diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index af67e2be2..c33e3204f 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -238,38 +238,18 @@ public class ConfigurationService { * dereference them. * * @return - * An integer value that maps to the JLDAP constants - * for dereferencing - 0 is DEREF_NEVER, 1 is DEREF_SEARCHING, - * 2 is DEREF_FINDING, and 3 is DEREF_ALWAYS - as configured - * in guacamole.properties. + * The behavior for handling dereferencing of aliases + * as configured in guacamole.properties. * * @throws GuacamoleException * If guacamole.properties cannot be parsed. */ - public int getDereferenceAliases() throws GuacamoleException { - String derefAliases = environment.getProperty( + public DereferenceAliases getDereferenceAliases() throws GuacamoleException { + return environment.getProperty( LDAPGuacamoleProperties.LDAP_DEREFERENCE_ALIASES, - "never" + DereferenceAliases.NEVER ); - if (derefAliases.equals("always")) - return 3; - - else if (derefAliases.equals("finding")) - return 2; - - else if (derefAliases.equals("searching")) - return 1; - - else if (derefAliases.equals("never")) - return 0; - - else { - logger.error("Invalid value given for ldap-dereference-aliases."); - logger.debug("Received {} but expected one of the following: always, finding, searching, never.", derefAliases); - throw new GuacamoleException("Invalid valid for ldap-dereference-aliases."); - } - } /** @@ -292,7 +272,7 @@ public class ConfigurationService { LDAPSearchConstraints constraints = new LDAPSearchConstraints(); constraints.setMaxResults(getMaxResults()); - constraints.setDereference(getDereferenceAliases()); + constraints.setDereference(getDereferenceAliases().DEREF_VALUE); return constraints; diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java new file mode 100644 index 000000000..5c339d6f8 --- /dev/null +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliases.java @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.ldap; + +/** + * Acceptable values for configuring the dereferencing of aliases in + * talking to LDAP servers. + */ +public enum DereferenceAliases { + + /** + * Never dereference aliases. This is the default. + */ + NEVER(0), + + /** + * Aliases are dereferenced below the base object, but not to locate + * the base object itself. So, if the base object is itself an alias + * the search will not complete. + */ + SEARCHING(1), + + /** + * Aliases are only dereferenced to locate the base object, but not + * after that. So, a search against a base object that is an alias will + * find any subordinates of the real object the aliase references, but + * further aliases in the search will not be dereferenced. + */ + FINDING(2), + + /** + * Aliases will always be dereferenced, both to locate the base object + * and when handling results returned by the search. + */ + ALWAYS(3); + + /** + * The integer value that the enum represents, which is used in + * configuring the JLDAP library. + */ + public final int DEREF_VALUE; + + /** + * Initializes the dereference aliases object with the integer + * value the setting maps to per the JLDAP implementation. + * + * @param derefValue + * The value associated with this dereference setting + */ + private DereferenceAliases(int derefValue) { + this.DEREF_VALUE = derefValue; + } + +} diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java new file mode 100644 index 000000000..61a8944ca --- /dev/null +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/DereferenceAliasesProperty.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.ldap; + +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleServerException; +import org.apache.guacamole.properties.GuacamoleProperty; + +/** + * A GuacamoleProperty with a value of DereferenceAliases. The possible strings + * "never", "searching", "finding", and "always" are mapped to their values as a + * DereferenceAliases enum. Anything else results in a parse error. + */ +public abstract class DereferenceAliasesProperty implements GuacamoleProperty { + + @Override + public DereferenceAliases parseValue(String value) throws GuacamoleException { + + // No value provided, so return null. + if (value == null) + return null; + + // Never dereference aliases + if (value.equals("never")) + return DereferenceAliases.NEVER; + + // Dereference aliases during search operations, but not at base + if (value.equals("searching")) + return DereferenceAliases.SEARCHING; + + // Dereference aliases to locate base, but not during searches + if (value.equals("finding")) + return DereferenceAliases.FINDING; + + // Always dereference aliases + if (value.equals("always")) + return DereferenceAliases.ALWAYS; + + // Anything else is invalid and results in an error + throw new GuacamoleServerException("Dereference aliases must be one of \"never\", \"searching\", \"finding\", or \"always\"."); + + } + +} diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java index 9d3a4d5ec..9a8af589e 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java @@ -156,7 +156,7 @@ public class LDAPGuacamoleProperties { /** * The behavior of alias dereferencing for the LDAP connections. */ - public static final StringGuacamoleProperty LDAP_DEREFERENCE_ALIASES = new StringGuacamoleProperty() { + public static final DereferenceAliasesProperty LDAP_DEREFERENCE_ALIASES = new DereferenceAliasesProperty() { @Override public String getName() { return "ldap-dereference-aliases"; }