You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ba...@apache.org on 2019/01/15 18:10:39 UTC

svn commit: r1851403 - in /jackrabbit/oak/trunk/oak-auth-ldap/src: main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java

Author: baedke
Date: Tue Jan 15 18:10:39 2019
New Revision: 1851403

URL: http://svn.apache.org/viewvc?rev=1851403&view=rev
Log:
OAK-7987: LdapIdentityProviderImpl#getIdentity(ExternalIdentityRef) won't work with useUidForExtId enabled

LdapIdentityProviderImpl#getIdentity() now searches correctly for uids/names.

Modified:
    jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
    jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java

Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1851403&r1=1851402&r2=1851403&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Tue Jan 15 18:10:39 2019
@@ -208,21 +208,30 @@ public class LdapIdentityProvider implem
 
         LdapConnection connection = connect();
         try {
+            Entry entry;
+            String id = ref.getId();
+            boolean useUidForExtId = config.getUseUidForExtId();
             String userIdAttr = config.getUserConfig().getIdAttribute();
             String groupIdAttr = config.getGroupConfig().getIdAttribute();
             String[] ca = config.getCustomAttributes();
-            Entry entry;
-            if (ca.length == 0) {
-                entry = connection.lookup(ref.getId(), SchemaConstants.ALL_USER_ATTRIBUTES);
-            }
-            else {
-                List<String> attributes = new ArrayList<>(Arrays.asList(ca));
-                attributes.add("objectClass");
-                attributes.add(userIdAttr);
-                attributes.add(groupIdAttr);
-                String[] attributeArray = new String[attributes.size()];
-                attributes.toArray(attributeArray);
-                entry = connection.lookup(ref.getId(), attributeArray);
+            if (useUidForExtId) {
+                entry = getEntry(connection, config.getUserConfig(), id, config.getCustomAttributes());
+                if (entry == null) {
+                    entry = getEntry(connection, config.getGroupConfig(), id, config.getCustomAttributes());
+                }
+            } else {
+                if (ca.length == 0) {
+                    entry = connection.lookup(id, SchemaConstants.ALL_USER_ATTRIBUTES);
+                }
+                else {
+                    List<String> attributes = new ArrayList<>(Arrays.asList(ca));
+                    attributes.add("objectClass");
+                    attributes.add(userIdAttr);
+                    attributes.add(groupIdAttr);
+                    String[] attributeArray = new String[attributes.size()];
+                    attributes.toArray(attributeArray);
+                    entry = connection.lookup(id, attributeArray);
+                }
             }
             if (entry == null) {
                 return null;
@@ -236,6 +245,8 @@ public class LdapIdentityProvider implem
             }
         } catch (LdapException e) {
             throw lookupFailedException(e, null);
+        } catch (CursorException e) {
+            throw lookupFailedException(e, null);
         } finally {
             disconnect(connection);
         }

Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java?rev=1851403&r1=1851402&r2=1851403&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java Tue Jan 15 18:10:39 2019
@@ -110,7 +110,7 @@ public class LdapProviderTest {
 
     protected LdapIdentityProvider createIDP() {
         //The attribute "mail" is excluded deliberately
-        return createIDP(new String[] { "objectclass", "uid", "givenname", "description", "sn"});
+        return createIDP(new String[] { "objectclass", "uid", "givenname", "description", "sn", "cn"});
     }
 
     protected LdapIdentityProvider createIDP(String[] userProperties) {
@@ -176,6 +176,13 @@ public class LdapProviderTest {
         ExternalIdentity id = idp.getIdentity(ref);
         assertTrue("User instance", id instanceof ExternalUser);
         assertEquals("User ID", TEST_USER1_UID, id.getId());
+        providerConfig.setUseUidForExtId(true);
+        idp.close();
+        idp = new LdapIdentityProvider(providerConfig);
+        ref = new ExternalIdentityRef(TEST_USER1_UID, IDP_NAME);
+        id = idp.getIdentity(ref);
+        assertTrue("User instance", id instanceof ExternalUser);
+        assertEquals("User ID", TEST_USER1_UID, id.getId());
     }
     
