add role handling for ldap

src/main/java/org/codelibs/fess/Constants.java

@@ -359,6 +359,8 @@ public class Constants extends CoreLibConstants {
 
     public static final TimeZone TIMEZONE_UTC = TimeZone.getTimeZone("UTC");
 
+    public static final String LDAP_BASE_DN = "ldap.base.dn";
+
     public static final String LDAP_SECURITY_PRINCIPAL = "ldap.security.principal";
 
     public static final String LDAP_PROVIDER_URL = "ldap.provider.url";

src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java

@@ -162,6 +162,7 @@ public class AdminGeneralAction extends FessAdminAction {
         updateProperty(Constants.PURGE_SUGGEST_SEARCH_LOG_DAY_PROPERTY, form.purgeSuggestSearchLogDay.toString());
         updateProperty(Constants.LDAP_PROVIDER_URL, form.ldapProviderUrl);
         updateProperty(Constants.LDAP_SECURITY_PRINCIPAL, form.ldapSecurityPrincipal);
+        updateProperty(Constants.LDAP_BASE_DN, form.ldapBaseDn);
 
         crawlerProperties.store();
         saveInfo(messages -> messages.addSuccessUpdateCrawlerParams(GLOBAL));
@@ -199,6 +200,7 @@ public class AdminGeneralAction extends FessAdminAction {
                         Constants.DEFAULT_SUGGEST_PURGE_DAY));
         form.ldapProviderUrl = crawlerProperties.getProperty(Constants.LDAP_PROVIDER_URL, StringUtil.EMPTY);
         form.ldapSecurityPrincipal = crawlerProperties.getProperty(Constants.LDAP_SECURITY_PRINCIPAL, StringUtil.EMPTY);
+        form.ldapBaseDn = crawlerProperties.getProperty(Constants.LDAP_BASE_DN, StringUtil.EMPTY);
     }
 
     private void updateProperty(final String key, final String value) {

src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java

@@ -121,4 +121,7 @@ public class EditForm implements Serializable {
 
     @Size(max = 1000)
     public String ldapSecurityPrincipal;
+
+    @Size(max = 1000)
+    public String ldapBaseDn;
 }

src/main/java/org/codelibs/fess/ldap/LdapManager.java

@@ -15,12 +15,19 @@
  */
 package org.codelibs.fess.ldap;
 
+import java.util.ArrayList;
 import java.util.Hashtable;
+import java.util.List;
 
 import javax.naming.Context;
+import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
 
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.entity.FessUser;
@@ -72,4 +79,63 @@ public class LdapManager {
     protected LdapUser createLdapUser(String username, Hashtable<String, String> env) {
         return new LdapUser(env, username);
     }
+
+    public String[] getRoles(final LdapUser ldapUser, String bindDn) {
+        final List<String> rolelist = new ArrayList<String>();
+
+        DirContext ctx = null;
+        try {
+            ctx = new InitialDirContext(ldapUser.getEnvironment());
+
+            //set search conditions
+            final String filter = "cn=" + ldapUser.getName();
+            final SearchControls controls = new SearchControls();
+            controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+
+            //search
+            final NamingEnumeration<SearchResult> rslt = ctx.search(bindDn, filter, controls);
+            while (rslt.hasMoreElements()) {
+                final SearchResult srcrslt = rslt.next();
+                final Attributes attrs = srcrslt.getAttributes();
+
+                //get group attr
+                final Attribute attr = attrs.get("memberOf");
+                if (attr == null) {
+                    continue;
+                }
+
+                for (int i = 0; i < attr.size(); i++) {
+                    Object attrValue = attr.get(i);
+                    if (attrValue != null) {
+                        // TODO replace with regexp
+                        String strTmp = attrValue.toString();
+
+                        int strStart = 0;
+                        int strEnd = 0;
+
+                        strStart = strTmp.indexOf("CN=");
+                        strStart += "CN=".length();
+                        strEnd = strTmp.indexOf(',');
+
+                        strTmp = strTmp.substring(strStart, strEnd);
+
+                        rolelist.add(strTmp);
+                    }
+                }
+            }
+
+        } catch (final Exception e) {
+            logger.warn("Failed to resolve roles: " + ldapUser.getName(), e);
+        } finally {
+            if (ctx != null) {
+                try {
+                    ctx.close();
+                } catch (final NamingException e) {
+                    // ignored
+                }
+            }
+        }
+
+        return rolelist.toArray(new String[rolelist.size()]);
+    }
 }

src/main/java/org/codelibs/fess/ldap/LdapUser.java

@@ -19,6 +19,8 @@ import java.util.Hashtable;
 
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.entity.FessUser;
+import org.codelibs.fess.mylasta.direction.FessConfig;
+import org.codelibs.fess.util.ComponentUtil;
 
 public class LdapUser implements FessUser {
 
@@ -28,6 +30,8 @@ public class LdapUser implements FessUser {
 
     protected String name;
 
