You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ba...@apache.org on 2018/04/19 18:03:31 UTC
svn commit: r1829587 - in /jackrabbit/oak/trunk/oak-auth-ldap/src:
main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/
test/java/org/apache/jackrabbit/oak/security/authentication/ldap/
test/java/org/apache/jackrabbit/oak/security/aut...
Author: baedke
Date: Thu Apr 19 18:03:30 2018
New Revision: 1829587
URL: http://svn.apache.org/viewvc?rev=1829587&view=rev
Log:
OAK-7428: LdapIdentityProvider doesn't support creating external ids from custom attributes
Added support for optional custom LDAPn attributes for the creation of external ids.
Modified:
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapGroup.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentity.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapUser.java
jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProviderOsgiTest.java
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapGroup.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapGroup.java?rev=1829587&r1=1829586&r2=1829587&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapGroup.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapGroup.java Thu Apr 19 18:03:30 2018
@@ -20,6 +20,7 @@ import java.util.Map;
import javax.annotation.Nonnull;
+import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
@@ -28,15 +29,15 @@ public class LdapGroup extends LdapIdent
private Map<String, ExternalIdentityRef> members;
- public LdapGroup(LdapIdentityProvider provider, ExternalIdentityRef ref, String id, String path) {
- super(provider, ref, id, path);
+ public LdapGroup(LdapIdentityProvider provider, ExternalIdentityRef ref, String id, String path, Entry entry) {
+ super(provider, ref, id, path, entry);
}
@Nonnull
@Override
public Iterable<ExternalIdentityRef> getDeclaredMembers() throws ExternalIdentityException {
if (members == null) {
- members = provider.getDeclaredMemberRefs(ref);
+ members = provider.getDeclaredMemberRefs(ref, entry.getDn().getName());
}
return members.values();
}
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentity.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentity.java?rev=1829587&r1=1829586&r2=1829587&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentity.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentity.java Thu Apr 19 18:03:30 2018
@@ -20,6 +20,7 @@ import java.util.Map;
import javax.annotation.Nonnull;
+import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
@@ -37,15 +38,22 @@ public abstract class LdapIdentity imple
protected final String path;
+ protected final Entry entry;
+
private Map<String, ExternalIdentityRef> groups;
private final LdapIdentityProperties properties = new LdapIdentityProperties();
- protected LdapIdentity(LdapIdentityProvider provider, ExternalIdentityRef ref, String id, String path) {
+ protected LdapIdentity(LdapIdentityProvider provider, ExternalIdentityRef ref, String id, String path, Entry entry) {
this.provider = provider;
this.ref = ref;
this.id = id;
this.path = path;
+ this.entry = entry;
+ }
+
+ public Entry getEntry() {
+ return entry;
}
/**
@@ -91,7 +99,7 @@ public abstract class LdapIdentity imple
@Override
public Iterable<ExternalIdentityRef> getDeclaredGroups() throws ExternalIdentityException {
if (groups == null) {
- groups = provider.getDeclaredGroupRefs(ref);
+ groups = provider.getDeclaredGroupRefs(ref, entry.getDn().getName());
}
return groups.values();
}
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1829587&r1=1829586&r2=1829587&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Thu Apr 19 18:03:30 2018
@@ -343,7 +343,7 @@ public class LdapIdentityProvider implem
return null;
}
final SimpleCredentials creds = (SimpleCredentials) credentials;
- final ExternalUser user = getUser(creds.getUserID());
+ final LdapUser user = (LdapUser)getUser(creds.getUserID());
if (user != null) {
// OAK-2078: check for non-empty passwords to avoid anonymous bind on weakly configured servers
// see http://tools.ietf.org/html/rfc4513#section-5.1.1 for details.
