Added the ability to explicitedly configure the type of directory

back-ending a REALM and the ability to configure the search string that
should be utilized when performing a contextless login via the Pwd
Authenticate mechanism.

CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java

@@ -192,9 +192,12 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
             searchRoots = new String[] {""};
          }
 
+         // Check if a search string has been configured
+         String searchString = m_svcConfig.m_realmsInfo.getCntxtlessSearchString(authReqMsg.getRealm());
+         if (searchString == null)
+         {
             // Determine the search string to be utilized based on the type of directory
             // associated with the realm.
-         String searchString;
             String realmType = m_svcConfig.m_realmsInfo.getType(authReqMsg.getRealm());
             if (realmType != null)
             {
@@ -213,6 +216,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
                System.err.println("PwdAuthenticate.invoke()- Failed to obtain realm type for realm " + authReqMsg.getRealm());
                throw new Exception("Realm configuration error");
             }
+         }
 
          // Go through the search roots stopping if the identity is resolved.
          for (int i = 0; i < searchRoots.length && identId == null; i++)

CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/RealmsInfo.java

@@ -50,11 +50,12 @@ public class RealmsInfo
    // Internal constants
    private final static String RealmUrl = "Url";
    private final static String RealmType = "Type";
+   private final static String CntxtlessSearchString = "CntxtlessSearchString";
 
    /**
     * String returned by getType method for Active Directory realms.
     */
-   public final static String ActiveDirectoryRealm = "AD";
+   public final static String ActiveDirectoryRealm = "ActiveDir";
 
    /**
     * String returned by getType method for eDirectory realms.
@@ -94,6 +95,7 @@ public class RealmsInfo
             // We are dealing with a directory realm
             RealmInfo realmInfo = new RealmInfo();
             RealmTypeItem[] realmTypeItems = realm.getRealmTypeItem();
+            String principalName = null;
             for (int ii = 0; ii < realmTypeItems.length; ii++)
             {
                // Find the configure Proxy User Name for the realm and any configured
@@ -107,30 +109,8 @@ public class RealmsInfo
                      {
                         if (env[iii].getProp().compareToIgnoreCase("java.naming.security.principal") == 0)
                         {
-                           // We found the proxy user, now use it to determine whether or not
+                           // We found the proxy user name. Save it in case it is needed later.
-                           // we are dealing with an Active Directory Server.
+                           principalName = env[iii].getValue();
-                           //
-                           // Open a directory context and use it to read the "sAMAccountName"
-                           // users attribute which theoretically should only be valid on an AD
-                           // server.
-                           Hashtable env2 = new Hashtable();
-                           env2.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
-                           env2.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
-                           env2.put(Realm.REALM_SELECTOR, realm.getId());
-
-                           DirContext ctx = new InitialDirContext(env2);
-                           String[] attributesNeeded  = new String[1];
-                           attributesNeeded[0] = "sAMAccountName";
-                           Attributes attributes = ctx.getAttributes(env[iii].getValue(), attributesNeeded);
-                           NamingEnumeration ae = attributes.getAll();
-                           if (ae != null && ae.hasMore())
-                           {
-                              realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
-                           }
-                           else
-                           {
-                              realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
-                           }
                         }
                         else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.searchroot") == 0)
                         {
@@ -149,6 +129,29 @@ public class RealmsInfo
                               realmInfo.m_searchRoots = newSearchRoots;
                            }
                         }
+                        else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.directory_type") == 0)
+                        {
+                           // We are dealing with a directory type, decode it and record the result.
+                           String realmDirectoryType = env[iii].getValue();;
+                           if (realmDirectoryType.compareToIgnoreCase("eDir") == 0)
+                           {
+                              realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
+                           }
+                           else if (realmDirectoryType.compareToIgnoreCase("ActiveDirectory") == 0)
+                           {
+                              realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
+                           }
+                           else
+                           {
+                              // Ignore parameter
+                              System.err.println("RealmsInfo: Unknown directory type");
+                           }
+                        }
+                        else if (env[iii].getProp().compareToIgnoreCase("com.novell.casa.authtoksvc.contextless_search_string") == 0)
+                        {
+                           // We are dealing with the contextless search string, keep track of it.
+                           realmInfo.m_keyValueMap.put(CntxtlessSearchString, env[iii].getValue());
+                        }
                      }
                   }
                }
@@ -159,6 +162,44 @@ public class RealmsInfo
                }
             }
 
+            // Check if we must try to determine the directory type
+            if (realmInfo.m_keyValueMap.get(RealmType) == null)
+            {
+               // The directory type has not been determined, check if the proxy username was configured.
+               if (principalName != null)
+               {
+                  // The proxy user name was configured, use it to determine whether or not
+                  // we are dealing with an Active Directory Server.
+                  //
+                  // Open a directory context and use it to read the "sAMAccountName"
+                  // users attribute which theoretically should only be valid on an AD
+                  // server.
+                  Hashtable env = new Hashtable();
+                  env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory");
+                  env.put(Realm.REALM_CONFIG_LOCATION, realmConfigFilePath);
+                  env.put(Realm.REALM_SELECTOR, realm.getId());
+
+                  DirContext ctx = new InitialDirContext(env);
+                  String[] attributesNeeded  = new String[1];
+                  attributesNeeded[0] = "sAMAccountName";
+                  Attributes attributes = ctx.getAttributes(principalName, attributesNeeded);
+                  NamingEnumeration ae = attributes.getAll();
+                  if (ae != null && ae.hasMore())
+                  {
+                     realmInfo.m_keyValueMap.put(RealmType, ActiveDirectoryRealm);
+                  }
+                  else
+                  {
+                     realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
+                  }
+               }
+               else
+               {
+                  // The principal name was not configured, default to eDir.
+                  realmInfo.m_keyValueMap.put(RealmType, eDirectoryRealm);
+               }
+            }
+
             m_realmsMap.put(realm.getId(), realmInfo);
          }
       }
@@ -208,4 +249,19 @@ public class RealmsInfo
       else
          return null;
    }
+
+   /**
+    * Get Contexless Search String.
+    *
+    * @param realmId    Realm id.
+    * @return           ContextlessSearchString or null if no match found.
+    */
+   final String getCntxtlessSearchString(String realmId)
+   {
+      RealmInfo realmInfo = m_realmsMap.get(realmId);
+      if (realmInfo != null)
+         return realmInfo.m_keyValueMap.get(CntxtlessSearchString);
+      else
+         return null;
+   }
 }

CASA-auth-token/server-java/Svc/templates/iaRealms.xml

@@ -11,6 +11,7 @@
 		<bci:env prop="java.naming.security.principal" value="PROXY_USER_NAME"/>
 		<bci:env prop="java.naming.security.credentials" value="PROXY_USER_PW"/>
 		<bci:env prop="java.naming.referral" value="follow"/>>
+		<bci:env prop="com.novell.casa.authtoksvc.directory_type" value="eDir"/>
 		<bci:connection xsi:type="bci:LDAPConnector">
             <bci:address>ldaps://LDAP_HOST_NAME:LDAP_LISTEN_PORT</bci:address>
 		</bci:connection>

CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jan 22 16:10:36 MST 2007 - jluciani@novell.com
+
+- Added the ability to explicitedly configure the type of
+  directory back-ending a realm.
+
+- Added the ability to configure the search string that should
+  be utilized when performing contextless-login as part of
+  the Password authentication process.
+
 -------------------------------------------------------------------
 Fri Jan 19 16:30:03 MST 2007 - jluciani@novell.com