Improve LDAP

author: Abyss777 <abyss@fox5.ru> 2017-11-14 12:44:59 +0500
committer: Abyss777 <abyss@fox5.ru> 2017-11-14 12:44:59 +0500
commit: e0f16f7f797a3ce1bfae3be2625690ad4b048240 (patch)
tree: 8f3d464afc02df1a67a28c43cd1b4aaf89e92fb7 /src/org/traccar/database/LdapProvider.java
parent: 0a8f30a572b1e64ff3e1d67281bf9fa3f40b9ccb (diff)
download: trackermap-server-e0f16f7f797a3ce1bfae3be2625690ad4b048240.tar.gz
trackermap-server-e0f16f7f797a3ce1bfae3be2625690ad4b048240.tar.bz2
trackermap-server-e0f16f7f797a3ce1bfae3be2625690ad4b048240.zip
1 files changed, 134 insertions, 9 deletions
diff --git a/src/org/traccar/database/LdapProvider.java b/src/org/traccar/database/LdapProvider.java
index 6a4c244f8..b193b87c1 100644
--- a/src/org/traccar/database/LdapProvider.java
+++ b/src/org/traccar/database/LdapProvider.java
@@ -16,36 +16,161 @@
 package org.traccar.database;
 
 import javax.naming.Context;
+import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
 import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+import org.traccar.Config;
+import org.traccar.helper.Log;
+import org.traccar.model.User;
+
 import java.util.Hashtable;
 
 public class LdapProvider {
 
     private String url;
-    private String context;
+    private String searchBase;
+    private String idAttribute;
+    private String nameAttribute;
+    private String mailAttribute;
+    private String searchFilter;
+    private String adminFilter;
+    private String serviceUser;
+    private String servicePassword;
 
-    public LdapProvider(String url, String context) {
-        this.url = url;
-        this.context = context;
+    public LdapProvider(Config config) {
+        String url = config.getString("ldap.url");
+        if (url != null) {
+            this.url = url;
+        } else {
+            this.url = "ldap://" + config.getString("ldap.server") + ":" + config.getInteger("ldap.port", 389);
+        }
+        this.searchBase = config.getString("ldap.base");
+        this.idAttribute = config.getString("ldap.idAttribute", "uid");
+        this.nameAttribute = config.getString("ldap.nameAttribute", "cn");
+        this.mailAttribute = config.getString("ldap.mailAttribute", "mail");
+        this.searchFilter = config.getString("ldap.searchFilter", "(" + idAttribute + "=:login)");
+        String adminGroup = config.getString("ldap.adminGroup");
+        this.adminFilter = config.getString("ldap.adminFilter");
+        if (this.adminFilter == null && adminGroup != null) {
+            this.adminFilter = "(&(" + idAttribute + "=:login)(memberOf=" + adminGroup + "))";
+        }
+        this.serviceUser = config.getString("ldap.user");
+        this.servicePassword = config.getString("ldap.password");
     }
 
-    public boolean login(String username, String password) {
-
+    private InitialDirContext auth(String accountName, String password) throws NamingException {
         Hashtable<String, String> env = new Hashtable<>();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.PROVIDER_URL, url);
 
         env.put(Context.SECURITY_AUTHENTICATION, "simple");
-        env.put(Context.SECURITY_PRINCIPAL, "uid=" + username + "," + context);
+        env.put(Context.SECURITY_PRINCIPAL, accountName);
         env.put(Context.SECURITY_CREDENTIALS, password);
 
+        return new InitialDirContext(env);
+    }
+
+    private boolean isAdmin(String accountName) {
+        if (this.adminFilter != null) {
+            try {
+                InitialDirContext context = initContext();
+                String searchString = new String(adminFilter).replace(":login", accountName);
+                SearchControls searchControls = new SearchControls();
+                searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+                NamingEnumeration<SearchResult> results = context.search(searchBase, searchString, searchControls);
+                if (results.hasMoreElements()) {
+                    results.nextElement();
+                    if (results.hasMoreElements()) {
+                        Log.warning("Matched multiple users for the accountName: " + accountName);
+                        return false;
+                    }
+                    return true;
+                }
+            } catch (NamingException e) {
+                return false;
+            }
+        }
+        return false;
+    }
+
+    public InitialDirContext initContext() throws NamingException {
+        return auth(serviceUser, servicePassword);
+    }
+
+    private SearchResult lookupUser(String accountName) throws NamingException {
+        InitialDirContext context = initContext();
+
+        String searchString = new String(searchFilter).replace(":login", accountName);
+
+        SearchControls searchControls = new SearchControls();
+        String[] attributeFilter = {idAttribute, nameAttribute, mailAttribute};
+        searchControls.setReturningAttributes(attributeFilter);
+        searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+
+        NamingEnumeration<SearchResult> results = context.search(searchBase, searchString, searchControls);
+
+        SearchResult searchResult = null;
+        if (results.hasMoreElements()) {
+            searchResult = (SearchResult) results.nextElement();
+            if (results.hasMoreElements()) {
+                Log.warning("Matched multiple users for the accountName: " + accountName);
+                return null;
+            }
+        }
+
+        return searchResult;
+    }
+
+    public User getUser(String accountName) {
+        SearchResult ldapUser;
+        User user = new User();
+        try {
+            ldapUser = lookupUser(accountName);
+            if (ldapUser != null) {
+                Attribute attribute = ldapUser.getAttributes().get(idAttribute);
+                if (attribute != null) {
+                    user.setLogin((String) attribute.get());
+                } else {
+                    user.setLogin(accountName);
+                }
+                attribute = ldapUser.getAttributes().get(nameAttribute);
+                if (attribute != null) {
+                    user.setName((String) attribute.get());
+                } else {
+                    user.setName(accountName);
+                }
+                attribute = ldapUser.getAttributes().get(mailAttribute);
+                if (attribute != null) {
+                    user.setEmail((String) attribute.get());
+                } else {
+                    user.setEmail(accountName);
+                }
+            }
+            user.setAdmin(isAdmin(accountName));
+        } catch (NamingException e) {
+            user.setLogin(accountName);
+            user.setName(accountName);
+            user.setEmail(accountName);
+            Log.warning(e);
+        }
+        return user;
+    }
+
+    public boolean login(String username, String password) {
         try {
-            new InitialDirContext(env).close();
-            return true;
+            SearchResult ldapUser = lookupUser(username);
+            if (ldapUser != null) {
+                auth(ldapUser.getNameInNamespace(), password).close();
+                return true;
+            }
         } catch (NamingException e) {
             return false;
         }
+        return false;
     }
 
 }
author	Abyss777 <abyss@fox5.ru>	2017-11-14 12:44:59 +0500
committer	Abyss777 <abyss@fox5.ru>	2017-11-14 12:44:59 +0500
commit	e0f16f7f797a3ce1bfae3be2625690ad4b048240 (patch)
tree	8f3d464afc02df1a67a28c43cd1b4aaf89e92fb7 /src/org/traccar/database/LdapProvider.java
parent	0a8f30a572b1e64ff3e1d67281bf9fa3f40b9ccb (diff)
download	trackermap-server-e0f16f7f797a3ce1bfae3be2625690ad4b048240.tar.gz trackermap-server-e0f16f7f797a3ce1bfae3be2625690ad4b048240.tar.bz2 trackermap-server-e0f16f7f797a3ce1bfae3be2625690ad4b048240.zip