IDEMPIERE-4610 Remove obsolete LdapProcessor (#484)
* IDEMPIERE-4610 Remove obsolete LdapProcessor * IDEMPIERE-4610 Remove obsolete LdapProcessor Inactivate menu entry (AD_Menu_ID=594) and window (AD_Window_ID=389) * IDEMPIERE-4610 Remove obsolete LdapProcessor move migration script to i8.2z folder.
This commit is contained in:
parent
7545dd6ee3
commit
45cfbe6804
|
@ -0,0 +1,14 @@
|
|||
SET SQLBLANKLINES ON
|
||||
SET DEFINE OFF
|
||||
|
||||
-- Dec 27, 2020, 1:10:12 AM MYT
|
||||
UPDATE AD_Window SET IsActive='N',Updated=TO_DATE('2020-12-27 01:10:12','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Window_ID=389
|
||||
;
|
||||
|
||||
-- Dec 27, 2020, 1:10:12 AM MYT
|
||||
UPDATE AD_Menu SET Name='LDAP Server', Description='LDAP Server to authenticate and authorize external systems based on iDempiere', IsActive='N',Updated=TO_DATE('2020-12-27 01:10:12','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Menu_ID=594
|
||||
;
|
||||
|
||||
SELECT register_migration_script('202012261710_IDEMPIERE-4610.sql') FROM dual
|
||||
;
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
-- Dec 27, 2020, 1:10:12 AM MYT
|
||||
UPDATE AD_Window SET IsActive='N',Updated=TO_TIMESTAMP('2020-12-27 01:10:12','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Window_ID=389
|
||||
;
|
||||
|
||||
-- Dec 27, 2020, 1:10:12 AM MYT
|
||||
UPDATE AD_Menu SET Name='LDAP Server', Description='LDAP Server to authenticate and authorize external systems based on iDempiere', IsActive='N',Updated=TO_TIMESTAMP('2020-12-27 01:10:12','YYYY-MM-DD HH24:MI:SS'),UpdatedBy=100 WHERE AD_Menu_ID=594
|
||||
;
|
||||
|
||||
SELECT register_migration_script('202012261710_IDEMPIERE-4610.sql') FROM dual
|
||||
;
|
||||
|
|
@ -3,12 +3,11 @@
|
|||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
|
||||
<attributes>
|
||||
<attribute name="module" value="true"/>
|
||||
<attribute name="add-exports" value="java.naming/com.sun.jndi.ldap=ALL-UNNAMED"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
|
||||
<classpathentry kind="src" path="src/main/server/"/>
|
||||
<classpathentry kind="src" path="src/main/servlet/"/>
|
||||
<classpathentry kind="src" path="src/main/home/"/>
|
||||
<classpathentry kind="src" path="src/main/server"/>
|
||||
<classpathentry kind="src" path="src/main/servlet"/>
|
||||
<classpathentry kind="src" path="src/main/home"/>
|
||||
<classpathentry kind="output" path="target/classes"/>
|
||||
</classpath>
|
||||
|
|
|
@ -26,7 +26,6 @@ Import-Package: javax.jms;version="1.1.0",
|
|||
org.osgi.util.tracker;version="1.5.0",
|
||||
org.w3c.dom
|
||||
Export-Package: org.adempiere.server,
|
||||
org.compiere.ldap,
|
||||
org.compiere.server,
|
||||
org.idempiere.server.cluster,
|
||||
org.idempiere.server.cluster.callable,
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" name="org.idempiere.server.factory.DefaultLDAPProcessorFactory">
|
||||
<implementation class="org.idempiere.server.factory.DefaultLDAPProcessorFactory"/>
|
||||
<property name="service.ranking" type="Integer" value="0"/>
|
||||
<service>
|
||||
<provide interface="org.adempiere.server.IServerFactory"/>
|
||||
</service>
|
||||
</scr:component>
|
|
@ -19,7 +19,6 @@ bin.includes = META-INF/,\
|
|||
plugin.xml,\
|
||||
OSGI-INF/acctprocessorfactory.xml,\
|
||||
OSGI-INF/alertprocessorfactory.xml,\
|
||||
OSGI-INF/ldapprocessorfactory.xml,\
|
||||
OSGI-INF/requestprocessorfactory.xml,\
|
||||
OSGI-INF/schedulerfactory.xml,\
|
||||
OSGI-INF/workflowprocessorfactory.xml,\
|
||||
|
|
|
@ -1,205 +0,0 @@
|
|||
/******************************************************************************
|
||||
* Product: Adempiere ERP & CRM Smart Business Solution
|
||||
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved.
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms version 2 of the GNU General Public License as published
|
||||
* by the Free Software Foundation. This program is distributed in the hope
|
||||
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
|
||||
* You may reach us at: ComPiere, Inc. - http://www.compiere.org/license.html
|
||||
* 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA or info@compiere.org
|
||||
*****************************************************************************/
|
||||
package org.compiere.ldap;
|
||||
|
||||
import java.io.BufferedOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.Socket;
|
||||
import java.util.Hashtable;
|
||||
import java.util.logging.Level;
|
||||
|
||||
import javax.naming.AuthenticationException;
|
||||
import javax.naming.Context;
|
||||
import javax.naming.ldap.InitialLdapContext;
|
||||
|
||||
import org.compiere.model.MLdapProcessor;
|
||||
import org.compiere.model.MLdapUser;
|
||||
import org.compiere.util.CLogger;
|
||||
|
||||
/**
|
||||
* LDAP Connection Handler
|
||||
*
|
||||
* Only "simple" authentication and the following protocol are supported:
|
||||
* bind
|
||||
* unbind
|
||||
* search
|
||||
* The following distinguished name are supported:
|
||||
* o - organization
|
||||
* ou - organization unit
|
||||
* cn - common name
|
||||
* Due to some of the ldap client might not unbind and close the connection,
|
||||
* whenever error occurs and authenticate done, we will close the connection.