@@ -361,7 +361,8 @@ public class LdapIdentityProvider implem
connection = userPool.getConnection();
}
timer.mark("connect");
- connection.bind(user.getExternalId().getId(), new String(creds.getPassword()));
+ connection.bind(user.getEntry().getDn(), new String(creds.getPassword()));
+ //connection.bind(user.getExternalId().getId(), new String(creds.getPassword()));
timer.mark("bind");
if (log.isDebugEnabled()) {
log.debug("authenticate({}) {}", user.getId(), timer.getString());
@@ -394,11 +395,11 @@ public class LdapIdentityProvider implem
* @param ref reference to the identity
* @return map of identities where the key is the DN of the LDAP entity
*/
- Map<String, ExternalIdentityRef> getDeclaredGroupRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
+ Map<String, ExternalIdentityRef> getDeclaredGroupRefs(ExternalIdentityRef ref, String dn) throws ExternalIdentityException {
if (!isMyRef(ref)) {
return Collections.emptyMap();
}
- String searchFilter = config.getMemberOfSearchFilter(ref.getId());
+ String searchFilter = config.getMemberOfSearchFilter(dn);
LdapConnection connection = null;
SearchCursor searchCursor = null;
@@ -458,7 +459,7 @@ public class LdapIdentityProvider implem
* @return map of identity refers
* @throws ExternalIdentityException if an error occurs
*/
- Map<String, ExternalIdentityRef> getDeclaredMemberRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
+ Map<String, ExternalIdentityRef> getDeclaredMemberRefs(ExternalIdentityRef ref, String dn) throws ExternalIdentityException {
if (!isMyRef(ref)) {
return Collections.emptyMap();
}
@@ -468,7 +469,7 @@ public class LdapIdentityProvider implem
DebugTimer timer = new DebugTimer();
connection = connect();
timer.mark("connect");
- Entry entry = connection.lookup(ref.getId());
+ Entry entry = connection.lookup(dn);
timer.mark("lookup");
Attribute attr = entry.get(config.getGroupMemberAttribute());
if (attr == null) {
@@ -790,9 +791,21 @@ public class LdapIdentityProvider implem
@Nonnull
private ExternalUser createUser(@Nonnull Entry entry, @CheckForNull String id)
throws LdapInvalidAttributeValueException {
- ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
+ return (ExternalUser) createIdentity(entry, id, false);
+ }
+
+ @Nonnull
+ private ExternalGroup createGroup(@Nonnull Entry entry, @CheckForNull String id)
+ throws LdapInvalidAttributeValueException {
+ return (ExternalGroup) createIdentity(entry, id, true);
+ }
+
+ @Nonnull
+ private ExternalIdentity createIdentity(@Nonnull Entry entry, @CheckForNull String id, boolean isGroup)
+ throws LdapInvalidAttributeValueException {
+ LdapProviderConfig.Identity cfg = isGroup ? config.getGroupConfig() : config.getUserConfig();
if (id == null) {
- String idAttribute = config.getUserConfig().getIdAttribute();
+ String idAttribute = cfg.getIdAttribute();
Attribute attr = entry.get(idAttribute);
if (attr == null) {
throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
@@ -800,36 +813,25 @@ public class LdapIdentityProvider implem
}
id = attr.getString();
}
- String path = config.getUserConfig().makeDnPath()
- ? createDNPath(entry.getDn())
- : null;
- LdapUser user = new LdapUser(this, ref, id, path);
- Map<String, Object> props = user.getProperties();
- applyAttributes(props, entry);
- return user;
- }
-
- @Nonnull
- private ExternalGroup createGroup(@Nonnull Entry entry, @CheckForNull String name)
- throws LdapInvalidAttributeValueException {
- ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
- if (name == null) {
- String idAttribute = config.getGroupConfig().getIdAttribute();
