You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ba...@apache.org on 2019/01/15 18:10:39 UTC
svn commit: r1851403 - in /jackrabbit/oak/trunk/oak-auth-ldap/src:
main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
Author: baedke
Date: Tue Jan 15 18:10:39 2019
New Revision: 1851403
URL: http://svn.apache.org/viewvc?rev=1851403&view=rev
Log:
OAK-7987: LdapIdentityProviderImpl#getIdentity(ExternalIdentityRef) won't work with useUidForExtId enabled
LdapIdentityProviderImpl#getIdentity() now searches correctly for uids/names.
Modified:
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1851403&r1=1851402&r2=1851403&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Tue Jan 15 18:10:39 2019
@@ -208,21 +208,30 @@ public class LdapIdentityProvider implem
LdapConnection connection = connect();
try {
+ Entry entry;
+ String id = ref.getId();
+ boolean useUidForExtId = config.getUseUidForExtId();
String userIdAttr = config.getUserConfig().getIdAttribute();
String groupIdAttr = config.getGroupConfig().getIdAttribute();
String[] ca = config.getCustomAttributes();
- Entry entry;
- if (ca.length == 0) {
- entry = connection.lookup(ref.getId(), SchemaConstants.ALL_USER_ATTRIBUTES);
- }
- else {
- List<String> attributes = new ArrayList<>(Arrays.asList(ca));
- attributes.add("objectClass");
- attributes.add(userIdAttr);
- attributes.add(groupIdAttr);
- String[] attributeArray = new String[attributes.size()];
- attributes.toArray(attributeArray);
- entry = connection.lookup(ref.getId(), attributeArray);
+ if (useUidForExtId) {
+ entry = getEntry(connection, config.getUserConfig(), id, config.getCustomAttributes());
+ if (entry == null) {
+ entry = getEntry(connection, config.getGroupConfig(), id, config.getCustomAttributes());
+ }
+ } else {
+ if (ca.length == 0) {
+ entry = connection.lookup(id, SchemaConstants.ALL_USER_ATTRIBUTES);
+ }
+ else {
+ List<String> attributes = new ArrayList<>(Arrays.asList(ca));
+ attributes.add("objectClass");
+ attributes.add(userIdAttr);
+ attributes.add(groupIdAttr);
+ String[] attributeArray = new String[attributes.size()];
+ attributes.toArray(attributeArray);
+ entry = connection.lookup(id, attributeArray);
+ }
}
if (entry == null) {
return null;
@@ -236,6 +245,8 @@ public class LdapIdentityProvider implem
}
} catch (LdapException e) {
throw lookupFailedException(e, null);
+ } catch (CursorException e) {
+ throw lookupFailedException(e, null);
} finally {
disconnect(connection);
}
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java?rev=1851403&r1=1851402&r2=1851403&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java Tue Jan 15 18:10:39 2019
@@ -110,7 +110,7 @@ public class LdapProviderTest {
protected LdapIdentityProvider createIDP() {
//The attribute "mail" is excluded deliberately
- return createIDP(new String[] { "objectclass", "uid", "givenname", "description", "sn"});
+ return createIDP(new String[] { "objectclass", "uid", "givenname", "description", "sn", "cn"});
}
protected LdapIdentityProvider createIDP(String[] userProperties) {
@@ -176,6 +176,13 @@ public class LdapProviderTest {
ExternalIdentity id = idp.getIdentity(ref);
assertTrue("User instance", id instanceof ExternalUser);
assertEquals("User ID", TEST_USER1_UID, id.getId());
+ providerConfig.setUseUidForExtId(true);
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ ref = new ExternalIdentityRef(TEST_USER1_UID, IDP_NAME);
+ id = idp.getIdentity(ref);
+ assertTrue("User instance", id instanceof ExternalUser);
+ assertEquals("User ID", TEST_USER1_UID, id.getId());
}
/**
@@ -362,6 +369,12 @@ public class LdapProviderTest {
ExternalIdentityRef ref = new ExternalIdentityRef(TEST_USER1_DN, "foobar");
ExternalIdentity id = idp.getIdentity(ref);
assertNull("Foreign ref must be null", id);
+ providerConfig.setUseUidForExtId(true);
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ ref = new ExternalIdentityRef(TEST_USER1_UID, "foobar");
+ id = idp.getIdentity(ref);
+ assertNull("Foreign ref must be null", id);
}
@Test
@@ -369,6 +382,11 @@ public class LdapProviderTest {
ExternalIdentityRef ref = new ExternalIdentityRef("bla=foo," + TEST_USER1_DN, IDP_NAME);
ExternalIdentity id = idp.getIdentity(ref);
assertNull("Unknown user must return null", id);
+ providerConfig.setUseUidForExtId(true);
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ id = idp.getIdentity(ref);
+ assertNull("Unknown user must return null", id);
}
@Test
@@ -377,6 +395,12 @@ public class LdapProviderTest {
ExternalIdentity id = idp.getIdentity(ref);
assertTrue("Group instance", id instanceof ExternalGroup);
assertEquals("Group Name", TEST_GROUP1_NAME, id.getId());
+ providerConfig.setUseUidForExtId(true);
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ ref = new ExternalIdentityRef(TEST_GROUP1_NAME, IDP_NAME);
+ id = idp.getIdentity(ref);
+ assertEquals("Group Name", TEST_GROUP1_NAME, id.getId());
}
@Test
@@ -391,9 +415,17 @@ public class LdapProviderTest {
ExternalIdentityRef ref = new ExternalIdentityRef(TEST_GROUP1_DN, IDP_NAME);
ExternalIdentity id = idp.getIdentity(ref);
assertTrue("Group instance", id instanceof ExternalGroup);
-
ExternalGroup grp = (ExternalGroup) id;
assertIfEquals("Group members", TEST_GROUP1_MEMBERS, grp.getDeclaredMembers());
+
+ providerConfig.setUseUidForExtId(true);
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ ref = new ExternalIdentityRef(TEST_GROUP1_NAME, IDP_NAME);
+ id = idp.getIdentity(ref);
+ assertTrue("Group instance", id instanceof ExternalGroup);
+ grp = (ExternalGroup) id;
+ assertIfEquals("Group members", TEST_GROUP1_MEMBERS, grp.getDeclaredMembers());
}
@Test
@@ -402,6 +434,14 @@ public class LdapProviderTest {
ExternalIdentity id = idp.getIdentity(ref);
assertTrue("User instance", id instanceof ExternalUser);
assertIfEquals("Groups", TEST_USER1_GROUPS, id.getDeclaredGroups());
+
+ providerConfig.setUseUidForExtId(true);
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ ref = new ExternalIdentityRef(TEST_USER1_UID, IDP_NAME);
+ id = idp.getIdentity(ref);
+ assertTrue("User instance", id instanceof ExternalUser);
+ assertIfEquals("Groups", TEST_USER1_GROUPS, id.getDeclaredGroups());
}
@Test
@@ -410,6 +450,14 @@ public class LdapProviderTest {
ExternalIdentity id = idp.getIdentity(ref);
assertTrue("User instance", id instanceof ExternalUser);
assertIfEquals("Groups", TEST_USER0_GROUPS, id.getDeclaredGroups());
+
+ providerConfig.setUseUidForExtId(true);
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ ref = new ExternalIdentityRef(TEST_USER0_UID, IDP_NAME);
+ id = idp.getIdentity(ref);
+ assertTrue("User instance", id instanceof ExternalUser);
+ assertIfEquals("Groups", TEST_USER0_GROUPS, id.getDeclaredGroups());
}
@Test