manifoldcf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kwri...@apache.org
Subject svn commit: r1705656 - in /manifoldcf/trunk: ./ connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/ connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/ connectors/l...
Date Mon, 28 Sep 2015 11:07:08 GMT
Author: kwright
Date: Mon Sep 28 11:07:08 2015
New Revision: 1705656

URL: http://svn.apache.org/viewvc?rev=1705656&view=rev
Log:
Fix for CONNECTORS-1244.

Added:
    manifoldcf/trunk/connectors/ldap/connector/src/main/resources/
      - copied from r1705655, manifoldcf/branches/CONNECTORS-1244/connectors/ldap/connector/src/main/resources/
Modified:
    manifoldcf/trunk/   (props changed)
    manifoldcf/trunk/CHANGES.txt
    manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java
    manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties
    manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties
    manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties
    manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties

Propchange: manifoldcf/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Sep 28 11:07:08 2015
@@ -59,6 +59,7 @@
 /manifoldcf/branches/CONNECTORS-1231:1703151-1703180
 /manifoldcf/branches/CONNECTORS-1233:1697988-1701871
 /manifoldcf/branches/CONNECTORS-1236:1702132-1702240
+/manifoldcf/branches/CONNECTORS-1244:1705272-1705655
 /manifoldcf/branches/CONNECTORS-13:1525862-1527182,1539324-1541634
 /manifoldcf/branches/CONNECTORS-470:1349741-1360750,1360808
 /manifoldcf/branches/CONNECTORS-474:1349741-1353803

Modified: manifoldcf/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/CHANGES.txt?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
--- manifoldcf/trunk/CHANGES.txt (original)
+++ manifoldcf/trunk/CHANGES.txt Mon Sep 28 11:07:08 2015
@@ -3,6 +3,10 @@ $Id$
 
 ======================= 2.3-dev =====================
 
+CONNECTORS-1244: Add support for LDAPS and TLS to LDAP
+authority connector.
+(Karl Wright)
+
 CONNECTORS-1234: Add use-mapper-attachments option
 to Elasticsearch connector.
 (Shinichiro Abe)

Modified: manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
--- manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java (original)
+++ manifoldcf/trunk/connectors/ldap/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/ldap/LDAPAuthority.java Mon Sep 28 11:07:08 2015
@@ -26,8 +26,11 @@ import javax.naming.directory.*;
 import javax.naming.ldap.*;
 import org.apache.manifoldcf.authorities.interfaces.*;
 import org.apache.manifoldcf.authorities.system.ManifoldCF;
+import org.apache.manifoldcf.authorities.system.Logging;
 import org.apache.manifoldcf.core.interfaces.*;
+import org.apache.manifoldcf.connectorcommon.interfaces.*;
 import org.apache.manifoldcf.ui.util.Encoder;
+import org.apache.manifoldcf.core.common.LDAPSSLSocketFactory;
 
 /**
  * This is the Active Directory implementation of the IAuthorityConnector
@@ -44,35 +47,31 @@ public class LDAPAuthority extends org.a
    * Session information for all DC's we talk with.
    */
   private LdapContext session = null;
-
+  private StartTlsResponse tls = null;
+  
   private long sessionExpirationTime = -1L;
 
-  private ConfigParams parameters;
+  //private ConfigParams parameters;
 
+  private String bindUser;
+  private String bindPass;
+  private String serverProtocol;
   private String serverName;
-
   private String serverPort;
-
   private String serverBase;
-
   private String userBase;
-
   private String userSearch;
-
   private String groupBase;
-
   private String groupSearch;
-
   private String groupNameAttr;
-
   private boolean groupMemberDN;
-
   private boolean addUserRecord;
-
   private List<String> forcedTokens;
-
   private String userNameAttr;
-
+  private String sslKeystoreData;
+  
+  private IKeystoreManager sslKeystore;
+  
   private long responseLifetime = 60000L; //60sec
 
   private int LRUsize = 1000;
@@ -106,13 +105,20 @@ public class LDAPAuthority extends org.a
   @Override
   public void connect(ConfigParams configParams) {
     super.connect(configParams);
-    parameters = configParams;
+    //parameters = configParams;
+
+    // Credentials
+    bindUser = configParams.getParameter("ldapBindUser");
+    bindPass = configParams.getObfuscatedParameter("ldapBindPass");
 
     // We get the parameters here, so we can check them in case they are missing
+    serverProtocol = configParams.getParameter("ldapProtocol");
     serverName = configParams.getParameter("ldapServerName");
     serverPort = configParams.getParameter("ldapServerPort");
     serverBase = configParams.getParameter("ldapServerBase");
 
+    sslKeystoreData = configParams.getParameter("sslKeystore");
+    
     userBase = configParams.getParameter("ldapUserBase");
     userSearch = configParams.getParameter("ldapUserSearch");
     groupBase = configParams.getParameter("ldapGroupBase");
@@ -124,8 +130,8 @@ public class LDAPAuthority extends org.a
 
