bug 12979: anonymous searches now allowed

2012-01-16 20:03:00 +05:30 · 2012-01-16 20:03:00 +05:30 · e6161ac502
parent ac1886350d
commit e6161ac502
3 changed files with 36 additions and 11 deletions
--- a/api/src/com/cloud/api/commands/LDAPConfigCmd.java
+++ b/api/src/com/cloud/api/commands/LDAPConfigCmd.java
@ -1,5 +1,5 @@
 /**
- *  Copyright (C) 2010 Cloud.com, Inc.  All rights reserved.
+ *  Copyright (C) 2011 Citrix.com, Inc.  All rights reserved.
 * 
 * This software is licensed under the GNU General Public License v3 or later.
 * 
@ -59,10 +59,10 @@ public class LDAPConfigCmd extends BaseCmd  {
    @Parameter(name=ApiConstants.QUERY_FILTER, type=CommandType.STRING, required=true, description="You specify a query filter here, which narrows down the users, who can be part of this domain.")
    private String queryFilter;

-    @Parameter(name=ApiConstants.BIND_DN, type=CommandType.STRING, required=true, description="Specify the distinguished name of a user with the search permission on the directory.")
+    @Parameter(name=ApiConstants.BIND_DN, type=CommandType.STRING, description="Specify the distinguished name of a user with the search permission on the directory.")
    private String bindDN;
    
-    @Parameter(name=ApiConstants.BIND_PASSWORD, type=CommandType.STRING, required=true, description="Enter the password.")
+    @Parameter(name=ApiConstants.BIND_PASSWORD, type=CommandType.STRING, description="Enter the password.")
    private String bindPassword;
    

--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@ -1237,13 +1237,26 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
            String bindDN = cmd.getBindDN();
            String bindPasswd = cmd.getBindPassword();
            
+            if (bindDN != null && bindPasswd == null ){
+            	throw new InvalidParameterValueException("If you specify a bind name then you need to provide bind password too.");
+            }
+            
+            //System.setProperty("javax.net.ssl.keyStore", "/cygdrive/c/citrix/info/cacerts.jks");
+            //System.setProperty("javax.net.ssl.keyStorePassword", "1111_aaaa");
+            
            // check if the info is correct
            Hashtable<String, String> env = new Hashtable<String, String>(11);
            env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
-            env.put(Context.PROVIDER_URL, "ldap://" + hostname + ":" + port + "/");
-            if (useSSL) env.put(Context.SECURITY_PRINCIPAL, "ssl");
-            env.put(Context.SECURITY_PRINCIPAL, bindDN);
-            env.put(Context.SECURITY_CREDENTIALS, bindPasswd);
+            String protocol = "ldap://" ;
+            if (new Boolean(useSSL)){
+            	env.put(Context.SECURITY_PROTOCOL, "ssl");
+                protocol="ldaps://" ;
+            }
+            env.put(Context.PROVIDER_URL, protocol + hostname  + ":" + port);
+            if (bindDN != null && bindPasswd != null){
+            	env.put(Context.SECURITY_PRINCIPAL, bindDN);
+            	env.put(Context.SECURITY_CREDENTIALS, bindPasswd);
+            }
            // Create the initial context
            DirContext ctx = new InitialDirContext(env);
            ctx.close();
--- a/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java
+++ b/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java
@ -84,8 +84,15 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator {
                protocol="ldaps://" ;
            }
            env.put(Context.PROVIDER_URL, protocol + url  + ":" + port);
-            env.put(Context.SECURITY_PRINCIPAL, bindDN);
-            env.put(Context.SECURITY_CREDENTIALS, bindPasswd);
+
+            if (bindDN != null && bindPasswd != null){
+                env.put(Context.SECURITY_PRINCIPAL, bindDN);
+                env.put(Context.SECURITY_CREDENTIALS, bindPasswd);
+            }
+            else {
+            	// Use anonymous authentication
+            	env.put(Context.SECURITY_AUTHENTICATION, "none");
+            }
           // Create the initial context
            DirContext ctx = new InitialDirContext(env);
            // use this context to search
@ -115,8 +122,12 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator {
            // check the password
            env = new Hashtable<String, String>(11);
            env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
-            env.put(Context.PROVIDER_URL, "ldap://" + url  + ":" + port);
-            if (new Boolean(useSSL) == Boolean.TRUE)env.put(Context.SECURITY_PROTOCOL, "ssl");
+            protocol = "ldap://" ;
+            if (new Boolean(useSSL)){
+            	env.put(Context.SECURITY_PROTOCOL, "ssl");
+                protocol="ldaps://" ;
+            }
+            env.put(Context.PROVIDER_URL, protocol + url  + ":" + port);
            env.put(Context.SECURITY_PRINCIPAL, cn + "," + searchBase);
            env.put(Context.SECURITY_CREDENTIALS, password);
            // Create the initial context
@ -129,6 +140,7 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator {
            return false;
        }
        catch (Exception e){
+        	e.printStackTrace();
            s_logger.warn("Unknown error encountered " + e.getMessage());
            return false;
        }