Ticket 1531 Directory auth plugin requires LDAP anonymous binds

- This patch adds a feature to allow a directory based authentication plugin to use bound ldap conneciton instead of anonymous. Two files need to be edited 1. <instance>/conf/password.conf add a "tag" and the password of the binding user dn to the file e.g. externalLDAP=password123 2. <instance>/ca/CS.cfg add the tag to cms.passwordlist: e.g. cms.passwordlist=internaldb,replicationdb,externalLDAP add the authPrefix of the auths entry for the authentication instance e.g. externalLDAP.authPrefix=auths.instance.UserDirEnrollment add relevant entries to the authentication instance e.g. auths.instance.UserDirEnrollment.ldap.ldapBoundConn=true auths.instance.UserDirEnrollment.ldap.ldapauth.authtype=BasicAuth auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=uid=rhcs,ou=serviceaccounts,dc=EXAMPLE,dc=com auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=externalLDAP
author: Christina Fu <cfu@redhat.com> 2015-08-05 16:21:51 -0700
committer: Christina Fu <cfu@redhat.com> 2015-08-07 11:08:19 -0700
commit: c13593770108b6d683ab3d3b43b92d67ac64a1ef (patch)
tree: da650b5ee643edd5dc7381f20da4623b2a349adf /base/server/cmscore/src
parent: bcdbc1e2edd66c3506544f0c53f9db3c4fe375b0 (diff)
download: pki-c13593770108b6d683ab3d3b43b92d67ac64a1ef.tar.gz
pki-c13593770108b6d683ab3d3b43b92d67ac64a1ef.tar.xz
pki-c13593770108b6d683ab3d3b43b92d67ac64a1ef.zip
1 files changed, 39 insertions, 2 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
index fa2c8147f..467836bfc 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
@@ -331,6 +331,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void initializePasswordStore(IConfigStore config) throws EBaseException, IOException {
+        System.out.println("CMSEngine.initializePasswordStore() begins");
         // create and initialize mPasswordStore
         getPasswordStore();
 
@@ -345,6 +346,7 @@ public class CMSEngine implements ICMSEngine {
             String binddn;
             String authType;
             LdapConnInfo connInfo = null;
+            System.out.println("CMSEngine.initializePasswordStore(): tag=" + tag);
 
             if (tag.equals("internaldb")) {
                 authType = config.getString("internaldb.ldapauth.authtype", "BasicAuth");
@@ -382,8 +384,43 @@ public class CMSEngine implements ICMSEngine {
                 binddn = config.getString("ca.publish.ldappublish.ldap.ldapauth.bindDN");
 
             } else {
-                // ignore any others for now
-                continue;
+                /*
+                 * This section assumes a generic format of
+                 * <authPrefix>.ldap.xxx
+                 * where <authPrefix> is specified under the tag substore
+                 *
+                 * e.g.  if tag = "externalLDAP"
+                 *   cms.passwordlist=...,externalLDAP
+                 *   externalLDAP.authPrefix=auths.instance.UserDirEnrollment
+                 *
+                 *   auths.instance.UserDirEnrollment.ldap.ldapauth.authtype=BasicAuth
+                 *   auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=cn=Corporate Directory Manager
+                 *   auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=externalLDAP
+                 *   auths.instance.UserDirEnrollment.ldap.ldapconn.host=host.example.com
+                 *   auths.instance.UserDirEnrollment.ldap.ldapconn.port=389
+                 *   auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn=false
+                 */
+                String authPrefix = config.getString(tag + ".authPrefix", null);
+                if (authPrefix ==  null) {
+                    System.out.println("CMSEngine.initializePasswordStore(): authPrefix not found...skipping");
+                    continue;
+                }
+                System.out.println("CMSEngine.initializePasswordStore(): authPrefix=" + authPrefix);
+                authType = config.getString(authPrefix +".ldap.ldapauth.authtype", "BasicAuth");
+                System.out.println("CMSEngine.initializePasswordStore(): authType " + authType);
+                if (!authType.equals("BasicAuth"))
+                    continue;
+
+                connInfo = new LdapConnInfo(
+                        config.getString(authPrefix + ".ldap.ldapconn.host"),
+                        config.getInteger(authPrefix + ".ldap.ldapconn.port"),
+                        config.getBoolean(authPrefix + ".ldap.ldapconn.secureConn"));
+
+                binddn = config.getString(authPrefix + ".ldap.ldapauth.bindDN", null);
+                if (binddn == null) {
+                    System.out.println("CMSEngine.initializePasswordStore(): binddn not found...skipping");
+                    continue;
+                }
             }
 
             do {
author	Christina Fu <cfu@redhat.com>	2015-08-05 16:21:51 -0700
committer	Christina Fu <cfu@redhat.com>	2015-08-07 11:08:19 -0700
commit	c13593770108b6d683ab3d3b43b92d67ac64a1ef (patch)
tree	da650b5ee643edd5dc7381f20da4623b2a349adf /base/server/cmscore/src
parent	bcdbc1e2edd66c3506544f0c53f9db3c4fe375b0 (diff)
download	pki-c13593770108b6d683ab3d3b43b92d67ac64a1ef.tar.gz pki-c13593770108b6d683ab3d3b43b92d67ac64a1ef.tar.xz pki-c13593770108b6d683ab3d3b43b92d67ac64a1ef.zip