You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2014/07/12 14:14:34 UTC
git commit: [KARAF-3105] Introduce the fqdn pattern in the
LDAPLoginModule and update the documentation with the available patterns
Repository: karaf
Updated Branches:
refs/heads/master e067a6699 -> cc15dcf2e
[KARAF-3105] Introduce the fqdn pattern in the LDAPLoginModule and update the documentation with the available patterns
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/cc15dcf2
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/cc15dcf2
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/cc15dcf2
Branch: refs/heads/master
Commit: cc15dcf2eda88e37ee6d2f3bc5eef7906c1a4127
Parents: e067a66
Author: Jean-Baptiste Onofré <jb...@apache.org>
Authored: Sat Jul 12 14:13:48 2014 +0200
Committer: Jean-Baptiste Onofré <jb...@apache.org>
Committed: Sat Jul 12 14:13:48 2014 +0200
----------------------------------------------------------------------
.../org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java | 4 +++-
.../src/main/webapp/developers-guide/security-framework.conf | 7 +++++++
manual/src/main/webapp/users-guide/security.conf | 2 +-
3 files changed, 11 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/cc15dcf2/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
index 0ddc83f..2c587a8 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
@@ -191,6 +191,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule {
}
logger.debug("Get the user DN.");
String userDN;
+ String userDNNamespace;
DirContext context = null;
try {
logger.debug("Initialize the JNDI LDAP Dir Context.");
@@ -224,7 +225,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule {
//
// the second escapes the slashes correctly.
userDN = result.getNameInNamespace().replace("," + userBaseDN, "");
-
+ userDNNamespace = (String) result.getNameInNamespace();
namingEnumeration.close();
} catch (Exception e) {
throw new LoginException("Can't connect to the LDAP server: " + e.getMessage());
@@ -288,6 +289,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule {
roleFilter = roleFilter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user));
roleFilter = roleFilter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDN));
roleFilter = roleFilter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDN + "," + userBaseDN));
+ roleFilter = roleFilter.replaceAll(Pattern.quote("%nsdn"), Matcher.quoteReplacement(userDNNamespace));
roleFilter = roleFilter.replace("\\", "\\\\");
logger.debug(" filter: " + roleFilter);
NamingEnumeration namingEnumeration = context.search(roleBaseDN, roleFilter, controls);
http://git-wip-us.apache.org/repos/asf/karaf/blob/cc15dcf2/manual/src/main/webapp/developers-guide/security-framework.conf
----------------------------------------------------------------------
diff --git a/manual/src/main/webapp/developers-guide/security-framework.conf b/manual/src/main/webapp/developers-guide/security-framework.conf
index 8283cbd..dee5b81 100644
--- a/manual/src/main/webapp/developers-guide/security-framework.conf
+++ b/manual/src/main/webapp/developers-guide/security-framework.conf
@@ -266,6 +266,13 @@ If you wish to use an SSL connection, the following configuration can be used as
keystorePassword="secret" />
{pygmentize}
+The LDAPLoginModule supports the following patterns that you can use in the filter (user and role filters):
+
+* {{%u}} is replaced by the user
+* {{%dn}} is replaced by the user DN
+* {{%fqdn}} is replaced by the user full qualified DN ({{userDN,userBaseDN}}).
+* {{%nsdn}} is replaced by the userDNNamespace (interesting especially for ActiveDirectory).
+
h2. Encryption service
The [EncryptionService|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java] is a service registered in the OSGi registry providing means to encrypt and check encrypted passwords. This service acts as a factory for [Encryption|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/Encryption.java] objects actually performing the encryption.
http://git-wip-us.apache.org/repos/asf/karaf/blob/cc15dcf2/manual/src/main/webapp/users-guide/security.conf
----------------------------------------------------------------------
diff --git a/manual/src/main/webapp/users-guide/security.conf b/manual/src/main/webapp/users-guide/security.conf
index ad0df97..8a4ee6c 100644
--- a/manual/src/main/webapp/users-guide/security.conf
+++ b/manual/src/main/webapp/users-guide/security.conf
@@ -39,7 +39,7 @@ This realm has two login modules:
* the {{PublickeyLoginModule}} is especially used by the SSHd. It uses the {{etc/keys.properties}} file. This file contains
the users and a public key associated to each user.
-Apache Karaf provides additional login modules (see later):
+Apache Karaf provides additional login modules (see the developer guide for details):
* JDBCLoginModule uses a database as backend
* LDAPLoginModule uses a LDAP server as backend