req.setTimeLimit((int) config.getSearchTimeout()); req.setBase(new Dn(config.getGroupConfig().getBaseDN())); req.setFilter(searchFilter); + if (log.isDebugEnabled()) { + log.debug("getDeclaredGroupRefs: using SearchRequest {}.", req); + } + Map<String, ExternalIdentityRef> groups = new HashMap<String, ExternalIdentityRef>(); DebugTimer timer = new DebugTimer(); connection = connect(); @@ -397,13 +419,13 @@ public class LdapIdentityProvider implem Response response = searchCursor.get(); if (response instanceof SearchResultEntry) { Entry resultEntry = ((SearchResultEntry) response).getEntry(); - ExternalIdentityRef groupRef = new ExternalIdentityRef(resultEntry.getDn().toString(), this.getName()); + ExternalIdentityRef groupRef = new ExternalGroupRef(resultEntry.getDn().toString(), this.getName()); groups.put(groupRef.getId(), groupRef); } } timer.mark("iterate"); if (log.isDebugEnabled()) { - log.debug("search below {} with {} found {} entries. {}", + log.debug("getDeclaredGroupRefs: search below {} with {} found {} entries. {}", config.getGroupConfig().getBaseDN(), searchFilter, groups.size(), timer.getString()); } return groups; @@ -557,6 +579,10 @@ public class LdapIdentityProvider implem req.setBase(new Dn(idConfig.getBaseDN())); req.setFilter(searchFilter); + if (log.isDebugEnabled()) { + log.debug("getEntry: using SearchRequest {}.", req); + } + // Process the request SearchCursor searchCursor = null; Entry resultEntry = null; @@ -580,9 +606,9 @@ public class LdapIdentityProvider implem } if (log.isDebugEnabled()) { if (resultEntry == null) { - log.debug("search below {} with {} found 0 entries.", idConfig.getBaseDN(), searchFilter); + log.debug("getEntry: search below {} with {} found 0 entries.", idConfig.getBaseDN(), searchFilter); } else { - log.debug("search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn()); + log.debug("getEntry: search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn()); } } return resultEntry; @@ -692,7 +718,11 @@ public class LdapIdentityProvider implem timer.mark("connect"); page = new ArrayList<Entry>(); try { - searchCursor = connection.search(createSearchRequest(connection, cookie, config.getCustomAttributes())); + SearchRequest req = createSearchRequest(connection, cookie, config.getCustomAttributes()); + if (log.isDebugEnabled()) { + log.debug("loadNextPage: using SearchRequest {}.", req); + } + searchCursor = connection.search(req); while (searchCursor.next()) { Response response = searchCursor.get(); @@ -700,7 +730,7 @@ public class LdapIdentityProvider implem Entry resultEntry = ((SearchResultEntry) response).getEntry(); page.add(resultEntry); if (log.isDebugEnabled()) { - log.debug("search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn()); + log.debug("loadNextPage: search below {} with {} found {}", idConfig.getBaseDN(), searchFilter, resultEntry.getDn()); } } }