+ keys[6] + " cannot be empty to proceed.";
log(msg);
proceed = false;
}
env = null;
InitialLdapContext ctx = null;
if (proceed) {// attempt initial ldap bind from RHQ server
msg = "STEP-1:TESTING: Attempting to bind to server:" + ldapServer
+ "\n with user '" + bindUserName
+ "' and password entered.";
log(msg);
env = getProperties(ldapServer);
env.setProperty(Context.SECURITY_PRINCIPAL, bindUserName);
env.setProperty(Context.SECURITY_CREDENTIALS, bindPassword);
env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
//put the rest of the LDAP properties into the Properties instance for use later.
//there still needs to be separate variables since some are for UI validation.
env.setProperty(SystemSetting.LDAP_GROUP_FILTER.getInternalName(), groupSearchFilter);
env.setProperty(SystemSetting.LDAP_GROUP_MEMBER.getInternalName(), groupMemberFilter);
env.setProperty(SystemSetting.LDAP_BASE_DN.getInternalName(), searchBase);
env.setProperty(SystemSetting.LDAP_LOGIN_PROPERTY.getInternalName(), loginProperty);
env.setProperty(SystemSetting.LDAP_BIND_DN.getInternalName(), bindUserName);
env.setProperty(SystemSetting.LDAP_BIND_PW.getInternalName(), bindPassword);
env.setProperty(SystemSetting.LDAP_GROUP_QUERY_PAGE_SIZE.getInternalName(), groupMemberQuerySize);
try {
ctx = new InitialLdapContext(env, null);
msg = "STEP-1:PASS: LDAP bind credentials are correct. Successfully connected to '"
+ ldapServer
+ "'.\n This means the LDAP Bind credentials for the RHQ Server authentication/authorization requests to ldap server "
+ "are correct.";
if(enableVerboseDebugging.isSelected()){
msg+="\n"+advdb+" LDAP simple authentication bind successful.";
}
log(msg);
proceed = true;
} catch (Exception ex) {
msg = "STEP-1:FAIL: Unable to connect to the LDAP server with credentials specified.\n";
msg+="Exception:"+ex.getMessage();
if(enableVerboseDebugging.isSelected()){
msg = appendStacktraceToMsg(msg, ex);
}
log(msg);
proceed = false;
}
}
if (proceed) {// retrieve test credentials to test run auth
// load search controls
SearchControls searchControls = getSearchControls();
// validating searchFilter and test user/pass creds
proceed = true;
if (testUserName.isEmpty() || (testUserPassword.isEmpty())) {
msg = "STEP-2:FAIL: Test Username/Password fields cannot be empty for this step.";
log(msg);
proceed = false;
}
// testing a valid user involves a filtered ldap search
// using the loginProperty, and optionally searchFilter
userDN = "";
if (proceed) {
// default loginProperty to cn if it's not set
if (loginProperty.isEmpty()) {
loginProperty = "cn";
if(enableVerboseDebugging.isSelected()){
String mesg = "As you have not specified a login property, defaulting to 'cn'";
log(advdb+" "+msg);
}
}
String filter;
if (!searchFilter.isEmpty()) {
filter = "(&(" + loginProperty + "=" + testUserName
+ ")" + "(" + searchFilter + "))";
} else {
filter = "(" + loginProperty + "=" + testUserName
+ ")";
}
if(enableVerboseDebugging.isSelected()){
log(advdb+" The searchfilter is optionally appended to login property for additional shared attribute across users.");
}
msg = "STEP-2:TESTING: To validate the test user the following LDAP filtered component will be used to find matching users:\n";
msg += filter;
log(msg);
// test out the search on the target ldap server
try {
String[] baseDNs = searchBase.split(";");
for (int x = 0; x < baseDNs.length; x++) {
NamingEnumeration answer = ctx.search(
baseDNs[x], filter, searchControls);
if(enableVerboseDebugging.isSelected()){
log(advdb+" this search was excuted against DN component '"+baseDNs[x]+"'.");
}
// boolean ldapApiNpeFound = false;
if (!answer.hasMoreElements()) {
msg="STEP-2:WARN Unable to locate a matching users for the filter'"+filter+
"'. Please check your loginProperty. Usually 'cn' or 'uid'";
log(msg);
continue;
}
// Going with the first match
SearchResult si = (SearchResult) answer.next();
constructUserDn(baseDNs, x, si);
msg = "STEP-2:PASS: The test user '"
+ testUserName
+ "' was succesfully located, and the following userDN will be used in authorization check:\n";
msg += userDN;
log(msg);
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,testUserPassword);
ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION,"simple");
// if successful then verified that user and pw
// are valid ldap credentials
ctx.reconnect(null);
msg = "STEP-2:PASS: The user '"
+ testUserName
+ "' was succesfully authenticated using userDN '"
+ userDN + "' and password provided.\n"
+"*Note: the loginProperty must match the loginProperty listed in dn: for the user. It is the DN that RHQ will lookup and use.";