From 1f490c5aa0714c622b03fc2ec56909af7703ccab Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 16 Aug 2017 18:26:02 +0200
Subject: [*ldap*] Support new mapping features and fixNumeric switch

---
 .../org/openslx/taskmanager/tasks/LdapSearch.java  | 87 ++++++++++++++--------
 1 file changed, 54 insertions(+), 33 deletions(-)

(limited to 'src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java')

diff --git a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java
index 63ce60a..f5e5f7a 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/LdapSearch.java
@@ -9,6 +9,8 @@ import java.util.Random;
 
 import org.apache.commons.io.FileUtils;
 import org.apache.log4j.Logger;
+import org.openslx.satserver.util.LdapMapping;
+import org.openslx.satserver.util.Util;
 import org.openslx.taskmanager.api.SystemCommandTask;
 
 import com.google.gson.annotations.Expose;
@@ -30,12 +32,16 @@ public class LdapSearch extends SystemCommandTask
 	private boolean plainldap = false;
 	@Expose
 	private String filter = null;
+	@Expose
+	private LdapMapping mapping = null;
 
 	private String fifo = null;
 
 	private boolean getDn = false;
 
 	private volatile int userCount = 0;
+	
+	private volatile int userIdCount = 0;
 
 	private Output status = new Output();
 
@@ -58,6 +64,31 @@ public class LdapSearch extends SystemCommandTask
 	@Override
 	protected String[] initCommandLine()
 	{
+		if ( this.mapping == null )
+			this.mapping = new LdapMapping();
+		if ( this.plainldap ) {
+			if ( Util.isEmpty( mapping.posixAccount ) ) {
+				mapping.posixAccount = "posixAccount";
+			}
+			if ( Util.isEmpty( mapping.uid ) ) {
+				mapping.uid = "uid";
+			}
+			if ( Util.isEmpty( mapping.uidnumber ) ) {
+				mapping.uidnumber = "uidnumber";
+			}
+		} else {
+			if ( Util.isEmpty( mapping.posixAccount ) ) {
+				mapping.posixAccount = "user";
+			}
+			if ( Util.isEmpty( mapping.uid ) ) {
+				mapping.uid = "sAMAccountName";
+			}
+			if ( Util.isEmpty( mapping.uidnumber ) ) {
+				mapping.uidnumber = "objectSid";
+			}
+		}
+		mapping.uid = mapping.uid.toLowerCase();
+		mapping.uidnumber = mapping.uidnumber.toLowerCase();
 		if ( !this.bindpw.isEmpty() ) {
 			this.fifo = String.format( "/tmp/bwlp-%s-%s.ldap", System.currentTimeMillis(), new Random().nextInt() );
 			File pwFile = new File( this.fifo );
@@ -76,19 +107,15 @@ public class LdapSearch extends SystemCommandTask
 		}
 		String filter;
 		if ( this.filter == null || this.filter.isEmpty() ) {
-			status.addMessage( "Trying to find 4 random AD users to verify everything is all right..." );
-			if ( this.plainldap ) {
-				filter = "(&(objectClass=posixAccount)(uid=*))";
-			} else {
-				filter = "(&(objectClass=user)(objectClass=person)(sAMAccountName=*))";
-			}
+			status.addMessage( "Trying to find 4 random users to verify everything is all right..." );
+			filter = "(&(objectClass=" + mapping.posixAccount + ")(" + mapping.uid + "=*)(" + mapping.uidnumber + "=*))";
 		} else {
 			this.getDn = true;
 			filter = this.filter;
 		}
 
-		// As we don't care about the certificate here, you might want to put TLS_REQCERT never
 		status.addMessage( "Using filter: " + filter );
+		// As we don't care about the certificate here, you might want to put TLS_REQCERT never
 		// in /etc/ldap/ldap.conf
 		if ( this.bindpw.isEmpty() ) {
 			return new String[] {
@@ -130,38 +157,32 @@ public class LdapSearch extends SystemCommandTask
 		if ( exitCode == 4 ) // Means size limit exceeded, ignore
 			exitCode = 0;
 		status.addMessage( "Exit code is " + exitCode );
-		if ( exitCode == 0 && this.userCount < 4 && !this.getDn )
-			status.addMessage( "Found less than 4 users. Are you sure you got the right credentials?" );
-		return this.userCount >= 4 || ( this.getDn && status.dn != null );
+		if ( exitCode == 0 && !this.getDn ) {
+			if ( this.userCount < 4 ) {
+				status.addMessage( "Found less than 4 users. Are you sure you got the right credentials?" );
+			}
+			if ( this.userIdCount < 4 ) {
+				status.addMessage( "Found less than 4 user ids. Are you sure you got the right credentials?" );
+			}
+		}
+		return ( this.userCount >= 4 && this.userIdCount >= 4 ) || ( this.getDn && status.dn != null );
 	}
 
 	@Override
 	protected void processStdOut( String line )
 	{
-		if ( this.plainldap ) {
-			if ( line.startsWith( "uid: " ) ) {
-				status.addMessage( "Found LDAP user " + line.substring( 5 ) + " :-)" );
-				this.userCount++;
-				return;
-			}
-			if ( line.startsWith( "uid:: " ) ) {
-				status.addMessage( "Found LDAP user " + line.substring( 6 ) + " :-)" );
-				this.userCount++;
-				return;
-			}
-		} else {
-			if ( line.startsWith( "sAMAccountName: " ) ) {
-				status.addMessage( "Found AD user " + line.substring( 16 ) + " :-)" );
-				this.userCount++;
-				return;
-			}
-			if ( line.startsWith( "sAMAccountName:: " ) ) {
-				status.addMessage( "Found AD user " + line.substring( 17 ) + " :-)" );
-				this.userCount++;
-				return;
-			}
+		String lower = line.toLowerCase();
+		if ( lower.startsWith( mapping.uid + ":" ) ) {
+			status.addMessage( "Found " + line + " :-)" );
+			this.userCount++;
+			return;
+		}
+		if ( lower.startsWith( mapping.uidnumber + ":" ) ) {
+			status.addMessage( "Found " + line + " :-)" );
+			this.userIdCount++;
+			return;
 		}
-		if ( line.startsWith( "dn: " ) ) {
+		if ( lower.startsWith( "dn: " ) ) {
 			status.dn = line.substring( 4 );
 			return;
 		}
-- 
cgit v1.2.3-55-g7522