From ea9019e5ac924104ba768326381fdc5640468466 Mon Sep 17 00:00:00 2001
From: Derek Chen-Becker <github@chen-becker.org>
Date: Wed, 24 Nov 2010 10:06:27 -0700
Subject: [PATCH] Overhaul of the LDAP module

Closes #738

Major overhaul of the LDAP module to streamline configuration
and error handling. Major new functionality is:

1. Deprecation of old "parameter" var in favor of configure methods
and Inject pattern for all configurable values
2. Automated testing and retry behavior for iffy connections
3. A unit test that utilizes ApacheDS to run an internal test
LDAP server
---
 lift-ldap/.gitignore                          |   1 +
 lift-ldap/pom.xml                             |  38 +-
 .../main/scala/net/liftweb/ldap/LDAP.scala    | 498 ++++++++++++++----
 .../net/liftweb/ldap/LDAPProtoUser.scala      |   2 +-
 .../scala/net/liftweb/ldap/LdapSpec.scala     | 144 +++++
 5 files changed, 577 insertions(+), 106 deletions(-)
 create mode 100644 lift-ldap/.gitignore
 create mode 100644 lift-ldap/src/test/scala/net/liftweb/ldap/LdapSpec.scala

diff --git a/lift-ldap/.gitignore b/lift-ldap/.gitignore
new file mode 100644
index 0000000..f78c92a
--- /dev/null
+++ b/lift-ldap/.gitignore
@@ -0,0 +1 @@
+server-work/
diff --git a/lift-ldap/pom.xml b/lift-ldap/pom.xml
index 1c39361..6a1c16a 100644
--- a/lift-ldap/pom.xml
+++ b/lift-ldap/pom.xml
@@ -61,12 +61,48 @@
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-core</artifactId>
+      <version>1.5.5</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-server-integ</artifactId>
+      <version>1.5.5</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-core-integ</artifactId>
+      <version>1.5.5</version>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
 
   <!--
     ~ Build Settings
   -->
-  <!-- <build/> -->
+  <build>
+    <plugins>
+      <plugin>
+        <!-- We want to delete the LDAP server work directory between builds -->
+        <artifactId>maven-clean-plugin</artifactId>
+        <configuration>
+          <filesets>
+            <fileset>
+              <directory>.</directory>
+              <includes>
+                <include>server-work</include>
+              </includes>
+              <followSymlinks>false</followSymlinks>
+            </fileset>
+          </filesets>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
 
   <!--
     ~ Reporting Settings
diff --git a/lift-ldap/src/main/scala/net/liftweb/ldap/LDAP.scala b/lift-ldap/src/main/scala/net/liftweb/ldap/LDAP.scala
index 6c664cb..aae4d0c 100644
--- a/lift-ldap/src/main/scala/net/liftweb/ldap/LDAP.scala
+++ b/lift-ldap/src/main/scala/net/liftweb/ldap/LDAP.scala
@@ -20,143 +20,433 @@ package ldap {
 import java.io.{InputStream, FileInputStream}
 import java.util.{Hashtable, Properties}
 
-import javax.naming.Context
+import javax.naming.{AuthenticationException,CommunicationException,Context,NamingException}
 import javax.naming.directory.{Attributes, BasicAttributes, SearchControls}
-import javax.naming.ldap.{LdapName, InitialLdapContext}
+import javax.naming.ldap.{InitialLdapContext,LdapName}
 
+import scala.collection.mutable.ListBuffer
 import scala.collection.JavaConversions._
 
-import _root_.net.liftweb.util.Props
-import _root_.net.liftweb.common.Loggable
+import _root_.net.liftweb.util.{ControlHelpers,Props,SimpleInjector,ThreadGlobal}
+import _root_.net.liftweb.common.{Box,Empty,Full,Loggable}
 