     forcedTokens = new ArrayList<String>();
     int i = 0;
-    while (i < parameters.getChildCount()) {
-      ConfigNode sn = parameters.getChild(i++);
+    while (i < configParams.getChildCount()) {
+      ConfigNode sn = configParams.getChild(i++);
       if (sn.getType().equals("access")) {
         String token = "" + sn.getAttributeValue("token");
         forcedTokens.add(token);
@@ -141,58 +147,87 @@ public class LDAPAuthority extends org.a
    */
   protected LdapContext getSession()
     throws ManifoldCFException {
-    if (serverName == null || serverName.length() == 0) {
-      throw new ManifoldCFException("Server name parameter missing but required");
-    }
-    if (serverPort == null || serverPort.length() == 0) {
-      throw new ManifoldCFException("Server port parameter missing but required");
-    }
-    if (serverBase == null) {
-      throw new ManifoldCFException("Server base parameter missing but required");
-    }
-    if (userBase == null) {
-      throw new ManifoldCFException("User base parameter missing but required");
-    }
-    if (userSearch == null || userSearch.length() == 0) {
-      throw new ManifoldCFException("User search expression missing but required");
-    }
-    if (groupBase == null) {
-      throw new ManifoldCFException("Group base parameter missing but required");
-    }
-    if (groupSearch == null || groupSearch.length() == 0) {
-      throw new ManifoldCFException("Group search expression missing but required");
-    }
-    if (groupNameAttr == null || groupNameAttr.length() == 0) {
-      throw new ManifoldCFException("Group name attribute missing but required");
-    }
-    if (userNameAttr == null || userNameAttr.length() == 0) {
-      throw new ManifoldCFException("User name attribute missing but required");
-    }
-
-    Hashtable env = new Hashtable();
-    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
-    env.put(Context.PROVIDER_URL, "ldap://" + serverName + ":" + serverPort + "/" + serverBase);
-
-    //get bind credentials
-    String bindUser = getParam(parameters, "ldapBindUser", "");
-    String bindPass = "";
-    try {
-      bindPass = ManifoldCF.deobfuscate(getParam(parameters, "ldapBindPass", ""));
-    } catch (ManifoldCFException ex) {
-      if (!bindUser.isEmpty()) {
-        Logger.getLogger(LDAPAuthority.class.getName()).log(Level.SEVERE, "Deobfuscation error", ex);
-      }
-    }
-    if (!bindUser.isEmpty()) {
-      env.put(Context.SECURITY_AUTHENTICATION, "simple");
-      env.put(Context.SECURITY_PRINCIPAL, bindUser);
-      env.put(Context.SECURITY_CREDENTIALS, bindPass);
-    }
 
     try {
       if (session == null) {
+        if (serverName == null || serverName.length() == 0) {
+          throw new ManifoldCFException("Server name parameter missing but required");
+        }
+        if (serverPort == null || serverPort.length() == 0) {
+          throw new ManifoldCFException("Server port parameter missing but required");
+        }
+        if (serverBase == null) {
+          throw new ManifoldCFException("Server base parameter missing but required");
+        }
+        if (userBase == null) {
+          throw new ManifoldCFException("User base parameter missing but required");
+        }
+        if (userSearch == null || userSearch.length() == 0) {
+          throw new ManifoldCFException("User search expression missing but required");
+        }
+        if (groupBase == null) {
+          throw new ManifoldCFException("Group base parameter missing but required");
+        }
+        if (groupSearch == null || groupSearch.length() == 0) {
+          throw new ManifoldCFException("Group search expression missing but required");
+        }
+        if (groupNameAttr == null || groupNameAttr.length() == 0) {
+          throw new ManifoldCFException("Group name attribute missing but required");
+        }
+        if (userNameAttr == null || userNameAttr.length() == 0) {
+          throw new ManifoldCFException("User name attribute missing but required");
+        }
+
+        if (sslKeystoreData != null) {
+          sslKeystore = KeystoreManagerFactory.make("", sslKeystoreData);
+        } else {
+          sslKeystore = KeystoreManagerFactory.make("");
+        }
+        
+        // Set thread local for keystore stuff
+        LDAPSSLSocketFactory.setSocketFactoryProducer(sslKeystore);
+
+        final String protocolToUse;
+        final boolean useTls;
+        if (serverProtocol == null || serverProtocol.length() == 0) {
+          protocolToUse = "ldap";
+          useTls = false;
+        } else {
+          int plusIndex = serverProtocol.indexOf("+");
+          if (plusIndex == -1) {
+            plusIndex = serverProtocol.length();
+            useTls = false;
+          } else {
+            useTls = true;
+          }
+          protocolToUse = serverProtocol.substring(0,plusIndex);
+        }
+
+        final Hashtable env = new Hashtable();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+        env.put(Context.PROVIDER_URL, "ldap://" + serverName + ":" + serverPort + "/" + serverBase);
+        if (protocolToUse.equals("ldaps"))
+          env.put(Context.SECURITY_PROTOCOL, "ssl");
+        
+        env.put("java.naming.ldap.factory.socket", "org.apache.manifoldcf.core.common.LDAPSSLSocketFactory");
+
+        if (bindUser != null && !bindUser.isEmpty()) {
+          env.put(Context.SECURITY_AUTHENTICATION, "simple");
+          env.put(Context.SECURITY_PRINCIPAL, bindUser);
+          env.put(Context.SECURITY_CREDENTIALS, bindPass);
+        }
+
         session = new InitialLdapContext(env, null);
+        
+        if (useTls) {
+          // Start TLS
+          StartTlsResponse tls = (StartTlsResponse) session.extendedOperation(new StartTlsRequest());
+          tls.negotiate(sslKeystore.getSecureSocketFactory());
+        }
+        
       } else {
+        // Set thread local for keystore stuff
+        LDAPSSLSocketFactory.setSocketFactoryProducer(sslKeystore);
         session.reconnect(null);
       }
       sessionExpirationTime = System.currentTimeMillis() + 300000L;
@@ -209,6 +244,14 @@ public class LDAPAuthority extends org.a
       session = null;
       sessionExpirationTime = -1L;
       throw new ManifoldCFException("Naming error: " + e.getMessage(), e);
+    } catch (InterruptedIOException e) {
+      session = null;
+      sessionExpirationTime = -1L;
+      throw new ManifoldCFException(e.getMessage(), ManifoldCFException.INTERRUPTED);
+    } catch (IOException e) {
+      session = null;
+      sessionExpirationTime = -1L;
+      throw new ManifoldCFException("IO error: " + e.getMessage(), e);
     }
   }
 