|
||||
*
|
||||
* Basically, tested with two type of ldap authentication, java client and
|
||||
* apache ldap support.
|
||||
* For the apache support, here's the tested definition:
|
||||
* AuthType Basic
|
||||
* AuthLDAPAuthoritative on
|
||||
* AuthLDAPEnabled on
|
||||
* AuthLDAPURL ldap://<ip address>:<port no>/o=<organization>,ou=<organization unit>?uid?sub
|
||||
* The protocol for the apache ldap:
|
||||
* - bind to server
|
||||
* - search for the object name with user input userid
|
||||
* - bind again with returned object name and password
|
||||
* The protocol for the java client, please refer to the sample code in main().
|
||||
*
|
||||
* @author Jorg Janke
|
||||
* @version $Id: LdapConnectionHandler.java,v 1.1 2006/10/09 00:23:16 jjanke Exp $
|
||||
*/
|
||||
public class LdapConnectionHandler extends Thread
|
||||
{
|
||||
/**
|
||||
* Ldap Connection Handler
|
||||
* @param socket server socket
|
||||
* @param model model
|
||||
*/
|
||||
public LdapConnectionHandler(Socket socket, MLdapProcessor model)
|
||||
{
|
||||
try
|
||||
{
|
||||
m_socket = socket;
|
||||
m_socket.setTcpNoDelay(true); // should not be required
|
||||
m_model = model;
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
log.log(Level.SEVERE, "", e);
|
||||
} // no timeout
|
||||
} // LdapConnectionHandler
|
||||
|
||||
/** Socket */
|
||||
private Socket m_socket = null;
|
||||
/** Ldap Model */
|
||||
private MLdapProcessor m_model = null;
|
||||
/** Logger */
|
||||
private static final CLogger log = CLogger.getCLogger (LdapConnectionHandler.class);
|
||||
|
||||
|
||||
/**
|
||||
* Do Work
|
||||
*/
|
||||
public void run()
|
||||
{
|
||||
try
|
||||
{
|
||||
if (m_socket == null || m_socket.isClosed())
|
||||
return;
|
||||
|
||||
LdapMessage msg = new LdapMessage();
|
||||
MLdapUser ldapUser = new MLdapUser();
|
||||
LdapResult result = new LdapResult();
|
||||
boolean activeSession = true;
|
||||
while (activeSession)
|
||||
{
|
||||
InputStream in = m_socket.getInputStream();
|
||||
BufferedOutputStream out = new BufferedOutputStream(m_socket.getOutputStream());
|
||||
// Read
|
||||
byte[] buffer = new byte[512];
|
||||
int length = in.read(buffer, 0, 512);
|
||||
|
||||
// Decode the input message buffer
|
||||
result.reset(msg, ldapUser);
|
||||
msg.reset(result);
|
||||
msg.decode(buffer, length);
|
||||
if (msg.getOperation() == LdapMessage.UNBIND_REQUEST)
|
||||
{
|
||||
out.close();
|
||||
break;
|
||||
}
|
||||
|
||||
// Not unbind, so we can create a response
|
||||
byte[] bytes = result.getResult(m_model);
|
||||
|
||||
// Send the response back
|
||||
out.write(bytes);
|
||||
out.flush();
|
||||
|
||||
// If there's error or successfully authenticated the user,
|
||||
// close the connection to avoid too many open connection
|
||||
if (result.getDone())
|
||||
{
|
||||
out.close();
|
||||
break;
|
||||
}
|
||||
} // while(activeSession)
|
||||
}
|
||||
catch (IOException e)
|
||||
{
|
||||
log.log(Level.SEVERE, "", e);
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
m_socket.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
log.log(Level.WARNING, "Socket", e);
|
||||
}
|
||||
m_socket = null;
|
||||
} // run
|
||||
|
||||
/**
|
||||
* String Representation
|
||||
* @return info
|
||||
*/
|
||||
public String toString()
|
||||
{
|
||||
StringBuilder sb = new StringBuilder ("LdapConnectionHandler[");
|
||||
sb.append (hashCode()).append ("]");
|
||||
return sb.toString ();
|
||||
} // toString
|
||||
|
||||
/**
|
||||
* Test using the java client.
|
||||
* Ldap v3 won't need to do any bind, search, bind anymore.
|
||||
* When new InitialLdapContext() is called, it will bind with the
|
||||
* dn and password, the ldap server should be authenticate with it.
|
||||
*
|
||||
* @param args
|
||||
*/
|
||||
public static void main(String[] args)
|
||||
{
|
||||
Hashtable<String,String> env = new Hashtable<String,String>();
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
||||
// ldap://dc.compiere.org
|
||||
env.put(Context.PROVIDER_URL, "ldap://10.104.139.160:389");
|
||||
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
||||
// Compiere server only support cn/o/ou, and cn should be the user id.
|
||||
// Only one entry for cn.
|
||||
env.put(Context.SECURITY_PRINCIPAL, "cn=cboss@compiere.org,o=GardenWorld,ou=LawnCare");
|
||||
env.put(Context.SECURITY_CREDENTIALS, "carlboss");
|
||||
|
||||
try
|
||||
{
|
||||
// Create the initial context
|
||||
new InitialLdapContext(env, null);
|
||||
// If not successfully authenticated, exception should be thrown
|
||||
System.out.println("Successfully authenticated ...");
|
||||
}
|
||||
catch (AuthenticationException e)
|
||||
{
|
||||
e.printStackTrace();
|
||||
return;
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
e.printStackTrace();
|
||||
return;
|
||||
}
|
||||
} // main()
|
||||
} // LdapConnectionHandler
|
|
@ -1,332 +0,0 @@
|
|||
/******************************************************************************
|
||||
* Product: Adempiere ERP & CRM Smart Business Solution
|
||||
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved.
