[Fix] use LDAP's sAMAccountName as username, and be case insensitive
This commit is contained in:
parent
74a0c5f8a4
commit
9ec060fe50
|
@ -124,7 +124,7 @@ public abstract class BaseLdapPrivilegeHandler extends DefaultPrivilegeHandler {
|
||||||
protected User buildUserFromSearchResult(String username, SearchResult sr) throws Exception {
|
protected User buildUserFromSearchResult(String username, SearchResult sr) throws Exception {
|
||||||
Attributes attrs = sr.getAttributes();
|
Attributes attrs = sr.getAttributes();
|
||||||
|
|
||||||
validateLdapUsername(username, attrs);
|
username = validateLdapUsername(username, attrs);
|
||||||
|
|
||||||
String firstName = getFirstName(username, attrs);
|
String firstName = getFirstName(username, attrs);
|
||||||
String lastName = getLastName(username, attrs);
|
String lastName = getLastName(username, attrs);
|
||||||
|
@ -145,11 +145,13 @@ public abstract class BaseLdapPrivilegeHandler extends DefaultPrivilegeHandler {
|
||||||
protected abstract Map<String, String> buildProperties(String username, Attributes attrs, Set<String> ldapGroups,
|
protected abstract Map<String, String> buildProperties(String username, Attributes attrs, Set<String> ldapGroups,
|
||||||
Set<String> strolchRoles) throws Exception;
|
Set<String> strolchRoles) throws Exception;
|
||||||
|
|
||||||
protected void validateLdapUsername(String username, Attributes attrs) throws NamingException {
|
protected String validateLdapUsername(String username, Attributes attrs) throws NamingException {
|
||||||
Attribute sAMAccountName = attrs.get("sAMAccountName");
|
Attribute sAMAccountName = attrs.get("sAMAccountName");
|
||||||
if (sAMAccountName == null || !username.toLowerCase().equals(sAMAccountName.get().toString().toLowerCase()))
|
if (sAMAccountName == null || !username.toLowerCase().equals(sAMAccountName.get().toString().toLowerCase()))
|
||||||
throw new AccessDeniedException(
|
throw new AccessDeniedException(
|
||||||
"Could not login with user: " + username + this.domain + " on Ldap: Wrong LDAP Data");
|
"Could not login with user: " + username + this.domain + " on Ldap: Wrong LDAP Data");
|
||||||
|
|
||||||
|
return sAMAccountName.get().toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
protected String getLdapString(Attributes attrs, String key) throws NamingException {
|
protected String getLdapString(Attributes attrs, String key) throws NamingException {
|
||||||
|
|
Loading…
Reference in New Issue