@@ -252,10 +295,15 @@ public class LDAPAuthority extends org.a
   protected void disconnectSession() {
     if (session != null) {
       try {
+        if (tls != null)
+          tls.close();
         session.close();
       } catch (NamingException e) {
         // Eat this error
+      } catch (IOException e) {
+        // Eat this error
       }
+      tls = null;
       session = null;
       sessionExpirationTime = -1L;
     }
@@ -280,6 +328,8 @@ public class LDAPAuthority extends org.a
     groupNameAttr = null;
     userNameAttr = null;
     forcedTokens = null;
+    sslKeystoreData = null;
+    sslKeystore = null;
   }
 
   protected String createCacheConnectionString() {
@@ -443,117 +493,12 @@ public class LDAPAuthority extends org.a
   @Override
   public void outputConfigurationHeader(IThreadContext threadContext, IHTTPOutput out, Locale locale, ConfigParams parameters, List<String> tabsArray)
     throws ManifoldCFException, IOException {
-    tabsArray.add(Messages.getString(locale, "LDAP.ForcedTokens"));
     tabsArray.add(Messages.getString(locale, "LDAP.LDAP"));
-    out.print(
-      "<script type=\"text/javascript\">\n"
-      + "<!--\n"
-      + "function checkConfig() {\n"
-      + "  if (editconnection.ldapServerName.value.indexOf(\"/\") != -1) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.ServerNameCannotIncludeSlash") + "\");\n"
-      + "    editconnection.ldapServerName.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapServerPort.value != \"\" && !isInteger(editconnection.ldapServerPort.value)) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.ServerPortMustBeAnInteger") + "\");\n"
-      + "    editconnection.ldapServerPort.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapServerBase.value.indexOf(\"/\") != -1) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.ServerBaseCannotIncludeSlash") + "\");\n"
-      + "    editconnection.ldapServerBase.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapUserSearch.value != \"\" && editconnection.ldapUserSearch.value.indexOf(\"{0}\") == -1) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.UserSearchMustIncludeSubstitution") + "\");\n"
-      + "    editconnection.ldapUserSearch.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapGroupSearch.value != \"\" && editconnection.ldapGroupSearch.value.indexOf(\"{0}\") == -1) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.GroupSearchMustIncludeSubstitution") + "\");\n"
-      + "    editconnection.ldapGroupSearch.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  return true;\n"
-      + "}\n"
-      + "\n"
-      + "function checkConfigForSave() {\n"
-      + "  if (editconnection.ldapServerName.value == \"\") {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.ServerNameCannotBeBlank") + "\");\n"
-      + "    SelectTab(\"" + Messages.getBodyJavascriptString(locale, "LDAP.LDAP") + "\");\n"
-      + "    editconnection.ldapServerName.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapServerPort.value == \"\") {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.ServerPortCannotBeBlank") + "\");\n"
-      + "    SelectTab(\"" + Messages.getBodyJavascriptString(locale, "LDAP.LDAP") + "\");\n"
-      + "    editconnection.ldapServerPort.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapUserSearch.value == \"\") {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.UserSearchCannotBeBlank") + "\");\n"
-      + "    SelectTab(\"" + Messages.getBodyJavascriptString(locale, "LDAP.LDAP") + "\");\n"
-      + "    editconnection.ldapUserSearch.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapGroupSearch.value == \"\") {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.GroupSearchCannotBeBlank") + "\");\n"
-      + "    SelectTab(\"" + Messages.getBodyJavascriptString(locale, "LDAP.LDAP") + "\");\n"
-      + "    editconnection.ldapGroupSearch.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapGroupNameAttr.value == \"\") {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.GroupNameAttrCannotBeBlank") + "\");\n"
-      + "    SelectTab(\"" + Messages.getBodyJavascriptString(locale, "LDAP.LDAP") + "\");\n"
-      + "    editconnection.ldapGroupNameAttr.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapUserSearch.value != \"\" && editconnection.ldapUserSearch.value.indexOf(\"{0}\") == -1) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.UserSearchMustIncludeSubstitution") + "\");\n"
-      + "    SelectTab(\"" + Messages.getBodyJavascriptString(locale, "LDAP.LDAP") + "\");\n"
-      + "    editconnection.ldapUserSearch.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapGroupSearch.value != \"\" && editconnection.ldapGroupSearch.value.indexOf(\"{0}\") == -1) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.GroupSearchMustIncludeSubstitution") + "\");\n"
-      + "    SelectTab(\"" + Messages.getBodyJavascriptString(locale, "LDAP.LDAP") + "\");\n"
-      + "    editconnection.ldapGroupSearch.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapServerPort.value != \"\" && !isInteger(editconnection.ldapServerPort.value)) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.ServerPortMustBeAnInteger") + "\");\n"
-      + "    SelectTab(\"" + Messages.getBodyJavascriptString(locale, "LDAP.LDAP") + "\");\n"
-      + "    editconnection.ldapServerPort.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapServerName.value.indexOf(\"/\") != -1) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.ServerNameCannotIncludeSlash") + "\");\n"
-      + "    SelectTab(\"" + Messages.getBodyJavascriptString(locale, "LDAP.LDAP") + "\");\n"
-      + "    editconnection.ldapServerName.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  if (editconnection.ldapServerBase.value.indexOf(\"/\") != -1) {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.ServerBaseCannotIncludeSlash") + "\");\n"
-      + "    editconnection.ldapServerBase.focus();\n"
-      + "    return false;\n"
-      + "  }\n"
-      + "  return true;\n"
-      + "}\n"
-      + "function SpecOp(n, opValue, anchorvalue) {\n"
-      + "  eval(\"editconnection.\"+n+\".value = \\\"\"+opValue+\"\\\"\");\n"
-      + "  postFormSetAnchor(anchorvalue);\n"
-      + "}\n"
-      + "function SpecAddToken(anchorvalue) {\n"
-      + "  if (editconnection.spectoken.value == \"\")\n"
-      + "  {\n"
-      + "    alert(\"" + Messages.getBodyJavascriptString(locale, "LDAP.TypeInToken") + "\");\n"
-      + "    editconnection.spectoken.focus();\n"
-      + "    return;\n"
-      + "  }\n"
-      + "  SpecOp(\"accessop\",\"Add\",anchorvalue);\n"
-      + "}\n"
-      + "//-->\n"
-      + "</script>\n");
+    tabsArray.add(Messages.getString(locale, "LDAP.ForcedTokens"));
+    final Map<String,Object> paramMap = new HashMap<String,Object>();
+    fillInLDAPTab(paramMap, out, parameters);
+    fillInForcedTokensTab(paramMap, out, parameters);
+    Messages.outputResourceWithVelocity(out, locale, "editConfiguration.js", paramMap);    
   }
 