     /**
@@ -362,6 +369,12 @@ public class LdapProviderTest {
         ExternalIdentityRef ref = new ExternalIdentityRef(TEST_USER1_DN, "foobar");
         ExternalIdentity id = idp.getIdentity(ref);
         assertNull("Foreign ref must be null", id);
+        providerConfig.setUseUidForExtId(true);
+        idp.close();
+        idp = new LdapIdentityProvider(providerConfig);
+        ref = new ExternalIdentityRef(TEST_USER1_UID, "foobar");
+        id = idp.getIdentity(ref);
+        assertNull("Foreign ref must be null", id);
     }
 
     @Test
@@ -369,6 +382,11 @@ public class LdapProviderTest {
         ExternalIdentityRef ref = new ExternalIdentityRef("bla=foo," + TEST_USER1_DN, IDP_NAME);
         ExternalIdentity id = idp.getIdentity(ref);
         assertNull("Unknown user must return null", id);
+        providerConfig.setUseUidForExtId(true);
+        idp.close();
+        idp = new LdapIdentityProvider(providerConfig);
+        id = idp.getIdentity(ref);
+        assertNull("Unknown user must return null", id);
     }
 
     @Test
@@ -377,6 +395,12 @@ public class LdapProviderTest {
         ExternalIdentity id = idp.getIdentity(ref);
         assertTrue("Group instance", id instanceof ExternalGroup);
         assertEquals("Group Name", TEST_GROUP1_NAME, id.getId());
+        providerConfig.setUseUidForExtId(true);
+        idp.close();
+        idp = new LdapIdentityProvider(providerConfig);
+        ref = new ExternalIdentityRef(TEST_GROUP1_NAME, IDP_NAME);
+        id = idp.getIdentity(ref);
+        assertEquals("Group Name", TEST_GROUP1_NAME, id.getId());
     }
 
     @Test
@@ -391,9 +415,17 @@ public class LdapProviderTest {
         ExternalIdentityRef ref = new ExternalIdentityRef(TEST_GROUP1_DN, IDP_NAME);
         ExternalIdentity id = idp.getIdentity(ref);
         assertTrue("Group instance", id instanceof ExternalGroup);
-
         ExternalGroup grp = (ExternalGroup) id;
         assertIfEquals("Group members", TEST_GROUP1_MEMBERS, grp.getDeclaredMembers());
+
+        providerConfig.setUseUidForExtId(true);
+        idp.close();
+        idp = new LdapIdentityProvider(providerConfig);
+        ref = new ExternalIdentityRef(TEST_GROUP1_NAME, IDP_NAME);
+        id = idp.getIdentity(ref);
+        assertTrue("Group instance", id instanceof ExternalGroup);
+        grp = (ExternalGroup) id;
+        assertIfEquals("Group members", TEST_GROUP1_MEMBERS, grp.getDeclaredMembers());
     }
 
     @Test
@@ -402,6 +434,14 @@ public class LdapProviderTest {
         ExternalIdentity id = idp.getIdentity(ref);
         assertTrue("User instance", id instanceof ExternalUser);
         assertIfEquals("Groups", TEST_USER1_GROUPS, id.getDeclaredGroups());
+
+        providerConfig.setUseUidForExtId(true);
+        idp.close();
+        idp = new LdapIdentityProvider(providerConfig);
+        ref = new ExternalIdentityRef(TEST_USER1_UID, IDP_NAME);
+        id = idp.getIdentity(ref);
+        assertTrue("User instance", id instanceof ExternalUser);
+        assertIfEquals("Groups", TEST_USER1_GROUPS, id.getDeclaredGroups());
     }
 
     @Test
@@ -410,6 +450,14 @@ public class LdapProviderTest {
         ExternalIdentity id = idp.getIdentity(ref);
         assertTrue("User instance", id instanceof ExternalUser);
         assertIfEquals("Groups", TEST_USER0_GROUPS, id.getDeclaredGroups());
+
+        providerConfig.setUseUidForExtId(true);
+        idp.close();
+        idp = new LdapIdentityProvider(providerConfig);
+        ref = new ExternalIdentityRef(TEST_USER0_UID, IDP_NAME);
+        id = idp.getIdentity(ref);
+        assertTrue("User instance", id instanceof ExternalUser);
+        assertIfEquals("Groups", TEST_USER0_GROUPS, id.getDeclaredGroups());
     }
 
     @Test