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms version 2 of the GNU General Public License as published
|
||||
* by the Free Software Foundation. This program is distributed in the hope
|
||||
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
|
||||
* You may reach us at: ComPiere, Inc. - http://www.compiere.org/license.html
|
||||
* 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA or info@compiere.org
|
||||
*****************************************************************************/
|
||||
package org.compiere.ldap;
|
||||
|
||||
import java.util.logging.Level;
|
||||
|
||||
import org.compiere.util.CLogger;
|
||||
|
||||
import com.sun.jndi.ldap.BerDecoder;
|
||||
|
||||
/**
|
||||
* Ldap Message
|
||||
*
|
||||
* @author Jorg Janke
|
||||
* @version $Id: LdapMessage.java,v 1.1 2006/10/09 00:23:16 jjanke Exp $
|
||||
*/
|
||||
public class LdapMessage
|
||||
{
|
||||
static public final int BIND_REQUEST = 96;
|
||||
static public final int BIND_RESPONSE = 97;
|
||||
static public final int UNBIND_REQUEST = 98;
|
||||
static public final int SEARCH_REQUEST = 99;
|
||||
static public final int SEARCH_REP_ENTRY = 100;
|
||||
static public final int SEARCH_RES_RESULT = 101;
|
||||
|
||||
static public final int SIMPLE_AUTHENTICATION = 128;
|
||||
|
||||
static public final int FILTER_AND = 160;
|
||||
static public final int FILTER_OR = 161;
|
||||
static public final int FILTER_NOT = 162;
|
||||
static public final int FILTER_EQUALITYMATCH = 163;
|
||||
|
||||
static public final int SEQUENCE = 48;
|
||||
|
||||
/** Decoder */
|
||||
private BerDecoder decoder = null;
|
||||
/** Logger */
|
||||
private static final CLogger log = CLogger.getCLogger (LdapMessage.class);
|
||||
/** Protocol Operation */
|
||||
private int m_protocolOp = -1;
|
||||
/** Message Id needed for the reply message */
|
||||
private int msgId;
|
||||
/** Distinguished name */
|
||||
private String dn = null;
|
||||
/** Organization */
|
||||
private String org = null;
|
||||
/** Organization unit */
|
||||
private String orgUnit = null;
|
||||
/** User Id */
|
||||
private String userId = null;
|
||||
/** Password */
|
||||
private String passwd = null;
|
||||
/** base Object */
|
||||
private String baseObj = null;
|
||||
/** LdapResult object to hold if there's any error during parsing */
|
||||
private LdapResult result = null;
|
||||
|
||||
/**
|
||||
* Ldap Message
|
||||
*/
|
||||
public LdapMessage()
|
||||
{
|
||||
} // LdapMessage
|
||||
|
||||
/*
|
||||
* Reset all the attributes
|
||||
*/
|
||||
public void reset(LdapResult result)
|
||||
{
|
||||
this.result = result;
|
||||
decoder = null;
|
||||
m_protocolOp = -1;
|
||||
msgId = -1;
|
||||
dn = null;
|
||||
org = null;
|
||||
orgUnit = null;
|
||||
userId = null;
|
||||
passwd = null;
|
||||
baseObj = null;
|
||||
|
||||
} // reset()
|
||||
|
||||
/**
|
||||
* Decode Message
|
||||
* @param data input buffer
|
||||
* @param length buffer size
|
||||
*/
|
||||
public void decode(byte[] data, int length)
|
||||
{
|
||||
try
|
||||
{
|
||||
// Create the decoder
|
||||
decoder = new BerDecoder(data, 0, length);
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
log.log(Level.SEVERE, data.toString(), e);
|
||||
return;
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
// Parse the message envelope
|
||||
decoder.parseSeq(null);
|
||||
|
||||
// Parse message Id
|
||||
msgId = decoder.parseInt();
|
||||
|
||||
// Parse the operation protocol
|
||||
m_protocolOp = decoder.parseSeq(null);
|
||||
|
||||
//
|
||||
// Payload
|
||||
if (m_protocolOp == BIND_REQUEST) {
|
||||
handleBind();
|
||||
} else if (m_protocolOp == UNBIND_REQUEST) {
|
||||
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": unbind");
|
||||
} else if (m_protocolOp == SEARCH_REQUEST) {
|
||||
handleSearch();
|
||||
} else { // Only supoort BIND, UNBIND and SEARCH
|
||||
result.setErrorNo(LdapResult.LDAP_PROTOCOL_ERROR);
|
||||
result.setErrorString(": Unsupported Request");
|
||||
log.warning("#" + msgId + ": Unknown Op + " + m_protocolOp);
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
result.setErrorNo(LdapResult.LDAP_PROTOCOL_ERROR);
|
||||
log.log(Level.SEVERE, "", ex);
|
||||
}
|
||||
} // decode
|
||||
|
||||
/*
|
||||
* Encode the search request message
|
||||
*/
|
||||
private void handleSearch()
|
||||
{
|
||||
try
|
||||
{
|
||||
// Parse the base Object
|
||||
baseObj = decoder.parseString(true);
|
||||
parseDN(baseObj);
|
||||
|
||||
decoder.parseEnumeration(); // scope
|
||||
decoder.parseEnumeration(); // derefAliases
|
||||
decoder.parseInt(); // sizeLimit
|
||||
decoder.parseInt(); // timeLimit
|
||||
decoder.parseBoolean(); // typeOnly