- Attribute attr = entry.get(idAttribute);
+ String extId = entry.getDn().getName();
+ String extIdAttribute = config.getExtIdAttribute();
+ if (extIdAttribute != null && extIdAttribute.length() > 0) {
+ Attribute attr = entry.get(extIdAttribute);
if (attr == null) {
throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
- "no value found for attribute '" + idAttribute + "' for entry " + entry);
+ "no value found for attribute '" + extIdAttribute + "' for entry " + entry);
}
- name = attr.getString();
+ extId = attr.getString();
}
- String path = config.getGroupConfig().makeDnPath()
+ ExternalIdentityRef ref = new ExternalIdentityRef(extId, this.getName());
+ String path = cfg.makeDnPath()
? createDNPath(entry.getDn())
: null;
- LdapGroup group = new LdapGroup(this, ref, name, path);
- Map<String, Object> props = group.getProperties();
+ LdapIdentity identity = isGroup ? new LdapGroup(this, ref, id, path, entry)
+ : new LdapUser(this, ref, id, path, entry);
+ Map<String, Object> props = identity.getProperties();
applyAttributes(props, entry);
- return group;
-
+ return identity;
}
private void applyAttributes(Map<String, Object> props, Entry entry)
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java?rev=1829587&r1=1829586&r2=1829587&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java Thu Apr 19 18:03:30 2018
@@ -406,6 +406,21 @@ public class LdapProviderConfig {
public static final String PARAM_GROUP_MEMBER_ATTRIBUTE = "group.memberAttribute";
/**
+ * @see #getExtIdAttribute()
+ */
+ public static final String PARAM_EXT_ID_ATTRIBUTE_DEFAULT = "";
+
+ /**
+ * @see #getExtIdAttribute()
+ */
+ @Property(
+ label = "External identifier attribute",
+ description = "The attribute that is used to create external identifiers. Leave empty to use the DN.",
+ value = PARAM_EXT_ID_ATTRIBUTE_DEFAULT
+ )
+ public static final String PARAM_EXT_ID_ATTRIBUTE = "extIdAttribute";
+
+ /**
* @see Identity#getCustomAttributes()
*/
public static final String[] PARAM_CUSTOM_ATTRIBUTES_DEFAULT = {};
@@ -689,7 +704,8 @@ public class LdapProviderConfig {
.setBindDN(params.getConfigValue(PARAM_BIND_DN, PARAM_BIND_DN_DEFAULT))
.setBindPassword(params.getConfigValue(PARAM_BIND_PASSWORD, PARAM_BIND_PASSWORD_DEFAULT))
.setGroupMemberAttribute(params.getConfigValue(PARAM_GROUP_MEMBER_ATTRIBUTE, PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT))
- .setCustomAttributes(params.getConfigValue(PARAM_CUSTOM_ATTRIBUTES, PARAM_CUSTOM_ATTRIBUTES_DEFAULT));
+ .setCustomAttributes(params.getConfigValue(PARAM_CUSTOM_ATTRIBUTES, PARAM_CUSTOM_ATTRIBUTES_DEFAULT))
+ .setExtIdAttribute(params.getConfigValue(PARAM_EXT_ID_ATTRIBUTE, PARAM_EXT_ID_ATTRIBUTE_DEFAULT));
ConfigurationParameters.Milliseconds ms = ConfigurationParameters.Milliseconds.of(params.getConfigValue(PARAM_SEARCH_TIMEOUT, PARAM_SEARCH_TIMEOUT_DEFAULT));
if (ms != null) {
@@ -741,6 +757,8 @@ public class LdapProviderConfig {
private String groupMemberAttribute = PARAM_GROUP_MEMBER_ATTRIBUTE;
+ private String extIdAttribute = PARAM_EXT_ID_ATTRIBUTE_DEFAULT;
+
private String memberOfFilterTemplate;
private String[] customAttributes = PARAM_CUSTOM_ATTRIBUTES_DEFAULT;
@@ -988,6 +1006,28 @@ public class LdapProviderConfig {
}
/**
+ * Configures the attribute that is used to create external identifiers.
+ * Leave empty to use the DN, which is default.
+ *
+ * @return the attribute used to create external identifiers
+ */
+ @Nonnull
+ public String getExtIdAttribute() {
+ return extIdAttribute;
+ }
+
+ /**
+ * Sets the attribute that is used to create external identifiers.
