Re: LDAP authentication filter

Wed, 12 Dec 2012 02:04:44 -0800 

On 10/12/12 10:23, Alexei Fedotov wrote:

Sergio,
That would be great! The patches have to be send via jira to ensure
the proper legal process.


Here is it, very simple patch.

Now i can't use JIRA. Maybe tonight, if needed, i can send this patch 
via JIRA.


In LDAP configuration (om_ldap.cfg) a new value should be added:

#LDAP FILTER
# This parameter is used to define a ldap filter to obtain users list
# Use : instead of =
ldap_filter_add=(objectClass:person)


Sergio.

--
Sergio Rizzi
 Network, System and Security Administrator
 Laboratori Guglielmo Marconi S.p.A.
 web: http://www.labs.it - email: [email protected]
 tel: +39 051.6781944 - fax: +39 051.846479

--- LdapLoginManagement.java	2012-12-11 16:14:02.000000000 +0100
+++ LdapLoginManagement.java	2012-12-11 16:14:50.000000000 +0100
@@ -102,6 +102,10 @@
 	 * "ldap_group_filter_type_"; public static final String
 	 * CONFIGKEY_LDAP_GROUP_FILTER_TEXT_PREFIX = "ldap_group_filter_text_";
 	 ***/
+	
+	// #### LDAPFILTER INIT ####
+	public static final String CONFIGKEY_LDAP_FILTER_ADD = "ldap_filter_add";
+	// #### LDAPFILTER END ####
 
 	// LDAP default attributes mapping
 	public static final String LDAP_KEY_LASTNAME = "sn";
@@ -296,6 +300,10 @@
 		 * ldap_group_filter_text_prefix =
 		 * configData.get(CONFIGKEY_LDAP_GROUP_FILTER_TEXT_PREFIX);
 		 ***/
+		
+		// #### LDAPFILTER INIT ####
+		String ldap_filter_add = configData.get(CONFIGKEY_LDAP_FILTER_ADD);
+		// #### LDAPFILTER END ####
 
 		// Get custom Ldap attributes mapping
 		String ldap_user_attr_lastname = configData
@@ -359,6 +367,11 @@
 
 		if (ldap_auth_type == null)
 			ldap_auth_type = "";
+		
+		// #### LDAPFILTER INIT ####
+		if(ldap_filter_add == null)
+			ldap_filter_add = "";
+		// #### LDAPFILTER END ####
 
 		if (!isValidAuthType(ldap_auth_type)) {
 			log.error("ConfigKey in Ldap Config contains invalid auth type : '"
@@ -370,6 +383,13 @@
 		// Filter for Search of UserData
 		String ldap_search_filter = "(" + ldap_fieldname_user_principal + "="
 				+ user + ")";
+		
+		// #### LDAPFILTER INIT ####
+		if (ldap_filter_add != ""){
+			ldap_filter_add = ldap_filter_add.replaceAll(":", "=");
+			ldap_search_filter = "(&(" +ldap_filter_add+")("+ ldap_fieldname_user_principal + "=" + user + "))";
+		}
+		// #### LDAPFILTER END ####
 
 		log.debug("Searching userdata with LDAP Search Filter :"
 				+ ldap_search_filter);






















					Reply via email to