add: configuration option ldap.queryTemplate to service.properties to make it...

add: configuration option ldap.queryTemplate to service.properties to make it easy to adapt the ldap configuration to OpenLDAP servers SVN: 21136

add: configuration option ldap.queryTemplate to service.properties to make it...
1b604fde · brinn · 20507dcc · 1b604fde · 1b604fde · 1b604fde
Commit 1b604fde authored 13 years ago by brinn
--- a/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfiguration.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfiguration.java
@@ -37,6 +37,9 @@ import org.apache.commons.lang.StringUtils;
 public final class LDAPDirectoryConfiguration
 {

+    static final String DEFAULT_QUERY_TEMPLATE = "(&(objectClass=organizationalPerson)(objectCategory=person)"
+                        + "(objectClass=user)(%s))";
+
    private String userIdAttributeName = "uid";

    private String lastNameAttributeName = "sn";
@@ -58,8 +61,7 @@ public final class LDAPDirectoryConfiguration
    private String referral = "follow";

    private String queryTemplate =
-            "(&(objectClass=organizationalPerson)(objectCategory=person)"
-                    + "(objectClass=user)(%s))";
+            DEFAULT_QUERY_TEMPLATE;

    private String securityPrincipalDistinguishedName;

@@ -77,7 +79,7 @@ public final class LDAPDirectoryConfiguration

    public void setUserIdAttributeName(String userIdAttributeName)
    {
-        if (StringUtils.isNotBlank(userIdAttributeName))
+        if (isResolved(userIdAttributeName))
        {
            this.userIdAttributeName = userIdAttributeName;
        }
@@ -93,7 +95,7 @@ public final class LDAPDirectoryConfiguration

    public void setLastNameAttributeName(String lastNameAttributeName)
    {
-        if (StringUtils.isNotBlank(lastNameAttributeName))
+        if (isResolved(lastNameAttributeName))
        {
            this.lastNameAttributeName = lastNameAttributeName;
        }
@@ -109,7 +111,7 @@ public final class LDAPDirectoryConfiguration

    public void setFirstNameAttributeName(String firstNameAttributeName)
    {
-        if (StringUtils.isNotBlank(firstNameAttributeName))
+        if (isResolved(firstNameAttributeName))
        {
            this.firstNameAttributeName = firstNameAttributeName;
        }
@@ -125,7 +127,7 @@ public final class LDAPDirectoryConfiguration

    public void setEmailAttributeName(String emailAttributeName)
    {
-        if (StringUtils.isNotBlank(emailAttributeName))
+        if (isResolved(emailAttributeName))
        {
            this.emailAttributeName = emailAttributeName;
        }
@@ -141,7 +143,7 @@ public final class LDAPDirectoryConfiguration
     */
    public void setEmailAliasesAttributeName(String emailAliasesAttributeName)
    {
-        if (StringUtils.isNotBlank(emailAliasesAttributeName))
+        if (isResolved(emailAliasesAttributeName))
        {
            this.emailAliasesAttributeName = emailAliasesAttributeName;
        }
@@ -159,7 +161,7 @@ public final class LDAPDirectoryConfiguration
     */
    public void setQueryEmailForAliases(String queryEmailForAliases)
    {
-        if (StringUtils.isNotBlank(queryEmailForAliases))
+        if (isResolved(queryEmailForAliases))
        {
            this.queryEmailForAliases = queryEmailForAliases;
        }
@@ -177,7 +179,7 @@ public final class LDAPDirectoryConfiguration
     */
    public void setEmailAttributePrefix(String emailAttributePrefix)
    {
-        if (StringUtils.isNotBlank(emailAttributePrefix))
+        if (isResolved(emailAttributePrefix))
        {
            this.emailAttributePrefix = emailAttributePrefix;
        }
@@ -200,7 +202,7 @@ public final class LDAPDirectoryConfiguration
     */
    public void setSecurityProtocol(String securityProtocol)
    {
-        if (StringUtils.isNotBlank(securityProtocol))
+        if (isResolved(securityProtocol))
        {
            this.securityProtocol = securityProtocol;
        }
@@ -258,7 +260,7 @@ public final class LDAPDirectoryConfiguration
     */
    public void setSecurityAuthenticationMethod(String securityAuthenticationMethod)
    {
-        if (StringUtils.isNotBlank(securityAuthenticationMethod))
+        if (isResolved(securityAuthenticationMethod))
        {
            this.securityAuthenticationMethod = securityAuthenticationMethod;
        }
@@ -279,7 +281,7 @@ public final class LDAPDirectoryConfiguration
     */
    public void setReferral(String referral)
    {
-        if (StringUtils.isNotBlank(referral))
+        if (isResolved(referral))
        {
            this.referral = referral;
        }
@@ -300,7 +302,7 @@ public final class LDAPDirectoryConfiguration
     */
    public void setQueryTemplate(String queryTemplate)
    {
-        if (StringUtils.isNotBlank(queryTemplate))
+        if (isResolved(queryTemplate))
        {
            this.queryTemplate = queryTemplate;
        }
@@ -321,4 +323,9 @@ public final class LDAPDirectoryConfiguration
        this.serverUrl = ldapUrl;
    }

+    private static boolean isResolved(String name)
+    {
+        return StringUtils.isNotBlank(name) && name.startsWith("${") == false;
+    }
+    
 }
--- a/authentication/sourceTest/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfigurationTest.java
+++ b/authentication/sourceTest/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfigurationTest.java
+/*
+ * Copyright 2011 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.authentication.ldap;
+
+import static org.testng.AssertJUnit.assertEquals;
+
+import org.testng.annotations.Test;
+
+/**
+ * Test cases for {@link LDAPDirectoryConfiguration}
+ * 
+ * @author Bernd Rinn
+ */
+public class LDAPDirectoryConfigurationTest
+{
+
+    @Test
+    public void testLDAPDirectoryConfigurationUnresolvedVariableQueryTemplate()
+    {
+        final LDAPDirectoryConfiguration config = new LDAPDirectoryConfiguration();
+        config.setQueryTemplate(" ");
+        assertEquals(LDAPDirectoryConfiguration.DEFAULT_QUERY_TEMPLATE, config.getQueryTemplate());
+        config.setQueryTemplate("${ldap.queryTemplate}");
+        assertEquals(LDAPDirectoryConfiguration.DEFAULT_QUERY_TEMPLATE, config.getQueryTemplate());
+    }
+
+}
--- a/openbis/dist/server/service.properties
+++ b/openbis/dist/server/service.properties
@@ -62,6 +62,15 @@ ldap.attributenames.first.name =
 ldap.attributenames.last.name =
 # Set to true to also query for email aliases
 ldap.queryEmailForAliases = true
+# The query template, needs to contain %s which will be filled with the query term, e.g. uid=username
+# The default is:
+# ldap.queryTemplate = (&(objectClass=organizationalPerson)(objectCategory=person)(objectClass=user)(%s))
+# which is known to work for many Active Directory installations.
+# For OpenLDAP, replace by: 
+# ldap.queryTemplate = (&(objectClass=organizationalPerson)(objectClass=user)(%s))
+# For restriction to BSSE accounts in OpenLDAP, set to: 
+# ldap.queryTemplate = (&(objectClass=bssePosixAccount)(%s))
+ldap.queryTemplate = 

 # The database instance local unique identifier. Used when the new database is created.
 database-instance = TEST