diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
index 6c9daedb..256aaa58 100644
--- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
+++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
@@ -192,27 +192,31 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
searchRoots = new String[] {""};
}
- // Determine the search string to be utilized based on the type of directory
- // associated with the realm.
- String searchString;
- String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm());
- if (realmType != null)
+ // Check if a search string has been configured
+ String searchString = m_svcConfig.m_realmsInfo.getCntxtlessSearchString(authReqMsg.getRealm());
+ if (searchString == null)
{
- if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0)
- searchString = "(cn={0})";
- else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0)
- searchString = "(sAMAccountName={0})";
+ // Determine the search string to be utilized based on the type of directory
+ // associated with the realm.
+ String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm());
+ if (realmType != null)
+ {
+ if (realmType.compareToIgnoreCase(RealmsInfo.eDirectoryRealm) == 0)
+ searchString = "(cn={0})";
+ else if (realmType.compareToIgnoreCase(RealmsInfo.ActiveDirectoryRealm) == 0)
+ searchString = "(sAMAccountName={0})";
+ else
+ {
+ System.err.println("PwdAuthenticate.invoke()- Unsupported realm type " + realmType);
+ throw new Exception("Realm configuration error");
+ }
+ }
else
{
- System.err.println("PwdAuthenticate.invoke()- Unsupported realm type " + realmType);
+ System.err.println("PwdAuthenticate.invoke()- Failed to obtain realm type for realm " + authReqMsg.getRealm());
throw new Exception("Realm configuration error");
}
}
- else
- {
- System.err.println("PwdAuthenticate.invoke()- Failed to obtain realm type for realm " + authReqMsg.getRealm());
- throw new Exception("Realm configuration error");
- }
// Go through the search roots stopping if the identity is resolved.
for (int i = 0; i < searchRoots.length && identId == null; i++)
diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java
index adf6bcbc..9349be69 100644
--- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java
+++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java
@@ -50,11 +50,12 @@ public class RealmsInfo
// Internal constants
private final static String RealmUrl = "Url";
private final static String RealmType = "Type";
+ private final static String CntxtlessSearchString = "CntxtlessSearchString";
/**
* String returned by getType method for Active Directory realms.
*/
- public final static String ActiveDirectoryRealm = "AD";
+ public final static String ActiveDirectoryRealm = "ActiveDir";
/**
* String returned by getType method for eDirectory realms.
@@ -94,6 +95,7 @@ public class RealmsInfo
// We are dealing with a directory realm
RealmInfo realmInfo = new RealmInfo();
RealmTypeItem[] realmTypeItems = realm.getRealmTypeItem();
+ String principalName = null;
for (int ii = 0; ii < realmTypeItems.length; ii++)
{
// Find the configure Proxy User Name for the realm and any configured
@@ -107,30 +109,8 @@ public class RealmsInfo
{
if (env[iii].getProp().compareToIgnoreCase("java.naming.security.principal") == 0)
{
- // We found the proxy user, now use it to determine whether or not
- // we are dealing with an Active Directory Server.
- //
- // Open a directory context and use it to read the "sAMAccountName"
- // users attribute which theoretically should only be valid on an AD
- // server.
- Hashtable env2 = new Hashtable();
- env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
- env2.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
- env2.put(Realm.REALM_SELECTOR, realm.getId());
-
- DirContext ctx = new InitialDirContext(env2);
- String[] attributesNeeded = new String[1];
- attributesNeeded[0] = "sAMAccountName";
- Attributes attributes = ctx.getAttributes(env[iii].getValue(), attributesNeeded);
- NamingEnumeration ae = attributes.getAll();
- if (ae != null && ae.hasMore())
- {
- realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
- }
- else
- {
- realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
- }
+ // We found the proxy user name. Save it in case it is needed later.
+ principalName = env[iii].getValue();
}
else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.searchroot") == 0)
{
@@ -149,6 +129,29 @@ public class RealmsInfo
realmInfo.m_searchRoots = newSearchRoots;
}
}
+ else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.directory_type") == 0)
+ {
+ // We are dealing with a directory type, decode it and record the result.
+ String realmDirectoryType = env[iii].getValue();;
+ if (realmDirectoryType.compareToIgnoreCase("eDir") == 0)
+ {
+ realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
+ }
+ else if (realmDirectoryType.compareToIgnoreCase("ActiveDirectory") == 0)
+ {
+ realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
+ }
+ else
+ {
+ // Ignore parameter
+ System.err.println("RealmsInfo: Unknown directory type");
+ }
+ }
+ else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string") == 0)
+ {
+ // We are dealing with the contextless search string, keep track of it.
+ realmInfo.m_keyValueMap.put(CntxtlessSearchString, env[iii].getValue());
+ }
}
}
}
@@ -159,6 +162,44 @@ public class RealmsInfo
}
}
+ // Check if we must try to determine the directory type
+ if (realmInfo.m_keyValueMap.get(RealmType) == null)
+ {
+ // The directory type has not been determined, check if the proxy username was configured.
+ if (principalName != null)
+ {
+ // The proxy user name was configured, use it to determine whether or not
+ // we are dealing with an Active Directory Server.
+ //
+ // Open a directory context and use it to read the "sAMAccountName"
+ // users attribute which theoretically should only be valid on an AD
+ // server.
+ Hashtable env = new Hashtable();
+ env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
+ env.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
+ env.put(Realm.REALM_SELECTOR, realm.getId());
+
+ DirContext ctx = new InitialDirContext(env);
+ String[] attributesNeeded = new String[1];
+ attributesNeeded[0] = "sAMAccountName";
+ Attributes attributes = ctx.getAttributes(principalName, attributesNeeded);
+ NamingEnumeration ae = attributes.getAll();
+ if (ae != null && ae.hasMore())
+ {
+ realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
+ }
+ else
+ {
+ realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
+ }
+ }
+ else
+ {
+ // The principal name was not configured, default to eDir.
+ realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
+ }
+ }
+
m_realmsMap.put(realm.getId(), realmInfo);
}
}
@@ -208,4 +249,19 @@ public class RealmsInfo
else
return null;
}
+
+ /**
+ * Get Contexless Search String.
+ *
+ * @param realmId Realm id.
+ * @return ContextlessSearchString or null if no match found.
+ */
+ final String getCntxtlessSearchString(String realmId)
+ {
+ RealmInfo realmInfo = m_realmsMap.get(realmId);
+ if (realmInfo != null)
+ return realmInfo.m_keyValueMap.get(CntxtlessSearchString);
+ else
+ return null;
+ }
}
diff --git a/CASA-auth-token/server-java/Svc/templates/iaRealms.xml b/CASA-auth-token/server-java/Svc/templates/iaRealms.xml
index 9b54ded6..a783be9d 100644
--- a/CASA-auth-token/server-java/Svc/templates/iaRealms.xml
+++ b/CASA-auth-token/server-java/Svc/templates/iaRealms.xml
@@ -11,8 +11,9 @@
>
+
- ldaps://LDAP_HOST_NAME:LDAP_LISTEN_PORT
+ ldaps://LDAP_HOST_NAME:LDAP_LISTEN_PORT
diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
index 9970900a..c9ed57b1 100644
--- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
+++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jan 22 16:10:36 MST 2007 - jluciani@novell.com
+
+- Added the ability to explicitedly configure the type of
+ directory back-ending a realm.
+
+- Added the ability to configure the search string that should
+ be utilized when performing contextless-login as part of
+ the Password authentication process.
+
-------------------------------------------------------------------
Fri Jan 19 16:30:03 MST 2007 - jluciani@novell.com