|
||||
|
||||
boolean equalityFilter = false;
|
||||
while (true)
|
||||
{
|
||||
int filter = decoder.parseSeq(null); //Filter
|
||||
if (filter == FILTER_EQUALITYMATCH)
|
||||
{
|
||||
decoder.parseString(true);
|
||||
userId = decoder.parseString(true);
|
||||
equalityFilter = true;
|
||||
break;
|
||||
}
|
||||
else if (filter == FILTER_AND)
|
||||
decoder.parseStringWithTag(135, true, null);
|
||||
else if (filter == SEQUENCE)
|
||||
break;
|
||||
} // while true
|
||||
|
||||
if (!equalityFilter) // Didn't find the it
|
||||
{
|
||||
result.setErrorNo(LdapResult.LDAP_PROTOCOL_ERROR);
|
||||
result.setErrorString("Can't can't Filter - EqualityMatch");
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
log.log(Level.SEVERE, "", ex);
|
||||
}
|
||||
} // handleSearch()
|
||||
|
||||
/*
|
||||
* Encode the bind request message
|
||||
*/
|
||||
private void handleBind()
|
||||
{
|
||||
try
|
||||
{
|
||||
// Parse LDAP version; only support v3
|
||||
int version = decoder.parseInt();
|
||||
if (version != 3)
|
||||
{
|
||||
result.setErrorNo(LdapResult.LDAP_PROTOCOL_ERROR);
|
||||
result.setErrorString("Unsupported LDAP version");
|
||||
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": unsupported LDAP version - " + version);
|
||||
return;
|
||||
}
|
||||
|
||||
// Parse DN
|
||||
dn = decoder.parseString(true);
|
||||
|
||||
// Peek on AuthenticationChoice; only support simple authentication
|
||||
int auth = decoder.peekByte();
|
||||
if (auth != SIMPLE_AUTHENTICATION) // 0x80 - simple authentication
|
||||
{
|
||||
result.setErrorNo(LdapResult.LDAP_AUTH_METHOD_NOT_SUPPORTED);
|
||||
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": unsupported authentication method - " + auth);
|
||||
return;
|
||||
}
|
||||
|
||||
// It is simple authentication, get the authentication string
|
||||
passwd = decoder.parseStringWithTag(SIMPLE_AUTHENTICATION, true, null);
|
||||
if (passwd != null && passwd.length() > 0)
|
||||
{
|
||||
parseDN(dn);
|
||||
if (userId == null || userId.length() <= 0)
|
||||
{
|
||||
result.setErrorNo(LdapResult.LDAP_NO_SUCH_OBJECT);
|
||||
result.setErrorString(": \"cn\" not defined");
|
||||
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": \"cn\" not defined");
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// Log the information
|
||||
if (log.isLoggable(Level.INFO)) log.info("#" + msgId + ": bind - version=" + version + ", userId=" + userId);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
log.log(Level.SEVERE, "", ex);
|
||||
}
|
||||
} // handleBind()
|
||||
|
||||
/*
|
||||
* Parse the DN to find user id, organization and organization unit
|
||||
*/
|
||||
private void parseDN(String dName)
|
||||
{
|
||||
String[] dnArray = dName.split(",");
|
||||
for (int i = 0; i < dnArray.length; i++)
|
||||
{
|
||||
if (dnArray[i].startsWith("cn="))
|
||||
userId = dnArray[i].split("=")[1];
|
||||
else if (dnArray[i].startsWith("o="))
|
||||
org = dnArray[i].split("=")[1];
|
||||
else if (dnArray[i].startsWith("ou="))
|
||||
orgUnit = dnArray[i].split("=")[1];
|
||||
}
|
||||
} // parseDN()
|
||||
|
||||
/**
|
||||
* Get Operation Code
|
||||
* @return protocolOp
|
||||
*/
|
||||
public int getOperation()
|
||||
{
|
||||
return m_protocolOp;
|
||||
} // getOperation
|
||||
|
||||
/**
|
||||
* Get message id
|
||||
* @return msgId
|
||||
*/
|
||||
public int getMsgId()
|
||||
{
|
||||
return msgId;
|
||||
} // getMsgId()
|
||||
|
||||
/**
|
||||
* Get DN
|
||||
* @return dn
|
||||
*/
|
||||
public String getDN()
|
||||
{
|
||||
return dn;
|
||||
} // getDN()
|
||||
|
||||
/**
|
||||
* Get User Id
|
||||
* @return userId
|
||||
*/
|
||||
public String getUserId()
|
||||
{
|
||||
return userId;
|
||||
} // getUserId()
|
||||
|
||||
/**
|
||||
* Get User passwod
|
||||
* @return passwd
|
||||
*/
|
||||
public String getUserPasswd()
|
||||
{
|
||||
return passwd;
|
||||
} // getUserPasswd()
|
||||
|
||||
/**
|
||||
* Get base object
|
||||
* @return baseObj
|
||||
*/
|
||||
public String getBaseObj()
|
||||
{
|
||||
return baseObj;
|
||||
} // getBaseObj()
|
||||
|
||||
/**
|
||||
* Get organization
|
||||
* @return org
|
||||
*/
|
||||
public String getOrg()
|
||||
{
|
||||
return org;
|
||||
} // getOrg()
|
||||
|
||||
/**
|
||||
* Get organization unit
|
||||
* @return orgUnit
|
||||
*/
|
||||
public String getOrgUnit()
|
||||
{
|
||||
return orgUnit;
|
||||
} // getOrgUnit()
|
||||
} // LdapMessage
|
|
@ -1,136 +0,0 @@
|
|||
/******************************************************************************
|
||||
* Product: Adempiere ERP & CRM Smart Business Solution
|
||||
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved.
