You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@karaf.apache.org by ja...@apache.org on 2013/10/28 17:57:57 UTC

svn commit: r1536406 - /karaf/branches/karaf-2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java

Author: janstey
Date: Mon Oct 28 16:57:56 2013
New Revision: 1536406

URL: http://svn.apache.org/r1536406
Log:
KARAF-2529 - Use connection credentials when searching for roles in LDAP

Modified:
    karaf/branches/karaf-2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java

Modified: karaf/branches/karaf-2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
URL: http://svn.apache.org/viewvc/karaf/branches/karaf-2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java?rev=1536406&r1=1536405&r2=1536406&view=diff
==============================================================================
--- karaf/branches/karaf-2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java (original)
+++ karaf/branches/karaf-2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java Mon Oct 28 16:57:56 2013
@@ -225,6 +225,7 @@ public class LDAPLoginModule extends Abs
         // step 2: bind the user using the DN
         context = null;
         try {
+            // switch the credentials to the Karaf login user so that we can verify his password is correct
             logger.debug("Bind user (authentication).");
             env.put(Context.SECURITY_AUTHENTICATION, authentication);
             logger.debug("Set the security principal for " + userDN + "," + userBaseDN);
@@ -251,6 +252,12 @@ public class LDAPLoginModule extends Abs
         context = null;
         try {
             logger.debug("Get user roles.");
+            // switch back to the connection credentials for the role search like we did for the user search in step 1 
+            if (connectionUsername != null && connectionUsername.trim().length() > 0) {
+                env.put(Context.SECURITY_AUTHENTICATION, authentication);
+                env.put(Context.SECURITY_PRINCIPAL, connectionUsername);
+                env.put(Context.SECURITY_CREDENTIALS, connectionPassword);
+            }
             context = new InitialDirContext(env);
             SearchControls controls = new SearchControls();
             if (roleSearchSubtree) {