From 237faead29c2d0dfcc503fe80039a6d985764d81 Mon Sep 17 00:00:00 2001
From: Günter Dressel <g.dressel@cyledge.com>
Date: Fri, 22 Nov 2013 09:48:01 -0500
Subject: [PATCH] Bind LDAP connection after TLS initialization (issue-343)
---
src/main/java/com/gitblit/LdapUserService.java | 61 ++++++++++++++----------------
1 files changed, 29 insertions(+), 32 deletions(-)
diff --git a/src/main/java/com/gitblit/LdapUserService.java b/src/main/java/com/gitblit/LdapUserService.java
index db38c52..5a2dbdc 100644
--- a/src/main/java/com/gitblit/LdapUserService.java
+++ b/src/main/java/com/gitblit/LdapUserService.java
@@ -43,6 +43,7 @@
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
+import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
@@ -161,46 +162,42 @@
private LDAPConnection getLdapConnection() {
try {
+
URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));
+ String ldapHost = ldapUrl.getHost();
+ int ldapPort = ldapUrl.getPort();
String bindUserName = settings.getString(Keys.realm.ldap.username, "");
String bindPassword = settings.getString(Keys.realm.ldap.password, "");
- int ldapPort = ldapUrl.getPort();
+
+ LDAPConnection conn;
if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) { // SSL
- if (ldapPort == -1) // Default Port
- ldapPort = 636;
-
- LDAPConnection conn;
SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
- if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {
- conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort);
- } else {
- conn = new LDAPConnection(sslUtil.createSSLSocketFactory(), ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
- }
- return conn;
+ conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
+ } else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) { // no encryption or StartTLS
+ conn = new LDAPConnection();
} else {
- if (ldapPort == -1) // Default Port
- ldapPort = 389;
-
- LDAPConnection conn;
- if (StringUtils.isEmpty(bindUserName) && StringUtils.isEmpty(bindPassword)) {
- conn = new LDAPConnection(ldapUrl.getHost(), ldapPort);
- } else {
- conn = new LDAPConnection(ldapUrl.getHost(), ldapPort, bindUserName, bindPassword);
- }
-
- if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
- SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
-
- ExtendedResult extendedResult = conn.processExtendedOperation(
- new StartTLSExtendedRequest(sslUtil.createSSLContext()));
-
- if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
- throw new LDAPException(extendedResult.getResultCode());
- }
- }
- return conn;
+ logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());
+ return null;
}
+
+ conn.connect(ldapHost, ldapPort);
+
+ if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {
+ SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
+ ExtendedResult extendedResult = conn.processExtendedOperation(
+ new StartTLSExtendedRequest(sslUtil.createSSLContext()));
+ if (extendedResult.getResultCode() != ResultCode.SUCCESS) {
+ throw new LDAPException(extendedResult.getResultCode());
+ }
+ }
+
+ if ( ! StringUtils.isEmpty(bindUserName) || ! StringUtils.isEmpty(bindPassword)) {
+ conn.bind(new SimpleBindRequest(bindUserName, bindPassword));
+ }
+
+ return conn;
+
} catch (URISyntaxException e) {
logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);
} catch (GeneralSecurityException e) {
--
Gitblit v1.9.1