diff options
author | Simon Rettberg | 2015-09-13 17:50:48 +0200 |
---|---|---|
committer | Simon Rettberg | 2015-09-13 17:50:48 +0200 |
commit | 4eb93bd8236e03b4f3a19af41fe98f6aaba28b35 (patch) | |
tree | 456874e11b3c1085debd8fe67c4937fc2b932a3b /src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java | |
parent | Fix pam scripts (ldap -> sss) (diff) | |
download | tmlite-bwlp-4eb93bd8236e03b4f3a19af41fe98f6aaba28b35.tar.gz tmlite-bwlp-4eb93bd8236e03b4f3a19af41fe98f6aaba28b35.tar.xz tmlite-bwlp-4eb93bd8236e03b4f3a19af41fe98f6aaba28b35.zip |
Add LDAP support to previously AD-only tasks
Diffstat (limited to 'src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java')
-rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java | 96 |
1 files changed, 70 insertions, 26 deletions
diff --git a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java index 37443d5..37d09d8 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java +++ b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java @@ -23,6 +23,8 @@ public class LdapSearch extends SystemCommandTask private String bindpw = null; @Expose private String username = null; + @Expose + private boolean plainldap = false; private String fifo = null; @@ -36,10 +38,14 @@ public class LdapSearch extends SystemCommandTask protected boolean initTask() { this.setStatusObject( this.status ); - if ( this.server == null || this.searchbase == null || this.binddn == null ) { + if ( this.server == null || this.searchbase == null ) { status.messages = "Missing parameter"; return false; } + if ( this.binddn == null ) + this.binddn = ""; + if ( this.bindpw == null ) + this.bindpw = ""; this.timeoutSeconds = 5; return true; } @@ -47,20 +53,20 @@ public class LdapSearch extends SystemCommandTask @Override protected String[] initCommandLine() { - if ( this.bindpw == null ) - this.bindpw = ""; - this.fifo = String.format( "/tmp/bwlp-%s-%s.ldap", System.currentTimeMillis(), new Random().nextInt() ); - File pwFile = new File( this.fifo ); - FileUtils.deleteQuietly( pwFile ); - try { - pwFile.createNewFile(); - pwFile.setReadable( false, false ); - pwFile.setReadable( true, true ); - FileUtils.writeStringToFile( pwFile, this.bindpw, StandardCharsets.UTF_8 ); - } catch ( IOException e ) { + if ( !this.bindpw.isEmpty() ) { + this.fifo = String.format( "/tmp/bwlp-%s-%s.ldap", System.currentTimeMillis(), new Random().nextInt() ); + File pwFile = new File( this.fifo ); FileUtils.deleteQuietly( pwFile ); - status.messages = e.toString(); - return null; + try { + pwFile.createNewFile(); + pwFile.setReadable( false, false ); + pwFile.setReadable( true, true ); + FileUtils.writeStringToFile( pwFile, this.bindpw, StandardCharsets.UTF_8 ); + } catch ( IOException e ) { + FileUtils.deleteQuietly( pwFile ); + status.messages = e.toString(); + return null; + } } if ( this.username == null ) { status.addMessage( "Trying to find 4 random AD users to verify everything is all right..." ); @@ -68,9 +74,34 @@ public class LdapSearch extends SystemCommandTask } else { this.getDn = true; } + String filter; + String wantedAttr; + if ( this.plainldap ) { + filter = "(&(objectClass=posixAccount)(uid=" + this.username + "))"; + wantedAttr = "uid"; + } else { + filter = "(&(objectClass=user)(objectClass=person)(sAMAccountName=" + this.username + "))"; + wantedAttr = "sAMAccountName"; + } // As we don't care about the certificate here, you might want to put TLS_REQCERT never // in /etc/ldap/ldap.conf + if ( this.binddn.isEmpty() ) { + return new String[] { + "ldapsearch", + "-x", // Simple auth + "-LLL", // No additional stuff + "-H", this.server, // Host + "-b", this.searchbase, // SB + "-l", "4", // Time limit in seconds + "-o", "nettimeout=4", + "-z", "4", // Max number of results + "-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch + filter, + wantedAttr, // Find account name + "dn" // And dn + }; + } return new String[] { "ldapsearch", "-x", // Simple auth @@ -83,8 +114,8 @@ public class LdapSearch extends SystemCommandTask "-o", "nettimeout=4", "-z", "4", // Max number of results "-o", "ldif-wrap=no", // Turn off retarded line wrapping done by ldapsearch - "(&(objectClass=user)(objectClass=person)(sAMAccountName=" + this.username + "))", - "sAMAccountName", // Find account name + filter, + wantedAttr, // Find account name "dn" // And dn }; } @@ -92,26 +123,39 @@ public class LdapSearch extends SystemCommandTask @Override protected boolean processEnded( int exitCode ) { - FileUtils.deleteQuietly( new File( this.fifo ) ); + if ( this.fifo != null ) { + FileUtils.deleteQuietly( new File( this.fifo ) ); + } if ( exitCode == 4 ) // Means size limit exceeded, ignore exitCode = 0; if ( exitCode != 0 ) status.addMessage( "Exit code is " + exitCode ); if ( exitCode == 0 && this.userCount < 4 && !this.getDn ) - status.addMessage( "Found less than 4 users. Are you sure you got the right credentials." ); + status.addMessage( "Found less than 4 users. Are you sure you got the right credentials?" ); return this.userCount >= 4 || ( this.getDn && status.dn != null ); } @Override protected void processStdOut( String line ) { - if ( line.startsWith( "sAMAccountName: " ) ) { - status.addMessage( "Found AD user " + line.substring( 16 ) + " :-)" ); - this.userCount++; - } - if ( line.startsWith( "sAMAccountName:: " ) ) { - status.addMessage( "Found AD user " + line.substring( 17 ) + " :-)" ); - this.userCount++; + if ( this.plainldap ) { + if ( line.startsWith( "uid: " ) ) { + status.addMessage( "Found LDAP user " + line.substring( 5 ) + " :-)" ); + this.userCount++; + } + if ( line.startsWith( "uid:: " ) ) { + status.addMessage( "Found LDAP user " + line.substring( 6 ) + " :-)" ); + this.userCount++; + } + } else { + if ( line.startsWith( "sAMAccountName: " ) ) { + status.addMessage( "Found AD user " + line.substring( 16 ) + " :-)" ); + this.userCount++; + } + if ( line.startsWith( "sAMAccountName:: " ) ) { + status.addMessage( "Found AD user " + line.substring( 17 ) + " :-)" ); + this.userCount++; + } } if ( this.getDn && line.startsWith( "dn: " ) ) { status.dn = line.substring( 4 ); @@ -131,7 +175,7 @@ public class LdapSearch extends SystemCommandTask private String messages = null; public String dn = null; - private void addMessage( String str ) + private synchronized void addMessage( String str ) { if ( messages == null ) { messages = str; |