   /**
@@ -572,182 +517,12 @@ public class LDAPAuthority extends org.a
   @Override
   public void outputConfigurationBody(IThreadContext threadContext, IHTTPOutput out, Locale locale, ConfigParams parameters, String tabName)
     throws ManifoldCFException, IOException {
-    String fServerName = getParam(parameters, "ldapServerName", "");
-    String fServerPort = getParam(parameters, "ldapServerPort", "389");
-    String fServerBase = getParam(parameters, "ldapServerBase", "");
-
-    String fUserBase = getParam(parameters, "ldapUserBase", "ou=People");
-    String fUserSearch = getParam(parameters, "ldapUserSearch", "(&(objectClass=inetOrgPerson)(uid={0}))");
-    String fUserNameAttr = getParam(parameters, "ldapUserNameAttr", "uid");
-    boolean fAddUserRecord = "1".equals(getParam(parameters, "ldapAddUserRecord", ""));
-
-    String fGroupBase = getParam(parameters, "ldapGroupBase", "ou=Groups");
-    String fGroupSearch = getParam(parameters, "ldapGroupSearch", "(&(objectClass=groupOfNames)(member={0}))");
-    String fGroupNameAttr = getParam(parameters, "ldapGroupNameAttr", "cn");
-    boolean fGroupMemberDN = "1".equals(getParam(parameters, "ldapGroupMemberDn", ""));
-
-    String fBindUser = getParam(parameters, "ldapBindUser", "");
-    String fBindPass = "";
-    try {
-      fBindPass = ManifoldCF.deobfuscate(getParam(parameters, "ldapBindPass", ""));
-    } catch (ManifoldCFException ex) {
-      //ignore
-    }
-    fBindPass = out.mapPasswordToKey(fBindPass);
-
-    if (tabName.equals(Messages.getString(locale, "LDAP.LDAP"))) {
-      out.print(
-        "<table class=\"displaytable\">\n"
-        + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPServerNameColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"32\" name=\"ldapServerName\" value=\"" + Encoder.attributeEscape(fServerName) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPServerPortColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"5\" name=\"ldapServerPort\" value=\"" + Encoder.attributeEscape(fServerPort) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPServerBaseColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"64\" name=\"ldapServerBase\" value=\"" + Encoder.attributeEscape(fServerBase) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPBindUserColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"64\" name=\"ldapBindUser\" value=\"" + Encoder.attributeEscape(fBindUser) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPBindPasswordColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"password\" size=\"64\" name=\"ldapBindPass\" value=\"" + Encoder.attributeEscape(fBindPass) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.UserSearchBaseColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"64\" name=\"ldapUserBase\" value=\"" + Encoder.attributeEscape(fUserBase) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.UserSearchFilterColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"64\" name=\"ldapUserSearch\" value=\"" + Encoder.attributeEscape(fUserSearch) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.AddUserAuthColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"checkbox\" value=\"1\" name=\"ldapAddUserRecord\" " + (fAddUserRecord ? "checked=\"true\"" : "") + "/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.UserNameAttrColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"64\" name=\"ldapUserNameAttr\" value=\"" + Encoder.attributeEscape(fUserNameAttr) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.GroupSearchBaseColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"64\" name=\"ldapGroupBase\" value=\"" + Encoder.attributeEscape(fGroupBase) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.GroupSearchFilterColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"64\" name=\"ldapGroupSearch\" value=\"" + Encoder.attributeEscape(fGroupSearch) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.GroupNameAttributeColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"text\" size=\"64\" name=\"ldapGroupNameAttr\" value=\"" + Encoder.attributeEscape(fGroupNameAttr) + "\"/></td>\n"
-        + " </tr>\n"
-        + " <tr>\n"
-        + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.GroupMemberDnColon") + "</nobr></td>\n"
-        + "  <td class=\"value\"><input type=\"checkbox\" value=\"1\" name=\"ldapGroupMemberDn\" " + (fGroupMemberDN ? "checked=\"true\"" : "") + "/></td>\n"
-        + " </tr>\n"
-        + "</table>\n");
-    } else {
-      out.print("<input type=\"hidden\" name=\"ldapServerName\" value=\"" + Encoder.attributeEscape(fServerName) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapServerPort\" value=\"" + Encoder.attributeEscape(fServerPort) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapServerBase\" value=\"" + Encoder.attributeEscape(fServerBase) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapBindUser\" value=\"" + Encoder.attributeEscape(fBindUser) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapBindPass\" value=\"" + Encoder.attributeEscape(fBindPass) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapUserBase\" value=\"" + Encoder.attributeEscape(fUserBase) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapUserSearch\" value=\"" + Encoder.attributeEscape(fUserSearch) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapGroupBase\" value=\"" + Encoder.attributeEscape(fGroupBase) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapGroupSearch\" value=\"" + Encoder.attributeEscape(fGroupSearch) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapGroupNameAttr\" value=\"" + Encoder.attributeEscape(fGroupNameAttr) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapUserNameAttr\" value=\"" + Encoder.attributeEscape(fUserNameAttr) + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapAddUserRecord\" value=\"" + (fAddUserRecord ? "1" : "0") + "\"/>\n");
