/** * @see org.projectforge.business.login.LoginHandler#checkLogin(java.lang.String, java.lang.String, boolean) */ @Override public LoginResult checkLogin(final String username, final String password) { final LoginResult loginResult = loginDefaultHandler.checkLogin(username, password); if (loginResult.getLoginResultStatus() != LoginResultStatus.SUCCESS) { return loginResult; } try { // User is now logged-in successfully. final LdapUser authLdapUser = ldapUserDao.authenticate(username, password, userBase); if (authLdapUser == null) { final PFUserDO user = loginResult.getUser(); final LdapUser ldapUser = pfUserDOConverter.convert(user); ldapUser.setOrganizationalUnit(userBase); log.info("User's credentials in LDAP not up-to-date: " + username + ". Updating LDAP entry..."); ldapUserDao.createOrUpdate(userBase, ldapUser); ldapUserDao.changePassword(ldapUser, null, password); // update the userPassword but not the (WLAN)sambaNTPassword } } catch (final Exception ex) { log.error("An exception occured while checking login against LDAP system (ignoring this error): " + ex.getMessage(), ex); } return loginResult; }
createAndAddModificationItems(list, "cn", user.getCommonName()); final boolean modifyPosixAccount = isPosixAccountsConfigured() == true && PFUserDOConverter.isPosixAccountValuesEmpty(user) == false; final boolean modifySambaAccount = isSambaAccountsConfigured() == true && PFUserDOConverter.isSambaAccountValuesEmpty(user) == false; if (modifyPosixAccount == true || modifySambaAccount == true) { if (user.getObjectClasses() != null) { final List<String> missedObjectClasses = LdapUtils.getMissedObjectClasses(getAdditionalObjectClasses(user), getObjectClass(), user.getObjectClasses()); if (CollectionUtils.isNotEmpty(missedObjectClasses) == true) { for (final String missedObjectClass : missedObjectClasses) { list.add(createModificationItem(DirContext.ADD_ATTRIBUTE, "objectClass", missedObjectClass)); createAndAddModificationItems(list, "uidNumber", String.valueOf(user.getUidNumber())); createAndAddModificationItems(list, "gidNumber", String.valueOf(user.getGidNumber())); createAndAddModificationItems(list, "homeDirectory", user.getHomeDirectory()); createAndAddModificationItems(list, "loginShell", user.getLoginShell()); createAndAddModificationItems(list, "sambaSID", ldapConfig.getSambaAccountsConfig().getSambaSID(user.getSambaSIDNumber())); createAndAddModificationItems(list, "sambaPrimaryGroupSID", ldapConfig.getSambaAccountsConfig().getSambaPrimaryGroupSID(user.getSambaPrimaryGroupSIDNumber())); createAndAddModificationItems(list, "sambaAcctFlags", "U "); createAndAddModificationItems(list, "sambaPasswordHistory", "0000000000000000000000000000000000000000000000000000000000000000"); createAndAddModificationItems(list, "sambaPwdLastSet", String.valueOf(user.getSambaPwdLastSetAsUnixEpochSeconds()));
public void changeWlanPassword(final LdapUser user, final String newPassword) { final String sambaPasswordAttributeId = "sambaNTPassword"; if (isSambaAccountsConfigured() == false) { log.error("Could not change attribute " + sambaPasswordAttributeId + " because the samba accounts are not configured."); return; } if (user.getSambaSIDNumber() == null) { log.error("Could not change attribute " + sambaPasswordAttributeId + " because the sambaSID is null."); return; } log.info("Change attribute " + sambaPasswordAttributeId + " for " + getObjectClass() + ": " + buildDn(null, user)); final String sambaNTPassword = SmbEncrypt.NTUNICODEHash(newPassword); final ModificationItem modItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(sambaPasswordAttributeId, sambaNTPassword)); // Perform the update modify(user, Collections.singletonList(modItem)); }
