105 lines
4.0 KiB
Java
105 lines
4.0 KiB
Java
package de.sebastianvonhelmersen.authentication;
|
|
|
|
import de.sebastianvonhelmersen.User;
|
|
import de.sebastianvonhelmersen.user;
|
|
|
|
import javax.naming.Context;
|
|
import javax.naming.NamingEnumeration;
|
|
import javax.naming.directory.*;
|
|
import java.util.Hashtable;
|
|
|
|
public class Ldap {
|
|
|
|
/*
|
|
private static final String LDAP_URL = "ldap://192.168.1.11:389";
|
|
private static final String BASE_DN = "dc=authentik,dc=vonhelmersen,dc=online";
|
|
private static final String ADMIN_DN = "cn=akadmin,ou=users,dc=authentik,dc=vonhelmersen,dc=online"; // service account
|
|
*/
|
|
|
|
private static final String LDAP_URL = "ldap://juri:389";
|
|
private static final String BASE_DN = "dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at";
|
|
private static final String ADMIN_DN = "cn=admin,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at"; // service account
|
|
public static User authenticate(String username, String password) {
|
|
|
|
try {
|
|
// 1. Bind as admin/service account
|
|
Hashtable<String, String> env = new Hashtable<>();
|
|
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
|
env.put(Context.PROVIDER_URL, LDAP_URL);
|
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
env.put(Context.SECURITY_PRINCIPAL, ADMIN_DN);
|
|
env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASSWORD);
|
|
|
|
DirContext ctx = new InitialDirContext(env);
|
|
|
|
// 2. Search for user DN
|
|
String filter = "(uid=" + escapeLDAPSearchFilter(username) + ")";
|
|
SearchControls controls = new SearchControls();
|
|
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
|
|
NamingEnumeration<SearchResult> results = ctx.search(BASE_DN, filter, controls);
|
|
|
|
if (!results.hasMore()) {
|
|
ctx.close();
|
|
return null; // user not found
|
|
}
|
|
|
|
/*
|
|
{
|
|
givenname=givenName: Sebastian,
|
|
sn=sn: Helmersen,
|
|
userpassword=userPassword: [B@2b6cb5b5,
|
|
loginshell=loginShell: /bin/bash,
|
|
gidnumber=gidNumber: 2000,
|
|
uidnumber=uidNumber: 1196,
|
|
mail=mail: helmi@fet.at,
|
|
objectclass=objectClass: posixAccount,
|
|
inetOrgPerson,
|
|
organizationalPerson,
|
|
person,
|
|
uid=uid: helmi,
|
|
cn=cn: Sebastian Helmersen,
|
|
homedirectory=homeDirectory: /home/helmi
|
|
}
|
|
*/
|
|
// System.out.println("Results: " + results.toString());
|
|
|
|
|
|
SearchResult result = results.next();
|
|
String userDN = result.getNameInNamespace();
|
|
ctx.close();
|
|
|
|
// 3. Try binding with userDN + password
|
|
Hashtable<String, String> authEnv = new Hashtable<>();
|
|
authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
|
authEnv.put(Context.PROVIDER_URL, LDAP_URL);
|
|
authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
authEnv.put(Context.SECURITY_PRINCIPAL, userDN);
|
|
authEnv.put(Context.SECURITY_CREDENTIALS, password);
|
|
|
|
new InitialDirContext(authEnv).close(); // bind attempt
|
|
|
|
return new user(result.getAttributes()); // success
|
|
|
|
} catch (Exception e) {
|
|
e.printStackTrace();
|
|
return null; // failed (invalid credentials or LDAP error)
|
|
}
|
|
}
|
|
|
|
public static String escapeLDAPSearchFilter(String input) {
|
|
StringBuilder sb = new StringBuilder();
|
|
for (int i = 0; i < input.length(); i++) {
|
|
char c = input.charAt(i);
|
|
switch (c) {
|
|
case '\\': sb.append("\\5c"); break;
|
|
case '*': sb.append("\\2a"); break;
|
|
case '(': sb.append("\\28"); break;
|
|
case ')': sb.append("\\29"); break;
|
|
case '\u0000': sb.append("\\00"); break;
|
|
default: sb.append(c);
|
|
}
|
|
}
|
|
return sb.toString();
|
|
}
|
|
}
|