private SearchExecutor ldapAuthorizationGeneratorUserSearchExecutor() { val ldapAuthz = this.ldapProperties.getLdapAuthz(); return LdapUtils.newLdaptiveSearchExecutor(ldapAuthz.getBaseDn(), ldapAuthz.getSearchFilter(), new ArrayList<>(0), CollectionUtils.wrap(ldapAuthz.getRoleAttribute())); }
@Override public X509CRL fetch(final Resource crl) throws IOException, CRLException, CertificateException { if (LdapUtils.isLdapConnectionUrl(crl.toString())) { return fetchCRLFromLdap(crl); } return super.fetch(crl); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "ldaptiveResourceCRLFetcher") public CRLFetcher ldaptiveResourceCRLFetcher() { val x509 = casProperties.getAuthn().getX509(); return new LdaptiveResourceCRLFetcher(LdapUtils.newLdaptiveConnectionConfig(x509.getLdap()), LdapUtils.newLdaptiveSearchExecutor(x509.getLdap().getBaseDn(), x509.getLdap().getSearchFilter()), x509.getLdap().getCertificateAttribute()); }
ldapDao.setConnectionFactory(LdapUtils.newLdaptivePooledConnectionFactory(ldap)); ldapDao.setBaseDN(ldap.getBaseDn());
val authenticator = LdapUtils.newLdaptiveAuthenticator(ldapProperties); LOGGER.debug("Executing LDAP authentication request for user [{}]", username);
private AuthorizationGenerator<CommonProfile> buildAuthorizationGenerator() { val ldapAuthz = this.ldapProperties.getLdapAuthz(); val connectionFactory = LdapUtils.newLdaptivePooledConnectionFactory(this.ldapProperties); if (isGroupBasedAuthorization()) { LOGGER.debug("Handling LDAP authorization based on groups"); return new LdapUserGroupsToRolesAuthorizationGenerator(connectionFactory, ldapAuthorizationGeneratorUserSearchExecutor(), ldapAuthz.isAllowMultipleResults(), ldapAuthz.getGroupAttribute(), ldapAuthz.getGroupPrefix(), ldapAuthorizationGeneratorGroupSearchExecutor()); } LOGGER.debug("Handling LDAP authorization based on attributes and roles"); return new LdapUserAttributesToRolesAuthorizationGenerator(connectionFactory, ldapAuthorizationGeneratorUserSearchExecutor(), ldapAuthz.isAllowMultipleResults(), ldapAuthz.getRoleAttribute(), ldapAuthz.getRolePrefix()); }
val authenticator = LdapUtils.newLdaptiveAuthenticator(l); LOGGER.debug("Ldap authenticator configured with return attributes [{}] for [{}] and baseDn [{}]", multiMapAttributes.keySet(), l.getLdapUrl(), l.getBaseDn());
private SearchExecutor ldapAuthorizationGeneratorGroupSearchExecutor() { val ldapAuthz = this.ldapProperties.getLdapAuthz(); return LdapUtils.newLdaptiveSearchExecutor(ldapAuthz.getGroupBaseDn(), ldapAuthz.getGroupFilter(), new ArrayList<>(0), CollectionUtils.wrap(ldapAuthz.getGroupAttribute())); } }
@Override public X509CRL fetch(final URI crl) throws IOException, CRLException, CertificateException { if (LdapUtils.isLdapConnectionUrl(crl)) { return fetchCRLFromLdap(crl); } return super.fetch(crl); }
@Override public X509CRL fetch(final URL crl) throws IOException, CRLException, CertificateException { if (LdapUtils.isLdapConnectionUrl(crl)) { return fetchCRLFromLdap(crl); } return super.fetch(crl); }
@Override public X509CRL fetch(final String crl) throws IOException, CRLException, CertificateException { if (LdapUtils.isLdapConnectionUrl(crl)) { return fetchCRLFromLdap(crl); } return super.fetch(crl); }