safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1115: Add LDAP query for retrieving the DNs which correspond to a particular user account.

Browse Source
This commit is contained in:
Michael Jumper
2015-10-23 15:18:33 -07:00
parent eca825c899
commit 947e7b1004
1 changed files with 105 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/user/UserService.java
View File

@@ -28,7 +28,9 @@ import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPEntry;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPSearchResults;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.glyptodon.guacamole.auth.ldap.ConfigurationService;
import org.glyptodon.guacamole.auth.ldap.EscapingService;
@@ -164,4 +166,107 @@ public class UserService {
}
/**
* Generates a properly-escaped LDAP query which finds all objects having
* at least one username attribute set to the specified username, where
* the possible username attributes are defined within
* guacamole.properties.
*
* @param username
* The username that the resulting LDAP query should search for within
* objects within the LDAP directory.
*
* @return
* An LDAP query which will search for arbitrary LDAP objects
* containing at least one username attribute set to the specified
* username.
*
* @throws GuacamoleException
* If the LDAP query cannot be generated because the list of username
* attributes cannot be parsed from guacamole.properties.
*/
private String generateLDAPQuery(String username)
throws GuacamoleException {
List<String> usernameAttributes = confService.getUsernameAttributes();
// Build LDAP query for users having at least one username attribute
// with the specified username as its value
StringBuilder ldapQuery = new StringBuilder("(&(objectClass=*)");
// Include all attributes within OR clause if there are more than one
if (usernameAttributes.size() > 1)
ldapQuery.append("(|");
// Add equality comparison for each possible username attribute
for (String usernameAttribute : usernameAttributes) {
ldapQuery.append("(");
ldapQuery.append(escapingService.escapeLDAPSearchFilter(usernameAttribute));
ldapQuery.append("=");
ldapQuery.append(escapingService.escapeLDAPSearchFilter(username));
ldapQuery.append(")");
}
// Close OR clause, if any
if (usernameAttributes.size() > 1)
ldapQuery.append(")");
return ldapQuery.toString();
}
/**
* Returns a list of all DNs corresponding to the users having the given
* username. If multiple username attributes are defined, or if uniqueness
* is not enforced across the username attribute, it is possible that this
* will return multiple DNs.
*
* @param ldapConnection
* The connection to the LDAP server to use when querying user DNs.
*
* @param username
* The username of the user whose corresponding user account DNs are
* to be retrieved.
*
* @return
* A list of all DNs corresponding to the users having the given
* username. If no such DNs exist, this list will be empty.
*
* @throws GuacamoleException
* If an error occurs while querying the user DNs, or if the username
* attribute property cannot be parsed within guacamole.properties.
*/
public List<String> getUserDNs(LDAPConnection ldapConnection,
String username) throws GuacamoleException {
try {
List<String> userDNs = new ArrayList<String>();
// Find all Guacamole users underneath base DN and matching the
// specified username
LDAPSearchResults results = ldapConnection.search(
confService.getUserBaseDN(),
LDAPConnection.SCOPE_SUB,
generateLDAPQuery(username),
null,
false
);
// Add all DNs for found users
while (results.hasMore()) {
LDAPEntry entry = results.next();
userDNs.add(entry.getDN());
}
// Return all discovered DNs (if any)
return userDNs;
}
catch (LDAPException e) {
throw new GuacamoleServerException("Error while query user DNs.", e);
}
}
}