/** * @see org.projectforge.business.ldap.LdapDao#getAdditionalObjectClasses(org.projectforge.business.ldap.LdapObject) */ @Override protected String[] getAdditionalObjectClasses(final LdapUser obj) { final boolean posixAccount = isPosixAccountsConfigured() == true && PFUserDOConverter.isPosixAccountValuesEmpty(obj) == false; final boolean sambaAccount = isSambaAccountsConfigured() == true && PFUserDOConverter.isSambaAccountValuesEmpty(obj) == false; if (ALL_OBJECT_CLASSES == null) { initializeObjectClasses(); } if (posixAccount == true) { if (sambaAccount == true) { return ALL_OBJECT_CLASSES_WITH_SAMBA_AND_POSIX_ACCOUNT; } return ALL_OBJECT_CLASSES_WITH_POSIX_ACCOUNT; } if (sambaAccount == true) { return ALL_OBJECT_CLASSES_WITH_SAMBA_ACCOUNT; } return ALL_OBJECT_CLASSES; }
public void reactivateUser(final DirContext ctx, final LdapUser user) throws NamingException { log.info("Reactivate deactivated user: " + buildDn(null, user)); final String ou = LdapUtils.getOu(user.getOrganizationalUnit()); if (ou.startsWith(DEACTIVATED_SUB_CONTEXT2) == false) { log.info("Object isn't in a deactivated sub-context, nothing will be done: " + buildDn(null, user)); return; } String newPath; if (ou.startsWith(DEACTIVATED_SUB_CONTEXT3) == true) { newPath = ou.substring(DEACTIVATED_SUB_CONTEXT3.length()); } else { newPath = ou.substring(DEACTIVATED_SUB_CONTEXT2.length()); } move(ctx, user, newPath); user.setOrganizationalUnit(newPath); }
"deactivated", "restrictedUser"); if (ldapUserDao.isPosixAccountsConfigured() == true && isPosixAccountValuesEmpty(src) == false) { ListHelper.addAll(properties, "uidNumber", "gidNumber", "homeDirectory", "loginShell"); if (ldapUserDao.isSambaAccountsConfigured() == true && isSambaAccountValuesEmpty(src) == false) { ListHelper.addAll(properties, "sambaSIDNumber", "sambaPrimaryGroupSIDNumber", "sambaNTPassword"); if (ldapUserDao.isSambaAccountsConfigured() == true && isSambaAccountValuesEmpty(src) == false) { final long diffSambaPwdLastSet = dest.getSambaPwdLastSetAsUnixEpochSeconds() - src.getSambaPwdLastSetAsUnixEpochSeconds();
ldapUserDao.create(ctx, userBase, updatedLdapUser); created++; if (user.isDeleted() == true || user.isLocalUser() == true) { ldapUserDao.delete(ctx, updatedLdapUser); deleted++; } else { if (StringUtils.equals(updatedLdapUser.getUid(), ldapUser.getUid()) == false) { ldapUserDao.rename(ctx, updatedLdapUser, ldapUser); renamed++; ldapUserDao.update(ctx, userBase, updatedLdapUser); updated++; } else { if (updatedLdapUser.isDeactivated()) { log.warn("User password for deactivated user is set: " + ldapUser); ldapUserDao.deactivateUser(ctx, updatedLdapUser); ldapUserDao.buildDn(userBase, updatedLdapUser); updatedLdapUsers.add(updatedLdapUser); } catch (final Exception ex) { ldapUserDao.buildDn(userBase, updatedLdapUser); updatedLdapUsers.add(updatedLdapUser); log.error("Error while proceeding user '" + user.getUsername() + "'. Continuing with next user.", ex);
ldapPersonDao = new LdapPersonDao(); ldapPersonDao.setLdapConnector(ldapConnector); ldapUserDao = new LdapUserDao(); ldapUserDao.setLdapConnector(ldapConnector); ldapUserDao.setLdapPersonDao(ldapPersonDao); ldapOrganizationalUnitDao = new LdapOrganizationalUnitDao(); ldapOrganizationalUnitDao.setLdapConnector(ldapConnector);
/** * @see org.projectforge.business.ldap.LdapDao#getAdditionalObjectClasses(org.projectforge.business.ldap.LdapObject) */ @Override protected String[] getAdditionalObjectClasses(final LdapGroup obj) { final boolean posixAccount = ldapUserDao.isPosixAccountsConfigured() == true && groupDOConverter.isPosixAccountValuesEmpty(obj) == false; if (posixAccount == true) { return ADDITIONAL_OBJECT_CLASSES_WITH_POSIX_SUPPORT; } return ADDITIONAL_OBJECT_CLASSES; }
public void deactivateUser(final DirContext ctx, final LdapUser user) throws NamingException { log.info("Deactivate user: " + buildDn(null, user)); final List<ModificationItem> modificationItems = new ArrayList<ModificationItem>(); modificationItems.add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("userPassword", null))); modificationItems .add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("mail", DEACTIVATED_MAIL))); buildDn(null, user); modify(ctx, user, modificationItems); final String ou = user.getOrganizationalUnit(); if (ou.startsWith(DEACTIVATED_SUB_CONTEXT2) == false) { // Move user to the sub-context "deactivated". final String newOu = LdapUtils.getOu(DEACTIVATED_SUB_CONTEXT, getOuBase()); move(ctx, user, newOu); user.setOrganizationalUnit(newOu); } }
/** * @see org.projectforge.business.login.LoginHandler#initialize() */ @Override public void initialize() { if (ldapConfig == null) { // May-be already set by test class. this.ldapConfig = ldapService.getLdapConfig(); if (ldapConfig == null || ldapConfig.getServer() == null) { log.warn("No LDAP configured in config.xml, so any login will be impossible!"); } } baseDN = ldapConfig.getBaseDN(); userBase = ldapConfig.getUserBase(); groupBase = ldapConfig.getGroupBase(); ldapConnector = new LdapConnector(ldapConfig); ldapGroupDao.setLdapConnector(ldapConnector); // May-be already set by test class. ldapUserDao.setLdapConnector(ldapConnector); ldapUserDao.setLdapPersonDao((LdapPersonDao) ldapPersonDao.setLdapConnector(ldapConnector)); if (ldapOrganizationalUnitDao == null) { // May-be already set by test class. ldapOrganizationalUnitDao = new LdapOrganizationalUnitDao(); ldapOrganizationalUnitDao.setLdapConnector(ldapConnector); } }
/** * @see org.projectforge.business.login.LoginHandler#passwordChanged(org.projectforge.framework.persistence.user.entities.PFUserDO, * java.lang.String) */ @Override public void passwordChanged(final PFUserDO user, final String newPassword) { final LdapUser ldapUser = ldapUserDao.findById(user.getId()); if (user.isDeleted() == true || user.isLocalUser() == true) { // Don't change passwords of such users. return; } if (ldapUser != null) { ldapUserDao.changePassword(ldapUser, null, newPassword); final LdapUser authenticatedUser = ldapUserDao.authenticate(user.getUsername(), newPassword); log.info("Password changed successfully for : " + authenticatedUser); } else { log.error("Can't change LDAP password for user '" + user.getUsername() + "'! Not such user found in LDAP!."); } }
setUserAsRestrictedUser(ctx, user); log.info("Move user from restricted sub context: " + buildDn(null, user)); String newPath; if (ou.startsWith(RESTRICTED_USER_SUB_CONTEXT3) == true) { newPath = ou.substring(RESTRICTED_USER_SUB_CONTEXT2.length()); move(ctx, user, newPath); user.setOrganizationalUnit(newPath);
