Skip to content

O
Openfire
Commit eb1c998e authored by Daniel Henninger's avatar Daniel Henninger Committed by dhenninger
Browse files
Options

[JM-1283] Added option to disable LDAP alias dereferencing. 

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10028 b35dd754-fafc-0310-a699-88a17e54d16e
parent f7bef075
Hide whitespace changes
Inline Side-by-side
Showing with 82 additions and 1 deletion
src/i18n/openfire_i18n_cs_CZ.properties
View file @ eb1c998e
......@@ -2307,3 +2307,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
security.audit.viewer.view_url.url=URL
sidebar.security-audit-viewer=Security Audit Viewer
sidebar.security-audit-viewer.descr=Click to view the security audit logs
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
src/i18n/openfire_i18n_de.properties
View file @ eb1c998e
......@@ -2293,3 +2293,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
security.audit.viewer.view_url.url=URL
sidebar.security-audit-viewer=Security Audit Viewer
sidebar.security-audit-viewer.descr=Click to view the security audit logs
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
src/i18n/openfire_i18n_en.properties
View file @ eb1c998e
......@@ -354,6 +354,10 @@
## Added key: 'security.audit.viewer.write_only'
## Added key: 'security.audit.viewer.view_url'
## Added key: 'security.audit.viewer.view_url.url'
##
## 3.6.0
## Added key: 'setup.ldap.server.alias_dereference'
## Added key: 'setup.ldap.server.alias_dereference_help'
# Openfire
......@@ -1706,6 +1710,8 @@ setup.ldap.server.debug=Enable Debug
setup.ldap.server.debug_help=Write trace information about LDAP connections to System.out
setup.ldap.server.referral=Follow Referrals
setup.ldap.server.referral_help=Automatically follow LDAP referrals when found
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
setup.ldap.server.test.error-auth=Error authenticating with the LDAP server. Check supplied credentials.
setup.ldap.server.test.error-connection=Error connecting to the LDAP server. Ensure that the directory \
......
src/i18n/openfire_i18n_es.properties
View file @ eb1c998e
......@@ -2344,3 +2344,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
security.audit.viewer.view_url.url=URL
sidebar.security-audit-viewer=Security Audit Viewer
sidebar.security-audit-viewer.descr=Click to view the security audit logs
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
src/i18n/openfire_i18n_fr.properties
View file @ eb1c998e
......@@ -1913,3 +1913,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
security.audit.viewer.view_url.url=URL
sidebar.security-audit-viewer=Security Audit Viewer
sidebar.security-audit-viewer.descr=Click to view the security audit logs
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
src/i18n/openfire_i18n_ja_JP.properties
View file @ eb1c998e
......@@ -2440,3 +2440,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
security.audit.viewer.view_url.url=URL
sidebar.security-audit-viewer=Security Audit Viewer
sidebar.security-audit-viewer.descr=Click to view the security audit logs
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
src/i18n/openfire_i18n_nl.properties
View file @ eb1c998e
......@@ -2304,3 +2304,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
security.audit.viewer.view_url.url=URL
sidebar.security-audit-viewer=Security Audit Viewer
sidebar.security-audit-viewer.descr=Click to view the security audit logs
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
src/i18n/openfire_i18n_pl_PL.properties
View file @ eb1c998e
......@@ -2273,3 +2273,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
security.audit.viewer.view_url.url=URL
sidebar.security-audit-viewer=Security Audit Viewer
sidebar.security-audit-viewer.descr=Click to view the security audit logs
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
src/i18n/openfire_i18n_pt_BR.properties
View file @ eb1c998e
......@@ -2307,3 +2307,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
security.audit.viewer.view_url.url=URL
sidebar.security-audit-viewer=Security Audit Viewer
sidebar.security-audit-viewer.descr=Click to view the security audit logs
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
src/i18n/openfire_i18n_zh_CN.properties
View file @ eb1c998e
......@@ -2084,3 +2084,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
security.audit.viewer.view_url.url=URL
sidebar.security-audit-viewer=Security Audit Viewer
sidebar.security-audit-viewer.descr=Click to view the security audit logs
setup.ldap.server.alias_dereference=Deference Aliases
setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
src/java/org/jivesoftware/openfire/ldap/LdapManager.java
View file @ eb1c998e
......@@ -57,6 +57,7 @@ import java.text.MessageFormat;
* <li>ldap.debugEnabled</li>
* <li>ldap.sslEnabled</li>
* <li>ldap.autoFollowReferrals</li>
* <li>ldap.autoFollowAliasReferrals</li>
* <li>ldap.initialContextFactory -- if this value is not specified,
* "com.sun.jndi.ldap.LdapCtxFactory" will be used.</li>
* <li>ldap.connectionPoolEnabled -- true if an LDAP connection pool should be used.
......@@ -144,6 +145,7 @@ public class LdapManager {
private boolean sslEnabled = false;
private String initialContextFactory;
private boolean followReferrals = false;
private boolean followAliasReferrals = true;
private boolean connectionPoolEnabled = true;
private String searchFilter = null;
private boolean subTreeSearch;
......@@ -281,6 +283,11 @@ public class LdapManager {
if (followReferralsStr != null) {
followReferrals = Boolean.valueOf(followReferralsStr);
}
followAliasReferrals = true;
