modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java | 16 +++++++- modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java | 20 ++++------ 2 files changed, 23 insertions(+), 13 deletions(-)
New commits: commit 01cd91b130f563ba62cd96a46f2cb3a2ac567a48 Author: Larry O'Leary loleary@redhat.com Date: Wed Jul 17 16:32:05 2013 +0200
BZ 981015 - Ldap auth failed if DN contained a backslash
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java index 6b7add6..0db28f7 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java @@ -23,6 +23,7 @@ import java.util.Iterator; import java.util.Map.Entry; import java.util.Properties;
+import javax.naming.CompositeName; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.directory.SearchControls; @@ -194,7 +195,18 @@ public class LdapLoginModule extends UsernamePasswordLoginModule { SearchResult si = (SearchResult) answer.next();
// Construct the UserDN - String userDN = si.getName() + "," + baseDNs[x]; + String userDN = null; + + try { + userDN = si.getNameInNamespace(); + } catch (UnsupportedOperationException use) { + userDN = new CompositeName(si.getName()).get(0); + if (si.isRelative()) { + userDN += "," + baseDNs[x]; + } + } + + log.debug("Using LDAP userDN=" + userDN);
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, inputPassword); @@ -209,7 +221,7 @@ public class LdapLoginModule extends UsernamePasswordLoginModule { // If we try all the BaseDN's and have not found a match, return false return false; } catch (Exception e) { - log.info("Failed to validate password: " + e.getMessage()); + log.info("Failed to validate password for [" + userName + "]: " + e.getMessage()); return false; } } diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java index 532a944..a28c709 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java @@ -1,6 +1,6 @@ /* * RHQ Management Platform - * Copyright (C) 2005-2011 Red Hat, Inc. + * Copyright (C) 2005-2013 Red Hat, Inc. * All rights reserved. * * This program is free software; you can redistribute it and/or modify @@ -13,8 +13,8 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */
package org.rhq.enterprise.server.resource.group; @@ -33,6 +33,7 @@ import java.util.Set;
import javax.ejb.EJB; import javax.ejb.Stateless; +import javax.naming.CompositeName; import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; @@ -345,12 +346,9 @@ public class LdapGroupManagerBean implements LdapGroupManagerLocal { try { userDN = si.getNameInNamespace(); } catch (UnsupportedOperationException use) { - userDN = si.getName(); - if (userDN.startsWith(""")) { - userDN = userDN.substring(1, userDN.length()); - } - if (userDN.endsWith(""")) { - userDN = userDN.substring(0, userDN.length() - 1); + userDN = new CompositeName(si.getName()).get(0); + if (si.isRelative()) { + userDN += "," + baseDNs[x]; } userDN = userDN + "," + baseDNs[x]; } @@ -507,7 +505,7 @@ public class LdapGroupManagerBean implements LdapGroupManagerLocal {
/** Translate SystemSettings to familiar Properties instance since we're * passing not one but multiple values. - * + * * @param systemSettings * @return */ @@ -532,7 +530,7 @@ public class LdapGroupManagerBean implements LdapGroupManagerLocal { /** Executes the LDAP group query using the filters, context and search controls, etc. parameters passed in. * The matching groups located during processing this pages of results are added as new entries to the * groupDetailsMap passed in. - * + * * @param filter * @param groupDetailsMap * @param ctx
rhq-commits@lists.fedorahosted.org