+ * @param extIdAttribute the attribute name
+ * @return {@code this}
+ */
+ @Nonnull
+ public LdapProviderConfig setExtIdAttribute(String extIdAttribute) {
+ this.extIdAttribute = extIdAttribute;
+ return this;
+ }
+
+ /**
* Optionally configures an array of attribute names that will be retrieved when looking up LDAP entries.
* Defaults to the empty array indicating that all attributes will be retrieved.
*
@@ -1158,6 +1198,7 @@ public class LdapProviderConfig {
sb.append(", bindPassword='***'");
sb.append(", searchTimeout=").append(searchTimeout);
sb.append(", groupMemberAttribute='").append(groupMemberAttribute).append('\'');
+ sb.append(", extIdAttribute='").append(extIdAttribute).append('\'');
sb.append(", memberOfFilterTemplate='").append(memberOfFilterTemplate).append('\'');
sb.append(", adminPoolConfig=").append(adminPoolConfig);
sb.append(", userPoolConfig=").append(userPoolConfig);
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapUser.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapUser.java?rev=1829587&r1=1829586&r2=1829587&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapUser.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapUser.java Thu Apr 19 18:03:30 2018
@@ -16,13 +16,14 @@
*/
package org.apache.jackrabbit.oak.security.authentication.ldap.impl;
+import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
public class LdapUser extends LdapIdentity implements ExternalUser {
- public LdapUser(LdapIdentityProvider provider, ExternalIdentityRef ref, String id, String path) {
- super(provider, ref, id, path);
+ public LdapUser(LdapIdentityProvider provider, ExternalIdentityRef ref, String id, String path, Entry entry) {
+ super(provider, ref, id, path, entry);
}
}
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java?rev=1829587&r1=1829586&r2=1829587&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java Thu Apr 19 18:03:30 2018
@@ -39,8 +39,10 @@ import javax.security.auth.login.LoginEx
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.constants.ServerDNConstants;
+import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentity;
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider;
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig;
+import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
@@ -199,7 +201,7 @@ public class LdapProviderTest {
public void testGetUserByUserId() throws Exception {
ExternalUser user = idp.getUser(TEST_USER1_UID);
assertNotNull("User 1 must exist", user);
- assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
+ assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName());
}
@Test
@@ -220,12 +222,32 @@ public class LdapProviderTest {
assertThat(properties, Matchers.not(Matchers.<String, Object>hasEntry("mail", "hhornblo@royalnavy.mod.uk")));
}
- @Test
- public void testAuthenticate() throws Exception {
+ private void authenticateInternal(LdapIdentityProvider idp, String id) throws Exception {
SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
ExternalUser user = idp.authenticate(creds);
assertNotNull("User 1 must authenticate", user);
- assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
+ assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName());
+ assertEquals("User Ref", id, user.getExternalId().getId());
+ }
+
+ @Test
+ public void testAuthenticate() throws Exception {
+ authenticateInternal(idp, TEST_USER1_DN);
+
+ providerConfig.setExtIdAttribute("uid");
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ authenticateInternal(idp, TEST_USER1_UID);
+ }
+
+ private void authenticateValidateInternal(LdapIdentityProvider idp, String id) throws Exception {
+ SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
+ for (int i=0; i<8; i++) {
+ ExternalUser user = this.idp.authenticate(creds);
+ assertNotNull("User 1 must authenticate (i=" + i + ")", user);
+ assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName());
+ assertEquals("User Ref", id, user.getExternalId().getId());
+ }
}
@Test
@@ -238,13 +260,12 @@ public class LdapProviderTest {
.setLookupOnValidate(false);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
+ authenticateValidateInternal(idp, TEST_USER1_DN);
- SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
- for (int i=0; i<8; i++) {
- ExternalUser user = idp.authenticate(creds);
- assertNotNull("User 1 must authenticate", user);
- assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
- }
