import com.unboundid.ldap.sdk.SearchResult;\r
import com.unboundid.ldap.sdk.SearchResultEntry;\r
import com.unboundid.ldap.sdk.SearchScope;\r
+import com.unboundid.ldap.sdk.SimpleBindRequest;\r
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;\r
import com.unboundid.util.ssl.SSLUtil;\r
import com.unboundid.util.ssl.TrustAllTrustManager;\r
\r
private LDAPConnection getLdapConnection() {\r
try {\r
+ \r
URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));\r
+ String ldapHost = ldapUrl.getHost();\r
+ int ldapPort = ldapUrl.getPort();\r
String bindUserName = settings.getString(Keys.realm.ldap.username, "");\r
String bindPassword = settings.getString(Keys.realm.ldap.password, "");\r
- int ldapPort = ldapUrl.getPort();\r
\r
+ \r
+ LDAPConnection conn;\r
if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) { // SSL\r
- if (ldapPort == -1) // Default Port\r
- ldapPort = 636;\r
-\r
- LDAPConnection conn;\r
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());\r
- if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {\r
- conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort);\r
- } else {\r
- conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);\r
- }\r
- return conn;\r
+ conn = new LDAPConnection(sslUtil.createSSLSocketFactory());\r
+ } else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) { // no encryption or StartTLS\r
+ conn = new LDAPConnection();\r
} else {\r
- if (ldapPort == -1) // Default Port\r
- ldapPort = 389;\r
-\r
- LDAPConnection conn;\r
- if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {\r
- conn = new LDAPConnection(ldapUrl.getHost(), ldapPort);\r
- } else {\r
- conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);\r
- }\r
-\r
- if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {\r
- SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());\r
-\r
- ExtendedResult extendedResult = conn.processExtendedOperation(\r
+ logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());\r
+ return null;\r
+ }\r
+ \r
+ conn.connect(ldapHost, ldapPort);\r
+ \r
+ if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {\r
+ SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());\r
+ ExtendedResult extendedResult = conn.processExtendedOperation(\r
new StartTLSExtendedRequest(sslUtil.createSSLContext()));\r
-\r
- if (extendedResult.getResultCode() != ResultCode.SUCCESS) {\r
- throw new LDAPException(extendedResult.getResultCode());\r
- }\r
+ if (extendedResult.getResultCode() != ResultCode.SUCCESS) {\r
+ throw new LDAPException(extendedResult.getResultCode());\r
}\r
- return conn;\r
}\r
+\r
+ if ( ! StringUtils.isEmpty(bindUserName) || ! StringUtils.isEmpty(bindPassword)) {\r
+ conn.bind(new SimpleBindRequest(bindUserName, bindPassword));\r
+ }\r
+ \r
+ return conn;\r
+\r
} catch (URISyntaxException e) {\r
logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);\r
} catch (GeneralSecurityException e) {\r
projects / gitblit.git / commitdiff