GUAC-1115: Split bindAs() into LDAP- and Guacamole-specific versions of the same.

2025-09-06 05:07:41 +00:00 · 2015-10-23 15:17:57 -07:00
parent c563fa43b4
commit eca825c899
1 changed files with 56 additions and 31 deletions
--- a/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/glyptodon/guacamole/auth/ldap/AuthenticationProviderService.java
@@ -111,13 +111,14 @@ public class AuthenticationProviderService {
    }

    /**
-     * Binds to the LDAP server using the provided Guacamole credentials. The
-     * DN of the user is derived using the LDAP configuration properties
-     * provided in guacamole.properties, as is the server hostname and port
-     * information.
+     * Binds to the LDAP server using the provided user DN and password.
     *
-     * @param credentials
-     *     The credentials to use to bind to the LDAP server.
+     * @param userDN
+     *     The DN of the user to bind as, or null to bind anonymously.
+     *
+     * @param password
+     *     The password to use when binding as the specified user, or null to
+     *     attempt to bind without a password.
     *
     * @return
     *     A bound LDAP connection, or null if the connection could not be
@@ -126,27 +127,11 @@ public class AuthenticationProviderService {
     * @throws GuacamoleException
     *     If an error occurs while binding to the LDAP server.
     */
-    private LDAPConnection bindAs(Credentials credentials)
-        throws GuacamoleException {
+    private LDAPConnection bindAs(String userDN, String password)
+            throws GuacamoleException {

        LDAPConnection ldapConnection;

-        // Get username and password from credentials
-        String username = credentials.getUsername();
-        String password = credentials.getPassword();
-
-        // Require username
-        if (username == null || username.isEmpty()) {
-            logger.debug("Anonymous bind is not currently allowed by the LDAP authentication provider.");
-            return null;
-        }
-
-        // Require password, and do not allow anonymous binding
-        if (password == null || password.isEmpty()) {
-            logger.debug("Anonymous bind is not currently allowed by the LDAP authentication provider.");
-            return null;
-        }
-
        // Connect to LDAP server
        try {
            ldapConnection = new LDAPConnection();
@@ -164,13 +149,6 @@ public class AuthenticationProviderService {
        // Bind using provided credentials
        try {

-            // Determine user DN
-            String userDN = getUserBindDN(username);
-            if (userDN == null) {
-                logger.error("Unable to determine DN for user \"{}\".", username);
-                return null;
-            }
-
            // Bind as user
            try {
                ldapConnection.bind(LDAPConnection.LDAP_V3, userDN,
@@ -198,6 +176,53 @@ public class AuthenticationProviderService {
        
    }

+    /**
+     * Binds to the LDAP server using the provided Guacamole credentials. The
+     * DN of the user is derived using the LDAP configuration properties
+     * provided in guacamole.properties, as is the server hostname and port
+     * information.
+     *
+     * @param credentials
+     *     The credentials to use to bind to the LDAP server.
+     *
+     * @return
+     *     A bound LDAP connection, or null if the connection could not be
+     *     bound.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while binding to the LDAP server.
+     */
+    private LDAPConnection bindAs(Credentials credentials)
+        throws GuacamoleException {
+
+        // Get username and password from credentials
+        String username = credentials.getUsername();
+        String password = credentials.getPassword();
+
+        // Require username
+        if (username == null || username.isEmpty()) {
+            logger.debug("Anonymous bind is not currently allowed by the LDAP authentication provider.");
+            return null;
+        }
+
+        // Require password, and do not allow anonymous binding
+        if (password == null || password.isEmpty()) {
+            logger.debug("Anonymous bind is not currently allowed by the LDAP authentication provider.");
+            return null;
+        }
+
+        // Determine user DN
+        String userDN = getUserBindDN(username);
+        if (userDN == null) {
+            logger.error("Unable to determine DN for user \"{}\".", username);
+            return null;
+        }
+
+        // Bind using user's DN
+        return bindAs(userDN, password);
+
+    }
+
    /**
     * Returns an AuthenticatedUser representing the user authenticated by the
     * given credentials.