[JM-1283] Added option to disable LDAP alias dereferencing.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10028 b35dd754-fafc-0310-a699-88a17e54d16e

[JM-1283] Added option to disable LDAP alias dereferencing.
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10028 b35dd754-fafc-0310-a699-88a17e54d16e
eb1c998e · Daniel Henninger · dhenninger · f7bef075 · eb1c998e · eb1c998e
Commit eb1c998e authored Feb 29, 2008 by Daniel Henninger Committed by dhenninger Feb 29, 2008
12 changed files
--- a/src/i18n/openfire_i18n_cs_CZ.properties
+++ b/src/i18n/openfire_i18n_cs_CZ.properties
@@ -2307,3 +2307,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
 security.audit.viewer.view_url.url=URL
 sidebar.security-audit-viewer=Security Audit Viewer
 sidebar.security-audit-viewer.descr=Click to view the security audit logs
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
--- a/src/i18n/openfire_i18n_de.properties
+++ b/src/i18n/openfire_i18n_de.properties
@@ -2293,3 +2293,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
 security.audit.viewer.view_url.url=URL
 sidebar.security-audit-viewer=Security Audit Viewer
 sidebar.security-audit-viewer.descr=Click to view the security audit logs
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
--- a/src/i18n/openfire_i18n_en.properties
+++ b/src/i18n/openfire_i18n_en.properties
@@ -354,6 +354,10 @@
 ##      Added key: 'security.audit.viewer.write_only'
 ##      Added key: 'security.audit.viewer.view_url'
 ##      Added key: 'security.audit.viewer.view_url.url'
+##
+## 3.6.0
+##      Added key: 'setup.ldap.server.alias_dereference'
+##      Added key: 'setup.ldap.server.alias_dereference_help'
 # Openfire
@@ -1706,6 +1710,8 @@ setup.ldap.server.debug=Enable Debug
 setup.ldap.server.debug_help=Write trace information about LDAP connections to System.out
 setup.ldap.server.referral=Follow Referrals
 setup.ldap.server.referral_help=Automatically follow LDAP referrals when found
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
 setup.ldap.server.test.error-auth=Error authenticating with the LDAP server. Check supplied credentials.
 setup.ldap.server.test.error-connection=Error connecting to the LDAP server. Ensure that the directory \

--- a/src/i18n/openfire_i18n_es.properties
+++ b/src/i18n/openfire_i18n_es.properties
@@ -2344,3 +2344,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
 security.audit.viewer.view_url.url=URL
 sidebar.security-audit-viewer=Security Audit Viewer
 sidebar.security-audit-viewer.descr=Click to view the security audit logs
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
--- a/src/i18n/openfire_i18n_fr.properties
+++ b/src/i18n/openfire_i18n_fr.properties
@@ -1913,3 +1913,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
 security.audit.viewer.view_url.url=URL
 sidebar.security-audit-viewer=Security Audit Viewer
 sidebar.security-audit-viewer.descr=Click to view the security audit logs
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
--- a/src/i18n/openfire_i18n_ja_JP.properties
+++ b/src/i18n/openfire_i18n_ja_JP.properties
@@ -2440,3 +2440,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
 security.audit.viewer.view_url.url=URL
 sidebar.security-audit-viewer=Security Audit Viewer
 sidebar.security-audit-viewer.descr=Click to view the security audit logs
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
--- a/src/i18n/openfire_i18n_nl.properties
+++ b/src/i18n/openfire_i18n_nl.properties
@@ -2304,3 +2304,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
 security.audit.viewer.view_url.url=URL
 sidebar.security-audit-viewer=Security Audit Viewer
 sidebar.security-audit-viewer.descr=Click to view the security audit logs
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
--- a/src/i18n/openfire_i18n_pl_PL.properties
+++ b/src/i18n/openfire_i18n_pl_PL.properties
@@ -2273,3 +2273,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
 security.audit.viewer.view_url.url=URL
 sidebar.security-audit-viewer=Security Audit Viewer
 sidebar.security-audit-viewer.descr=Click to view the security audit logs
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
--- a/src/i18n/openfire_i18n_pt_BR.properties
+++ b/src/i18n/openfire_i18n_pt_BR.properties
@@ -2307,3 +2307,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
 security.audit.viewer.view_url.url=URL
