fix #1675 add ldap.ignore.netbios.name

src/main/java/org/codelibs/fess/ldap/LdapManager.java

@@ -18,6 +18,7 @@ package org.codelibs.fess.ldap;
 import static org.codelibs.core.stream.StreamUtil.stream;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Base64;
 import java.util.Collections;
 import java.util.Hashtable;
@@ -28,6 +29,7 @@ import java.util.function.Consumer;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
+import javax.annotation.PostConstruct;
 import javax.naming.Context;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
@@ -63,6 +65,13 @@ public class LdapManager {
 
     protected volatile boolean isBind = false;
 
+    protected FessConfig fessConfig;
+
+    @PostConstruct
+    protected void init() {
+        fessConfig = ComponentUtil.getFessConfig();
+    }
+
     protected Hashtable<String, String> createEnvironment(final String initialContextFactory, final String securityAuthentication,
             final String providerUrl, final String principal, final String credntials) {
         final Hashtable<String, String> env = new Hashtable<>();
@@ -78,7 +87,6 @@ public class LdapManager {
     }
 
     protected Hashtable<String, String> createAdminEnv() {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         return createEnvironment(//
                 fessConfig.getLdapInitialContextFactory(), //
                 fessConfig.getLdapSecurityAuthentication(), fessConfig.getLdapProviderUrl(), //
@@ -87,7 +95,6 @@ public class LdapManager {
     }
 
     protected Hashtable<String, String> createSearchEnv(final String username, final String password) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         return createEnvironment(//
                 fessConfig.getLdapInitialContextFactory(), //
                 fessConfig.getLdapSecurityAuthentication(), //
@@ -96,7 +103,6 @@ public class LdapManager {
     }
 
     protected Hashtable<String, String> createSearchEnv() {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         return createEnvironment(//
                 fessConfig.getLdapInitialContextFactory(), //
                 fessConfig.getLdapSecurityAuthentication(), fessConfig.getLdapProviderUrl(), //
@@ -125,8 +131,6 @@ public class LdapManager {
     }
 
     public OptionalEntity<FessUser> login(final String username, final String password) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
-
         if (StringUtil.isBlank(fessConfig.getLdapProviderUrl())) {
             return OptionalEntity.empty();
         }
@@ -168,7 +172,6 @@ public class LdapManager {
 
     public String[] getRoles(final LdapUser ldapUser, final String bindDn, final String accountFilter) {
         final SystemHelper systemHelper = ComponentUtil.getSystemHelper();
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         final List<String> roleList = new ArrayList<>();
 
         if (fessConfig.isLdapRoleSearchUserEnabled()) {
@@ -195,7 +198,6 @@ public class LdapManager {
     }
 
     protected void processSearchRoles(final List<SearchResult> result, final BiConsumer<String, String> consumer) throws NamingException {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         for (final SearchResult srcrslt : result) {
             final Attributes attrs = srcrslt.getAttributes();
 
@@ -210,30 +212,42 @@ public class LdapManager {
                 if (attrValue != null) {
                     final String entryDn = attrValue.toString();
 
-                    int start = 0;
-                    int end = 0;
-
-                    start = entryDn.indexOf("CN=");
-                    if (start < 0) {
-                        start = entryDn.indexOf("cn=");
+                    String name = getSearchRoleName(entryDn);
+                    if (name != null) {
+                        consumer.accept(entryDn, name);
                     }
-                    if (start == -1) {
-                        continue;
-                    }
-                    start += 3;
-                    end = entryDn.indexOf(',');
+                }
+            }
+        }
+    }
 
-                    String name;
-                    if (end == -1) {
-                        name = entryDn.substring(start);
-                    } else {
-                        name = entryDn.substring(start, end);
-                    }
+    protected String getSearchRoleName(final String entryDn) {
+        if (entryDn == null) {
+            return null;
+        }
+        int start = entryDn.toLowerCase(Locale.ROOT).indexOf("cn=");
+        if (start == -1) {
+            return null;
+        }
+        start += 3;
 
-                    consumer.accept(entryDn, name);
-                }
+        int end = entryDn.indexOf(',', start);
+        String name;
+        if (end == -1) {
+            name = entryDn.substring(start);
+        } else {
+            name = entryDn.substring(start, end);
+        }
+        if (fessConfig.isLdapIgnoreNetbiosName()) {
+            final String[] values = name.split("\\\\");
+            if (values.length == 0) {
+                return null;
+            } else if (values.length == 1) {
+                return values[0];
             }
+            return String.join("\\", Arrays.copyOfRange(values, 1, values.length));
         }
+        return name;
     }
 
     protected void setAttributeValue(final List<SearchResult> result, final String name, final Consumer<Object> consumer) {
@@ -269,7 +283,6 @@ public class LdapManager {
     }
 
     public void apply(final User user) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         if (!fessConfig.isLdapAdminEnabled(user.getName())) {
             return;
         }
@@ -349,7 +362,6 @@ public class LdapManager {
     }
 
