Commit efe1aeb2 authored by Matt Tucker's avatar Matt Tucker Committed by matt

Initial LDAP group support (JM-129). Also added an isReadOnly() method to GroupProvider interface.


git-svn-id: http://svn.igniterealtime.org/svn/repos/messenger/trunk@1612 b35dd754-fafc-0310-a699-88a17e54d16e
parent 82234ec8
...@@ -27,13 +27,11 @@ By default, Jive Messenger stores all user data in a database and performs ...@@ -27,13 +27,11 @@ By default, Jive Messenger stores all user data in a database and performs
authentication using database lookups. The LDAP module replaces that authentication using database lookups. The LDAP module replaces that
functionality and allows Jive Messenger to: functionality and allows Jive Messenger to:
<ul> <ul>
<li> <li>Use a LDAP server to authenticate a user's identity.</li>
Use a LDAP server to authenticate a user's identity. <li>Load user profile information from a LDAP directory.</li>
</li> <li>Load group information from an LDAP directory.</li>
<li>
Load user profile information from a LDAP directory.
</li>
</ul> </ul>
<b>Note:</b> Jive Messenger treats the LDAP directory as read-only. <b>Note:</b> Jive Messenger treats the LDAP directory as read-only.
</p> </p>
<p> <p>
...@@ -59,17 +57,22 @@ Restart Jive Messenger. ...@@ -59,17 +57,22 @@ Restart Jive Messenger.
<h3>Editing the Config File</h3> <h3>Editing the Config File</h3>
<p> <p>
Open the configuration file <tt>conf/jive-messenger.xml</tt> from your Jive Messenger installation in your favorite Open the configuration file <tt>conf/jive-messenger.xml</tt> from your Jive Messenger installation in your favorite
editor and add or change the following settings. Properties flagged with (<font color="red"><b>*</b></font>) must be set, editor and add or change the following settings. Properties flagged with (<font color="red"><b>*</b></font>)
all other properties are optional: must be set. Properties flagged with (<font color="red"><b>**</b></font>) must be set in order to enable LDAP group
support, all other properties are optional:
</p> </p>
<ul> <ul>
<li><font color="red"><b>*</b></font> provider.user.className -- set the value to "org.jivesoftware.messenger.ldap.LdapUserProvider".</li> <li>provider.user.className <font color="red"><b>*</b></font> -- set the value to "org.jivesoftware.messenger.ldap.LdapUserProvider".</li>
<li><font color="red"><b>*</b></font> provider.auth.className -- set the value to "org.jivesoftware.messenger.ldap.LdapAuthProvider".</li> <li>provider.auth.className <font color="red"><b>*</b></font> -- set the value to "org.jivesoftware.messenger.ldap.LdapAuthProvider".</li>
<li><font color="red"><b>*</b></font> ldap.host -- LDAP server host; e.g. localhost or machine.example.com, etc.</li> <li>provider.group.className <font color="red"><b>**</b></font> -- set the value to "org.jivesoftware.messenger.ldap.LdapGroupProvider".</li>
<li>ldap.host <font color="red"><b>*</b></font> -- LDAP server host; e.g. localhost or machine.example.com, etc.</li>
<li>ldap.port -- LDAP server port number. If this property is not set, the default value is 389.</li> <li>ldap.port -- LDAP server port number. If this property is not set, the default value is 389.</li>
<li><font color="red"><b>*</b></font> ldap.baseDN -- the starting DN that searches for users will performed with. The entire subtree under the base DN will be searched for user accounts. <li>ldap.baseDN <font color="red"><b>*</b></font> -- the starting DN that searches for users will performed with.
The entire subtree under the base DN will be searched for user accounts.
</li> </li>
<li>ldap.alternateBaseDN -- a second DN in the directory can optionally be set. If set, the alternate base DN will be used for authentication and loading single users, but will not be used to display a list of users (due to technical limitations). <li>ldap.alternateBaseDN -- a second DN in the directory can optionally be set. If set, the alternate base DN
will be used for authentication and loading single users, but will not be used to display a list of users
(due to technical limitations).
<li>ldap.adminDN -- a directory administrator's DN. All directory operations will be performed <li>ldap.adminDN -- a directory administrator's DN. All directory operations will be performed
with this account. The admin must be able to perform searches and load user records. The user does with this account. The admin must be able to perform searches and load user records. The user does
not need to be able to make changes to the directory, as Jive Messenger treats the directory as read-only. not need to be able to make changes to the directory, as Jive Messenger treats the directory as read-only.
...@@ -100,6 +103,17 @@ all other properties are optional: ...@@ -100,6 +103,17 @@ all other properties are optional:
possibly at another server or several servers. possibly at another server or several servers.