String followAliasReferralsStr = properties.get("ldap.autoFollowAliasReferrals");
if (followAliasReferralsStr != null) {
followAliasReferrals = Boolean.valueOf(followAliasReferralsStr);
}
encloseUserDN = true;
String encloseUserStr = properties.get("ldap.encloseUserDN");
if (encloseUserStr != null) {
......@@ -330,6 +337,7 @@ public class LdapManager {
buf.append("\t initialContextFactory: ").append(initialContextFactory).append("\n");
buf.append("\t connectionPoolEnabled: ").append(connectionPoolEnabled).append("\n");
buf.append("\t autoFollowReferrals: ").append(followReferrals).append("\n");
buf.append("\t autoFollowAliasReferrals: ").append(followAliasReferrals).append("\n");
buf.append("\t groupNameField: ").append(groupNameField).append("\n");
buf.append("\t groupMemberField: ").append(groupMemberField).append("\n");
buf.append("\t groupDescriptionField: ").append(groupDescriptionField).append("\n");
......@@ -413,6 +421,9 @@ public class LdapManager {
if (followReferrals) {
env.put(Context.REFERRAL, "follow");
}
if (!followAliasReferrals) {
env.put("java.naming.ldap.derefAliases", "never");
}
if (debug) {
Log.debug("LdapManager: Created hashtable with context values, attempting to create context...");
......@@ -467,6 +478,9 @@ public class LdapManager {
if (followReferrals) {
env.put(Context.REFERRAL, "follow");
}
if (!followAliasReferrals) {
env.put("java.naming.ldap.derefAliases", "never");
}
if (debug) {
Log.debug("LdapManager: Created context values, attempting to create context...");
......@@ -511,6 +525,9 @@ public class LdapManager {
if (followReferrals) {
env.put(Context.REFERRAL, "follow");
}
if (!followAliasReferrals) {
env.put("java.naming.ldap.derefAliases", "never");
}
if (debug) {
Log.debug("LdapManager: Created context values, attempting to create context...");
}
......@@ -983,6 +1000,8 @@ public class LdapManager {
/**
* Returns the suffix appended to the username when LDAP lookups are performed.
* By default this is "".
*
* @return the suffix appened to usernames when LDAP lookups are performed.
*/
public String getUsernameSuffix() {
return usernameSuffix;
......@@ -1314,6 +1333,25 @@ public class LdapManager {
properties.put("ldap.autoFollowReferrals", String.valueOf(followReferrals));
}
/**
* Returns true if LDAP alias referrals will automatically be followed when found.
*
* @return true if LDAP alias referrals are automatically followed.
*/
public boolean isFollowAliasReferralsEnabled() {
return followAliasReferrals;
}
/**
* Sets whether LDAP alias referrals should be automatically followed.
*
* @param followAliasReferrals true if LDAP alias referrals should be automatically followed.
*/
public void setFollowAliasReferralsEnabled(boolean followAliasReferrals) {
this.followAliasReferrals = followAliasReferrals;
properties.put("ldap.autoFollowAliasReferrals", String.valueOf(followAliasReferrals));
}
/**
* Returns the field name used for groups.
* Value of groupNameField defaults to "cn".
......
src/web/setup/ldap-server.jspf
View file @ eb1c998e
......@@ -15,6 +15,7 @@
boolean sslEnabled = false;
boolean debugEnabled = false;
boolean referralsEnabled = false;
boolean aliasReferralsEnabled = true;
// Get parameters
boolean save = request.getParameter("save") != null;
......@@ -43,6 +44,7 @@
sslEnabled = ParamUtils.getBooleanParameter(request, "ssl", sslEnabled);
debugEnabled = ParamUtils.getBooleanParameter(request, "debug", debugEnabled);
referralsEnabled = ParamUtils.getBooleanParameter(request, "referrals", referralsEnabled);
aliasReferralsEnabled = ParamUtils.getBooleanParameter(request, "aliasreferrals", aliasReferralsEnabled);
if (errors.isEmpty()) {
// Store settings in a map and keep it in the session
......@@ -58,6 +60,7 @@
settings.put("ldap.sslEnabled", Boolean.toString(sslEnabled));
settings.put("ldap.debugEnabled", Boolean.toString(debugEnabled));
settings.put("ldap.autoFollowReferrals", Boolean.toString(referralsEnabled));
settings.put("ldap.autoFollowAliasReferrals", Boolean.toString(aliasReferralsEnabled));
// Always disable connection pooling so that connections aren't left hanging open.
settings.put("ldap.connectionPoolEnabled", "false");
session.setAttribute("ldapSettings", settings);
......@@ -78,6 +81,7 @@
manager.setSslEnabled(sslEnabled);
manager.setDebugEnabled(debugEnabled);
manager.setFollowReferralsEnabled(referralsEnabled);
manager.setFollowAliasReferralsEnabled(aliasReferralsEnabled);
// Redirect to next step.
response.sendRedirect(nextPage);
......@@ -102,6 +106,7 @@
sslEnabled = manager.isSslEnabled();
debugEnabled = manager.isDebugEnabled();
referralsEnabled = manager.isFollowReferralsEnabled();
aliasReferralsEnabled = manager.isFollowAliasReferralsEnabled();
}
%>
<html>
......@@ -293,7 +298,21 @@
<input type="radio" name="referrals" value="false" <% if (!referralsEnabled) { %>checked <% } %>>
</td>
</tr>
</tbody>
<tr>
<td class="jive-advancedLabel" nowrap>
<fmt:message key="setup.ldap.server.alias_dereference" />:
</td>
<td class="jive-advancedDesc jive-advancedBorderBottom jive-advancedBorderRight">
<fmt:message key="setup.ldap.server.alias_dereference_help" />
</td>
<td class="jive-advancedBorderBottom jive-advancedBorderRight" align="center">
<input type="radio" name="aliasreferrals" value="true" <% if (aliasReferralsEnabled) { %>checked <% } %>>
</td>
<td class="jive-advancedBorderBottom" align="center">
<input type="radio" name="aliasreferrals" value="false" <% if (!aliasReferralsEnabled) { %>checked <% } %>>
</td>
</tr>
</tbody>
</table>
</div>
</div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023