diff options
author | Christina Fu <cfu@redhat.com> | 2015-08-05 16:21:51 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2015-08-07 11:08:19 -0700 |
commit | c13593770108b6d683ab3d3b43b92d67ac64a1ef (patch) | |
tree | da650b5ee643edd5dc7381f20da4623b2a349adf /base/server/cmscore/src | |
parent | bcdbc1e2edd66c3506544f0c53f9db3c4fe375b0 (diff) | |
download | pki-c13593770108b6d683ab3d3b43b92d67ac64a1ef.tar.gz pki-c13593770108b6d683ab3d3b43b92d67ac64a1ef.tar.xz pki-c13593770108b6d683ab3d3b43b92d67ac64a1ef.zip |
Ticket 1531 Directory auth plugin requires LDAP anonymous binds
-
This patch adds a feature to allow a directory based authentication plugin
to use bound ldap conneciton instead of anonymous.
Two files need to be edited
1. <instance>/conf/password.conf
add a "tag" and the password of the binding user dn to the file
e.g. externalLDAP=password123
2. <instance>/ca/CS.cfg
add the tag to cms.passwordlist:
e.g. cms.passwordlist=internaldb,replicationdb,externalLDAP
add the authPrefix of the auths entry for the authentication instance
e.g. externalLDAP.authPrefix=auths.instance.UserDirEnrollment
add relevant entries to the authentication instance
e.g. auths.instance.UserDirEnrollment.ldap.ldapBoundConn=true
auths.instance.UserDirEnrollment.ldap.ldapauth.authtype=BasicAuth
auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=uid=rhcs,ou=serviceaccounts,dc=EXAMPLE,dc=com
auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=externalLDAP
Diffstat (limited to 'base/server/cmscore/src')
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java index fa2c8147f..467836bfc 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java @@ -331,6 +331,7 @@ public class CMSEngine implements ICMSEngine { } public void initializePasswordStore(IConfigStore config) throws EBaseException, IOException { + System.out.println("CMSEngine.initializePasswordStore() begins"); // create and initialize mPasswordStore getPasswordStore(); @@ -345,6 +346,7 @@ public class CMSEngine implements ICMSEngine { String binddn; String authType; LdapConnInfo connInfo = null; + System.out.println("CMSEngine.initializePasswordStore(): tag=" + tag); if (tag.equals("internaldb")) { authType = config.getString("internaldb.ldapauth.authtype", "BasicAuth"); @@ -382,8 +384,43 @@ public class CMSEngine implements ICMSEngine { binddn = config.getString("ca.publish.ldappublish.ldap.ldapauth.bindDN"); } else { - // ignore any others for now - continue; + /* + * This section assumes a generic format of + * <authPrefix>.ldap.xxx + * where <authPrefix> is specified under the tag substore + * + * e.g. if tag = "externalLDAP" + * cms.passwordlist=...,externalLDAP + * externalLDAP.authPrefix=auths.instance.UserDirEnrollment + * + * auths.instance.UserDirEnrollment.ldap.ldapauth.authtype=BasicAuth + * auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=cn=Corporate Directory Manager + * auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=externalLDAP + * auths.instance.UserDirEnrollment.ldap.ldapconn.host=host.example.com + * auths.instance.UserDirEnrollment.ldap.ldapconn.port=389 + * auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn=false + */ + String authPrefix = config.getString(tag + ".authPrefix", null); + if (authPrefix == null) { + System.out.println("CMSEngine.initializePasswordStore(): authPrefix not found...skipping"); + continue; + } + System.out.println("CMSEngine.initializePasswordStore(): authPrefix=" + authPrefix); + authType = config.getString(authPrefix +".ldap.ldapauth.authtype", "BasicAuth"); + System.out.println("CMSEngine.initializePasswordStore(): authType " + authType); + if (!authType.equals("BasicAuth")) + continue; + + connInfo = new LdapConnInfo( + config.getString(authPrefix + ".ldap.ldapconn.host"), + config.getInteger(authPrefix + ".ldap.ldapconn.port"), + config.getBoolean(authPrefix + ".ldap.ldapconn.secureConn")); + + binddn = config.getString(authPrefix + ".ldap.ldapauth.bindDN", null); + if (binddn == null) { + System.out.println("CMSEngine.initializePasswordStore(): binddn not found...skipping"); + continue; + } } do { |