You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ba...@apache.org on 2018/04/26 16:16:34 UTC
svn commit: r1830239 - in /jackrabbit/oak/trunk:
oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/
oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/
oak-doc/src/site/markdown/secu...
Author: baedke
Date: Thu Apr 26 16:16:34 2018
New Revision: 1830239
URL: http://svn.apache.org/viewvc?rev=1830239&view=rev
Log:
OAK-7428: LdapIdentityProvider doesn't support creating external ids from custom attributes
Replaced option extIdAttribute with new option useUidForExtId.
Modified:
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1830239&r1=1830238&r2=1830239&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Thu Apr 26 16:16:34 2018
@@ -813,16 +813,7 @@ public class LdapIdentityProvider implem
}
id = attr.getString();
}
- String extId = entry.getDn().getName();
- String extIdAttribute = config.getExtIdAttribute();
- if (extIdAttribute != null && extIdAttribute.length() > 0) {
- Attribute attr = entry.get(extIdAttribute);
- if (attr == null) {
- throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
- "no value found for attribute '" + extIdAttribute + "' for entry " + entry);
- }
- extId = attr.getString();
- }
+ String extId = config.getUseUidForExtId() ? id : entry.getDn().getName();
ExternalIdentityRef ref = new ExternalIdentityRef(extId, this.getName());
String path = cfg.makeDnPath()
? createDNPath(entry.getDn())
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java?rev=1830239&r1=1830238&r2=1830239&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapProviderConfig.java Thu Apr 26 16:16:34 2018
@@ -408,17 +408,17 @@ public class LdapProviderConfig {
/**
* @see #getExtIdAttribute()
*/
- public static final String PARAM_EXT_ID_ATTRIBUTE_DEFAULT = "";
+ public static final boolean PARAM_USE_UID_FOR_EXT_ID_DEFAULT = false;
/**
* @see #getExtIdAttribute()
*/
@Property(
- label = "External identifier attribute",
- description = "The attribute that is used to create external identifiers. Leave empty to use the DN.",
- value = PARAM_EXT_ID_ATTRIBUTE_DEFAULT
+ label = "Use user id for external ids",
+ description = "If enabled, the value of the user id (resp. group name) attribute will be used to create external identifiers. Leave disabled to use the DN instead.",
+ boolValue = PARAM_USE_UID_FOR_EXT_ID_DEFAULT
)
- public static final String PARAM_EXT_ID_ATTRIBUTE = "extIdAttribute";
+ public static final String PARAM_USE_UID_FOR_EXT_ID = "useUidForExtId";
/**
* @see Identity#getCustomAttributes()
@@ -705,7 +705,7 @@ public class LdapProviderConfig {
.setBindPassword(params.getConfigValue(PARAM_BIND_PASSWORD, PARAM_BIND_PASSWORD_DEFAULT))
.setGroupMemberAttribute(params.getConfigValue(PARAM_GROUP_MEMBER_ATTRIBUTE, PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT))
.setCustomAttributes(params.getConfigValue(PARAM_CUSTOM_ATTRIBUTES, PARAM_CUSTOM_ATTRIBUTES_DEFAULT))
- .setExtIdAttribute(params.getConfigValue(PARAM_EXT_ID_ATTRIBUTE, PARAM_EXT_ID_ATTRIBUTE_DEFAULT));
+ .setUseUidForExtId(params.getConfigValue(PARAM_USE_UID_FOR_EXT_ID, PARAM_USE_UID_FOR_EXT_ID_DEFAULT));
ConfigurationParameters.Milliseconds ms = ConfigurationParameters.Milliseconds.of(params.getConfigValue(PARAM_SEARCH_TIMEOUT, PARAM_SEARCH_TIMEOUT_DEFAULT));
if (ms != null) {
@@ -757,7 +757,7 @@ public class LdapProviderConfig {
private String groupMemberAttribute = PARAM_GROUP_MEMBER_ATTRIBUTE;
- private String extIdAttribute = PARAM_EXT_ID_ATTRIBUTE_DEFAULT;
+ private boolean useUidForExtId = PARAM_USE_UID_FOR_EXT_ID_DEFAULT;
private String memberOfFilterTemplate;
@@ -1006,24 +1006,25 @@ public class LdapProviderConfig {
}
/**
- * Configures the attribute that is used to create external identifiers.
- * Leave empty to use the DN, which is default.
+ * If true, the value of the user id (resp. group name) attribute will be used to create external identifiers. Otherwise the DN will be used, which is the default.
*
- * @return the attribute used to create external identifiers
+ * @return true iff the value of the user id (resp. group name) attribute will be used to create external identifiers
*/
@Nonnull
- public String getExtIdAttribute() {
- return extIdAttribute;
+ public boolean getUseUidForExtId() {
+ return useUidForExtId;
}
/**
- * Sets the attribute that is used to create external identifiers.