     public void insert(final User user) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         if (!fessConfig.isLdapAdminEnabled(user.getName())) {
             return;
         }
@@ -359,10 +371,10 @@ public class LdapManager {
         // attributes
         search(fessConfig.getLdapAdminUserBaseDn(), fessConfig.getLdapAdminUserFilter(user.getName()), null, adminEnv, result -> {
             if (!result.isEmpty()) {
-                modifyUserAttributes(user, adminEnv, userDN, result, fessConfig);
+                modifyUserAttributes(user, adminEnv, userDN, result);
             } else {
                 final BasicAttributes entry = new BasicAttributes();
-                addUserAttributes(entry, user, fessConfig);
+                addUserAttributes(entry, user);
                 final Attribute oc = fessConfig.getLdapAdminUserObjectClassAttribute();
                 entry.put(oc);
                 insert(userDN, entry, adminEnv);
@@ -489,7 +501,7 @@ public class LdapManager {
     }
 
     protected void modifyUserAttributes(final User user, final Supplier<Hashtable<String, String>> adminEnv, final String userDN,
-            final List<SearchResult> result, final FessConfig fessConfig) {
+            final List<SearchResult> result) {
         final List<ModificationItem> modifyList = new ArrayList<>();
         if (user.getOriginalPassword() != null) {
             modifyReplaceEntry(modifyList, "userPassword", user.getOriginalPassword());
@@ -732,7 +744,7 @@ public class LdapManager {
         modify(userDN, modifyList, adminEnv);
     }
 
-    protected void addUserAttributes(final BasicAttributes entry, final User user, final FessConfig fessConfig) {
+    protected void addUserAttributes(final BasicAttributes entry, final User user) {
         entry.put(new BasicAttribute("cn", user.getName()));
         entry.put(new BasicAttribute("userPassword", user.getOriginalPassword()));
 
@@ -811,7 +823,6 @@ public class LdapManager {
     }
 
     public void delete(final User user) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         if (!fessConfig.isLdapAdminEnabled(user.getName())) {
             return;
         }
@@ -855,7 +866,6 @@ public class LdapManager {
     }
 
     public void insert(final Role role) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         if (!fessConfig.isLdapAdminEnabled()) {
             return;
         }
@@ -867,7 +877,7 @@ public class LdapManager {
             } else {
                 final String entryDN = fessConfig.getLdapAdminRoleSecurityPrincipal(role.getName());
                 final BasicAttributes entry = new BasicAttributes();
-                addRoleAttributes(entry, role, fessConfig);
+                addRoleAttributes(entry, role);
                 final Attribute oc = fessConfig.getLdapAdminRoleObjectClassAttribute();
                 entry.put(oc);
                 insert(entryDN, entry, adminEnv);
@@ -876,12 +886,11 @@ public class LdapManager {
 
     }
 
-    protected void addRoleAttributes(final BasicAttributes entry, final Role user, final FessConfig fessConfig) {
+    protected void addRoleAttributes(final BasicAttributes entry, final Role user) {
         // nothing
     }
 
     public void delete(final Role role) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         if (!fessConfig.isLdapAdminEnabled()) {
             return;
         }
@@ -899,7 +908,6 @@ public class LdapManager {
     }
 
     public void apply(final Group group) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         if (!fessConfig.isLdapAdminEnabled()) {
             return;
         }
@@ -913,7 +921,6 @@ public class LdapManager {
     }
 
     public void insert(final Group group) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         if (!fessConfig.isLdapAdminEnabled()) {
             return;
         }
@@ -923,10 +930,10 @@ public class LdapManager {
         search(fessConfig.getLdapAdminGroupBaseDn(), fessConfig.getLdapAdminGroupFilter(group.getName()), null, adminEnv, result -> {
             if (!result.isEmpty()) {
                 logger.info("{} exists in LDAP server.", group.getName());
-                modifyGroupAttributes(group, adminEnv, entryDN, result, fessConfig);
+                modifyGroupAttributes(group, adminEnv, entryDN, result);
             } else {
                 final BasicAttributes entry = new BasicAttributes();
-                addGroupAttributes(entry, group, fessConfig);
+                addGroupAttributes(entry, group);
                 final Attribute oc = fessConfig.getLdapAdminGroupObjectClassAttribute();
                 entry.put(oc);
                 insert(entryDN, entry, adminEnv);
@@ -935,7 +942,7 @@ public class LdapManager {
     }
 
     protected void modifyGroupAttributes(final Group group, final Supplier<Hashtable<String, String>> adminEnv, final String entryDN,
-            final List<SearchResult> result, final FessConfig fessConfig) {
+            final List<SearchResult> result) {
         final List<ModificationItem> modifyList = new ArrayList<>();
 
         final String attrGidNumber = fessConfig.getLdapAttrGidNumber();
@@ -949,13 +956,12 @@ public class LdapManager {
         modify(entryDN, modifyList, adminEnv);
     }
 