<li>ldap.connectionPoolEnabled -- a value of "false" disables LDAP connection pooling. If this <li>ldap.connectionPoolEnabled -- a value of "false" disables LDAP connection pooling. If this
property is not set, the default value is "true". property is not set, the default value is "true".
<li>ldap.groupNameField -- the field name that the groupname lookups will be performed on. If this property is not set,
the default value is <tt>cn</tt></li>
<li>ldap.groupMemberField -- the field name that holds the members in a group. If this property is not set,
the default value is <tt>member</tt></li>
<li>ldap.groupDescriptionField -- the field name that holds the description a group. If this property is not set,
the default value is <tt>description</tt></li>
<li>ldap.posixEnabled -- a value of "true" means that users are stored within the group by their user name alone.
A value of "false" means that users are stored by their entire DN within the group. If this property is not set,
the default value is <tt>false</tt></li>
<li>ldap.groupSearchFilter -- the search filter that should be used when loading groups. If this property is not set,
the default value is <tt>("ldap.groupNameField"={0})</tt></li>
</ul> </ul>
<p> <p>
Below is a sample config file section: Below is a sample config file section:
...@@ -124,6 +138,9 @@ Below is a sample config file section: ...@@ -124,6 +138,9 @@ Below is a sample config file section:
&lt;auth&gt; &lt;auth&gt;
&lt;className&gt;org.jivesoftware.messenger.ldap.LdapAuthProvider&lt;/className&gt; &lt;className&gt;org.jivesoftware.messenger.ldap.LdapAuthProvider&lt;/className&gt;
&lt;/auth&gt; &lt;/auth&gt;
&lt;group&gt;
&lt;className&gt;org.jivesoftware.messenger.ldap.LdapGroupProvider&lt;/className&gt;
&lt;/group&gt;
&lt;/provider&gt; &lt;/provider&gt;
... ...
&lt;/jive&gt; &lt;/jive&gt;
......
...@@ -407,6 +407,10 @@ public class DefaultGroupProvider implements GroupProvider { ...@@ -407,6 +407,10 @@ public class DefaultGroupProvider implements GroupProvider {
} }
} }
public boolean isReadOnly() {
return false;
}
private Collection<String> getMembers(String groupName, boolean adminsOnly) { private Collection<String> getMembers(String groupName, boolean adminsOnly) {
List<String> members = new ArrayList<String>(); List<String> members = new ArrayList<String>();
Connection con = null; Connection con = null;
......
...@@ -153,4 +153,12 @@ public interface GroupProvider { ...@@ -153,4 +153,12 @@ public interface GroupProvider {
* support the operation. * support the operation.
*/ */
void deleteMember(String groupName, String username) throws UnsupportedOperationException; void deleteMember(String groupName, String username) throws UnsupportedOperationException;
/**
* Returns true if this GroupProvider is read-only. When read-only,
* groups can not be created, deleted, or modified.
*
* @return true if the user provider is read-only.
*/
public boolean isReadOnly();
} }
\ No newline at end of file
...@@ -42,6 +42,11 @@ import java.util.Hashtable; ...@@ -42,6 +42,11 @@ import java.util.Hashtable;
* <li>ldap.searchFilter -- the filter used to load the list of users. The * <li>ldap.searchFilter -- the filter used to load the list of users. The
* default value is in the form "([usernameField]={0})" where [usernameField] * default value is in the form "([usernameField]={0})" where [usernameField]
* is the value of ldap.usernameField. * is the value of ldap.usernameField.
* <li>ldap.groupNameField</li>
* <li>ldap.groupMemberField</li>
* <li>ldap.groupDescriptionField</li>
* <li>ldap.posixEnabled</li>
* <li>ldap.groupSearchFilter</li>
* <li>ldap.debugEnabled</li> * <li>ldap.debugEnabled</li>
* <li>ldap.sslEnabled</li> * <li>ldap.sslEnabled</li>
* <li>ldap.autoFollowReferrals</li> * <li>ldap.autoFollowReferrals</li>
...@@ -69,6 +74,12 @@ public class LdapManager { ...@@ -69,6 +74,12 @@ public class LdapManager {
private boolean connectionPoolEnabled = true; private boolean connectionPoolEnabled = true;
private String searchFilter = null; private String searchFilter = null;
private String groupNameField = "cn";
private String groupMemberField = "member";
private String groupDescriptionField = "description";
private boolean posixEnabled = false;
private String groupSearchFilter = null;
private static LdapManager instance = new LdapManager(); private static LdapManager instance = new LdapManager();
/** /**
...@@ -120,6 +131,24 @@ public class LdapManager { ...@@ -120,6 +131,24 @@ public class LdapManager {
filter.append("(").append(usernameField).append("={0})"); filter.append("(").append(usernameField).append("={0})");
this.searchFilter = filter.toString(); this.searchFilter = filter.toString();
} }
if (JiveGlobals.getXMLProperty("ldap.groupNameField") != null) {
this.groupNameField = JiveGlobals.getXMLProperty("ldap.groupNameField");
}
if (JiveGlobals.getXMLProperty("ldap.groupMemberField") != null) {
this.groupMemberField = JiveGlobals.getXMLProperty("ldap.groupMemberField");
}
if (JiveGlobals.getXMLProperty("ldap.groupDescriptionField") != null) {
this.groupDescriptionField = JiveGlobals.getXMLProperty("ldap.groupDescriptionField");
}
if (JiveGlobals.getXMLProperty("ldap.posixEnabled") != null) {
this.posixEnabled = Boolean.valueOf(JiveGlobals.getXMLProperty("ldap.posixEnabled"));
}
if (JiveGlobals.getXMLProperty("ldap.groupSearchFilter") != null) {
this.groupSearchFilter = JiveGlobals.getXMLProperty("ldap.groupSearchFilter");
}
else {
this.groupSearchFilter = "("+groupMemberField+"={0})";
}
this.adminDN = JiveGlobals.getXMLProperty("ldap.adminDN"); this.adminDN = JiveGlobals.getXMLProperty("ldap.adminDN");
if (adminDN != null && adminDN.trim().equals("")) { if (adminDN != null && adminDN.trim().equals("")) {
...@@ -766,4 +795,109 @@ public class LdapManager { ...@@ -766,4 +795,109 @@ public class LdapManager {
JiveGlobals.setXMLProperty("ldap.searchFilter", searchFilter); JiveGlobals.setXMLProperty("ldap.searchFilter", searchFilter);
} }
} }
/**
* Returns the field name used for groups.
* Value of groupNameField defaults to "cn".
*
* @return the field used for groups.
*/
public String getGroupNameField() {
return groupNameField;
}
/**
* Sets the field name used for groups.
*
* @param groupNameField the field used for groups.
*/
public void setGroupNameField(String groupNameField) {
this.groupNameField = groupNameField;
JiveGlobals.setXMLProperty("ldap.groupNameField", groupNameField);
}
/**
* Return the field used to list members within a group.
* Value of groupMemberField defaults to "member".
*
* @return the field used to list members within a group.
*/
public String getGroupMemberField() {
return groupMemberField;
}
/**
* Sets the field used to list members within a group.
* Value of groupMemberField defaults to "member".
*
* @param the field used to list members within a group.
*/
public void setGroupmemberField(String groupMemberField) {
this.groupMemberField = groupMemberField;
JiveGlobals.setXMLProperty("ldap.groupMemberField", groupMemberField);
}
/**
* Return the field used to describe a group.
* Value of groupDescriptionField defaults to "description".
*
* @return the field used to describe a group.
*/
public String getGroupDescriptionField() {
return groupDescriptionField;
}
/**
* Sets the field used to describe a group.
* Value of groupDescriptionField defaults to "description".
*
* @param the field used to describe a group.
*/
public void setGroupDescriptionField(String groupDescriptionField) {
this.groupDescriptionField = groupDescriptionField;
JiveGlobals.setXMLProperty("ldap.groupDescriptionField", groupDescriptionField);
}
/**
* Return the field used to tell if ldap server is posix.
* Value of posixEnabled defaults to false.
*
* @return the field used to tell if ldap server is posix.
*/
public boolean getPosixEnabled() {
return posixEnabled;
}
/**
* Sets the field used to tell if ldap server is posix.
* Value of posixEnabled defaults to false.
*
* @param the field used to tell if ldap server is posix.
*/
public void setPosixEnabled(boolean posixEnabled) {
this.posixEnabled = posixEnabled;
Boolean b = new Boolean(posixEnabled);
JiveGlobals.setXMLProperty("ldap.posixEnabled", b.toString());
}
/**
* Return the field used as the search filter when searching for groups.
* Value of groupSearchFilter defaults "(groupMemberField=*)".
*
* @return the field used as the search filter when searching for groups.
*/
public String getGroupSearchFilter() {
return groupSearchFilter;
}
/**
* Sets the field used as the search filter when searching for groups.
* Value of groupSearchFilter defaults "(groupMemberField=*)".
*
* @param the field used as the search filter when searching for groups.
*/
public void setGroupSearchFilter(String groupSearchFilter) {
this.groupSearchFilter = groupSearchFilter;
JiveGlobals.setXMLProperty("ldap.groupSearchFilter", groupSearchFilter);
}
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment