From c13593770108b6d683ab3d3b43b92d67ac64a1ef Mon Sep 17 00:00:00 2001 From: Christina Fu Date: Wed, 5 Aug 2015 16:21:51 -0700 Subject: Ticket 1531 Directory auth plugin requires LDAP anonymous binds - This patch adds a feature to allow a directory based authentication plugin to use bound ldap conneciton instead of anonymous. Two files need to be edited 1. /conf/password.conf add a "tag" and the password of the binding user dn to the file e.g. externalLDAP=password123 2. /ca/CS.cfg add the tag to cms.passwordlist: e.g. cms.passwordlist=internaldb,replicationdb,externalLDAP add the authPrefix of the auths entry for the authentication instance e.g. externalLDAP.authPrefix=auths.instance.UserDirEnrollment add relevant entries to the authentication instance e.g. auths.instance.UserDirEnrollment.ldap.ldapBoundConn=true auths.instance.UserDirEnrollment.ldap.ldapauth.authtype=BasicAuth auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=uid=rhcs,ou=serviceaccounts,dc=EXAMPLE,dc=com auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=externalLDAP --- .../src/com/netscape/cmscore/apps/CMSEngine.java | 41 ++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) (limited to 'base/server/cmscore/src/com/netscape/cmscore') diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java index fa2c8147f..467836bfc 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java +++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java @@ -331,6 +331,7 @@ public class CMSEngine implements ICMSEngine { } public void initializePasswordStore(IConfigStore config) throws EBaseException, IOException { + System.out.println("CMSEngine.initializePasswordStore() begins"); // create and initialize mPasswordStore getPasswordStore(); @@ -345,6 +346,7 @@ public class CMSEngine implements ICMSEngine { String binddn; String authType; LdapConnInfo connInfo = null; + System.out.println("CMSEngine.initializePasswordStore(): tag=" + tag); if (tag.equals("internaldb")) { authType = config.getString("internaldb.ldapauth.authtype", "BasicAuth"); @@ -382,8 +384,43 @@ public class CMSEngine implements ICMSEngine { binddn = config.getString("ca.publish.ldappublish.ldap.ldapauth.bindDN"); } else { - // ignore any others for now - continue; + /* + * This section assumes a generic format of + * .ldap.xxx + * where is specified under the tag substore + * + * e.g. if tag = "externalLDAP" + * cms.passwordlist=...,externalLDAP + * externalLDAP.authPrefix=auths.instance.UserDirEnrollment + * + * auths.instance.UserDirEnrollment.ldap.ldapauth.authtype=BasicAuth + * auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=cn=Corporate Directory Manager + * auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=externalLDAP + * auths.instance.UserDirEnrollment.ldap.ldapconn.host=host.example.com + * auths.instance.UserDirEnrollment.ldap.ldapconn.port=389 + * auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn=false + */ + String authPrefix = config.getString(tag + ".authPrefix", null); + if (authPrefix == null) { + System.out.println("CMSEngine.initializePasswordStore(): authPrefix not found...skipping"); + continue; + } + System.out.println("CMSEngine.initializePasswordStore(): authPrefix=" + authPrefix); + authType = config.getString(authPrefix +".ldap.ldapauth.authtype", "BasicAuth"); + System.out.println("CMSEngine.initializePasswordStore(): authType " + authType); + if (!authType.equals("BasicAuth")) + continue; + + connInfo = new LdapConnInfo( + config.getString(authPrefix + ".ldap.ldapconn.host"), + config.getInteger(authPrefix + ".ldap.ldapconn.port"), + config.getBoolean(authPrefix + ".ldap.ldapconn.secureConn")); + + binddn = config.getString(authPrefix + ".ldap.ldapauth.bindDN", null); + if (binddn == null) { + System.out.println("CMSEngine.initializePasswordStore(): binddn not found...skipping"); + continue; + } } do { -- cgit