incubator-connectors-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kwri...@apache.org
Subject svn commit: r931099 - /incubator/lcf/trunk/modules/connectors/activedirectory/connector/org/apache/lcf/authorities/activedirectory/ActiveDirectoryAuthority.java
Date Tue, 06 Apr 2010 11:42:13 GMT
Author: kwright
Date: Tue Apr  6 11:42:13 2010
New Revision: 931099

URL: http://svn.apache.org/viewvc?rev=931099&view=rev
Log:
Debug, and include the user's sid and the public sid too.

Modified:
    incubator/lcf/trunk/modules/connectors/activedirectory/connector/org/apache/lcf/authorities/activedirectory/ActiveDirectoryAuthority.java

Modified: incubator/lcf/trunk/modules/connectors/activedirectory/connector/org/apache/lcf/authorities/activedirectory/ActiveDirectoryAuthority.java
URL: http://svn.apache.org/viewvc/incubator/lcf/trunk/modules/connectors/activedirectory/connector/org/apache/lcf/authorities/activedirectory/ActiveDirectoryAuthority.java?rev=931099&r1=931098&r2=931099&view=diff
==============================================================================
--- incubator/lcf/trunk/modules/connectors/activedirectory/connector/org/apache/lcf/authorities/activedirectory/ActiveDirectoryAuthority.java
(original)
+++ incubator/lcf/trunk/modules/connectors/activedirectory/connector/org/apache/lcf/authorities/activedirectory/ActiveDirectoryAuthority.java
Tue Apr  6 11:42:13 2010
@@ -95,9 +95,7 @@ public class ActiveDirectoryAuthority ex
   public String check()
     throws LCFException
   {
-    String message = getSession();
-    if (message != null)
-      return "Domain controller unreachable: "+message;
+    getSession();
     return super.check();
   }
 
@@ -129,9 +127,7 @@ public class ActiveDirectoryAuthority ex
   public AuthorizationResponse getAuthorizationResponse(String userName)
     throws LCFException
   {
-    String message = getSession();
-    if (message != null)
-      return unreachableResponse;
+    getSession();
 
     //Create the search controls 		
     SearchControls searchCtls = new SearchControls();
@@ -146,7 +142,7 @@ public class ActiveDirectoryAuthority ex
     String searchBase = parseUser(userName);
  
     //Specify the attributes to return
-    String returnedAtts[] = {"tokenGroups"};
+    String returnedAtts[] = {"tokenGroups","objectSid"};
     searchCtls.setReturningAttributes(returnedAtts);
 
     try
@@ -155,6 +151,8 @@ public class ActiveDirectoryAuthority ex
       NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
 
       ArrayList theGroups = new ArrayList();
+      // All users get certain well-known groups
+      theGroups.add("S-1-1-0");
 
       //Loop through the search results
       while (answer.hasMoreElements())
@@ -221,7 +219,7 @@ public class ActiveDirectoryAuthority ex
 
   // Protected methods
   
-  protected String getSession()
+  protected void getSession()
     throws LCFException
   {
     if (ctx == null)
@@ -239,7 +237,7 @@ public class ActiveDirectoryAuthority ex
       env.put(Context.PROVIDER_URL,ldapURL);
 		
       //specify attributes to be returned in binary format
-      env.put("java.naming.ldap.attributes.binary","tokenGroups");
+      env.put("java.naming.ldap.attributes.binary","tokenGroups objectSid");
  
       // Now, try the connection...
       try
@@ -251,13 +249,16 @@ public class ActiveDirectoryAuthority ex
         // This means we couldn't authenticate!
         throw new LCFException("Authentication problem authenticating admin user '"+userName+"':
"+e.getMessage(),e);
       }
-      catch (NamingException e)
+      catch (CommunicationException e)
       {
         // This means we couldn't connect, most likely
-        return e.getMessage();
+	throw new LCFException("Couldn't communicate with domain controller '"+domainControllerName+"':
"+e.getMessage(),e);
+      }
+      catch (NamingException e)
+      {
+	throw new LCFException(e.getMessage(),e);
       }
     }
-    return null;
   }
   
   /** Parse a user name into an ldap search base. */



Mime
View raw message