Add support for an LDAP manager user

ec1b4afc · Daniel Gerhardt · 3da8a3c9 · ec1b4afc · ec1b4afc · ec1b4afc
Commit ec1b4afc authored 9 years ago by Daniel Gerhardt
--- a/src/main/java/de/thm/arsnova/config/SecurityConfig.java
+++ b/src/main/java/de/thm/arsnova/config/SecurityConfig.java
@@ -98,7 +98,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements Serv

 	@Value("${security.ldap.enabled}") private boolean ldapEnabled;
 	@Value("${security.ldap.url}") private String ldapUrl;
-	@Value("${security.ldap.user-dn-pattern}") private String ldapUserDn;
+	@Value("${security.ldap.user-dn-pattern:}") private String ldapUserDn;
+	@Value("${security.ldap.manager-user-dn:}") private String ldapManagerUserDn;
+	@Value("${security.ldap.manager-password:}") private String ldapManagerPassword;

 	@Value("${security.cas.enabled}") private boolean casEnabled;
 	@Value("${security.cas-server-url}") private String casUrl;
@@ -254,8 +256,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements Serv
 	public LdapContextSource ldapContextSource() throws Exception {
 		DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(ldapUrl);
 		/* TODO: implement support for LDAP bind using manager credentials */
-//		contextSource.setUserDn(ldapManagerUserDn);
-//		contextSource.setPassword(ldapManagerPassword);
+		if (!"".equals(ldapManagerUserDn) && !"".equals(ldapManagerPassword)) {
+			contextSource.setUserDn(ldapManagerUserDn);
+			contextSource.setPassword(ldapManagerPassword);
+		}

 		return contextSource;
 	}

--- a/src/main/resources/arsnova.properties.example
+++ b/src/main/resources/arsnova.properties.example
@@ -112,9 +112,9 @@ security.ldap.image=
 security.ldap.order=0
 security.ldap.url=ldap://example.com:33389/dc=example,dc=com
 security.ldap.user-dn-pattern=uid={0},ou=arsnova
-# Not yet implemented parameters
-#security.ldap.user-search-filter=(uid={0})
-#security.ldap.user-search-base="ou=people"
+# Configure the LDAP manager user if anonymous binding is not allowed
+#security.ldap.manager-user-dn=cn=arsnova-manager,dc=example,dc=com
+#security.ldap.manager-password=arsnova

 # CAS authentication
 #

--- a/src/test/resources/arsnova.properties.example
+++ b/src/test/resources/arsnova.properties.example
@@ -112,9 +112,9 @@ security.ldap.image=
 security.ldap.order=0
 security.ldap.url=ldap://example.com:33389/dc=example,dc=com
 security.ldap.user-dn-pattern=uid={0},ou=arsnova
-# Not yet implemented parameters
-#security.ldap.user-search-filter=(uid={0})
-#security.ldap.user-search-base="ou=people"
+# Configure the LDAP manager user if anonymous binding is not allowed
+#security.ldap.manager-user-dn=cn=arsnova-manager,dc=example,dc=com
+#security.ldap.manager-password=arsnova

 # CAS authentication
 #