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms version 2 of the GNU General Public License as published
|
||||
* by the Free Software Foundation. This program is distributed in the hope
|
||||
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
|
||||
* You may reach us at: ComPiere, Inc. - http://www.compiere.org/license.html
|
||||
* 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA or info@compiere.org
|
||||
*****************************************************************************/
|
||||
package org.compiere.ldap;
|
||||
|
||||
import java.net.ServerSocket;
|
||||
import java.net.Socket;
|
||||
import java.sql.Timestamp;
|
||||
import java.util.Properties;
|
||||
import java.util.logging.Level;
|
||||
|
||||
import org.compiere.Adempiere;
|
||||
import org.compiere.model.MLdapProcessor;
|
||||
import org.compiere.model.MLdapProcessorLog;
|
||||
import org.compiere.server.AdempiereServer;
|
||||
import org.compiere.util.TimeUtil;
|
||||
|
||||
/**
|
||||
* LDAP Server
|
||||
*
|
||||
* @author Jorg Janke
|
||||
* @version $Id: LdapProcessor.java,v 1.1 2006/10/09 00:23:16 jjanke Exp $
|
||||
*/
|
||||
public class LdapProcessor extends AdempiereServer
|
||||
{
|
||||
/**
|
||||
* Ldap Processor (Server)
|
||||
* @param model Ldap Model
|
||||
*/
|
||||
public LdapProcessor (MLdapProcessor model)
|
||||
{
|
||||
super (model, 300);
|
||||
m_model = model;
|
||||
} // LdapProcessor
|
||||
|
||||
/** The Concrete Model */
|
||||
protected MLdapProcessor m_model = null;
|
||||
/** Last Summary */
|
||||
protected StringBuffer m_summary = new StringBuffer();
|
||||
/** Server Socket */
|
||||
protected ServerSocket m_serverSocket = null;
|
||||
/** Counter */
|
||||
protected int m_counter = 0;
|
||||
|
||||
|
||||
/**
|
||||
* Do Work
|
||||
*/
|
||||
protected void doWork()
|
||||
{
|
||||
// Close Socket
|
||||
if (m_serverSocket != null)
|
||||
{
|
||||
try
|
||||
{
|
||||
m_serverSocket.close();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
}
|
||||
}
|
||||
m_counter = 0;
|
||||
//
|
||||
m_summary = new StringBuffer(m_model.toString())
|
||||
.append(" - ");
|
||||
//
|
||||
|
||||
try
|
||||
{
|
||||
m_serverSocket = new ServerSocket(m_model.getLdapPort());
|
||||
if (log.isLoggable(Level.INFO))log.log(Level.INFO, "Opened Port=" + m_model.getLdapPort());
|
||||
while (!isInterrupted())
|
||||
{
|
||||
Socket socket = m_serverSocket.accept(); // waits for connection
|
||||
if (log.isLoggable(Level.FINE))log.log(Level.FINE, "Connection on Port=" + m_model.getLdapPort());
|
||||
LdapConnectionHandler handler =
|
||||
new LdapConnectionHandler (socket, m_model);
|
||||
handler.start();
|
||||
m_counter++;
|
||||
}
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
log.log(Level.WARNING, "Port=" + m_model.getLdapPort(), e);
|
||||
m_summary.append(e.toString());
|
||||
}
|
||||
|
||||
m_summary.append ("; ")
|
||||
.append (m_model.getInfo());
|
||||
|
||||
int no = m_model.deleteLog();
|
||||
m_summary.append("; Logs deleted=").append(no);
|
||||
//
|
||||
MLdapProcessorLog pLog = new MLdapProcessorLog(m_model, m_summary.toString());
|
||||
pLog.setReference("#" + String.valueOf(p_runCount)
|
||||
+ " - " + TimeUtil.formatElapsed(new Timestamp(p_startWork)));
|
||||
pLog.saveEx();
|
||||
|
||||
} // doWork
|
||||
|
||||
|
||||
/**
|
||||
* Get Server Info
|
||||
* @return info
|
||||
*/
|
||||
public String getServerInfo()
|
||||
{
|
||||
return "#" + p_runCount + " - Last=" + m_summary.toString()
|
||||
+ "; Counter=" + m_counter
|
||||
+ "; " + m_model.getInfo();
|
||||
} // getServerInfo
|
||||
|
||||
/**
|
||||
* Test
|
||||
* @param args
|
||||
*/
|
||||
public static void main(String[] args)
|
||||
{
|
||||
Adempiere.startup(true);
|
||||
new LdapProcessor(new MLdapProcessor(new Properties(), 100, null)).doWork();
|
||||
} // main
|
||||
|
||||
} // LdapProcessor
|
||||
|
|
@ -1,308 +0,0 @@
|
|||
/******************************************************************************
|
||||
* Product: Adempiere ERP & CRM Smart Business Solution
|
||||
* Copyright (C) 1999-2006 ComPiere, Inc. All Rights Reserved.
