You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@manifoldcf.apache.org by kw...@apache.org on 2016/08/03 12:34:27 UTC
svn commit: r1755084 - in /manifoldcf/trunk: ./
connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/
Author: kwright
Date: Wed Aug 3 12:34:26 2016
New Revision: 1755084
URL: http://svn.apache.org/viewvc?rev=1755084&view=rev
Log:
Fix for CONNECTORS-1330. Committed on behalf of Furkan KAMACI.
Added:
manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPProtocolEnum.java
Modified:
manifoldcf/trunk/CHANGES.txt
manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java
Modified: manifoldcf/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/CHANGES.txt?rev=1755084&r1=1755083&r2=1755084&view=diff
==============================================================================
--- manifoldcf/trunk/CHANGES.txt (original)
+++ manifoldcf/trunk/CHANGES.txt Wed Aug 3 12:34:26 2016
@@ -3,6 +3,9 @@ $Id$
======================= 2.5-dev =====================
+CONNECTORS-1330: Minor refactoring of LDAP connector.
+(Furkan KAMACI)
+
CONNECTORS-1329: Add logging to LDAP connector.
(Furkan KAMACI)
Modified: manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java?rev=1755084&r1=1755083&r2=1755084&view=diff
==============================================================================
--- manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java (original)
+++ manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java Wed Aug 3 12:34:26 2016
@@ -149,6 +149,7 @@ public class LDAPAuthority extends org.a
throws ManifoldCFException {
try {
+ LDAPProtocolEnum ldapProtocol = retrieveLDAPProtocol();
if (session == null) {
if (serverName == null || serverName.length() == 0) {
Logging.authorityConnectors.error("Server name parameter missing but required");
@@ -192,30 +193,13 @@ public class LDAPAuthority extends org.a
} else {
sslKeystore = KeystoreManagerFactory.make("");
}
-
- // Set thread local for keystore stuff
- LDAPSSLSocketFactory.setSocketFactoryProducer(sslKeystore);
-
- final String protocolToUse;
- final boolean useTls;
- if (serverProtocol == null || serverProtocol.length() == 0) {
- protocolToUse = "ldap";
- useTls = false;
- } else {
- int plusIndex = serverProtocol.indexOf("+");
- if (plusIndex == -1) {
- plusIndex = serverProtocol.length();
- useTls = false;
- } else {
- useTls = true;
- }
- protocolToUse = serverProtocol.substring(0,plusIndex);
- }
final Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + serverName + ":" + serverPort + "/" + serverBase);
- if (protocolToUse.equals("ldaps")) {
+ if (LDAPProtocolEnum.LDAPS.equals(ldapProtocol)) {
+ // Set thread local for keystore stuff
+ LDAPSSLSocketFactory.setSocketFactoryProducer(sslKeystore);
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.ldap.factory.socket", "org.apache.manifoldcf.core.common.LDAPSSLSocketFactory");
}
@@ -229,7 +213,7 @@ public class LDAPAuthority extends org.a
Logging.authorityConnectors.info("LDAP Context environment properties: " + Arrays.toString(env.entrySet().toArray()));
session = new InitialLdapContext(env, null);
- if (useTls) {
+ if (isLDAPTLS(ldapProtocol)) {
// Start TLS
StartTlsResponse tls = (StartTlsResponse) session.extendedOperation(new StartTlsRequest());
tls.negotiate(sslKeystore.getSecureSocketFactory());
@@ -271,6 +255,56 @@ public class LDAPAuthority extends org.a
}
/**
+ * Retrieves LDAPProtocol from serverProtocol String
+ *
+ * @return LDAPProtocolEnum
+ */
+ private LDAPProtocolEnum retrieveLDAPProtocol() {
+ if (serverProtocol == null || serverProtocol.length() == 0) {
+ return LDAPProtocolEnum.LDAP;
+ }
+
+ final LDAPProtocolEnum ldapProtocol;
+ switch (serverProtocol.toUpperCase(Locale.ENGLISH)){
+ case "LDAP":
+ ldapProtocol = LDAPProtocolEnum.LDAP;
+ break;
+ case "LDAPS":
+ ldapProtocol = LDAPProtocolEnum.LDAPS;
+ break;
+ case "LDAP+TLS":
+ ldapProtocol = LDAPProtocolEnum.LDAP_TLS;
+ break;
+ case "LDAPS+TLS":
+ ldapProtocol = LDAPProtocolEnum.LDAPS_TLS;
+ break;
+ default:
+ ldapProtocol = LDAPProtocolEnum.LDAP;
+ }
+ return ldapProtocol;
+ }
+
+ /**
+ * Checks whether TLS is enabled for given LDAP Protocol
+ *
+ * @param ldapProtocol to check
+ * @return whether TLS is enabled or not
+ */
+ private boolean isLDAPTLS (LDAPProtocolEnum ldapProtocol){
+ return LDAPProtocolEnum.LDAP_TLS.equals(ldapProtocol) || LDAPProtocolEnum.LDAPS_TLS.equals(ldapProtocol);
+ }
+
+ /**
+ * Checks whether LDAPS or LDAPS with TLS is enabled for given LDAP Protocol
+ *
+ * @param ldapProtocol to check
+ * @return whether LDAPS or LDAPS with TLS is enabled or not
+ */
+ private boolean isLDAPS (LDAPProtocolEnum ldapProtocol){
+ return LDAPProtocolEnum.LDAPS.equals(ldapProtocol) || LDAPProtocolEnum.LDAPS_TLS.equals(ldapProtocol);
+ }
+
+ /**
* Check connection for sanity.
*/
@Override
@@ -468,10 +502,11 @@ public class LDAPAuthority extends org.a
} catch (NameNotFoundException e) {
// This means that the user doesn't exist
- Logging.authorityConnectors.error("Response Unreachable: "+e.getMessage(),e);
+ Logging.authorityConnectors.error("User does not exists: "+e.getMessage(), e);
return RESPONSE_USERNOTFOUND;
} catch (NamingException e) {
// Unreachable
+ Logging.authorityConnectors.error("Response Unreachable: "+e.getMessage(), e);
return RESPONSE_UNREACHABLE;
}
}
@@ -805,7 +840,8 @@ public class LDAPAuthority extends org.a
* @param userName (Domain Logon Name) is the user name or identifier.
* DC=qa-ad-76,DC=metacarta,DC=com)
* @return SearchResult for given domain user logon name. (Should throws an
- * exception if user is not found.) */
+ * exception if user is not found.)
+ */
protected SearchResult getUserEntry(LdapContext ctx, String userName)
throws ManifoldCFException {
String searchFilter = userSearch.replaceAll("\\{0\\}", escapeDN(userName.split("@")[0]));
Added: manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPProtocolEnum.java
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPProtocolEnum.java?rev=1755084&view=auto
==============================================================================
--- manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPProtocolEnum.java (added)
+++ manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPProtocolEnum.java Wed Aug 3 12:34:26 2016
@@ -0,0 +1,25 @@
+/* $Id$ */
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.manifoldcf.authorities.authorities.ldap;
+
+enum LDAPProtocolEnum {
+ LDAP,
+ LDAPS,
+ LDAP_TLS,
+ LDAPS_TLS
+}