-      out.print("<input type=\"hidden\" name=\"ldapGroupMemberDn\" value=\"" + (fGroupMemberDN ? "1" : "0") + "\"/>\n");
-    }
-
-    if (tabName.equals(Messages.getString(locale, "LDAP.ForcedTokens"))) {
-      out.print(
-        "<table class=\"displaytable\">\n"
-        + "  <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
-        + "  <tr><td class=\"value\" colspan=\"2\">" + Messages.getBodyString(locale, "LDAP.ForcedTokensDisclaimer") + "</td></tr>\n"
-        + "  <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n");
-
-      out.print("  <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n");
-      // Go through forced ACL
-      int i = 0;
-      int k = 0;
-      while (i < parameters.getChildCount()) {
-        ConfigNode sn = parameters.getChild(i++);
-        if (sn.getType().equals("access")) {
-          String accessDescription = "_" + Integer.toString(k);
-          String accessOpName = "accessop" + accessDescription;
-          String token = sn.getAttributeValue("token");
-          out.print(
-            "  <tr>\n"
-            + "    <td class=\"description\">\n"
-            + "      <input type=\"hidden\" name=\"" + accessOpName + "\" value=\"\"/>\n"
-            + "      <input type=\"hidden\" name=\"" + "spectoken" + accessDescription + "\" value=\"" + Encoder.attributeEscape(token) + "\"/>\n"
-            + "      <a name=\"" + "token_" + Integer.toString(k) + "\">\n"
-            + "        <input type=\"button\" value=\"" + Messages.getAttributeString(locale, "LDAP.Delete") + "\" onClick='Javascript:SpecOp(\"" + accessOpName + "\",\"Delete\",\"token_" + Integer.toString(k) + "\")' alt=\"" + Messages.getAttributeString(locale, "LDAP.DeleteToken") + Integer.toString(k) + "\"/>\n"
-            + "      </a>&nbsp;\n"
-            + "    </td>\n"
-            + "    <td class=\"value\">\n"
-            + "      " + Encoder.bodyEscape(token) + "\n"
-            + "    </td>\n"
-            + "  </tr>\n");
-          k++;
-        }
-      }
-      if (k == 0) {
-        out.print(
-          "  <tr>\n"
-          + "    <td class=\"message\" colspan=\"2\">" + Messages.getBodyString(locale, "LDAP.NoTokensPresent") + "</td>\n"
-          + "  </tr>\n");
-      }
-      out.print(
-        "  <tr><td class=\"lightseparator\" colspan=\"2\"><hr/></td></tr>\n"
-        + "  <tr>\n"
-        + "    <td class=\"description\">\n"
-        + "      <input type=\"hidden\" name=\"tokencount\" value=\"" + Integer.toString(k) + "\"/>\n"
-        + "      <input type=\"hidden\" name=\"accessop\" value=\"\"/>\n"
-        + "      <a name=\"" + "token_" + Integer.toString(k) + "\">\n"
-        + "        <input type=\"button\" value=\"" + Messages.getAttributeString(locale, "LDAP.Add") + "\" onClick='Javascript:SpecAddToken(\"token_" + Integer.toString(k + 1) + "\")' alt=\"" + Messages.getAttributeString(locale, "LDAP.AddToken") + "\"/>\n"
-        + "      </a>&nbsp;\n"
-        + "    </td>\n"
-        + "    <td class=\"value\">\n"
-        + "      <input type=\"text\" size=\"30\" name=\"spectoken\" value=\"\"/>\n"
-        + "    </td>\n"
-        + "  </tr>\n"
-        + "</table>\n");
-    } else {
-      // Finally, go through forced ACL
-      int i = 0;
-      int k = 0;
-      while (i < parameters.getChildCount()) {
-        ConfigNode sn = parameters.getChild(i++);
-        if (sn.getType().equals("access")) {
-          String accessDescription = "_" + Integer.toString(k);
-          String token = "" + sn.getAttributeValue("token");
-          out.print(
-            "<input type=\"hidden\" name=\"" + "spectoken" + accessDescription + "\" value=\"" + Encoder.attributeEscape(token) + "\"/>\n");
-          k++;
-        }
-      }
-      out.print("<input type=\"hidden\" name=\"tokencount\" value=\"" + Integer.toString(k) + "\"/>\n");
-    }
-  }
-
-  private String getParam(ConfigParams parameters, String name, String def) {
-    return parameters.getParameter(name) != null ? parameters.getParameter(name) : def;
-  }
-
-  private String getViewParam(ConfigParams parameters, String name) {
-    return parameters.getParameter(name) != null ? parameters.getParameter(name) : "";
+    final Map<String,Object> paramMap = new HashMap<String,Object>();
+    paramMap.put("TabName",tabName);
+    fillInLDAPTab(paramMap, out, parameters);
+    fillInForcedTokensTab(paramMap, out, parameters);
+    Messages.outputResourceWithVelocity(out, locale, "editConfiguration_LDAP.html", paramMap);    
+    Messages.outputResourceWithVelocity(out, locale, "editConfiguration_ForcedTokens.html", paramMap);    
   }
 