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms version 2 of the GNU General Public License as published
|
||||
* by the Free Software Foundation. This program is distributed in the hope
|
||||
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
* See the GNU General Public License for more details.
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
|
||||
* You may reach us at: ComPiere, Inc. - http://www.compiere.org/license.html
|
||||
* 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA or info@compiere.org
|
||||
*****************************************************************************/
|
||||
package org.compiere.ldap;
|
||||
|
||||
import java.util.logging.Level;
|
||||
|
||||
import org.compiere.model.MLdapProcessor;
|
||||
import org.compiere.model.MLdapUser;
|
||||
import org.compiere.util.CLogger;
|
||||
|
||||
import com.sun.jndi.ldap.BerEncoder;
|
||||
|
||||
/**
|
||||
* Ldap Wire Response
|
||||
*
|
||||
* @author Jorg Janke
|
||||
* @version $Id: LdapResult.java,v 1.1 2006/10/09 00:23:16 jjanke Exp $
|
||||
*/
|
||||
public class LdapResult
|
||||
{
|
||||
/** LdapMesssage */
|
||||
private LdapMessage ldapMsg = null;
|
||||
/** Encoder */
|
||||
private BerEncoder m_encoder = null;
|
||||
/** Logger */
|
||||
private static final CLogger log = CLogger.getCLogger (LdapResult.class);
|
||||
/** Error number */
|
||||
private int errNo = LDAP_SUCCESS;
|
||||
/** Error String */
|
||||
private String errStr = "";
|
||||
/** LdapUser */
|
||||
private MLdapUser ldapUser = null;
|
||||
/** disconnect to client */
|
||||
private boolean disconnect = false;
|
||||
|
||||
public LdapResult ()
|
||||
{
|
||||
} // LdapResult
|
||||
|
||||
/*
|
||||
* Reset the attributes
|
||||
*/
|
||||
public void reset(LdapMessage ldapMsg, MLdapUser ldapUser)
|
||||
{
|
||||
this.ldapMsg = ldapMsg;
|
||||
m_encoder = new BerEncoder();
|
||||
errNo = LDAP_SUCCESS;
|
||||
errStr = "";
|
||||
this.ldapUser = ldapUser;
|
||||
} // reset()
|
||||
|
||||
/**
|
||||
* Get the response according to the request message
|
||||
* @param model model
|
||||
* @return reponse
|
||||
*/
|
||||
public byte[] getResult(MLdapProcessor model)
|
||||
{
|
||||
if (errNo != LDAP_SUCCESS)
|
||||
{
|
||||
generateResult("",
|
||||
((ldapMsg.getOperation()==LdapMessage.BIND_REQUEST)?
|
||||
LdapMessage.BIND_RESPONSE:LdapMessage.SEARCH_RES_RESULT),
|
||||
errNo, ldapErrorMessage[errNo] + errStr);
|
||||
m_encoder.getTrimmedBuf();
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
String usrId = ldapMsg.getUserId();
|
||||
String o = ldapMsg.getOrg();
|
||||
String ou = ldapMsg.getOrgUnit();
|
||||
|
||||
// Adding the Application 1 Sequence
|
||||
if (ldapMsg.getOperation() == LdapMessage.BIND_REQUEST)
|
||||
{
|
||||
String pwd = ldapMsg.getUserPasswd();
|
||||
if (pwd == null || pwd.length() <= 0)
|
||||
{
|
||||
// 1st anonymous bind
|
||||
generateResult(ldapMsg.getDN(), LdapMessage.BIND_RESPONSE,
|
||||
LDAP_SUCCESS, null);
|
||||
log.info("Success");
|
||||
return m_encoder.getTrimmedBuf();
|
||||
}
|
||||
|
||||
// Authenticate with Compiere data
|
||||
if (ldapUser.getUserId() == null)
|
||||
{ // Try to authenticate on the 1st bind, must be java client
|
||||
ldapUser.reset();
|
||||
model.authenticate(ldapUser, usrId, o, ou);
|
||||
if (ldapUser.getErrorMsg() != null)
|
||||
{ // Failed to authenticated with compiere
|
||||
errNo = LDAP_NO_SUCH_OBJECT;
|
||||
generateResult(ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT,
|
||||
LDAP_NO_SUCH_OBJECT,
|
||||
ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + ldapUser.getErrorMsg());
|
||||
log.info("Failed");
|
||||
return m_encoder.getTrimmedBuf();
|
||||
}
|
||||
}
|
||||
|
||||
// Check to see if the input passwd is match to the one
|
||||
// in compiere database
|
||||
if (usrId.compareTo(ldapUser.getUserId()) == 0 &&
|
||||
pwd.compareTo(ldapUser.getPassword()) == 0)
|
||||
{ // Successfully authenticated
|
||||
generateResult("", LdapMessage.BIND_RESPONSE,
|
||||
LDAP_SUCCESS, null);
|
||||
// Close the connection to client since most of the client
|
||||
// application might cache the connection but we can't afford
|
||||
// to have too many such client connection
|
||||
disconnect = true;
|
||||
log.info("Success");
|
||||
}
|
||||
else
|
||||
{ // Unsuccessfully authenticated
|
||||
errNo = LDAP_INAPPROPRIATE_AUTHENTICATION;
|
||||
generateResult("", LdapMessage.BIND_RESPONSE,
|
||||
LDAP_INAPPROPRIATE_AUTHENTICATION,
|
||||
ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
|
||||
if (log.isLoggable(Level.INFO)) log.info("Failed : " + ldapErrorMessage[LDAP_INAPPROPRIATE_AUTHENTICATION]);
