karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject git commit: [KARAF-3105] Introduce the fqdn pattern in the LDAPLoginModule and update the documentation with the available patterns
Date Sat, 12 Jul 2014 12:14:34 GMT
Repository: karaf
Updated Branches:
  refs/heads/master e067a6699 -> cc15dcf2e


[KARAF-3105] Introduce the fqdn pattern in the LDAPLoginModule and update the documentation
with the available patterns


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/cc15dcf2
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/cc15dcf2
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/cc15dcf2

Branch: refs/heads/master
Commit: cc15dcf2eda88e37ee6d2f3bc5eef7906c1a4127
Parents: e067a66
Author: Jean-Baptiste Onofré <jbonofre@apache.org>
Authored: Sat Jul 12 14:13:48 2014 +0200
Committer: Jean-Baptiste Onofré <jbonofre@apache.org>
Committed: Sat Jul 12 14:13:48 2014 +0200

----------------------------------------------------------------------
 .../org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java   | 4 +++-
 .../src/main/webapp/developers-guide/security-framework.conf  | 7 +++++++
 manual/src/main/webapp/users-guide/security.conf              | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/cc15dcf2/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
----------------------------------------------------------------------
diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
index 0ddc83f..2c587a8 100644
--- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
+++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPLoginModule.java
@@ -191,6 +191,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule {
         }
         logger.debug("Get the user DN.");
         String userDN;
+        String userDNNamespace;
         DirContext context = null;
         try {
             logger.debug("Initialize the JNDI LDAP Dir Context.");
@@ -224,7 +225,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule {
             //
             // the second escapes the slashes correctly.
             userDN = result.getNameInNamespace().replace("," + userBaseDN, "");
-            
+            userDNNamespace = (String) result.getNameInNamespace();
             namingEnumeration.close();
         } catch (Exception e) {
             throw new LoginException("Can't connect to the LDAP server: " + e.getMessage());
@@ -288,6 +289,7 @@ public class LDAPLoginModule extends AbstractKarafLoginModule {
             roleFilter = roleFilter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user));
             roleFilter = roleFilter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDN));
             roleFilter = roleFilter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDN
+ "," + userBaseDN));
+            roleFilter = roleFilter.replaceAll(Pattern.quote("%nsdn"), Matcher.quoteReplacement(userDNNamespace));
             roleFilter = roleFilter.replace("\\", "\\\\");
             logger.debug("  filter: " + roleFilter);
             NamingEnumeration namingEnumeration = context.search(roleBaseDN, roleFilter,
controls);

http://git-wip-us.apache.org/repos/asf/karaf/blob/cc15dcf2/manual/src/main/webapp/developers-guide/security-framework.conf
----------------------------------------------------------------------
diff --git a/manual/src/main/webapp/developers-guide/security-framework.conf b/manual/src/main/webapp/developers-guide/security-framework.conf
index 8283cbd..dee5b81 100644
--- a/manual/src/main/webapp/developers-guide/security-framework.conf
+++ b/manual/src/main/webapp/developers-guide/security-framework.conf
@@ -266,6 +266,13 @@ If you wish to use an SSL connection, the following configuration can
be used as
                keystorePassword="secret" />
 {pygmentize}
 
+The LDAPLoginModule supports the following patterns that you can use in the filter (user
and role filters):
+
+* {{%u}} is replaced by the user
+* {{%dn}} is replaced by the user DN
+* {{%fqdn}} is replaced by the user full qualified DN ({{userDN,userBaseDN}}).
+* {{%nsdn}} is replaced by the userDNNamespace (interesting especially for ActiveDirectory).
+
 h2. Encryption service
 
 The [EncryptionService|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java]
is a service registered in the OSGi registry providing means to encrypt and check encrypted
passwords.  This service acts as a factory for [Encryption|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/Encryption.java]
objects actually performing the encryption.

http://git-wip-us.apache.org/repos/asf/karaf/blob/cc15dcf2/manual/src/main/webapp/users-guide/security.conf
----------------------------------------------------------------------
diff --git a/manual/src/main/webapp/users-guide/security.conf b/manual/src/main/webapp/users-guide/security.conf
index ad0df97..8a4ee6c 100644
--- a/manual/src/main/webapp/users-guide/security.conf
+++ b/manual/src/main/webapp/users-guide/security.conf
@@ -39,7 +39,7 @@ This realm has two login modules:
 * the {{PublickeyLoginModule}} is especially used by the SSHd. It uses the {{etc/keys.properties}}
file. This file contains
  the users and a public key associated to each user.
 
-Apache Karaf provides additional login modules (see later):
+Apache Karaf provides additional login modules (see the developer guide for details):
 
 * JDBCLoginModule uses a database as backend
 * LDAPLoginModule uses a LDAP server as backend


Mime
View raw message