   private boolean copyParam(IPostParameters variableContext, ConfigParams parameters, String name) {
@@ -759,13 +534,12 @@ public class LDAPAuthority extends org.a
     return true;
   }
 
-  private boolean copyParam(IPostParameters variableContext, ConfigParams parameters, String name, String def) {
+  private void copyParam(IPostParameters variableContext, ConfigParams parameters, String name, String def) {
     String val = variableContext.getParameter(name);
     if (val == null) {
       val = def;
     }
     parameters.setParameter(name, val);
-    return true;
   }
 
   /**
@@ -787,6 +561,7 @@ public class LDAPAuthority extends org.a
   @Override
   public String processConfigurationPost(IThreadContext threadContext, IPostParameters variableContext, Locale locale, ConfigParams parameters)
     throws ManifoldCFException {
+    copyParam(variableContext, parameters, "ldapProtocol");
     copyParam(variableContext, parameters, "ldapServerName");
     copyParam(variableContext, parameters, "ldapServerPort");
     copyParam(variableContext, parameters, "ldapServerBase");
@@ -801,12 +576,12 @@ public class LDAPAuthority extends org.a
     copyParam(variableContext, parameters, "ldapAddUserRecord", "0"); //checkbox boolean value
 
     copyParam(variableContext, parameters, "ldapBindUser");
-    String bindPass = variableContext.getParameter("ldapBindPass");
+    final String bindPass = variableContext.getParameter("ldapBindPass");
     if (bindPass != null) {
       parameters.setObfuscatedParameter("ldapBindPass", variableContext.mapKeyToPassword(bindPass));
     }
 
-    String xc = variableContext.getParameter("tokencount");
+    final String xc = variableContext.getParameter("tokencount");
     if (xc != null) {
       // Delete all tokens first
       int i = 0;
@@ -819,13 +594,13 @@ public class LDAPAuthority extends org.a
         }
       }
 
-      int accessCount = Integer.parseInt(xc);
+      final int accessCount = Integer.parseInt(xc);
       i = 0;
       while (i < accessCount) {
-        String accessDescription = "_" + Integer.toString(i);
-        String accessOpName = "accessop" + accessDescription;
-        xc = variableContext.getParameter(accessOpName);
-        if (xc != null && xc.equals("Delete")) {
+        final String accessDescription = "_" + Integer.toString(i);
+        final String accessOpName = "accessop" + accessDescription;
+        final String command = variableContext.getParameter(accessOpName);
+        if (command != null && command.equals("Delete")) {
           // Next row
           i++;
           continue;
@@ -847,6 +622,62 @@ public class LDAPAuthority extends org.a
       }
     }
 
+    String sslKeystoreValue = variableContext.getParameter("sslkeystoredata");
+    final String sslConfigOp = variableContext.getParameter("sslconfigop");
+    if (sslConfigOp != null)
+    {
+      if (sslConfigOp.equals("Delete"))
+      {
+        final String alias = variableContext.getParameter("sslkeystorealias");
+        final IKeystoreManager mgr;
+        if (sslKeystoreValue != null)
+          mgr = KeystoreManagerFactory.make("",sslKeystoreValue);
+        else
+          mgr = KeystoreManagerFactory.make("");
+        mgr.remove(alias);
+        sslKeystoreValue = mgr.getString();
+      }
+      else if (sslConfigOp.equals("Add"))
+      {
+        String alias = IDFactory.make(threadContext);
+        byte[] certificateValue = variableContext.getBinaryBytes("sslcertificate");
+        final IKeystoreManager mgr;
+        if (sslKeystoreValue != null)
+          mgr = KeystoreManagerFactory.make("",sslKeystoreValue);
+        else
+          mgr = KeystoreManagerFactory.make("");
+        java.io.InputStream is = new java.io.ByteArrayInputStream(certificateValue);
+        String certError = null;
+        try
+        {
+          mgr.importCertificate(alias,is);
+        }
+        catch (Throwable e)
+        {
+          certError = e.getMessage();
+        }
+        finally
+        {
+          try
+          {
+            is.close();
+          }
+          catch (IOException e)
+          {
+            // Eat this exception
+          }
+        }
+
+        if (certError != null)
+        {
+          return "Illegal certificate: "+certError;
+        }
+        sslKeystoreValue = mgr.getString();
+      }
+    }
+    if (sslKeystoreValue != null)
+      parameters.setParameter("sslkeystore",sslKeystoreValue);
+    
     return null;
   }
 
