From 1b604fde797d4ac73646beee10361894bccfc1e2 Mon Sep 17 00:00:00 2001
From: brinn <brinn>
Date: Wed, 4 May 2011 19:05:54 +0000
Subject: [PATCH] add: configuration option ldap.queryTemplate to
service.properties to make it easy to adapt the ldap configuration to
OpenLDAP servers
SVN: 21136
---
.../ldap/LDAPDirectoryConfiguration.java | 33 +++++++++------
.../ldap/LDAPDirectoryConfigurationTest.java | 41 +++++++++++++++++++
openbis/dist/server/service.properties | 9 ++++
3 files changed, 70 insertions(+), 13 deletions(-)
create mode 100644 authentication/sourceTest/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfigurationTest.java
diff --git a/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfiguration.java b/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfiguration.java
index d44d6ffa48e..3b7304bc038 100644
--- a/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfiguration.java
+++ b/authentication/source/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfiguration.java
@@ -37,6 +37,9 @@ import org.apache.commons.lang.StringUtils;
public final class LDAPDirectoryConfiguration
{
+ static final String DEFAULT_QUERY_TEMPLATE = "(&(objectClass=organizationalPerson)(objectCategory=person)"
+ + "(objectClass=user)(%s))";
+
private String userIdAttributeName = "uid";
private String lastNameAttributeName = "sn";
@@ -58,8 +61,7 @@ public final class LDAPDirectoryConfiguration
private String referral = "follow";
private String queryTemplate =
- "(&(objectClass=organizationalPerson)(objectCategory=person)"
- + "(objectClass=user)(%s))";
+ DEFAULT_QUERY_TEMPLATE;
private String securityPrincipalDistinguishedName;
@@ -77,7 +79,7 @@ public final class LDAPDirectoryConfiguration
public void setUserIdAttributeName(String userIdAttributeName)
{
- if (StringUtils.isNotBlank(userIdAttributeName))
+ if (isResolved(userIdAttributeName))
{
this.userIdAttributeName = userIdAttributeName;
}
@@ -93,7 +95,7 @@ public final class LDAPDirectoryConfiguration
public void setLastNameAttributeName(String lastNameAttributeName)
{
- if (StringUtils.isNotBlank(lastNameAttributeName))
+ if (isResolved(lastNameAttributeName))
{
this.lastNameAttributeName = lastNameAttributeName;
}
@@ -109,7 +111,7 @@ public final class LDAPDirectoryConfiguration
public void setFirstNameAttributeName(String firstNameAttributeName)
{
- if (StringUtils.isNotBlank(firstNameAttributeName))
+ if (isResolved(firstNameAttributeName))
{
this.firstNameAttributeName = firstNameAttributeName;
}
@@ -125,7 +127,7 @@ public final class LDAPDirectoryConfiguration
public void setEmailAttributeName(String emailAttributeName)
{
- if (StringUtils.isNotBlank(emailAttributeName))
+ if (isResolved(emailAttributeName))
{
this.emailAttributeName = emailAttributeName;
}
@@ -141,7 +143,7 @@ public final class LDAPDirectoryConfiguration
*/
public void setEmailAliasesAttributeName(String emailAliasesAttributeName)
{
- if (StringUtils.isNotBlank(emailAliasesAttributeName))
+ if (isResolved(emailAliasesAttributeName))
{
this.emailAliasesAttributeName = emailAliasesAttributeName;
}
@@ -159,7 +161,7 @@ public final class LDAPDirectoryConfiguration
*/
public void setQueryEmailForAliases(String queryEmailForAliases)
{
- if (StringUtils.isNotBlank(queryEmailForAliases))
+ if (isResolved(queryEmailForAliases))
{
this.queryEmailForAliases = queryEmailForAliases;
}
@@ -177,7 +179,7 @@ public final class LDAPDirectoryConfiguration
*/
public void setEmailAttributePrefix(String emailAttributePrefix)
{
- if (StringUtils.isNotBlank(emailAttributePrefix))
+ if (isResolved(emailAttributePrefix))
