Author: echatellier Date: 2014-06-30 13:16:33 +0200 (Mon, 30 Jun 2014) New Revision: 295 Url: http://forge.codelutin.com/projects/faxtomail/repository/revisions/295 Log: Fix ldap connection with sAMAccountName Modified: trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfiguration.java trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfigurationOption.java trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/LdapService.java Modified: trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfiguration.java =================================================================== --- trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfiguration.java 2014-06-30 08:20:04 UTC (rev 294) +++ trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfiguration.java 2014-06-30 11:16:33 UTC (rev 295) @@ -275,10 +275,6 @@ return applicationConfig.getOptionAsList(FaxToMailConfigurationOption.LDAP_ADMIN_GROUPS.getKey()).getOption(); } - public String getLdapPrincipalDomain() { - return applicationConfig.getOption(FaxToMailConfigurationOption.LDAP_PRINCIPAL_DOMAIN.getKey()); - } - public String getLdapTestPrincipal() { return applicationConfig.getOption(FaxToMailConfigurationOption.LDAP_TEST_PRINCIPAL.getKey()); } Modified: trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfigurationOption.java =================================================================== --- trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfigurationOption.java 2014-06-30 08:20:04 UTC (rev 294) +++ trunk/faxtomail-persistence/src/main/java/com/franciaflex/faxtomail/FaxToMailConfigurationOption.java 2014-06-30 11:16:33 UTC (rev 295) @@ -120,10 +120,6 @@ "faxtomail.ldap.admin.groups", "DN du groupe ldap ayant les autorisations d'accéder à la partie admin de l'interface web", null, String.class), - LDAP_PRINCIPAL_DOMAIN( - "faxtomail.ldap.principal.domain", - "Domaine des principals utilisés par l'authentification kerberos", "mac-groupe.net", String.class), - LDAP_TEST_PRINCIPAL( "faxtomail.ldap.test.principal", "Principal de test pour forcer un utilsateur particulier", null, String.class), Modified: trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/LdapService.java =================================================================== --- trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/LdapService.java 2014-06-30 08:20:04 UTC (rev 294) +++ trunk/faxtomail-service/src/main/java/com/franciaflex/faxtomail/services/service/LdapService.java 2014-06-30 11:16:33 UTC (rev 295) @@ -76,12 +76,13 @@ List<SearchResultEntry> userEntries = userResult.getSearchEntries(); for (SearchResultEntry userEntry : userEntries) { - String login = userEntry.getAttributeValue("sn"); + String login = userEntry.getAttributeValue("sAMAccountName"); if (login == null) { if (log.isWarnEnabled()) { - log.warn("Null sn for DN " + userEntry.getDN()); + log.warn("Null sAMAccountName for DN " + userEntry.getDN()); } } else { + login = login.toLowerCase(); updateUserFormLdap(userEntry, login); } } @@ -154,6 +155,7 @@ FaxToMailUser result; + login = login.toLowerCase(); try { // first connexion to get full user login LDAPConnection adminConnect = new LDAPConnection(); @@ -165,7 +167,7 @@ SearchResultEntry searchEntry = null; if (adminConnect.isConnected()) { // sn est le login interne à franciaflex - String filter = String.format("(sn=%s)", login); + String filter = String.format("(sAMAccountName=%s)", login); SearchResult searchResult = adminConnect.search(getApplicationConfig().getLdapBaseDn(), SearchScope.SUB, filter); if (!searchResult.getSearchEntries().isEmpty()) { searchEntry = searchResult.getSearchEntries().get(0); @@ -212,14 +214,16 @@ * * This method doesn't require any password. * - * @param principal user principal (without domain) + * @param login user principal (without domain) * @return user instance * @throws AuthenticationException is user can't be found in ldap */ - public FaxToMailUser getUserFromPrincipal(String principal) throws AuthenticationException { + public FaxToMailUser getUserFromPrincipal(String login) throws AuthenticationException { FaxToMailUser result; + login = login.toLowerCase(); + try { // first connexion to get full user login LDAPConnection adminConnect = new LDAPConnection(); @@ -227,21 +231,17 @@ adminConnect.bind(getApplicationConfig().getLdapUser(), getApplicationConfig().getLdapPassword()); // search user in ldap - String login = null; SearchResultEntry searchEntry = null; if (adminConnect.isConnected()) { - // userPrincipalName est l'identifiant kerberos - // xxx@mac-groupe.net - String filter = String.format("(userPrincipalName=%s@%s)", principal, getApplicationConfig().getLdapPrincipalDomain()); + // sAMAccountName est l'identifiant kerberos + String filter = String.format("(sAMAccountName=%s)", login); SearchResult searchResult = adminConnect.search(getApplicationConfig().getLdapBaseDn(), SearchScope.SUB, filter); if (!searchResult.getSearchEntries().isEmpty()) { searchEntry = searchResult.getSearchEntries().get(0); - // sn est le 'login' interne a franciaflex - login = searchEntry.getAttributeValue("sn"); } adminConnect.close(); } else { - throw new AuthenticationException("Utilisateur inconnu : " + principal); + throw new AuthenticationException("Utilisateur inconnu : " + login); } if( searchEntry != null ) { @@ -254,7 +254,7 @@ result = new FaxToMailUserImpl(); faxToMailUserBinder.copyExcluding(user, result); } else { - throw new AuthenticationException("Utilisateur inconnu : " + principal); + throw new AuthenticationException("Utilisateur inconnu : " + login); } } catch (LDAPException ex) { if (log.isWarnEnabled()) {