|
||||
}
|
||||
}
|
||||
else if (ldapMsg.getOperation() == LdapMessage.SEARCH_REQUEST)
|
||||
{
|
||||
// Authenticate with compiere database
|
||||
ldapUser.reset();
|
||||
model.authenticate(ldapUser, usrId, o, ou);
|
||||
if (ldapUser.getErrorMsg() != null)
|
||||
{
|
||||
errNo = LDAP_NO_SUCH_OBJECT;
|
||||
generateResult(ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT,
|
||||
LDAP_NO_SUCH_OBJECT,
|
||||
ldapErrorMessage[LDAP_NO_SUCH_OBJECT] + ldapUser.getErrorMsg());
|
||||
log.info("Failed");
|
||||
return m_encoder.getTrimmedBuf();
|
||||
}
|
||||
|
||||
m_encoder.beginSeq(48); // Hard coded here for Envelope header
|
||||
m_encoder.encodeInt(ldapMsg.getMsgId());
|
||||
m_encoder.beginSeq(LdapMessage.SEARCH_REP_ENTRY); // Application 4
|
||||
m_encoder.encodeString("cn="+ldapMsg.getUserId(), true); // this should be object name
|
||||
// not going to put in any attributes for this
|
||||
m_encoder.beginSeq(48);
|
||||
m_encoder.endSeq();
|
||||
m_encoder.endSeq();
|
||||
m_encoder.endSeq();
|
||||
|
||||
// SearchResultDone Application 5 for bind
|
||||
// Result 0 = success
|
||||
// No error message
|
||||
generateResult(ldapMsg.getBaseObj(), LdapMessage.SEARCH_RES_RESULT,
|
||||
LDAP_SUCCESS, null);
|
||||
log.info("Success");
|
||||
}
|
||||
|
||||
return m_encoder.getTrimmedBuf();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
log.log(Level.SEVERE, "", e);
|
||||
}
|
||||
|
||||
return m_encoder.getTrimmedBuf();
|
||||
} // bindResponse
|
||||
|
||||
/**
|
||||
* Generate LDAPResult
|
||||
* @param dn Distinguished Name
|
||||
* @param resultProtocol Result protocol/operation code
|
||||
* @param resultCode Result code
|
||||
* @param errMsg Error Message
|
||||
* @return reponse
|
||||
*/
|
||||
private void generateResult(String dn, int resultProtocol,
|
||||
int resultCode, String errMsg)
|
||||
{
|
||||
try
|
||||
{
|
||||
m_encoder.beginSeq(48); // Hard coded here for Envelope header
|
||||
m_encoder.encodeInt(ldapMsg.getMsgId());
|
||||
m_encoder.beginSeq(resultProtocol);
|
||||
m_encoder.encodeInt(resultCode, 10); // Enumeration - 10
|
||||
// Adding LDAPDN
|
||||
m_encoder.encodeString(dn, true);
|
||||
// Adding error message
|
||||
m_encoder.encodeString((errMsg == null)?"":errMsg, true);
|
||||
m_encoder.endSeq();
|
||||
m_encoder.endSeq();
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
log.log(Level.SEVERE, "", ex);
|
||||
}
|
||||
} // generateResult()
|
||||
|
||||
/*
|
||||
* Should it be close the connection with client
|
||||
*/
|
||||
public boolean getDone()
|
||||
{
|
||||
if (errNo != LDAP_SUCCESS)
|
||||
return true;
|
||||
return disconnect;
|
||||
} // getDone()
|
||||
|
||||
/**
|
||||
* Set the error No
|
||||
* @param errNo Error Number
|
||||
*/
|
||||
public void setErrorNo(int errNo)
|
||||
{
|
||||
this.errNo = errNo;
|
||||
} // setErrorNo()
|
||||
|
||||
/**
|
||||
* Get the error No
|
||||
* @return errNo Error Number
|
||||
*/
|
||||
public int getErrorNo()
|
||||
{
|
||||
return errNo;
|
||||
} // getErrorNo()
|
||||
|
||||
/**
|
||||
* Set the error String
|
||||
* @param errStr Error String
|
||||
*/
|
||||
public void setErrorString(String errStr)
|
||||
{
|
||||
this.errStr = errStr;
|
||||
} // setErrorStr()
|
||||
|
||||
static final int LDAP_SUCCESS = 0;
|
||||
static final int LDAP_OPERATIONS_ERROR = 1;
|
||||
static final int LDAP_PROTOCOL_ERROR = 2;
|
||||
static final int LDAP_TIME_LIMIT_EXCEEDED = 3;
|
||||
static final int LDAP_SIZE_LIMIT_EXCEEDED = 4;
|
||||
static final int LDAP_COMPARE_FALSE = 5;
|
||||
static final int LDAP_COMPARE_TRUE = 6;
|
||||
static final int LDAP_AUTH_METHOD_NOT_SUPPORTED = 7;
|
||||
static final int LDAP_STRONG_AUTH_REQUIRED = 8;
|
||||
static final int LDAP_PARTIAL_RESULTS = 9;
|
||||
static final int LDAP_REFERRAL = 10;
|
||||
static final int LDAP_ADMIN_LIMIT_EXCEEDED = 11;
|
||||
static final int LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12;
|
||||
static final int LDAP_CONFIDENTIALITY_REQUIRED = 13;
|
||||
static final int LDAP_SASL_BIND_IN_PROGRESS = 14;
|
||||
static final int LDAP_NO_SUCH_ATTRIBUTE = 16;
|
||||
static final int LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17;
|
||||
static final int LDAP_INAPPROPRIATE_MATCHING = 18;
|
||||
static final int LDAP_CONSTRAINT_VIOLATION = 19;
|
||||
static final int LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 20;
|
||||
static final int LDAP_INVALID_ATTRIBUTE_SYNTAX = 21;
|
||||
static final int LDAP_NO_SUCH_OBJECT = 32;
|
||||
static final int LDAP_ALIAS_PROBLEM = 33;
|
||||
static final int LDAP_INVALID_DN_SYNTAX = 34;