{
this.emailAttributePrefix = emailAttributePrefix;
}
@@ -200,7 +202,7 @@ public final class LDAPDirectoryConfiguration
*/
public void setSecurityProtocol(String securityProtocol)
{
- if (StringUtils.isNotBlank(securityProtocol))
+ if (isResolved(securityProtocol))
{
this.securityProtocol = securityProtocol;
}
@@ -258,7 +260,7 @@ public final class LDAPDirectoryConfiguration
*/
public void setSecurityAuthenticationMethod(String securityAuthenticationMethod)
{
- if (StringUtils.isNotBlank(securityAuthenticationMethod))
+ if (isResolved(securityAuthenticationMethod))
{
this.securityAuthenticationMethod = securityAuthenticationMethod;
}
@@ -279,7 +281,7 @@ public final class LDAPDirectoryConfiguration
*/
public void setReferral(String referral)
{
- if (StringUtils.isNotBlank(referral))
+ if (isResolved(referral))
{
this.referral = referral;
}
@@ -300,7 +302,7 @@ public final class LDAPDirectoryConfiguration
*/
public void setQueryTemplate(String queryTemplate)
{
- if (StringUtils.isNotBlank(queryTemplate))
+ if (isResolved(queryTemplate))
{
this.queryTemplate = queryTemplate;
}
@@ -321,4 +323,9 @@ public final class LDAPDirectoryConfiguration
this.serverUrl = ldapUrl;
}
+ private static boolean isResolved(String name)
+ {
+ return StringUtils.isNotBlank(name) && name.startsWith("${") == false;
+ }
+
}
diff --git a/authentication/sourceTest/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfigurationTest.java b/authentication/sourceTest/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfigurationTest.java
new file mode 100644
index 00000000000..358ff52d13b
--- /dev/null
+++ b/authentication/sourceTest/java/ch/systemsx/cisd/authentication/ldap/LDAPDirectoryConfigurationTest.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2011 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.authentication.ldap;
+
+import static org.testng.AssertJUnit.assertEquals;
+
+import org.testng.annotations.Test;
+
+/**
+ * Test cases for {@link LDAPDirectoryConfiguration}
+ *
+ * @author Bernd Rinn
+ */
+public class LDAPDirectoryConfigurationTest
+{
+
+ @Test
+ public void testLDAPDirectoryConfigurationUnresolvedVariableQueryTemplate()
+ {
+ final LDAPDirectoryConfiguration config = new LDAPDirectoryConfiguration();
+ config.setQueryTemplate(" ");
+ assertEquals(LDAPDirectoryConfiguration.DEFAULT_QUERY_TEMPLATE, config.getQueryTemplate());
+ config.setQueryTemplate("${ldap.queryTemplate}");
+ assertEquals(LDAPDirectoryConfiguration.DEFAULT_QUERY_TEMPLATE, config.getQueryTemplate());
+ }
+
+}
diff --git a/openbis/dist/server/service.properties b/openbis/dist/server/service.properties
index 911b63a1f56..390a220d668 100644
--- a/openbis/dist/server/service.properties
+++ b/openbis/dist/server/service.properties
@@ -62,6 +62,15 @@ ldap.attributenames.first.name =
ldap.attributenames.last.name =
# Set to true to also query for email aliases
ldap.queryEmailForAliases = true
+# The query template, needs to contain %s which will be filled with the query term, e.g. uid=username
+# The default is:
+# ldap.queryTemplate = (&(objectClass=organizationalPerson)(objectCategory=person)(objectClass=user)(%s))
+# which is known to work for many Active Directory installations.
+# For OpenLDAP, replace by:
+# ldap.queryTemplate = (&(objectClass=organizationalPerson)(objectClass=user)(%s))
+# For restriction to BSSE accounts in OpenLDAP, set to:
+# ldap.queryTemplate = (&(objectClass=bssePosixAccount)(%s))
+ldap.queryTemplate =
# The database instance local unique identifier. Used when the new database is created.
database-instance = TEST
--
GitLab