0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix #2185 add ldap.auth.validation

Browse source
This commit is contained in:
Shinsuke Sugaya 2019-07-20 14:18:30 +09:00
parent 68690b7782
commit a3c1895aff
4 changed files with 70 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
src/main/java/org/codelibs/fess/exception/LdapConfigurationException.java Normal file
View file

@ -0,0 +1,25 @@
/*
* Copyright 2012-2019 CodeLibs Project and the Others.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific language
* governing permissions and limitations under the License.
*/
package org.codelibs.fess.exception;
public class LdapConfigurationException extends FessSystemException {
private static final long serialVersionUID = 1L;
public LdapConfigurationException(final String message) {
super(message);
}
}

24
src/main/java/org/codelibs/fess/ldap/LdapManager.java
View file

@ -49,6 +49,7 @@ import org.codelibs.fess.entity.FessUser;
import org.codelibs.fess.es.user.exentity.Group;
import org.codelibs.fess.es.user.exentity.Role;
import org.codelibs.fess.es.user.exentity.User;
import org.codelibs.fess.exception.LdapConfigurationException;
import org.codelibs.fess.exception.LdapOperationException;
import org.codelibs.fess.helper.SystemHelper;
import org.codelibs.fess.mylasta.direction.FessConfig;
@ -76,17 +77,24 @@ public class LdapManager {
protected Hashtable<String, String> createEnvironment(final String initialContextFactory, final String securityAuthentication,
final String providerUrl, final String principal, final String credntials) {
final Hashtable<String, String> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
env.put(Context.SECURITY_AUTHENTICATION, securityAuthentication);
env.put(Context.PROVIDER_URL, providerUrl);
env.put(Context.SECURITY_PRINCIPAL, principal);
env.put(Context.SECURITY_CREDENTIALS, credntials);
putEnv(env, Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
putEnv(env, Context.SECURITY_AUTHENTICATION, securityAuthentication);
putEnv(env, Context.PROVIDER_URL, providerUrl);
putEnv(env, Context.SECURITY_PRINCIPAL, principal);
putEnv(env, Context.SECURITY_CREDENTIALS, credntials);
if (providerUrl != null && providerUrl.startsWith("ldaps://")) {
env.put(Context.SECURITY_PROTOCOL, "ssl");
putEnv(env, Context.SECURITY_PROTOCOL, "ssl");
}
return env;
}
protected void putEnv(final Hashtable<String, String> env, final String key, final String value) {
if (value == null) {
throw new LdapConfigurationException(key + " is null.");
}
env.put(key, value);
}
protected Hashtable<String, String> createAdminEnv() {
return createEnvironment(//
fessConfig.getLdapInitialContextFactory(), //
@ -117,6 +125,10 @@ public class LdapManager {
protected boolean validate() {
if (!isBind) {
if (fessConfig.getLdapAdminSecurityPrincipal() == null || fessConfig.getLdapAdminSecurityCredentials() == null) {
// no credentials
return !fessConfig.isLdapAuthValidation();
}
final Hashtable<String, String> env = createAdminEnv();
try (DirContextHolder holder = getDirContext(() -> env)) {
final DirContext context = holder.get();

26
src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
View file

@ -1301,6 +1301,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
/** The key of the configuration. e.g. true */
String LDAP_ADMIN_SYNC_PASSWORD = "ldap.admin.sync.password";
/** The key of the configuration. e.g. true */
String LDAP_AUTH_VALIDATION = "ldap.auth.validation";
/** The key of the configuration. e.g. -1 */
String LDAP_MAX_USERNAME_LENGTH = "ldap.max.username.length";
@ -5581,6 +5584,20 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
*/
boolean isLdapAdminSyncPassword();
/**
* Get the value for the key 'ldap.auth.validation'. <br>
* The value is, e.g. true <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getLdapAuthValidation();
/**
* Is the property for the key 'ldap.auth.validation' true? <br>
* The value is, e.g. true <br>
* @return The determination, true or false. (if not found, exception but basically no way)
*/
boolean isLdapAuthValidation();
/**
* Get the value for the key 'ldap.max.username.length'. <br>
* The value is, e.g. -1 <br>
@ -8077,6 +8094,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
return is(FessConfig.LDAP_ADMIN_SYNC_PASSWORD);
}
public String getLdapAuthValidation() {
return get(FessConfig.LDAP_AUTH_VALIDATION);
}
public boolean isLdapAuthValidation() {
return is(FessConfig.LDAP_AUTH_VALIDATION);
}
public String getLdapMaxUsernameLength() {
return get(FessConfig.LDAP_MAX_USERNAME_LENGTH);
}
@ -8652,6 +8677,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
defaultMap.put(FessConfig.LDAP_ADMIN_GROUP_BASE_DN, "ou=Group,dc=fess,dc=codelibs,dc=org");
defaultMap.put(FessConfig.LDAP_ADMIN_GROUP_OBJECT_CLASSES, "groupOfNames");
defaultMap.put(FessConfig.LDAP_ADMIN_SYNC_PASSWORD, "true");
defaultMap.put(FessConfig.LDAP_AUTH_VALIDATION, "true");
defaultMap.put(FessConfig.LDAP_MAX_USERNAME_LENGTH, "-1");
defaultMap.put(FessConfig.LDAP_IGNORE_NETBIOS_NAME, "true");
defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_USER_ENABLED, "true");

1
src/main/resources/fess_config.properties
View file

@ -656,6 +656,7 @@ ldap.admin.group.base.dn=ou\=Group,dc\=fess,dc\=codelibs,dc\=org
ldap.admin.group.object.classes=groupOfNames
ldap.admin.sync.password=true
ldap.auth.validation=true
ldap.max.username.length=-1
ldap.ignore.netbios.name=true