Merged pull request #31 from pgdad/ldapRootContextForRolesWithForcedB…

…inding. Ldap root context for roles with forced binding
rundeck · Apr 26, 2011 · 4e5f049 · 4e5f049
2 parents bb78c5e + ec41ace
commit 4e5f049
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/rundeckapp/src/java/com/dtolabs/rundeck/jetty/jaas/JettyCachingLdapLoginModule.java b/rundeckapp/src/java/com/dtolabs/rundeck/jetty/jaas/JettyCachingLdapLoginModule.java
@@ -71,6 +71,7 @@
  *    bindPassword="directory"
  *    authenticationMethod="simple"
  *    forceBindingLogin="false"
+ *    forceBindingLoginUseRootContextForRoles="false"
  *    userBaseDn="ou=people,dc=alcatel"
  *    userRdnAttribute="uid"
  *    userIdAttribute="uid"
@@ -194,6 +195,12 @@ public class JettyCachingLdapLoginModule extends AbstractLoginModule {
      */
     private boolean _forceBindingLogin = false;
 
+    /**
+     * if _forceFindingLogin is true, and _forceBindingLoginUseRootContextForRoles
+     * is true, then role memberships are obtained using _rootContext
+     */
+    private boolean _forceBindingLoginUseRootContextForRoles = false;
+
     private DirContext _rootContext;
 
     private boolean _reportStatistics;
@@ -527,6 +534,11 @@ protected boolean bindingLogin(String username, Object password) throws LoginExc
 
         DirContext dirContext = new InitialDirContext(environment);
 
+	// use _rootContext to find roles, if configured to doso
+	if ( _forceBindingLoginUseRootContextForRoles ) {
+	    dirContext = _rootContext;
+	    Log.debug("Using _rootContext for role lookup.");
+	}
         List roles = getUserRolesByDn(dirContext, userDn);
 
         UserInfo userInfo = new UserInfo(username, null, roles);
@@ -586,6 +598,10 @@ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sha
             _forceBindingLogin = Boolean.parseBoolean((String) options.get("forceBindingLogin"));
         }
 
+        if (options.containsKey("forceBindingLoginUseRootContextForRoles")) {
+            _forceBindingLoginUseRootContextForRoles = Boolean.parseBoolean((String) options.get("forceBindingLoginUseRootContextForRoles"));
+        }
+
         _userObjectClass = getOption(options, "userObjectClass", _userObjectClass);
         _userRdnAttribute = getOption(options, "userRdnAttribute", _userRdnAttribute);
         _userIdAttribute = getOption(options, "userIdAttribute", _userIdAttribute);