diff --git a/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPAuthenticationHandler.java b/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPAuthenticationHandler.java index a182826af6..d5d55e60c4 100644 --- a/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPAuthenticationHandler.java +++ b/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPAuthenticationHandler.java @@ -136,42 +136,17 @@ public class LDAPAuthenticationHandler implements AuthenticationHandler public AuthenticationResult authenticate(HttpServletRequest request, HttpServletResponse response, String username, String password) { - AssertUtil.assertIsNotEmpty(username); - AssertUtil.assertIsNotEmpty(password); - AuthenticationResult result = AuthenticationResult.NOT_FOUND; - DirContext bindContext = null; - try + if (config.isEnabled()) { - bindContext = createBindContext(); - - if (bindContext != null) - { - SearchResult searchResult = getUserSearchResult(bindContext, username); - - if (searchResult != null) - { - result = AuthenticationResult.FAILED; - - String userDN = searchResult.getNameInNamespace(); - - if (authenticateUser(userDN, password)) - { - Attributes attributes = searchResult.getAttributes(); - User user = createUser(attributes); - Set groups = new HashSet(); - - fetchGroups(bindContext, groups, userDN); - getGroups(attributes, groups); - result = new AuthenticationResult(user, groups); - } // password wrong ? - } // user not found - } // no bind context available + AssertUtil.assertIsNotEmpty(username); + AssertUtil.assertIsNotEmpty(password); + result = authenticate(username, password); } - finally + else if (logger.isWarnEnabled()) { - LdapUtil.close(bindContext); + logger.warn("ldap plugin is disabled"); } return result; @@ -275,6 +250,55 @@ public class LDAPAuthenticationHandler implements AuthenticationHandler } } + /** + * Method description + * + * + * @param username + * @param password + * + * @return + */ + private AuthenticationResult authenticate(String username, String password) + { + AuthenticationResult result = AuthenticationResult.NOT_FOUND; + DirContext bindContext = null; + + try + { + bindContext = createBindContext(); + + if (bindContext != null) + { + SearchResult searchResult = getUserSearchResult(bindContext, username); + + if (searchResult != null) + { + result = AuthenticationResult.FAILED; + + String userDN = searchResult.getNameInNamespace(); + + if (authenticateUser(userDN, password)) + { + Attributes attributes = searchResult.getAttributes(); + User user = createUser(attributes); + Set groups = new HashSet(); + + fetchGroups(bindContext, groups, userDN); + getGroups(attributes, groups); + result = new AuthenticationResult(user, groups); + } // password wrong ? + } // user not found + } // no bind context available + } + finally + { + LdapUtil.close(bindContext); + } + + return result; + } + /** * Method description * diff --git a/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPConfig.java b/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPConfig.java index 45dd07ea8f..da5b0a7e61 100644 --- a/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPConfig.java +++ b/plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPConfig.java @@ -63,6 +63,17 @@ public class LDAPConfig return attributeNameFullname; } + /** + * Method description + * + * + * @return + */ + public String getAttributeNameGroup() + { + return attributeNameGroup; + } + /** * Method description * @@ -85,10 +96,6 @@ public class LDAPConfig return attributeNameMail; } - public String getAttributeNameGroup() { - return attributeNameGroup; - } - /** * Method description * @@ -177,29 +184,29 @@ public class LDAPConfig return unitPeople; } - //~--- methods -------------------------------------------------------------- + /** + * Method description + * + * + * @return + */ + public boolean isEnabled() + { + return enabled; + } + + //~--- set methods ---------------------------------------------------------- /** * Method description * * - * @param rawString * - * @return + * @param enabled */ - private Set split(String rawString) + public void setEnabled(boolean enabled) { - Set tokens = new HashSet(); - - for (String token : rawString.split(",")) - { - if (token.trim().length() > 0) - { - tokens.add(token.trim()); - } - } - - return tokens; + this.enabled = enabled; } //~--- fields --------------------------------------------------------------- @@ -208,6 +215,10 @@ public class LDAPConfig @XmlElement(name = "attribute-name-fullname") private String attributeNameFullname = "cn"; + /** Field description */ + @XmlElement(name = "attribute-name-group") + private String attributeNameGroup = "group"; + /** Field description */ @XmlElement(name = "attribute-name-id") private String attributeNameId = "uid"; @@ -215,9 +226,6 @@ public class LDAPConfig /** Field description */ @XmlElement(name = "attribute-name-mail") private String attributeNameMail = "mail"; - - @XmlElement(name = "attribute-name-group") - private String attributeNameGroup = "group"; /** Field description */ @XmlElement(name = "base-dn") @@ -250,4 +258,8 @@ public class LDAPConfig /** Field description */ @XmlElement(name = "unit-people") private String unitPeople = "ou=people"; + + /** Field description */ + @XmlElement(name = "enabled") + private boolean enabled = false; } diff --git a/plugins/scm-auth-ldap-plugin/src/main/resources/sonia/scm/auth/ldap/sonia.ldap.js b/plugins/scm-auth-ldap-plugin/src/main/resources/sonia/scm/auth/ldap/sonia.ldap.js index 18af70ad7f..4ba1050894 100644 --- a/plugins/scm-auth-ldap-plugin/src/main/resources/sonia/scm/auth/ldap/sonia.ldap.js +++ b/plugins/scm-auth-ldap-plugin/src/main/resources/sonia/scm/auth/ldap/sonia.ldap.js @@ -30,7 +30,6 @@ */ - registerGeneralConfigPanel({ xtype : 'configForm', title : 'LDAP Authentication', @@ -39,57 +38,48 @@ registerGeneralConfigPanel({ fieldLabel : 'Fullname Attribute Name', name : 'attribute-name-fullname', allowBlank : true - } - ,{ + },{ xtype : 'textfield', fieldLabel : 'ID Attribute Name', name : 'attribute-name-id', allowBlank : true - } - ,{ + },{ xtype : 'textfield', fieldLabel : 'Mail Attribute Name', name : 'attribute-name-mail', allowBlank : true - } - ,{ + },{ xtype : 'textfield', fieldLabel : 'Group Attribute Name', name : 'attribute-name-group', allowBlank : true - } - ,{ + },{ xtype : 'textfield', fieldLabel : 'Base DN', name : 'base-dn', allowBlank : true - } - ,{ + },{ xtype : 'textfield', fieldLabel : 'Connection DN', name : 'connection-dn', allowBlank : true - } - ,{ + },{ xtype : 'textfield', inputType: 'password', fieldLabel : 'Connection Password', name : 'connection-password', allowBlank : true - } - ,{ + },{ xtype : 'textfield', fieldLabel : 'Host URL', name : 'host-url', allowBlank : true - } - ,{ + },{ xtype : 'textfield', fieldLabel : 'Search Filter', name : 'search-filter', allowBlank : true - } - ,{ + },{ xtype : 'combo', fieldLabel : 'Search Scope', name : 'search-scope', @@ -108,18 +98,20 @@ registerGeneralConfigPanel({ ['sub'] ] }) - } - ,{ + },{ xtype : 'textfield', fieldLabel : 'Groups Unit', name : 'unit-groups', allowBlank : true - } - ,{ + },{ xtype : 'textfield', fieldLabel : 'Groups People', name : 'unit-people', allowBlank : true + },{ + xtpye: 'checkbox', + fieldLabel : 'Enabled', + name: 'enabled' }], onSubmit: function(values){