+    protected String[] roles = null;
+
     public LdapUser(Hashtable<String, String> env, String name) {
         this.env = env;
         this.name = name;
@@ -40,8 +44,13 @@ public class LdapUser implements FessUser {
 
     @Override
     public String[] getRoleNames() {
-        // TODO
-        return StringUtil.EMPTY_STRINGS;
+        if (roles == null) {
+            final String baseDn = ComponentUtil.getFessConfig().getLdapBaseDn();
+            if (StringUtil.isNotBlank(baseDn)) {
+                roles = ComponentUtil.getLdapManager().getRoles(this, baseDn);
+            }
+        }
+        return roles;
     }
 
     @Override
@@ -49,4 +58,8 @@ public class LdapUser implements FessUser {
         // TODO
         return StringUtil.EMPTY_STRINGS;
     }
+
+    public Hashtable<String, String> getEnvironment() {
+        return env;
+    }
 }

src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java

@@ -43,4 +43,8 @@ public interface FessProp {
     public default String getLdapSecurityPrincipal(String username) {
         return String.format(getProperty(Constants.LDAP_SECURITY_PRINCIPAL, StringUtil.EMPTY), username);
     }
+
+    public default String getLdapBaseDn() {
+        return getProperty(Constants.LDAP_BASE_DN);
+    }
 }

src/main/resources/fess_label.properties

@@ -134,7 +134,8 @@ labels.searchParams=Search Parameters
 labels.fields=Fields
 labels.ex_q=Extended Query
 labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=LDAP Principal
+labels.ldapSecurityPrincipal=Bind DN
+labels.ldapBaseDn=Base DN
 
 labels.menu_system=System
 labels.menu_wizard=Wizard
@@ -658,5 +659,6 @@ labels.general_menu_logging=Logging
 labels.general_menu_suggest=Suggest
 labels.general_menu_ldap=LDAP
 labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=LDAP Principal
+labels.ldap_security_principal=Bind DN
+labels.ldap_base_dn=Base DN
 labels.send_testmail=Send TestMail

src/main/resources/fess_label_en.properties

@@ -134,7 +134,8 @@ labels.searchParams=Search Parameters
 labels.fields=Fields
 labels.ex_q=Extended Query
 labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=LDAP Principal
+labels.ldapSecurityPrincipal=Bind DN
+labels.ldapBaseDn=Base DN
 
 labels.menu_system=System
 labels.menu_wizard=Wizard
@@ -658,5 +659,6 @@ labels.general_menu_logging=Logging
 labels.general_menu_suggest=Suggest
 labels.general_menu_ldap=LDAP
 labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=LDAP Principal
+labels.ldap_security_principal=Bind DN
+labels.ldap_base_dn=Base DN
 labels.send_testmail=Send TestMail

src/main/resources/fess_label_ja.properties

@@ -646,7 +646,9 @@ labels.general_menu_logging = \u30ed\u30ae\u30f3\u30b0
 labels.general_menu_suggest = \u30b5\u30b8\u30a7\u30b9\u30c8
 labels.send_testmail=\u30c6\u30b9\u30c8\u30e1\u30fc\u30eb\u306e\u9001\u4fe1
 labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=LDAP \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb
+labels.ldapSecurityPrincipal=Bind DN
+labels.ldapBaseDn=Base DN
 labels.general_menu_ldap=LDAP
 labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=LDAP \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb
+labels.ldap_security_principal=Bind DN
+labels.ldap_base_dn=Base DN

src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp

@@ -293,7 +293,7 @@
 									<div class="form-group">
 										<label for="ldapProviderUrl"
 											class="col-sm-3 control-label"><la:message
-												key="labels.ldapProviderUrl" /></label>
+												key="labels.ldap_provider_url" /></label>
 										<div class="col-sm-9">
 											<la:errors property="ldapProviderUrl" />
 											<la:text property="ldapProviderUrl"
@@ -303,13 +303,23 @@
 									<div class="form-group">
 										<label for="ldapSecurityPrincipal"
 											class="col-sm-3 control-label"><la:message
-												key="labels.ldapSecurityPrincipal" /></label>
+												key="labels.ldap_security_principal" /></label>
 										<div class="col-sm-9">
 											<la:errors property="ldapSecurityPrincipal" />
 											<la:text property="ldapSecurityPrincipal"
 												styleClass="form-control" />
 										</div>
 									</div>
+									<div class="form-group">
+										<label for="ldapBaseDn"
+											class="col-sm-3 control-label"><la:message
+												key="labels.ldap_base_dn" /></label>
+										<div class="col-sm-9">
+											<la:errors property="ldapBaseDn" />
+											<la:text property="ldapBaseDn"
+												styleClass="form-control" />
+										</div>
+									</div>
 								</div>
 								<!-- /.box-body -->
 								<div class="box-footer">