diff options
| author | Steffen Gebert <steffen.gebert@informatik.uni-wuerzburg.de> | 2012-08-09 10:45:59 +0200 |
|---|---|---|
| committer | Steffen Gebert <steffen.gebert@typo3.org> | 2012-08-09 15:32:31 +0200 |
| commit | 845b532f90092638606c71a446bef10e5a45f3af (patch) | |
| tree | d56af7f6f7c9f72ccf2ce94416a4f969698e0ca4 /src/com/gitblit/LdapUserService.java | |
| parent | 756117adc7f5b4bd21948ede7ab0085aa42d5ccc (diff) | |
| download | gitblit-845b532f90092638606c71a446bef10e5a45f3af.tar.gz gitblit-845b532f90092638606c71a446bef10e5a45f3af.zip | |
StartTLS is not supported in LdapUserService (issue 122)
By providing an URL in the format "ldap+tls://ldapserver.example.com",
you can now connect to LDAP servers that require StartTLS command.
Diffstat (limited to 'src/com/gitblit/LdapUserService.java')
| -rw-r--r-- | src/com/gitblit/LdapUserService.java | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/com/gitblit/LdapUserService.java b/src/com/gitblit/LdapUserService.java index 61de01d9..38376b81 100644 --- a/src/com/gitblit/LdapUserService.java +++ b/src/com/gitblit/LdapUserService.java @@ -30,12 +30,15 @@ import com.gitblit.models.UserModel; import com.gitblit.utils.ArrayUtils;
import com.gitblit.utils.StringUtils;
import com.unboundid.ldap.sdk.Attribute;
+import com.unboundid.ldap.sdk.ExtendedResult;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPSearchException;
+import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
+import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
@@ -81,10 +84,22 @@ public class LdapUserService extends GitblitUserService { if (ldapPort == -1) // Default Port
ldapPort = 389;
- return new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
+ LDAPConnection conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
+
+ if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
+ SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
+
+ ExtendedResult extendedResult = conn.processExtendedOperation(
+ new StartTLSExtendedRequest(sslUtil.createSSLContext()));
+
+ if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
+ throw new LDAPException(extendedResult.getResultCode());
+ }
+ }
+ return conn;
}
} catch (URISyntaxException e) {
- logger.error("Bad LDAP URL, should be in the form: ldap(s)://<server>:<port>", e);
+ logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
} catch (GeneralSecurityException e) {
logger.error("Unable to create SSL Connection", e);
} catch (LDAPException e) {
|