@@ -865,110 +696,92 @@ public class LDAPAuthority extends org.a
   @Override
   public void viewConfiguration(IThreadContext threadContext, IHTTPOutput out, Locale locale, ConfigParams parameters)
     throws ManifoldCFException, IOException {
-    String f_serverName = getViewParam(parameters, "ldapServerName");
-    String f_serverPort = getViewParam(parameters, "ldapServerPort");
-    String f_serverBase = getViewParam(parameters, "ldapServerBase");
-    String f_bindUser = getViewParam(parameters, "ldapBindUser");
-
-    String f_userBase = getViewParam(parameters, "ldapUserBase");
-    String f_userSearch = getViewParam(parameters, "ldapUserSearch");
-    String f_groupBase = getViewParam(parameters, "ldapGroupBase");
-    String f_groupSearch = getViewParam(parameters, "ldapGroupSearch");
-    String f_groupNameAttr = getViewParam(parameters, "ldapGroupNameAttr");
-
-    String f_userNameAttr = getViewParam(parameters, "ldapUserNameAttr");
-    boolean f_groupMemberDN = "1".equals(getViewParam(parameters, "ldapGroupMemberDn"));
-    boolean f_addUserRecord = "1".equals(getViewParam(parameters, "ldapAddUserRecord"));
-
-    out.print(
-      "<table class=\"displaytable\">\n"
-      + " <tr><td class=\"separator\" colspan=\"2\"><hr/></td></tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPServerNameColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_serverName) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPServerPortColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_serverPort) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPServerBaseColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_serverBase) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPBindUserColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_bindUser) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.LDAPBindPasswordColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">*******</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.UserSearchBaseColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_userBase) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.UserSearchFilterColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_userSearch) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.AddUserAuthColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + (f_addUserRecord ? "Y" : "N") + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.UserNameAttrColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_userNameAttr) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.GroupSearchBaseColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_groupBase) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.GroupSearchFilterColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_groupSearch) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.GroupNameAttributeColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + Encoder.bodyEscape(f_groupNameAttr) + "</td>\n"
-      + " </tr>\n"
-      + " <tr>\n"
-      + "  <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.GroupMemberDnColon") + "</nobr></td>\n"
-      + "  <td class=\"value\">" + (f_groupMemberDN ? "Y" : "N") + "</td>\n"
-      + " </tr>\n");
-
-    out.print("  <tr><td class=\"separator\" colspan=\"4\"><hr/></td></tr>\n");
-    boolean seenAny = false;
-    int i;
-
-    // Go through looking for access tokens
-    i = 0;
-    while (i < parameters.getChildCount()) {
-      ConfigNode sn = parameters.getChild(i++);
+    final Map<String,Object> paramMap = new HashMap<String,Object>();
+    fillInLDAPTab(paramMap, out, parameters);
+    fillInForcedTokensTab(paramMap, out, parameters);
+    Messages.outputResourceWithVelocity(out, locale, "viewConfiguration.html", paramMap);    
+  }
+
+  // Protected methods
+  
+  private static String getParam(final ConfigParams parameters, final String name, final String def) {
+    String rval = parameters.getParameter(name);
+    return rval != null ? rval : def;
+  }
+
+  /** Fill in ForcedTokens tab */
+  protected static void fillInForcedTokensTab(Map<String,Object> velocityContext, IHTTPOutput out, ConfigParams parameters)
+  {
+    final List<String> forcedTokenList = new ArrayList<String>();
+    for (int i = 0; i < parameters.getChildCount(); i++) {
+      final ConfigNode sn = parameters.getChild(i);
       if (sn.getType().equals("access")) {
-        if (seenAny == false) {
-          out.print(
-            "  <tr>\n"
-            + "    <td class=\"description\"><nobr>" + Messages.getBodyString(locale, "LDAP.ForcedTokensColon") + "</nobr></td>\n"
-            + "    <td class=\"value\">\n");
-          seenAny = true;
-        }
-        String token = sn.getAttributeValue("token");
-        out.print(Encoder.bodyEscape(token) + "<br/>\n");
+        forcedTokenList.add(sn.getAttributeValue("token"));
       }
     }
+    velocityContext.put("FORCEDTOKENS", forcedTokenList);
+  }
+  
+  /** Fill in LDAP tab */
+  protected static void fillInLDAPTab(Map<String,Object> velocityContext, IHTTPOutput out, ConfigParams parameters)
+  {
+    velocityContext.put("FSERVERPROTOCOL", getParam(parameters, "ldapProtocol", "ldap"));
+    velocityContext.put("FSERVERNAME", getParam(parameters, "ldapServerName", ""));
+    velocityContext.put("FSERVERPORT", getParam(parameters, "ldapServerPort", "389"));
+    velocityContext.put("FSERVERBASE", getParam(parameters, "ldapServerBase", ""));
+    String sslKeystoreData = parameters.getParameter("sslkeystore");
+    if (sslKeystoreData != null)
+      velocityContext.put("SSLKEYSTOREDATA", sslKeystoreData);
+    velocityContext.put("FUSERBASE", getParam(parameters, "ldapUserBase", "ou=People"));
+    velocityContext.put("FUSERSEARCH", getParam(parameters, "ldapUserSearch", "(&(objectClass=inetOrgPerson)(uid={0}))"));
+    velocityContext.put("FUSERNAMEATTR", getParam(parameters, "ldapUserNameAttr", "uid"));
+    velocityContext.put("FADDUSERRECORD", getParam(parameters, "ldapAddUserRecord", ""));
+    velocityContext.put("FGROUPBASE", getParam(parameters, "ldapGroupBase", "ou=Groups"));
+    velocityContext.put("FGROUPSEARCH", getParam(parameters, "ldapGroupSearch", "(&(objectClass=groupOfNames)(member={0}))"));
+    velocityContext.put("FGROUPNAMEATTR", getParam(parameters, "ldapGroupNameAttr", "cn"));
+    velocityContext.put("FGROUPMEMBERDN", getParam(parameters, "ldapGroupMemberDn", ""));
+    velocityContext.put("FBINDUSER", getParam(parameters, "ldapBindUser", ""));
+    String fBindPass = parameters.getObfuscatedParameter("ldapBindPass");
+    if (fBindPass == null)
+      fBindPass = "";
+    else
+      fBindPass = out.mapPasswordToKey(fBindPass);
+    velocityContext.put("FBINDPASS", fBindPass);
+    
+    Map<String,String> sslCertificatesMap = null;
+    String message = null;
 
