From e6161ac5029a129b65f389a41cecaa8533581f50 Mon Sep 17 00:00:00 2001 From: Abhinandan Prateek Date: Mon, 16 Jan 2012 20:03:00 +0530 Subject: [PATCH] bug 12979: anonymous searches now allowed --- .../com/cloud/api/commands/LDAPConfigCmd.java | 6 +++--- .../ConfigurationManagerImpl.java | 21 +++++++++++++++---- .../server/auth/LDAPUserAuthenticator.java | 20 ++++++++++++++---- 3 files changed, 36 insertions(+), 11 deletions(-) diff --git a/api/src/com/cloud/api/commands/LDAPConfigCmd.java b/api/src/com/cloud/api/commands/LDAPConfigCmd.java index 11502cbd963..7298eeca6f8 100644 --- a/api/src/com/cloud/api/commands/LDAPConfigCmd.java +++ b/api/src/com/cloud/api/commands/LDAPConfigCmd.java @@ -1,5 +1,5 @@ /** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * Copyright (C) 2011 Citrix.com, Inc. All rights reserved. * * This software is licensed under the GNU General Public License v3 or later. * @@ -59,10 +59,10 @@ public class LDAPConfigCmd extends BaseCmd { @Parameter(name=ApiConstants.QUERY_FILTER, type=CommandType.STRING, required=true, description="You specify a query filter here, which narrows down the users, who can be part of this domain.") private String queryFilter; - @Parameter(name=ApiConstants.BIND_DN, type=CommandType.STRING, required=true, description="Specify the distinguished name of a user with the search permission on the directory.") + @Parameter(name=ApiConstants.BIND_DN, type=CommandType.STRING, description="Specify the distinguished name of a user with the search permission on the directory.") private String bindDN; - @Parameter(name=ApiConstants.BIND_PASSWORD, type=CommandType.STRING, required=true, description="Enter the password.") + @Parameter(name=ApiConstants.BIND_PASSWORD, type=CommandType.STRING, description="Enter the password.") private String bindPassword; diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 290acd02671..a6609504813 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -1237,13 +1237,26 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura String bindDN = cmd.getBindDN(); String bindPasswd = cmd.getBindPassword(); + if (bindDN != null && bindPasswd == null ){ + throw new InvalidParameterValueException("If you specify a bind name then you need to provide bind password too."); + } + + //System.setProperty("javax.net.ssl.keyStore", "/cygdrive/c/citrix/info/cacerts.jks"); + //System.setProperty("javax.net.ssl.keyStorePassword", "1111_aaaa"); + // check if the info is correct Hashtable env = new Hashtable(11); env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); - env.put(Context.PROVIDER_URL, "ldap://" + hostname + ":" + port + "/"); - if (useSSL) env.put(Context.SECURITY_PRINCIPAL, "ssl"); - env.put(Context.SECURITY_PRINCIPAL, bindDN); - env.put(Context.SECURITY_CREDENTIALS, bindPasswd); + String protocol = "ldap://" ; + if (new Boolean(useSSL)){ + env.put(Context.SECURITY_PROTOCOL, "ssl"); + protocol="ldaps://" ; + } + env.put(Context.PROVIDER_URL, protocol + hostname + ":" + port); + if (bindDN != null && bindPasswd != null){ + env.put(Context.SECURITY_PRINCIPAL, bindDN); + env.put(Context.SECURITY_CREDENTIALS, bindPasswd); + } // Create the initial context DirContext ctx = new InitialDirContext(env); ctx.close(); diff --git a/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java b/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java index 6fd37a7b950..20d0a6e46d8 100644 --- a/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java +++ b/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java @@ -84,8 +84,15 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator { protocol="ldaps://" ; } env.put(Context.PROVIDER_URL, protocol + url + ":" + port); - env.put(Context.SECURITY_PRINCIPAL, bindDN); - env.put(Context.SECURITY_CREDENTIALS, bindPasswd); + + if (bindDN != null && bindPasswd != null){ + env.put(Context.SECURITY_PRINCIPAL, bindDN); + env.put(Context.SECURITY_CREDENTIALS, bindPasswd); + } + else { + // Use anonymous authentication + env.put(Context.SECURITY_AUTHENTICATION, "none"); + } // Create the initial context DirContext ctx = new InitialDirContext(env); // use this context to search @@ -115,8 +122,12 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator { // check the password env = new Hashtable(11); env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); - env.put(Context.PROVIDER_URL, "ldap://" + url + ":" + port); - if (new Boolean(useSSL) == Boolean.TRUE)env.put(Context.SECURITY_PROTOCOL, "ssl"); + protocol = "ldap://" ; + if (new Boolean(useSSL)){ + env.put(Context.SECURITY_PROTOCOL, "ssl"); + protocol="ldaps://" ; + } + env.put(Context.PROVIDER_URL, protocol + url + ":" + port); env.put(Context.SECURITY_PRINCIPAL, cn + "," + searchBase); env.put(Context.SECURITY_CREDENTIALS, password); // Create the initial context @@ -129,6 +140,7 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator { return false; } catch (Exception e){ + e.printStackTrace(); s_logger.warn("Unknown error encountered " + e.getMessage()); return false; }