Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 864566 Details for
Bug 1066470
(6.3.0) LdapExtended login module: LDAP referrals not working despite earlier fix
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
standalone test program main code
Main.java (text/x-java), 11.36 KB, created by
Tom Fonteyne
on 2014-02-18 13:48:38 UTC
(
hide
)
Description:
standalone test program main code
Filename:
MIME Type:
Creator:
Tom Fonteyne
Created:
2014-02-18 13:48:38 UTC
Size:
11.36 KB
patch
obsolete
>package ldaptest; > >import java.io.IOException; >import java.util.Hashtable; >import javax.naming.CommunicationException; >import javax.naming.Context; >import javax.naming.NamingEnumeration; >import javax.naming.NamingException; >import javax.naming.ServiceUnavailableException; >import javax.naming.directory.Attribute; >import javax.naming.directory.Attributes; >import javax.naming.directory.SearchControls; >import javax.naming.directory.SearchResult; >import javax.naming.ldap.InitialLdapContext; >import javax.naming.ldap.LdapContext; >import javax.naming.ldap.StartTlsRequest; >import javax.naming.ldap.StartTlsResponse; > >/** > * > * @author Tom Fonteyne > */ >public class Main >{ > > private static final String VERSION = "2014-02-18"; > > private String url = null; > private String basedn = null; > private String filter = null; > private String userPassword = null; > > private String binddn = null; > private String bindCredentials = null; > > private StartTlsResponse tls = null; > private boolean useTLS = false; > private boolean allowFakeHostname = false; > private String referral = null; > private final SearchControls searchControls = new SearchControls(); > > /** > * @param args the command line arguments > * > * @throws javax.naming.NamingException > * @throws java.io.IOException > */ > public static void main(String[] args) throws NamingException, IOException > { > Main instance = new Main(args); > instance.exec(); > } > > private static void usage() > { > System.out.println("A simple LDAP connection checker - by Tom Fonteyne - version:" + VERSION); > System.out.println("Usage:"); > System.out.println( > " java -jar ldapTest.jar -u <url> -b <baseDN> -f <filter> [-D binddn -w password] [-rf|-ri|-rt] [-t [-n]]" > + "\n Required:" > + "\n -u url : in the format \"ldap://server:port\"" > + "\n -b baseDN : the base dn from which to search a user" > + "\n -f filter : a standard LDAP filter" > + "\n Optional:" > + "\n -p password : when set, the user (from the filter) will be authenticated" > + "\n -D binddn : bind (authenticate) to LDAP when creating the connection" > + "\n -w password : password for the bind" > + "\n -rf | -ri | -rt : referrals: follow | ignore | throw" > + "\n -t : use startTLS when connecting to the non-secure port" > + "\n -n : in combination with -t: do not check the certificate hostname" > + "\n\n Secure connections need:" > + "\n java -Djavax.net.ssl.trustStore=/path/to/store.jks -Djavax.net.ssl.trustStorePassword=password -jar ldapTest.jar ..." > ); > System.exit(1); > } > > public Main(String[] args) > { > readOptions(args); > } > > private void readOptions(String[] args) > { > int i = 0; > while (i < args.length) > { > if ("-u".equals(args[i])) > { > url = args[i + 1]; > i += 2; > } > else if ("-b".equals(args[i])) > { > basedn = args[i + 1]; > i += 2; > } > else if ("-f".equals(args[i])) > { > filter = args[i + 1]; > i += 2; > } > else if ("-p".equals(args[i])) > { > userPassword = args[i + 1]; > i += 2; > } > else if ("-D".equals(args[i])) > { > binddn = args[i + 1]; > i += 2; > } > else if ("-w".equals(args[i])) > { > bindCredentials = args[i + 1]; > i += 2; > } > else if ("-t".equals(args[i])) > { > useTLS = true; > i += 1; > } > else if ("-h".equals(args[i])) > { > allowFakeHostname = true; > i += 1; > } > else if ("-rf".equals(args[i])) > { > if (referral != null) > { > usage(); > } > referral = "follow"; > i += 1; > } > else if ("-ri".equals(args[i])) > { > if (referral != null) > { > usage(); > } > referral = "ignore"; > i += 1; > } > else if ("-rt".equals(args[i])) > { > if (referral != null) > { > usage(); > } > referral = "throw"; > i += 1; > } > else > { > usage(); > } > } > > if ((url == null && basedn == null && filter == null)) > { > usage(); > } > } > > private void exec() throws IOException, NamingException > { > LdapContext ctx = this.getLdapContext(url, binddn, bindCredentials); > > searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE); > > // don't do this, we want all attributes in this test tool > //searchControls.setReturningAttributes(new String[] {"dn"}); > > NamingEnumeration<SearchResult> results = doSearch(ctx); > > SearchResult result; > Attributes ldapAttributes; > String distinguishedUserDN; > boolean found = false; > while (results.hasMore()) > { > result = results.next(); > ldapAttributes = result.getAttributes(); > distinguishedUserDN = this.getUserdn(ldapAttributes, result); > boolean relative = result.isRelative(); > String name = result.getName(); > String nameinns = result.getNameInNamespace(); > found = true; > System.out.println("---------------------------------------------"); > System.out.println("dn was: " + (relative ? "relative" : "absolute")); > System.out.println("dn : " + distinguishedUserDN); > System.out.println("name : " + name); > System.out.println("NameInNamespace: " + nameinns); > System.out.println("------------attributes-----------------------"); > this.dumpAttributes(ldapAttributes.getAll()); > System.out.println("---------------------------------------------"); > if (userPassword != null) > { > System.out.println("authentication " + (authUser(result) ? "successful" : "failed")); > } > } > if (!found) > { > System.out.println("No results found"); > } > exit(ctx); > } > > > > private boolean authUser(SearchResult result) throws IOException, NamingException > { > LdapContext ctx; > > if (result.getName().startsWith("ldap")) > { > //TODO: the big question.... is this the right way of doing this ? > String ref_url = result.getName().substring(0, result.getName().indexOf("/", 8)); > String ref_binddn = result.getNameInNamespace(); > > System.out.println("Following referral to: " + ref_url); > ctx = this.getLdapContext(ref_url, ref_binddn, userPassword); > } > else > { > ctx = this.getLdapContext(url, binddn, bindCredentials); > } > > return (ctx != null); > } > > public LdapContext getLdapContext(String url, String binddn, String bindCredentials) throws IOException, NamingException > { > Hashtable env = new Hashtable(); > env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); > env.put(Context.PROVIDER_URL, url); > if (referral != null) > { > env.put(Context.REFERRAL, referral); > } > if (binddn != null) > { > System.out.println("Binding with principal: " + binddn); > env.put(Context.SECURITY_AUTHENTICATION, "simple"); // not actually needed > env.put(Context.SECURITY_PRINCIPAL, binddn); > } > if (bindCredentials != null) > { > env.put(Context.SECURITY_CREDENTIALS, bindCredentials); > } > > if (url.startsWith("ldaps")) > { > env.put(Context.SECURITY_PROTOCOL, "ssl"); // usually not needed > } > > LdapContext ctx = new InitialLdapContext(env, null); > System.out.println("Connected to: " + url); > if (useTLS && (url.startsWith("ldap:"))) > { > tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest()); > if (allowFakeHostname) > { > tls.setHostnameVerifier(new HostnameFakeVerifier()); > } > tls.negotiate(); > System.out.println("TLS enabled"); > } > > return ctx; > } > > private NamingEnumeration<SearchResult> doSearch(LdapContext ctx) > { > NamingEnumeration<SearchResult> results = null; > try > { > results = ctx.search(basedn, filter, searchControls); > } > catch (ServiceUnavailableException sue) > { > System.out.println("search: " + sue); > } > catch (CommunicationException ce) > { > System.out.println("search: " + ce); > } > catch (NamingException ne) > { > System.out.println("search: " + ne); > } > if (results == null) > { > System.out.println("No results found"); > exit(ctx); > } > return results; > } > > private String getUserdn(Attributes ldapAttributes, SearchResult result) throws NamingException > { > String distinguishedUserDN = null; > if (ldapAttributes != null) > { > Attribute dn = ldapAttributes.get("dn"); > if (dn != null) > { > distinguishedUserDN = (String) dn.get(); > } > } > if (distinguishedUserDN == null) > { > if (result.isRelative() == true) > { > distinguishedUserDN = result.getName() + ("".equals(basedn) ? "" : "," + basedn); > } > else > { > distinguishedUserDN = result.getNameInNamespace(); > > } > } > return distinguishedUserDN; > } > > private void dumpAttributes(NamingEnumeration attributes) throws NamingException > { > Attribute attr; > while (attributes.hasMore()) > { > attr = (Attribute) attributes.next(); > if (attr != null) > { > Object values = attr.get(); > if (values == null) > { > System.out.println(attr.getID() + "=<<<no values found>>>"); > } > else > { > int size = attr.size(); > if (size == 0) > { > System.out.println(attr.getID() + "=<<<size was 0>>>"); > } > else > { > for (int s = 0; s < size; s++) > { > System.out.println(attr.getID() + "=" + attr.get(s).toString()); > } > } > } > } > } > } > > private void exit(LdapContext ctx) > { > if (ctx == null) return; > try > { > ctx.close(); > } > catch (NamingException ne) > { > } > System.exit(0); > } >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=864566">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1066470
:
864564
|
864565
| 864566 |
864567