-    if (seenAny) {
-      out.print(
-        "    </td>\n"
-        + "  </tr>\n");
-    } else {
-      out.print(
-        "  <tr><td class=\"message\" colspan=\"4\"><nobr>" + Messages.getBodyString(locale, "LDAP.NoTokensSpecified") + "</nobr></td></tr>\n");
+    try {
+      final IKeystoreManager localSslKeystore;
+      if (sslKeystoreData == null)
+        localSslKeystore = KeystoreManagerFactory.make("");
+      else
+        localSslKeystore = KeystoreManagerFactory.make("",sslKeystoreData);
+
+      // List the individual certificates in the store, with a delete button for each
+      final String[] contents = localSslKeystore.getContents();
+      if (contents.length > 0)
+      {
+        sslCertificatesMap = new HashMap<>();
+        for (final String alias : contents)
+        {
+          String description = localSslKeystore.getDescription(alias);
+          if (description.length() > 128)
+            description = description.substring(0,125) + "...";
+          sslCertificatesMap.put(alias, description);
+        }
+      }
+    } catch (ManifoldCFException e) {
+      message = e.getMessage();
+      org.apache.manifoldcf.authorities.system.Logging.authorityConnectors.warn(e);
     }
-    out.print("</table>\n");
+
+    if(sslCertificatesMap != null)
+      velocityContext.put("SSLCERTIFICATESMAP", sslCertificatesMap);
+    if(message != null)
+      velocityContext.put("MESSAGE", message);
   }
 
-  // Protected methods
   /**
    * Obtain the user LDAP record for a given user logon name.
    *

Modified: manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
--- manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties (original)
+++ manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_en_US.properties Mon Sep 28 11:07:08 2015
@@ -48,3 +48,14 @@ LDAP.GroupSearchMustIncludeSubstitution=
 LDAP.ServerPortMustBeAnInteger=Server port must be an integer
 LDAP.ServerNameCannotIncludeSlash=Server name cannot include "/" character
 LDAP.ServerBaseCannotIncludeSlash=Server base cannot include "/" character
+
+LDAP.Yes=Yes
+LDAP.No=No
+LDAP.NoCertificatesPresent=No certificates present
+LDAP.SSLCertificateList=SSL certificate list:
+LDAP.AddCert=Add certificate
+LDAP.Add=Add
+LDAP.Certificate=Certificate:
+LDAP.ChooseACertificateFile=Choose a certificate file
+LDAP.LDAPProtocolColon=LDAP protocol:
+

Modified: manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
--- manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties (original)
+++ manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_ja_JP.properties Mon Sep 28 11:07:08 2015
@@ -48,3 +48,13 @@ LDAP.TypeInToken=Token cannot be empty
 LDAP.NoTokensSpecified=No tokens specified
 LDAP.NoTokensPresent=No tokens specified
 LDAP.ForcedTokensDisclaimer=Forced tokens are meant to enrich results with common tokens explicitly handled by authorization center, like "Everyone". Use with extreme attention as this mechanism can grant privileges to every user outside authorization directory!
+
+LDAP.Yes=Yes
+LDAP.No=No
+LDAP.NoCertificatesPresent=No certificates present
+LDAP.SSLCertificateList=SSL certificate list:
+LDAP.AddCert=Add certificate
+LDAP.Add=Add
+LDAP.Certificate=Certificate:
+LDAP.ChooseACertificateFile=Choose a certificate file
+LDAP.LDAPProtocolColon=LDAP protocol:

Modified: manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
--- manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties (original)
+++ manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_pl_PL.properties Mon Sep 28 11:07:08 2015
@@ -48,3 +48,13 @@ LDAP.GroupSearchMustIncludeSubstitution=
 LDAP.ServerPortMustBeAnInteger=Port musi być liczbą całkowitą
 LDAP.ServerNameCannotIncludeSlash=Nazwa serwera nie może zawierać znaku "/"
 LDAP.ServerBaseCannotIncludeSlash=Baza DN nie może zawierać znaku "/"
+
+LDAP.Yes=Yes
+LDAP.No=No
+LDAP.NoCertificatesPresent=No certificates present
+LDAP.SSLCertificateList=SSL certificate list:
+LDAP.AddCert=Add certificate
+LDAP.Add=Add
+LDAP.Certificate=Certificate:
+LDAP.ChooseACertificateFile=Choose a certificate file
+LDAP.LDAPProtocolColon=LDAP protocol:

Modified: manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties?rev=1705656&r1=1705655&r2=1705656&view=diff
==============================================================================
--- manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties (original)
+++ manifoldcf/trunk/connectors/ldap/connector/src/main/native2ascii/org/apache/manifoldcf/authorities/authorities/ldap/common_zh_CN.properties Mon Sep 28 11:07:08 2015
@@ -48,3 +48,13 @@ LDAP.TypeInToken=令牌不èƒ�
 LDAP.NoTokensSpecified=令牌未指定
 LDAP.NoTokensPresent=令牌不存在
 LDAP.ForcedTokensDisclaimer=强制令牌是为了充实由授权中心明确处理的通常令牌如“Everyone”的结果。使用时要特别注意,因为这种机制可以授予权限给授权目录外的每一个用户!
+
+LDAP.Yes=Yes
+LDAP.No=No
+LDAP.NoCertificatesPresent=No certificates present
+LDAP.SSLCertificateList=SSL certificate list:
+LDAP.AddCert=Add certificate
+LDAP.Add=Add
+LDAP.Certificate=Certificate:
+LDAP.ChooseACertificateFile=Choose a certificate file
+LDAP.LDAPProtocolColon=LDAP protocol:



Mime
View raw message