public void changePassword(final LdapUser user, final String oldPassword, final String newPassword) { final String userPasswordId = "userPassword"; log.info("Change attribute " + userPasswordId + " for " + getObjectClass() + ": " + buildDn(null, user)); final List<ModificationItem> modificationItems = new ArrayList<>(); if (oldPassword != null) { modificationItems .add(new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute(userPasswordId, oldPassword))); modificationItems .add(new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute(userPasswordId, newPassword))); } else { modificationItems .add(new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute(userPasswordId, newPassword))); } // Perform the update modify(user, modificationItems); }
@Override public void wlanPasswordChanged(final PFUserDO user, final String newPassword) { final LdapUser ldapUser = ldapUserDao.findById(user.getId()); if (user.isDeleted() == true || user.isLocalUser() == true) { // Don't change passwords of such users. return; } if (ldapUser != null) { ldapUserDao.changeWlanPassword(ldapUser, newPassword); log.info("WLAN Password changed successfully for : " + ldapUser); } else { log.error("Can't change LDAP WLAN password for user '" + user.getUsername() + "'! Not such user found in LDAP!."); } }
public void loginAndCreateLdapUser() { final String userBase = "ou=pf-mock-test-users"; final LdapUserDao ldapUserDao = mock(LdapUserDao.class); loginHandler.ldapConfig = new LdapConfig().setUserBase(userBase); loginHandler.ldapUserDao = ldapUserDao; loginHandler.ldapOrganizationalUnitDao = mock(LdapOrganizationalUnitDao.class); loginHandler.initialize(); Login.getInstance().setLoginHandler(loginHandler); logon(TEST_ADMIN_USER); final PFUserDO user = new PFUserDO().setUsername("kai").setFirstname("Kai").setLastname("Reinhard"); userService.createEncryptedPassword(user, "successful"); userService.save(user); Assert.assertEquals(LoginResultStatus.SUCCESS, loginHandler.checkLogin("kai", "successful").getLoginResultStatus()); final ArgumentCaptor<LdapUser> argumentCaptor = ArgumentCaptor.forClass(LdapUser.class); verify(ldapUserDao).createOrUpdate(Mockito.anyString(), argumentCaptor.capture()); final LdapUser createdLdapUser = argumentCaptor.getValue(); Assert.assertEquals("kai", createdLdapUser.getUid()); Assert.assertEquals("Kai", createdLdapUser.getGivenName()); Assert.assertEquals("Reinhard", createdLdapUser.getSurname()); // Assert.assertEquals("successful", createdLdapUser.get()); logoff(); }
final LdapUser ldapUser = ldapUserDao.authenticate(username, password, organizationalUnits); if (ldapUser == null) { log.info("User login failed: " + username);
ldapPersonDao.mapToObject(dn, user, attributes); ldapConfig = ldapService.getLdapConfig(); final boolean posixAccountsConfigured = isPosixAccountsConfigured(); final boolean sambaAccountsConfigured = isSambaAccountsConfigured(); if (posixAccountsConfigured == true || sambaAccountsConfigured == true) { final String no = LdapUtils.getAttributeStringValue(attributes, "uidNumber");
sortable), "usernames", cellItemListener)); if (ldapUserDao.isPosixAccountsConfigured() == true) { columns .add(new CellItemListenerPropertyColumn<GroupDO>(getString("group.ldapValues"), "ldapValues", "ldapValues",
private void setUserAsRestrictedUser(final DirContext ctx, final LdapUser user) throws NamingException { log.info("Move user to restricted sub context: " + buildDn(null, user)); if (user.isDeactivated() == true) { log.info("User is deactivated, thus the restricted-user-status is ignored: " + buildDn(null, user)); return; } final String ou = user.getOrganizationalUnit(); if (ou.startsWith(RESTRICTED_USER_SUB_CONTEXT2) == false) { // Move user to the sub-context "restricted". final String newOu = LdapUtils.getOu(RESTRICTED_USER_SUB_CONTEXT, user.getOrganizationalUnit()); move(ctx, user, newOu); user.setOrganizationalUnit(newOu); } }