- * @param extIdAttribute the attribute name
+ * Sets the flag that controls if the user id (resp. gruop name) will be used instead of the DN to create external ids.
+ *
+ * @see #getUseUidForExtId()
+ * @param useUidForExtId the new value of #useUidForExtId
* @return {@code this}
*/
@Nonnull
- public LdapProviderConfig setExtIdAttribute(String extIdAttribute) {
- this.extIdAttribute = extIdAttribute;
+ public LdapProviderConfig setUseUidForExtId(boolean useUidForExtId) {
+ this.useUidForExtId = useUidForExtId;
return this;
}
@@ -1198,7 +1199,7 @@ public class LdapProviderConfig {
sb.append(", bindPassword='***'");
sb.append(", searchTimeout=").append(searchTimeout);
sb.append(", groupMemberAttribute='").append(groupMemberAttribute).append('\'');
- sb.append(", extIdAttribute='").append(extIdAttribute).append('\'');
+ sb.append(", useUidForExtId='").append(useUidForExtId).append('\'');
sb.append(", memberOfFilterTemplate='").append(memberOfFilterTemplate).append('\'');
sb.append(", adminPoolConfig=").append(adminPoolConfig);
sb.append(", userPoolConfig=").append(userPoolConfig);
Modified: jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java?rev=1830239&r1=1830238&r2=1830239&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java Thu Apr 26 16:16:34 2018
@@ -234,7 +234,7 @@ public class LdapProviderTest {
public void testAuthenticate() throws Exception {
authenticateInternal(idp, TEST_USER1_DN);
- providerConfig.setExtIdAttribute("uid");
+ providerConfig.setUseUidForExtId(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
authenticateInternal(idp, TEST_USER1_UID);
@@ -262,7 +262,7 @@ public class LdapProviderTest {
idp = new LdapIdentityProvider(providerConfig);
authenticateValidateInternal(idp, TEST_USER1_DN);
- providerConfig.setExtIdAttribute("uid");
+ providerConfig.setUseUidForExtId(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
authenticateValidateInternal(idp, TEST_USER1_UID);
@@ -280,7 +280,7 @@ public class LdapProviderTest {
idp = new LdapIdentityProvider(providerConfig);
authenticateValidateInternal(idp, TEST_USER1_DN);
- providerConfig.setExtIdAttribute("uid");
+ providerConfig.setUseUidForExtId(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
authenticateValidateInternal(idp, TEST_USER1_UID);
@@ -298,7 +298,7 @@ public class LdapProviderTest {
idp = new LdapIdentityProvider(providerConfig);
authenticateValidateInternal(idp, TEST_USER1_DN);
- providerConfig.setExtIdAttribute("uid");
+ providerConfig.setUseUidForExtId(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
authenticateValidateInternal(idp, TEST_USER1_UID);
@@ -316,7 +316,7 @@ public class LdapProviderTest {
idp = new LdapIdentityProvider(providerConfig);
authenticateValidateInternal(idp, TEST_USER1_DN);
- providerConfig.setExtIdAttribute("uid");
+ providerConfig.setUseUidForExtId(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
authenticateValidateInternal(idp, TEST_USER1_UID);
@@ -330,13 +330,13 @@ public class LdapProviderTest {
assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName());
assertEquals("User Ref", TEST_USER1_DN, user.getExternalId().getId());
- providerConfig.setExtIdAttribute("uid");
+ providerConfig.setUseUidForExtId(true);
idp.close();
idp = new LdapIdentityProvider(providerConfig);
user = idp.authenticate(creds);
assertNotNull("User 1 must authenticate", user);
assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName());
- assertEquals("User Ref", TEST_USER1_UID, user.getExternalId().getId());
+ assertEquals("User Ref", TEST_USER1_UID.toUpperCase(), user.getExternalId().getId());
}
@Test
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md?rev=1830239&r1=1830238&r2=1830239&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authentication/ldap.md Thu Apr 26 16:16:34 2018
@@ -96,7 +96,7 @@ which is populated either via OSGi or du
| Group member attribute | `group.memberAttribute` | Group attribute that contains the member(s) of a group. |
| Group name attribute | `group.nameAttribute` | Name of the attribute that contains the group name. |
| Group object classes | `group.objectclass` | The list of object classes a group entry must contain. |
-| External identifier attribute | `extIdAttribute` | The attribute that is used to create external identifiers. Leave empty to use the DN. |
+| Use user id for external ids | `useUidForExtId` | If enabled, the value of the user id (resp. group name) attribute will be used to create external identifiers. Leave disabled to use the DN instead. |
| Custom Attributes | `customattributes` | Attributes retrieved when looking up LDAP entries. Leave empty to retrieve all attributes. |
| | | |