-    protected void addGroupAttributes(final BasicAttributes entry, final Group group, final FessConfig fessConfig) {
+    protected void addGroupAttributes(final BasicAttributes entry, final Group group) {
         OptionalUtil.ofNullable(group.getGidNumber()).filter(s -> StringUtil.isNotBlank(s.toString()))
                 .ifPresent(s -> entry.put(new BasicAttribute(fessConfig.getLdapAttrGidNumber(), s)));
     }
 
     public void delete(final Group group) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         if (!fessConfig.isLdapAdminEnabled()) {
             return;
         }
@@ -972,7 +978,6 @@ public class LdapManager {
     }
 
     public boolean changePassword(final String username, final String password) {
-        final FessConfig fessConfig = ComponentUtil.getFessConfig();
         if (!fessConfig.isLdapAdminEnabled(username)) {
             return false;
         }

src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -1214,6 +1214,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     /** The key of the configuration. e.g. -1 */
     String LDAP_MAX_USERNAME_LENGTH = "ldap.max.username.length";
 
+    /** The key of the configuration. e.g. true */
+    String LDAP_IGNORE_NETBIOS_NAME = "ldap.ignore.netbios.name";
+
     /** The key of the configuration. e.g. true */
     String LDAP_ROLE_SEARCH_USER_ENABLED = "ldap.role.search.user.enabled";
 
@@ -5312,6 +5315,20 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
      */
     Integer getLdapMaxUsernameLengthAsInteger();
 
+    /**
+     * Get the value for the key 'ldap.ignore.netbios.name'. <br>
+     * The value is, e.g. true <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getLdapIgnoreNetbiosName();
+
+    /**
+     * Is the property for the key 'ldap.ignore.netbios.name' true? <br>
+     * The value is, e.g. true <br>
+     * @return The determination, true or false. (if not found, exception but basically no way)
+     */
+    boolean isLdapIgnoreNetbiosName();
+
     /**
      * Get the value for the key 'ldap.role.search.user.enabled'. <br>
      * The value is, e.g. true <br>
@@ -7858,6 +7875,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             return getAsInteger(FessConfig.LDAP_MAX_USERNAME_LENGTH);
         }
 
+        public String getLdapIgnoreNetbiosName() {
+            return get(FessConfig.LDAP_IGNORE_NETBIOS_NAME);
+        }
+
+        public boolean isLdapIgnoreNetbiosName() {
+            return is(FessConfig.LDAP_IGNORE_NETBIOS_NAME);
+        }
+
         public String getLdapRoleSearchUserEnabled() {
             return get(FessConfig.LDAP_ROLE_SEARCH_USER_ENABLED);
         }
@@ -8506,6 +8531,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             defaultMap.put(FessConfig.LDAP_ADMIN_GROUP_OBJECT_CLASSES, "groupOfNames");
             defaultMap.put(FessConfig.LDAP_ADMIN_SYNC_PASSWORD, "true");
             defaultMap.put(FessConfig.LDAP_MAX_USERNAME_LENGTH, "-1");
+            defaultMap.put(FessConfig.LDAP_IGNORE_NETBIOS_NAME, "true");
             defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_USER_ENABLED, "true");
             defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_GROUP_ENABLED, "true");
             defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_ROLE_ENABLED, "true");

src/main/resources/fess_config.properties

@@ -611,6 +611,7 @@ ldap.admin.group.object.classes=groupOfNames
 ldap.admin.sync.password=true
 
 ldap.max.username.length=-1
+ldap.ignore.netbios.name=true
 
 ldap.role.search.user.enabled=true
 ldap.role.search.group.enabled=true

src/test/java/org/codelibs/fess/ldap/LdapManagerTest.java

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2012-2018 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.ldap;
+
+import org.codelibs.fess.mylasta.direction.FessConfig;
+import org.codelibs.fess.unit.UnitFessTestCase;
+import org.codelibs.fess.util.ComponentUtil;
+
+public class LdapManagerTest extends UnitFessTestCase {
+
+    @SuppressWarnings("serial")
+    public void test_getSearchRoleName() {
+        ComponentUtil.setFessConfig(new FessConfig.SimpleImpl() {
+            public boolean isLdapIgnoreNetbiosName() {
+                return true;
+            }
+        });
+        LdapManager ldapManager = new LdapManager();
+        ldapManager.init();
+
+        assertEquals("aaa", ldapManager.getSearchRoleName("cn=aaa"));
+        assertEquals("aaa", ldapManager.getSearchRoleName("CN=aaa"));
+        assertEquals("aaa", ldapManager.getSearchRoleName("cn=aaa,du=test"));
+        assertEquals("bbb", ldapManager.getSearchRoleName("cn=aaa\\bbb"));
+        assertEquals("bbb", ldapManager.getSearchRoleName("cn=aaa\\bbb,du=test"));
+        assertEquals("bbb\\ccc", ldapManager.getSearchRoleName("cn=aaa\\bbb\\ccc"));
+        assertEquals("bbb\\ccc", ldapManager.getSearchRoleName("cn=aaa\\bbb\\ccc,du=test\""));
+
+        assertNull(ldapManager.getSearchRoleName(null));
+        assertNull(ldapManager.getSearchRoleName(""));
+        assertNull(ldapManager.getSearchRoleName(" "));
+        assertNull(ldapManager.getSearchRoleName("aaa"));
+    }
+
+}