Commits

Stanisław Pitucha  committed e5fb315

add basic group support to the ldap plugin

  • Participants
  • Parent commits a7805b9

Comments (0)

Files changed (3)

File plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPAuthenticationHandler.java

 import sonia.scm.util.AssertUtil;
 import sonia.scm.web.security.AuthenticationHandler;
 import sonia.scm.web.security.AuthenticationResult;
+import sonia.scm.web.security.AuthenticationState;
 
 //~--- JDK imports ------------------------------------------------------------
 
 
 import java.text.MessageFormat;
 
+import java.util.HashSet;
 import java.util.Properties;
+import java.util.Set;
 
 import javax.naming.Context;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
       searchControls.setCountLimit(1);
       searchControls.setReturningAttributes(new String[] {
         config.getAttributeNameId(),
-        config.getAttributeNameFullname(), config.getAttributeNameMail() });
+        config.getAttributeNameFullname(), config.getAttributeNameMail(),
+        config.getAttributeNameGroup() });
 
       String filter = MessageFormat.format(config.getSearchFilter(), username);
       String baseDn = config.getUnitPeople() + "," + config.getBaseDn();
                 (String) userAttributes.get(
                   config.getAttributeNameMail()).get());
             user.setType(TYPE);
-            result = new AuthenticationResult(user);
+            
+            Set<String> userGroups = getGroups(userAttributes);
+            user.setAdmin(isAdmin(userGroups, user));
+            result = new AuthenticationResult(user, userGroups);
           }
           catch (NamingException ex)
           {
     return result;
   }
 
+  private Set<String> getGroups(Attributes userAttributes) throws NamingException {
+    Set<String> groups = new HashSet<String>();
+    
+    Attribute groupsAttribute = userAttributes.get(config.getAttributeNameGroup());
+    if (groupsAttribute != null) {
+      NamingEnumeration<?> userGroups = (NamingEnumeration<?>) groupsAttribute.getAll();
+      while (userGroups.hasMore())
+        groups.add((String) userGroups.next());
+
+      userGroups.close();
+    } else {
+      logger.info("user has no groups assigned");
+    }
+    return groups;
+  }
+
+  private boolean isAdmin(Set<String> userGroups, User user) throws NamingException {
+    Set<String> adminGroups = config.getAdminGroupSet();
+    for (String group : userGroups)
+      if (adminGroups.contains(group))
+        return true;
+    
+    Set<String> adminUsers = config.getAdminUserSet();
+    if (adminUsers.contains(user.getName()))
+      return true;
+
+    return false;
+  }
+
   /**
    * Method description
    *

File plugins/scm-auth-ldap-plugin/src/main/java/sonia/scm/auth/ldap/LDAPConfig.java

     return attributeNameMail;
   }
 
+  public String getAttributeNameGroup() {
+    return attributeNameGroup;
+  }
+
   /**
    * Method description
    *
   /** Field description */
   @XmlElement(name = "attribute-name-mail")
   private String attributeNameMail = "mail";
+  
+  @XmlElement(name = "attribute-name-group")
+  private String attributeNameGroup = "group";
 
   /** Field description */
   @XmlElement(name = "base-dn")

File plugins/scm-auth-ldap-plugin/src/main/resources/sonia/scm/auth/ldap/sonia.ldap.js

   }
   ,{
     xtype : 'textfield',
+    fieldLabel : 'Group Attribute Name',
+    name : 'attribute-name-group',
+    allowBlank : true
+  }
+  ,{
+    xtype : 'textfield',
     fieldLabel : 'Base DN',
     name : 'base-dn',
     allowBlank : true