+ providerConfig.setExtIdAttribute("uid");
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ authenticateValidateInternal(idp, TEST_USER1_UID);
}
@Test
@@ -257,13 +278,12 @@ public class LdapProviderTest {
.setLookupOnValidate(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
+ authenticateValidateInternal(idp, TEST_USER1_DN);
- SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
- for (int i=0; i<8; i++) {
- ExternalUser user = idp.authenticate(creds);
- assertNotNull("User 1 must authenticate", user);
- assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
- }
+ providerConfig.setExtIdAttribute("uid");
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ authenticateValidateInternal(idp, TEST_USER1_UID);
}
@Test
@@ -276,13 +296,12 @@ public class LdapProviderTest {
.setLookupOnValidate(false);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
+ authenticateValidateInternal(idp, TEST_USER1_DN);
- SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
- for (int i=0; i<8; i++) {
- ExternalUser user = idp.authenticate(creds);
- assertNotNull("User 1 must authenticate (i=" + i + ")", user);
- assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
- }
+ providerConfig.setExtIdAttribute("uid");
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ authenticateValidateInternal(idp, TEST_USER1_UID);
}
@Test
@@ -295,13 +314,12 @@ public class LdapProviderTest {
.setLookupOnValidate(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
+ authenticateValidateInternal(idp, TEST_USER1_DN);
- SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
- for (int i=0; i<8; i++) {
- ExternalUser user = idp.authenticate(creds);
- assertNotNull("User 1 must authenticate (i=" + i + ")", user);
- assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
- }
+ providerConfig.setExtIdAttribute("uid");
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ authenticateValidateInternal(idp, TEST_USER1_UID);
}
@Test
@@ -309,7 +327,16 @@ public class LdapProviderTest {
SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID.toUpperCase(), "pass".toCharArray());
ExternalUser user = idp.authenticate(creds);
assertNotNull("User 1 must authenticate", user);
+ assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName());
assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
+
+ providerConfig.setExtIdAttribute("uid");
+ idp.close();
+ idp = new LdapIdentityProvider(providerConfig);
+ user = idp.authenticate(creds);
+ assertNotNull("User 1 must authenticate", user);
+ assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName());
+ assertEquals("User Ref", TEST_USER1_UID, user.getExternalId().getId());
}
@Test
@@ -356,10 +383,9 @@ public class LdapProviderTest {
public void testGetGroupByName() throws Exception {
ExternalGroup group = idp.getGroup(TEST_GROUP1_NAME);
assertNotNull("Group 1 must exist", group);
- assertEquals("Group Ref", TEST_GROUP1_DN, group.getExternalId().getId());
+ assertEquals("Group Ref", TEST_GROUP1_DN, ((LdapIdentity)group).getEntry().getDn().getName());
}
-
@Test
public void testGetMembers() throws Exception {
ExternalIdentityRef ref = new ExternalIdentityRef(TEST_GROUP1_DN, IDP_NAME);
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProviderOsgiTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProviderOsgiTest.java?rev=1829587&r1=1829586&r2=1829587&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProviderOsgiTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProviderOsgiTest.java Thu Apr 19 18:03:30 2018
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
import javax.jcr.GuestCredentials;
+import org.apache.jackrabbit.oak.security.authentication.ldap.LdapProviderTest;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
@@ -70,13 +71,13 @@ public class LdapIdentityProviderOsgiTes
@Test
public void testGetDeclaredGroupRefsForeignRef() throws Exception {
ExternalIdentityRef ref = new ExternalIdentityRef("id", "anotherName");
- assertTrue(provider.getDeclaredGroupRefs(ref).isEmpty());
+ assertTrue(provider.getDeclaredGroupRefs(ref, LdapProviderTest.TEST_USER1_DN).isEmpty());
}
@Test
public void testGetDeclaredMemberRefsForeignRef() throws Exception {
ExternalIdentityRef ref = new ExternalIdentityRef("id", "anotherName");
- assertTrue(provider.getDeclaredMemberRefs(ref).isEmpty());
+ assertTrue(provider.getDeclaredMemberRefs(ref, LdapProviderTest.TEST_GROUP1_DN).isEmpty());
}
@Test(expected = ExternalIdentityException.class)