Merge branch 'ldap-auth' into 'master'

Add support for LDAP manager and search New configuration settings have been implemented to allow additional LDAP environments: * `security.ldap.user-search-filter` * `security.ldap.user-search-base` * `security.ldap.manager-user-dn` * `security.ldap.manager-password` See merge request !12

Merge branch 'ldap-auth' into 'master'
Add support for LDAP manager and search New configuration settings have been implemented to allow additional LDAP environments: * `security.ldap.user-search-filter` * `security.ldap.user-search-base` * `security.ldap.manager-user-dn` * `security.ldap.manager-password` See merge request !12
e487c745 · Daniel Gerhardt · 3da8a3c9 · 966c736c · e487c745 · e487c745
Commit e487c745 authored 9 years ago by Daniel Gerhardt
--- a/src/main/java/de/thm/arsnova/config/SecurityConfig.java
+++ b/src/main/java/de/thm/arsnova/config/SecurityConfig.java
@@ -58,6 +58,7 @@ import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.security.ldap.authentication.BindAuthenticator;
 import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
 import org.springframework.security.ldap.authentication.LdapAuthenticator;
+import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;
 import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
 import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.security.web.AuthenticationEntryPoint;
@@ -98,7 +99,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements Serv
 	@Value("${security.ldap.enabled}") private boolean ldapEnabled;
 	@Value("${security.ldap.url}") private String ldapUrl;
-	@Value("${security.ldap.user-dn-pattern}") private String ldapUserDn;
+	@Value("${security.ldap.user-dn-pattern:}") private String ldapUserDn;
+	@Value("${security.ldap.user-search-base:}") private String ldapSearchBase;
+	@Value("${security.ldap.user-search-filter:}") private String ldapSearchFilter;
+	@Value("${security.ldap.manager-user-dn:}") private String ldapManagerUserDn;
+	@Value("${security.ldap.manager-password:}") private String ldapManagerPassword;
 	@Value("${security.cas.enabled}") private boolean casEnabled;
 	@Value("${security.cas-server-url}") private String casUrl;
@@ -254,8 +259,11 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements Serv
 	public LdapContextSource ldapContextSource() throws Exception {
 		DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(ldapUrl);
 		/* TODO: implement support for LDAP bind using manager credentials */
-//		contextSource.setUserDn(ldapManagerUserDn);
+		if (!"".equals(ldapManagerUserDn) && !"".equals(ldapManagerPassword)) {
-//		contextSource.setPassword(ldapManagerPassword);
+			logger.debug("ldapManagerUserDn: {}", ldapManagerUserDn);
+			contextSource.setUserDn(ldapManagerUserDn);
+			contextSource.setPassword(ldapManagerPassword);
+		}
 		return contextSource;
 	}
@@ -263,7 +271,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements Serv
 	@Bean
 	public LdapAuthenticator ldapAuthenticator() throws Exception {
 		BindAuthenticator authenticator = new BindAuthenticator(ldapContextSource());
-		authenticator.setUserDnPatterns(new String[] {ldapUserDn});
+		if (!"".equals(ldapSearchFilter)) {
+			logger.debug("ldapSearch: {} {}", ldapSearchBase, ldapSearchFilter);
+			authenticator.setUserSearch(new FilterBasedLdapUserSearch(ldapSearchBase, ldapSearchFilter, ldapContextSource()));
+		} else {
+			logger.debug("ldapUserDn: {}", ldapUserDn);
+			authenticator.setUserDnPatterns(new String[] {ldapUserDn});
+		}
 		return authenticator;
 	}

--- a/src/main/resources/arsnova.properties.example
+++ b/src/main/resources/arsnova.properties.example
@@ -110,11 +110,15 @@ security.ldap.title=LDAP
 security.ldap.login-dialog-path=login-ldap.html
 security.ldap.image=
 security.ldap.order=0
-security.ldap.url=ldap://example.com:33389/dc=example,dc=com
+security.ldap.url=ldaps://example.com:636/dc=example,dc=com
 security.ldap.user-dn-pattern=uid={0},ou=arsnova
-# Not yet implemented parameters
+# Set the following properties if you want to use LDAP search instead of binding
+# with a DN pattern
 #security.ldap.user-search-filter=(uid={0})
 #security.ldap.user-search-base="ou=people"
+# Configure the LDAP manager user if anonymous binding is not allowed
+#security.ldap.manager-user-dn=cn=arsnova-manager,dc=example,dc=com
+#security.ldap.manager-password=arsnova
 # CAS authentication
 #

--- a/src/test/resources/arsnova.properties.example
+++ b/src/test/resources/arsnova.properties.example
@@ -110,11 +110,15 @@ security.ldap.title=LDAP
 security.ldap.login-dialog-path=login-ldap.html
 security.ldap.image=
 security.ldap.order=0
-security.ldap.url=ldap://example.com:33389/dc=example,dc=com
+security.ldap.url=ldaps://example.com:636/dc=example,dc=com
 security.ldap.user-dn-pattern=uid={0},ou=arsnova
-# Not yet implemented parameters
+# Set the following properties if you want to use LDAP search instead of binding
+# with a DN pattern
 #security.ldap.user-search-filter=(uid={0})
 #security.ldap.user-search-base="ou=people"
+# Configure the LDAP manager user if anonymous binding is not allowed
+#security.ldap.manager-user-dn=cn=arsnova-manager,dc=example,dc=com
+#security.ldap.manager-password=arsnova
 # CAS authentication
 #