 sidebar.security-audit-viewer=Security Audit Viewer
 sidebar.security-audit-viewer.descr=Click to view the security audit logs
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
--- a/src/i18n/openfire_i18n_zh_CN.properties
+++ b/src/i18n/openfire_i18n_zh_CN.properties
@@ -2084,3 +2084,5 @@ security.audit.viewer.view_url=The following URL refers to where you can view th
 security.audit.viewer.view_url.url=URL
 sidebar.security-audit-viewer=Security Audit Viewer
 sidebar.security-audit-viewer.descr=Click to view the security audit logs
+setup.ldap.server.alias_dereference=Deference Aliases
+setup.ldap.server.alias_dereference_help=Automatically deference LDAP aliases when found
--- a/src/java/org/jivesoftware/openfire/ldap/LdapManager.java
+++ b/src/java/org/jivesoftware/openfire/ldap/LdapManager.java
@@ -57,6 +57,7 @@ import java.text.MessageFormat;
 *      <li>ldap.debugEnabled</li>
 *      <li>ldap.sslEnabled</li>
 *      <li>ldap.autoFollowReferrals</li>
+ *      <li>ldap.autoFollowAliasReferrals</li>
 *      <li>ldap.initialContextFactory --  if this value is not specified,
 *          "com.sun.jndi.ldap.LdapCtxFactory" will be used.</li>
 *      <li>ldap.connectionPoolEnabled -- true if an LDAP connection pool should be used.
@@ -144,6 +145,7 @@ public class LdapManager {
    private boolean sslEnabled = false;
    private String initialContextFactory;
    private boolean followReferrals = false;
+    private boolean followAliasReferrals = true;
    private boolean connectionPoolEnabled = true;
    private String searchFilter = null;
    private boolean subTreeSearch;
@@ -281,6 +283,11 @@ public class LdapManager {
        if (followReferralsStr != null) {
            followReferrals = Boolean.valueOf(followReferralsStr);
        }
+        followAliasReferrals = true;
+        String followAliasReferralsStr = properties.get("ldap.autoFollowAliasReferrals");
+        if (followAliasReferralsStr != null) {
+            followAliasReferrals = Boolean.valueOf(followAliasReferralsStr);
+        }
        encloseUserDN = true;
        String encloseUserStr = properties.get("ldap.encloseUserDN");
        if (encloseUserStr != null) {
@@ -330,6 +337,7 @@ public class LdapManager {
        buf.append("\t initialContextFactory: ").append(initialContextFactory).append("\n");
        buf.append("\t connectionPoolEnabled: ").append(connectionPoolEnabled).append("\n");
        buf.append("\t autoFollowReferrals: ").append(followReferrals).append("\n");
+        buf.append("\t autoFollowAliasReferrals: ").append(followAliasReferrals).append("\n");
        buf.append("\t groupNameField: ").append(groupNameField).append("\n");
        buf.append("\t groupMemberField: ").append(groupMemberField).append("\n");
        buf.append("\t groupDescriptionField: ").append(groupDescriptionField).append("\n");
@@ -413,6 +421,9 @@ public class LdapManager {
        if (followReferrals) {
            env.put(Context.REFERRAL, "follow");
        }
+        if (!followAliasReferrals) {
+            env.put("java.naming.ldap.derefAliases", "never");
+        }
        if (debug) {
            Log.debug("LdapManager: Created hashtable with context values, attempting to create context...");
@@ -467,6 +478,9 @@ public class LdapManager {
            if (followReferrals) {
                env.put(Context.REFERRAL, "follow");
            }
+            if (!followAliasReferrals) {
+                env.put("java.naming.ldap.derefAliases", "never");
+            }
            if (debug) {
                Log.debug("LdapManager: Created context values, attempting to create context...");
@@ -511,6 +525,9 @@ public class LdapManager {
                    if (followReferrals) {
                        env.put(Context.REFERRAL, "follow");
                    }
+                    if (!followAliasReferrals) {
+                        env.put("java.naming.ldap.derefAliases", "never");
+                    }
                    if (debug) {
                        Log.debug("LdapManager: Created context values, attempting to create context...");
                    }
@@ -983,6 +1000,8 @@ public class LdapManager {
    /**
     * Returns the suffix appended to the username when LDAP lookups are performed.
     * By default this is "".
+     *
+     * @return the suffix appened to usernames when LDAP lookups are performed.
