diff --git a/src/main/java/org/codelibs/fess/Constants.java b/src/main/java/org/codelibs/fess/Constants.java index bbd285df5..1302b4a2e 100644 --- a/src/main/java/org/codelibs/fess/Constants.java +++ b/src/main/java/org/codelibs/fess/Constants.java @@ -359,6 +359,8 @@ public class Constants extends CoreLibConstants { public static final TimeZone TIMEZONE_UTC = TimeZone.getTimeZone("UTC"); + public static final String LDAP_BASE_DN = "ldap.base.dn"; + public static final String LDAP_SECURITY_PRINCIPAL = "ldap.security.principal"; public static final String LDAP_PROVIDER_URL = "ldap.provider.url"; diff --git a/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java b/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java index 6a6d48140..ba737d45d 100644 --- a/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java +++ b/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java @@ -162,6 +162,7 @@ public class AdminGeneralAction extends FessAdminAction { updateProperty(Constants.PURGE_SUGGEST_SEARCH_LOG_DAY_PROPERTY, form.purgeSuggestSearchLogDay.toString()); updateProperty(Constants.LDAP_PROVIDER_URL, form.ldapProviderUrl); updateProperty(Constants.LDAP_SECURITY_PRINCIPAL, form.ldapSecurityPrincipal); + updateProperty(Constants.LDAP_BASE_DN, form.ldapBaseDn); crawlerProperties.store(); saveInfo(messages -> messages.addSuccessUpdateCrawlerParams(GLOBAL)); @@ -199,6 +200,7 @@ public class AdminGeneralAction extends FessAdminAction { Constants.DEFAULT_SUGGEST_PURGE_DAY)); form.ldapProviderUrl = crawlerProperties.getProperty(Constants.LDAP_PROVIDER_URL, StringUtil.EMPTY); form.ldapSecurityPrincipal = crawlerProperties.getProperty(Constants.LDAP_SECURITY_PRINCIPAL, StringUtil.EMPTY); + form.ldapBaseDn = crawlerProperties.getProperty(Constants.LDAP_BASE_DN, StringUtil.EMPTY); } private void updateProperty(final String key, final String value) { diff --git a/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java b/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java index fa6714ab7..a5b5038e0 100644 --- a/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java +++ b/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java @@ -121,4 +121,7 @@ public class EditForm implements Serializable { @Size(max = 1000) public String ldapSecurityPrincipal; + + @Size(max = 1000) + public String ldapBaseDn; } diff --git a/src/main/java/org/codelibs/fess/ldap/LdapManager.java b/src/main/java/org/codelibs/fess/ldap/LdapManager.java index a763bb491..2e4f2933d 100644 --- a/src/main/java/org/codelibs/fess/ldap/LdapManager.java +++ b/src/main/java/org/codelibs/fess/ldap/LdapManager.java @@ -15,12 +15,19 @@ */ package org.codelibs.fess.ldap; +import java.util.ArrayList; import java.util.Hashtable; +import java.util.List; import javax.naming.Context; +import javax.naming.NamingEnumeration; import javax.naming.NamingException; +import javax.naming.directory.Attribute; +import javax.naming.directory.Attributes; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; +import javax.naming.directory.SearchControls; +import javax.naming.directory.SearchResult; import org.codelibs.core.lang.StringUtil; import org.codelibs.fess.entity.FessUser; @@ -72,4 +79,63 @@ public class LdapManager { protected LdapUser createLdapUser(String username, Hashtable env) { return new LdapUser(env, username); } + + public String[] getRoles(final LdapUser ldapUser, String bindDn) { + final List rolelist = new ArrayList(); + + DirContext ctx = null; + try { + ctx = new InitialDirContext(ldapUser.getEnvironment()); + + //set search conditions + final String filter = "cn=" + ldapUser.getName(); + final SearchControls controls = new SearchControls(); + controls.setSearchScope(SearchControls.SUBTREE_SCOPE); + + //search + final NamingEnumeration rslt = ctx.search(bindDn, filter, controls); + while (rslt.hasMoreElements()) { + final SearchResult srcrslt = rslt.next(); + final Attributes attrs = srcrslt.getAttributes(); + + //get group attr + final Attribute attr = attrs.get("memberOf"); + if (attr == null) { + continue; + } + + for (int i = 0; i < attr.size(); i++) { + Object attrValue = attr.get(i); + if (attrValue != null) { + // TODO replace with regexp + String strTmp = attrValue.toString(); + + int strStart = 0; + int strEnd = 0; + + strStart = strTmp.indexOf("CN="); + strStart += "CN=".length(); + strEnd = strTmp.indexOf(','); + + strTmp = strTmp.substring(strStart, strEnd); + + rolelist.add(strTmp); + } + } + } + + } catch (final Exception e) { + logger.warn("Failed to resolve roles: " + ldapUser.getName(), e); + } finally { + if (ctx != null) { + try { + ctx.close(); + } catch (final NamingException e) { + // ignored + } + } + } + + return rolelist.toArray(new String[rolelist.size()]); + } } diff --git a/src/main/java/org/codelibs/fess/ldap/LdapUser.java b/src/main/java/org/codelibs/fess/ldap/LdapUser.java index a7b73973c..48a553922 100644 --- a/src/main/java/org/codelibs/fess/ldap/LdapUser.java +++ b/src/main/java/org/codelibs/fess/ldap/LdapUser.java @@ -19,6 +19,8 @@ import java.util.Hashtable; import org.codelibs.core.lang.StringUtil; import org.codelibs.fess.entity.FessUser; +import org.codelibs.fess.mylasta.direction.FessConfig; +import org.codelibs.fess.util.ComponentUtil; public class LdapUser implements FessUser { @@ -28,6 +30,8 @@ public class LdapUser implements FessUser { protected String name; + protected String[] roles = null; + public LdapUser(Hashtable env, String name) { this.env = env; this.name = name; @@ -40,8 +44,13 @@ public class LdapUser implements FessUser { @Override public String[] getRoleNames() { - // TODO - return StringUtil.EMPTY_STRINGS; + if (roles == null) { + final String baseDn = ComponentUtil.getFessConfig().getLdapBaseDn(); + if (StringUtil.isNotBlank(baseDn)) { + roles = ComponentUtil.getLdapManager().getRoles(this, baseDn); + } + } + return roles; } @Override @@ -49,4 +58,8 @@ public class LdapUser implements FessUser { // TODO return StringUtil.EMPTY_STRINGS; } + + public Hashtable getEnvironment() { + return env; + } } diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java index d958d30e4..e0f2c23c7 100644 --- a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java +++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java @@ -43,4 +43,8 @@ public interface FessProp { public default String getLdapSecurityPrincipal(String username) { return String.format(getProperty(Constants.LDAP_SECURITY_PRINCIPAL, StringUtil.EMPTY), username); } + + public default String getLdapBaseDn() { + return getProperty(Constants.LDAP_BASE_DN); + } } diff --git a/src/main/resources/fess_label.properties b/src/main/resources/fess_label.properties index 59a3fa4a3..e053a6a8e 100644 --- a/src/main/resources/fess_label.properties +++ b/src/main/resources/fess_label.properties @@ -134,7 +134,8 @@ labels.searchParams=Search Parameters labels.fields=Fields labels.ex_q=Extended Query labels.ldapProviderUrl=LDAP URL -labels.ldapSecurityPrincipal=LDAP Principal +labels.ldapSecurityPrincipal=Bind DN +labels.ldapBaseDn=Base DN labels.menu_system=System labels.menu_wizard=Wizard @@ -658,5 +659,6 @@ labels.general_menu_logging=Logging labels.general_menu_suggest=Suggest labels.general_menu_ldap=LDAP labels.ldap_provider_url=LDAP URL -labels.ldap_security_principal=LDAP Principal +labels.ldap_security_principal=Bind DN +labels.ldap_base_dn=Base DN labels.send_testmail=Send TestMail diff --git a/src/main/resources/fess_label_en.properties b/src/main/resources/fess_label_en.properties index 59a3fa4a3..e053a6a8e 100644 --- a/src/main/resources/fess_label_en.properties +++ b/src/main/resources/fess_label_en.properties @@ -134,7 +134,8 @@ labels.searchParams=Search Parameters labels.fields=Fields labels.ex_q=Extended Query labels.ldapProviderUrl=LDAP URL -labels.ldapSecurityPrincipal=LDAP Principal +labels.ldapSecurityPrincipal=Bind DN +labels.ldapBaseDn=Base DN labels.menu_system=System labels.menu_wizard=Wizard @@ -658,5 +659,6 @@ labels.general_menu_logging=Logging labels.general_menu_suggest=Suggest labels.general_menu_ldap=LDAP labels.ldap_provider_url=LDAP URL -labels.ldap_security_principal=LDAP Principal +labels.ldap_security_principal=Bind DN +labels.ldap_base_dn=Base DN labels.send_testmail=Send TestMail diff --git a/src/main/resources/fess_label_ja.properties b/src/main/resources/fess_label_ja.properties index f00bb8f65..78a19ddaa 100644 --- a/src/main/resources/fess_label_ja.properties +++ b/src/main/resources/fess_label_ja.properties @@ -646,7 +646,9 @@ labels.general_menu_logging = \u30ed\u30ae\u30f3\u30b0 labels.general_menu_suggest = \u30b5\u30b8\u30a7\u30b9\u30c8 labels.send_testmail=\u30c6\u30b9\u30c8\u30e1\u30fc\u30eb\u306e\u9001\u4fe1 labels.ldapProviderUrl=LDAP URL -labels.ldapSecurityPrincipal=LDAP \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb +labels.ldapSecurityPrincipal=Bind DN +labels.ldapBaseDn=Base DN labels.general_menu_ldap=LDAP labels.ldap_provider_url=LDAP URL -labels.ldap_security_principal=LDAP \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb +labels.ldap_security_principal=Bind DN +labels.ldap_base_dn=Base DN diff --git a/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp b/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp index 4df4c35f3..b1ca3f764 100644 --- a/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp +++ b/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp @@ -293,7 +293,7 @@
+ key="labels.ldap_provider_url" />
+ key="labels.ldap_security_principal" />
+
+ +
+ + +
+