diff options
| author | Günter Dressel <g.dressel@cyledge.com> | 2013-11-21 18:13:18 +0100 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2013-11-22 09:48:01 -0500 |
| commit | 237faead29c2d0dfcc503fe80039a6d985764d81 (patch) | |
| tree | 31e81347d17673a878bb10d109f687589481eeb2 /src/main/java | |
| parent | abd1524e7bae97e17ac5f722faad1362297743ce (diff) | |
| download | gitblit-237faead29c2d0dfcc503fe80039a6d985764d81.tar.gz gitblit-237faead29c2d0dfcc503fe80039a6d985764d81.zip | |
Bind LDAP connection after TLS initialization (issue-343)
Diffstat (limited to 'src/main/java')
| -rw-r--r-- | src/main/java/com/gitblit/LdapUserService.java | 57 |
1 files changed, 27 insertions, 30 deletions
diff --git a/src/main/java/com/gitblit/LdapUserService.java b/src/main/java/com/gitblit/LdapUserService.java index db38c528..5a2dbdc8 100644 --- a/src/main/java/com/gitblit/LdapUserService.java +++ b/src/main/java/com/gitblit/LdapUserService.java @@ -43,6 +43,7 @@ import com.unboundid.ldap.sdk.ResultCode; import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
+import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
@@ -161,46 +162,42 @@ public class LdapUserService extends GitblitUserService { private LDAPConnection getLdapConnection() {
try {
+
URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
+ String ldapHost = ldapUrl.getHost();
+ int ldapPort = ldapUrl.getPort();
String bindUserName = settings.getString(Keys.realm.ldap.username, "");
String bindPassword = settings.getString(Keys.realm.ldap.password, "");
- int ldapPort = ldapUrl.getPort();
+
+ LDAPConnection conn;
if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) { // SSL
- if (ldapPort == -1) // Default Port
- ldapPort = 636;
-
- LDAPConnection conn;
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
- if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {
- conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort);
- } else {
- conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
- }
- return conn;
+ conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
+ } else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) { // no encryption or StartTLS
+ conn = new LDAPConnection();
} else {
- if (ldapPort == -1) // Default Port
- ldapPort = 389;
-
- LDAPConnection conn;
- if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {
- conn = new LDAPConnection(ldapUrl.getHost(), ldapPort);
- } else {
- conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
- }
-
- if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
- SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
-
- ExtendedResult extendedResult = conn.processExtendedOperation(
+ logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());
+ return null;
+ }
+
+ conn.connect(ldapHost, ldapPort);
+
+ if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
+ SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
+ ExtendedResult extendedResult = conn.processExtendedOperation(
new StartTLSExtendedRequest(sslUtil.createSSLContext()));
-
- if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
- throw new LDAPException(extendedResult.getResultCode());
- }
+ if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
+ throw new LDAPException(extendedResult.getResultCode());
}
- return conn;
}
+
+ if ( ! StringUtils.isEmpty(bindUserName) || ! StringUtils.isEmpty(bindPassword)) {
+ conn.bind(new SimpleBindRequest(bindUserName, bindPassword));
+ }
+
+ return conn;
+
} catch (URISyntaxException e) {
logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
} catch (GeneralSecurityException e) {
|