     */
    public String getUsernameSuffix() {
        return usernameSuffix;
@@ -1314,6 +1333,25 @@ public class LdapManager {
        properties.put("ldap.autoFollowReferrals", String.valueOf(followReferrals));
    }
+    /**
+     * Returns true if LDAP alias referrals will automatically be followed when found.
+     *
+     * @return true if LDAP alias referrals are automatically followed.
+     */
+    public boolean isFollowAliasReferralsEnabled() {
+        return followAliasReferrals;
+    }
+    /**
+     * Sets whether LDAP alias referrals should be automatically followed.
+     *
+     * @param followAliasReferrals true if LDAP alias referrals should be automatically followed.
+     */
+    public void setFollowAliasReferralsEnabled(boolean followAliasReferrals) {
+        this.followAliasReferrals = followAliasReferrals;
+        properties.put("ldap.autoFollowAliasReferrals", String.valueOf(followAliasReferrals));
+    }
    /**
     * Returns the field name used for groups.
     * Value of groupNameField defaults to "cn".

--- a/src/web/setup/ldap-server.jspf
+++ b/src/web/setup/ldap-server.jspf
@@ -15,6 +15,7 @@
    boolean sslEnabled = false;
    boolean debugEnabled = false;
    boolean referralsEnabled = false;
+    boolean aliasReferralsEnabled = true;
    // Get parameters
    boolean save = request.getParameter("save") != null;
@@ -43,6 +44,7 @@
        sslEnabled = ParamUtils.getBooleanParameter(request, "ssl", sslEnabled);
        debugEnabled = ParamUtils.getBooleanParameter(request, "debug", debugEnabled);
        referralsEnabled = ParamUtils.getBooleanParameter(request, "referrals", referralsEnabled);
+        aliasReferralsEnabled = ParamUtils.getBooleanParameter(request, "aliasreferrals", aliasReferralsEnabled);
        if (errors.isEmpty()) {
            // Store settings in a map and keep it in the session
@@ -58,6 +60,7 @@
            settings.put("ldap.sslEnabled", Boolean.toString(sslEnabled));
            settings.put("ldap.debugEnabled", Boolean.toString(debugEnabled));
            settings.put("ldap.autoFollowReferrals", Boolean.toString(referralsEnabled));
+            settings.put("ldap.autoFollowAliasReferrals", Boolean.toString(aliasReferralsEnabled));
            // Always disable connection pooling so that connections aren't left hanging open.
            settings.put("ldap.connectionPoolEnabled", "false");
            session.setAttribute("ldapSettings", settings);
@@ -78,6 +81,7 @@
                manager.setSslEnabled(sslEnabled);
                manager.setDebugEnabled(debugEnabled);
                manager.setFollowReferralsEnabled(referralsEnabled);
+                manager.setFollowAliasReferralsEnabled(aliasReferralsEnabled);
                // Redirect to next step.
                response.sendRedirect(nextPage);
@@ -102,6 +106,7 @@
        sslEnabled = manager.isSslEnabled();
        debugEnabled = manager.isDebugEnabled();
        referralsEnabled = manager.isFollowReferralsEnabled();
+        aliasReferralsEnabled = manager.isFollowAliasReferralsEnabled();
    }
 %>
 <html>
@@ -293,7 +298,21 @@
 						<input type="radio" name="referrals" value="false" <% if (!referralsEnabled) { %>checked <% } %>>
 					</td>
 				</tr>
-				</tbody>
+                <tr>
+                    <td class="jive-advancedLabel" nowrap>
+                        <fmt:message key="setup.ldap.server.alias_dereference" />:
+                    </td>
+                    <td class="jive-advancedDesc jive-advancedBorderBottom jive-advancedBorderRight">
+                        <fmt:message key="setup.ldap.server.alias_dereference_help" />
+                    </td>
+                    <td class="jive-advancedBorderBottom jive-advancedBorderRight" align="center">
+                        <input type="radio" name="aliasreferrals" value="true" <% if (aliasReferralsEnabled) { %>checked <% } %>>
+                    </td>
+                    <td class="jive-advancedBorderBottom" align="center">
+                        <input type="radio" name="aliasreferrals" value="false" <% if (!aliasReferralsEnabled) { %>checked <% } %>>
+                    </td>
+                </tr>
+                </tbody>
 				</table>
 			</div>
 		</div>