|
||||
static final int LDAP_IS_LEAF = 35;
|
||||
static final int LDAP_ALIAS_DEREFERENCING_PROBLEM = 36;
|
||||
static final int LDAP_INAPPROPRIATE_AUTHENTICATION = 48;
|
||||
static final int LDAP_INVALID_CREDENTIALS = 49;
|
||||
static final int LDAP_INSUFFICIENT_ACCESS_RIGHTS = 50;
|
||||
static final int LDAP_BUSY = 51;
|
||||
static final int LDAP_UNAVAILABLE = 52;
|
||||
static final int LDAP_UNWILLING_TO_PERFORM = 53;
|
||||
static final int LDAP_LOOP_DETECT = 54;
|
||||
static final int LDAP_NAMING_VIOLATION = 64;
|
||||
static final int LDAP_OBJECT_CLASS_VIOLATION = 65;
|
||||
static final int LDAP_NOT_ALLOWED_ON_NON_LEAF = 66;
|
||||
static final int LDAP_NOT_ALLOWED_ON_RDN = 67;
|
||||
static final int LDAP_ENTRY_ALREADY_EXISTS = 68;
|
||||
static final int LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69;
|
||||
static final int LDAP_AFFECTS_MULTIPLE_DSAS = 71;
|
||||
static final int LDAP_OTHER = 80;
|
||||
static final String ldapErrorMessage[] = {
|
||||
"Success", "Operations Error", "Protocol Error", "Timelimit Exceeded",
|
||||
"Sizelimit Exceeded", "Compare False", "Compare True",
|
||||
"Authentication Method Not Supported", "Strong Authentication Required", null,
|
||||
"Referral", "Administrative Limit Exceeded", "Unavailable Critical Extension",
|
||||
"Confidentiality Required", "SASL Bind In Progress", null, "No Such Attribute",
|
||||
"Undefined Attribute Type", "Inappropriate Matching", "Constraint Violation",
|
||||
"Attribute Or Value Exists", "Invalid Attribute Syntax", null, null, null,
|
||||
null, null, null, null, null,null, null, "No Such Object", "Alias Problem",
|
||||
"Invalid DN Syntax", null, "Alias Dereferencing Problem", null, null, null,
|
||||
null, null, null, null, null, null, null, null, "Inappropriate Authentication",
|
||||
"Invalid Credentials", "Insufficient Access Rights", "Busy", "Unavailable",
|
||||
"Unwilling To Perform", "Loop Detect", null, null, null, null, null,
|
||||
null, null, null, null, "Naming Violation", "Object Class Violation",
|
||||
"Not Allowed On Non-leaf", "Not Allowed On RDN", "Entry Already Exists",
|
||||
"Object Class Modifications Prohibited", null, "Affects Multiple DSAs", null,
|
||||
null, null, null, null, null, null, null,"Other", null, null, null, null,
|
||||
null, null, null, null, null,null
|
||||
};
|
||||
} // LdapResult
|
|
@ -1,57 +0,0 @@
|
|||
/******************************************************************************
|
||||
* Copyright (C) 2013 Heng Sin Low *
|
||||
* Copyright (C) 2013 Trek Global *
|
||||
* This program is free software; you can redistribute it and/or modify it *
|
||||
* under the terms version 2 of the GNU General Public License as published *
|
||||
* by the Free Software Foundation. This program is distributed in the hope *
|
||||
* that it will be useful, but WITHOUT ANY WARRANTY; without even the implied *
|
||||
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
|
||||
* See the GNU General Public License for more details. *
|
||||
* You should have received a copy of the GNU General Public License along *
|
||||
* with this program; if not, write to the Free Software Foundation, Inc., *
|
||||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. *
|
||||
*****************************************************************************/
|
||||
package org.idempiere.server.factory;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
|
||||
import org.adempiere.server.IServerFactory;
|
||||
import org.compiere.ldap.LdapProcessor;
|
||||
import org.compiere.model.MLdapProcessor;
|
||||
|
||||
/**
|
||||
* @author hengsin
|
||||
*
|
||||
*/
|
||||
public class DefaultLDAPProcessorFactory implements IServerFactory<LdapProcessor, MLdapProcessor> {
|
||||
|
||||
/**
|
||||
* default constructor
|
||||
*/
|
||||
public DefaultLDAPProcessorFactory() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public LdapProcessor[] create(Properties ctx) {
|
||||
MLdapProcessor[] ldapModels = MLdapProcessor.getActive(ctx);
|
||||
List<LdapProcessor> list = new ArrayList<LdapProcessor>();
|
||||
for (MLdapProcessor lp : ldapModels)
|
||||
{
|
||||
LdapProcessor server = create(ctx, lp);
|
||||
list.add(server);
|
||||
}
|
||||
return list.toArray(new LdapProcessor[0]);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Class<MLdapProcessor> getProcessorClass() {
|
||||
return MLdapProcessor.class;
|
||||
}
|
||||
|
||||
@Override
|
||||
public LdapProcessor create(Properties ctx, MLdapProcessor serverModel) {
|
||||
return new LdapProcessor(serverModel);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue