gplazma2-ldap: use url rather than host+port

the ldap plugin builds the url of the ldap server using "ldap://" + host + ":" + port this way the protocol always is always "ldap". This prevents the plugin from using secure ldap using "ldaps". This patch substitutes host and port by a freely definable url. Ticket: 8289 Acked-by: Target: trunk Require-book: yes Require-notes: yes
dCache · May 7, 2014 · 1d18115 · 1d18115
1 parent b7c47b2
commit 1d18115
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 13 deletions.
diff --git a/modules/gplazma2-ldap/src/main/scala/org/dcache/gplazma/plugins/Ldap.scala b/modules/gplazma2-ldap/src/main/scala/org/dcache/gplazma/plugins/Ldap.scala
@@ -39,8 +39,7 @@ import scala.collection.convert.WrapAsJava
  *
  * Corresponding configuration in <b>dcache.conf</b>
  * <pre>
- * gplazma.ldap.server = ldap.example.com
- * gplazma.ldap.port = 389
+ * gplazma.ldap.url = ldap://example.org:389/
  * gplazma.ldap.organization = o=SITE,c=COUNTRY
  * gplazma.ldap.tree.people = People
  * gplazma.ldap.tree.groups = Groups
@@ -58,8 +57,7 @@ object Ldap {
   val COMMON_NAME_ATTRIBUTE = "cn"
   val USER_ID_ATTRIBUTE = "uid"
   val MEMBER_UID_ATTRIBUTE = "memberUid"
-  val LDAP_SERVER = "gplazma.ldap.server"
-  val LDAP_PORT = "gplazma.ldap.port"
+  val LDAP_URL = "gplazma.ldap.url"
   val LDAP_ORG = "gplazma.ldap.organization"
   val LDAP_PEOPLE_TREE = "gplazma.ldap.tree.people"
   val LDAP_GROUP_TREE = "gplazma.ldap.tree.groups"
@@ -73,11 +71,10 @@ class Ldap(properties : Properties) extends GPlazmaIdentityPlugin with GPlazmaSe
   private val log = LoggerFactory.getLogger(Ldap.getClass)
 
   private def newContext = {
-    val server = properties.getProperty(Ldap.LDAP_SERVER)
-    val port = properties.getProperty(Ldap.LDAP_PORT)
+    val url = properties.getProperty(Ldap.LDAP_URL)
     val env: Properties = new Properties
     env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory")
-    env.put(Context.PROVIDER_URL, "ldap://" + server + ":" + port)
+    env.put(Context.PROVIDER_URL, url)
     new InitialLdapContext(env, null)
   }
 
@@ -294,4 +291,4 @@ class Ldap(properties : Properties) extends GPlazmaIdentityPlugin with GPlazmaSe
     constraints.setReturningAttributes(attr.toArray)
     constraints
   }
-}
+}
diff --git a/modules/gplazma2-ldap/src/test/scala/org/dcache/gplazma/plugins/LdapPluginTest.scala b/modules/gplazma2-ldap/src/test/scala/org/dcache/gplazma/plugins/LdapPluginTest.scala
@@ -25,8 +25,7 @@ class LdapPluginTest extends FlatSpec with Matchers {
 
   val pluginProperties = {
     val properties = new Properties
-    properties.put(Ldap.LDAP_SERVER, "wof-dav.desy.de")
-    properties.put(Ldap.LDAP_PORT, "389")
+    properties.put(Ldap.LDAP_URL, "ldap://wof-dav.desy.de:389/")
     properties.put(Ldap.LDAP_ORG, "ou=NIS,o=DESY,c=DE")
     properties.put(Ldap.LDAP_USER_FILTER, "(uid=%s)")
     properties.put(Ldap.LDAP_PEOPLE_TREE, "People")
@@ -100,4 +99,4 @@ class LdapPluginTest extends FlatSpec with Matchers {
     attr should contain (new ReadOnly(false))
   }
 
-}
+}
diff --git a/skel/share/defaults/gplazma.properties b/skel/share/defaults/gplazma.properties
@@ -196,9 +196,13 @@ gplazma.xacml.ca=${dcache.authn.capath}
 #
 
 # LDAP server host
-gplazma.ldap.server = ldap.example.org
+(deprecated)gplazma.ldap.server = ldap.example.org
+
 # LDAP server port number
-gplazma.ldap.port = 389
+(deprecated)gplazma.ldap.port = 389
+
+# LDAP server url
+gplazma.ldap.url = ldap://${gplazma.ldap.server}:${gplazma.ldap.port}
 
 gplazma.ldap.organization = o=SITE,c=CONTRY
 gplazma.ldap.tree.people = People