 /**
- * Extends SimpleLDAPVendor trait,
- * Allow us to search and bind an username from a ldap server
- * To set the ldap server parameters override the parameters var directly:
- *    SimpleLDAPVendor.parameters = () => Map("ldap.username" -> ...
- * or set the parameters from a properties file or a inputStream
- *    SimpleLDAPVendor.parameters = () => SimpleLDAPVendor.parametersFromFile("/opt/config/ldap.properties")
- *    SimpleLDAPVendor.parameters = () => SimpleLDAPVendor.parametersFromStream(
-                this.getClass().getClassLoader().getResourceAsStream("ldap.properties"))
+ * A simple extension to LDAPVendor to provide configuration
+ * methods. The class, parameters* methods and variable are now
+ * deprecated in favor of the configure methods on LDAPVendor.
+ * See LDAPVendor for more details.
  *
- * The mandatory parameters are :
- *  ldap.url -> LDAP Server url : ldap://localhost
- *  ldap.base -> Base DN from the LDAP Server : dc=company, dc=com
- *  ldap.userName -> LDAP user dn to perform search operations
- *  ldap.password -> LDAP user password
+ * @see LDAPVendor
+ */
+@deprecated("Instantiate directly from LDAPVendor")
+object SimpleLDAPVendor extends LDAPVendor {
+  @deprecated("Use the configure(filename : String) method")
+  def parametersFromFile(filename: String) : Map[String, String] = {
+    val input = new FileInputStream(filename)
+    val params = parametersFromStream(input)
+    input.close()
+    params
+  }
+
+  @deprecated("Use the configure(stream : InputStream method")
+  def parametersFromStream(stream: InputStream) : Map[String, String] = {
+    val p = new Properties()
+    p.load(stream)
+    
+    propertiesToMap(p)
+  }
+
+  @deprecated("Use the configure() method")
+  def setupFromBoot = configure()
+}
+
+/**
+ * This class provides functionality to allow us to search and
+ * bind (authenticate) a username from a ldap server.
+ *
+ * To configure the LDAP Vendor parameters, use one of the configure
+ * methods to provide a Map of string parameters.
+ *
+ * The primary parameters (with defaults) are:
+ * <ul>
+ *  <li>ldap.url - The LDAP Server url : "ldap://localhost"</li>
+ *  <li>ldap.base - The base DN from the LDAP Server : ""</li>
+ *  <li>ldap.userName - The LDAP user dn to perform search operations : ""</li>
+ *  <li>ldap.password - The LDAP user password : ""</li>
+ *  <li>ldap.authType - The schema to use for authentication : "simple"</li>
+ *  <li>ldap.initial_context_factory - the factory class to use for
+ *      initial contexts : "com.sun.jndi.ldap.LdapCtxFactory"</li>
+ *  <li>
+ * </ul>
+ *
+ * Optionally, you can set the following parameters to control context testing
+ * and reconnect attempts:
+ *
+ * <ul>
+ *   <li>lift-ldap.testLookup - A DN to attempt to look up to validate the
+ *       current context. Defaults to no testing</li>
+ *   <li>lift-ldap.retryInterval - How many milliseconds to wait between connection
+ *       attempts due to communications failures. Defaults to 5000</li>
+ *   <li>lift-ldap.maxRetries - The maxiumum number of attempts to make to set up
+ *       the context before aborting. Defaults to 6</li>
+ * </ul>
+ *
+ * In addition to configuration via a Map or Properties file, fine-grained control
+ * over behaviors can be specified via Inject values corresponding to each
+ * of the properties.
+ *
+ * To use LDAPVendor, you can simply create an object extending it
+ * and configure:
+ *
+ * <pre id="code" class="scala">
+ * object myLdap extends LDAPVendor
+ * myLdap.configure()
+ * </pre>
  *
- * It also can be initialized from boot with default Properties with setupFromBoot
  */
-object SimpleLDAPVendor extends SimpleLDAPVendor {
-    def parametersFromFile(filename: String) : StringMap = {
-        return parametersFromStream(new FileInputStream(filename))
+class LDAPVendor extends Loggable with SimpleInjector {
+  // =========== Constants ===============
+  final val KEY_URL = "ldap.url"
+  final val KEY_BASE_DN = "ldap.base"
+  final val KEY_USER = "ldap.userName"
+  final val KEY_PASSWORD = "ldap.password"
+  final val KEY_AUTHTYPE = "ldap.authType"
+  final val KEY_FACTORY = "ldap.initial_context_factory"
+  final val KEY_LOOKUP = "lift-ldap.testLookup"
+  final val KEY_RETRY_INTERVAL = "lift-ldap.retryInterval"
+  final val KEY_MAX_RETRIES = "lift-ldap.maxRetries"
+
+  final val DEFAULT_URL = "ldap://localhost"
+  final val DEFAULT_BASE_DN = ""
+  final val DEFAULT_USER = ""
+  final val DEFAULT_PASSWORD = ""
+  final val DEFAULT_AUTHTYPE = "simple"
+  final val DEFAULT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory"
+  final val DEFAULT_LOOKUP = Empty
+  final val DEFAULT_RETRY_INTERVAL = 5000
+  final val DEFAULT_MAX_RETRIES = 6
+
+  // =========== Configuration ===========
+  @deprecated("Use the configure(...) methods")
+  def parameters : () => Map[String,String] =
+    if (internal_config.isEmpty) {
+      () => null
+    } else {
+      () => internal_config
     }
 
-    def parametersFromStream(stream: InputStream) : StringMap = {
-        val p = new Properties()
-        p.load(stream)
-        Map.empty ++ p // .asInstanceOf[Hashtable[String, String]]
+  @deprecated("Use the configure(...) methods")
+  def parameters_= (newParams : () => Map[String,String]) {
+    internal_config = processConfig(newParams())
+  }
+
+  /**
+   * Configure straight from the Props object. This allows
+   * you to use Lift's run modes for different LDAP configuration.
+   */
+  def configure() {
+    configure(Props.props)
+  }
+
+  /**
+   * Configure from the given file. The file is expected
+   * to be in a format parseable by java.util.Properties
+   */
+  def configure(filename : String) {
+    val stream = new FileInputStream(filename)
+    configure(stream)
+    stream.close()
+  }
+
+  /**
+   * Configure from the given input stream. The stream is expected
+   * to be in a format parseable by java.util.Properties
+   */
+  def configure(stream : InputStream) {
+    val p = new Properties()
+    p.load(stream)
+    
+    configure(propertiesToMap(p))
+  }    
+
+  /**
+   * Configure from the given Map[String,String]
+   */
+  def configure(props : Map[String,String]) {
+    internal_config = processConfig(props)
+  }
+
+  /**
+   * This controls the URL used to connect to the LDAP
+   * server
+   */
+  val ldapUrl = new Inject[String](DEFAULT_URL){}
+
+  /**
+   * This controls the base DN used for searcheds
+   */
+  val ldapBaseDn = new Inject[String](DEFAULT_BASE_DN){}
+
+  /**
+   * This controls the username used to bind for
+   * searches (not authentication)
+   */
+  val ldapUser = new Inject[String](DEFAULT_USER){}
+
+  /**
+   * This controls the password used to bind for
+   * searches (not authentication)
+   */
+  val ldapPassword = new Inject[String](DEFAULT_PASSWORD){}
+
+  /**
+   * This controls the type of authentication to
+   * use.
+   */
+  val ldapAuthType = new Inject[String](DEFAULT_AUTHTYPE){}
+
+  /**
+   * This controls the factory used to obtain an
+   * InitialContext
+   */
+  val ldapFactory = new Inject[String](DEFAULT_FACTORY){}
+
+  /**
+   * This can be set to test the InitialContext on each LDAP
+   * operation. It should be set to a search DN.
+   */
+  val testLookup = new Inject[Box[String]](Empty){}
+
+  /**
+   * This sets the interval between connection attempts
+   * on the InitialContext. The default is 5 seconds
+   */
+  val retryInterval = new Inject[Long](5000){}
+
+  /**
+   * This sets the maximum number of connection
+   * attempts before giving up. The default is 6
+   */
+  val retryMaxCount = new Inject[Int](6){}
+
+  /**
+   * This sets the Directory SearchControls instance
+   * that is used to refine searches on the provider.
+   */
+  val searchControls = new Inject[SearchControls](defaultSearchControls){}
+  
+  /**
+   * The default SearchControls to use: search the
+   * base DN with a sub-tree scope, and return the
+   * "cn" attribute.
+   */
+  def defaultSearchControls() : SearchControls = {
+    val constraints = new SearchControls()
+    constraints.setSearchScope(SearchControls.SUBTREE_SCOPE)
+    constraints.setReturningAttributes(Array("cn"))
+    return constraints
+  }
+
+  /**
+   * The configuration to use for connecting to the
+   * provider. It should be set via the configure methods
+   */
+  private var internal_config : Map[String,String] = Map.empty
+
+  /**
+   * The configuration to use for connecting to the
+   * provider. It should be set via the configure methods
+   */
+  def configuration = internal_config
+
+  /**
+   * This method checks the configuration and sets defaults for any
+   * properties that are required. It also processes any of the
+   * optional configuration propertes related to context testing
+   * and retries.
+   *
+   * This method is intended to be called during update of the default
+   * configuration, not during granular override of the config.
+   */
+  def processConfig(input : Map[String,String]) : Map[String,String] = {
+    var currentConfig = input
+
+    def setIfEmpty(name : String, newVal : String) = 
+      if (currentConfig.get(name).isEmpty) {
+        currentConfig += (name -> newVal)
+      }
+
+    // Verify the minimum config
+    setIfEmpty(KEY_URL, DEFAULT_URL)
+    setIfEmpty(KEY_BASE_DN, DEFAULT_BASE_DN)
+    setIfEmpty(KEY_USER, DEFAULT_USER)
+    setIfEmpty(KEY_PASSWORD, DEFAULT_PASSWORD)
+    setIfEmpty(KEY_AUTHTYPE, DEFAULT_AUTHTYPE)
+    setIfEmpty(KEY_FACTORY, DEFAULT_FACTORY)
+
+    // Set individual properties
+    ldapUrl.default.set(currentConfig(KEY_URL))
+    ldapBaseDn.default.set(currentConfig(KEY_BASE_DN))
+    ldapUser.default.set(currentConfig(KEY_USER))
+    ldapPassword.default.set(currentConfig(KEY_PASSWORD))
+    ldapAuthType.default.set(currentConfig(KEY_AUTHTYPE))
+    ldapFactory.default.set(currentConfig(KEY_FACTORY))
+
+    // Process the optional configuration properties
+    currentConfig.get(KEY_LOOKUP).foreach{ 
+      prop => testLookup.default.set(Full(prop))
     }
 
-    def setupFromBoot = {
-        def isConfigured = parameters() != null
-
-        if(!isConfigured) {
-            parameters = () => {
-                Map("ldap.url"      -> Props.get("ldap.url").openOr(DEFAULT_URL),
-                    "ldap.base"     -> Props.get("ldap.base").openOr(DEFAULT_BASE_DN),
-                    "ldap.userName" -> Props.get("ldap.userName").openOr(DEFAULT_USER),
-                    "ldap.password" -> Props.get("ldap.password").openOr(DEFAULT_PASSWORD))
-            }
-        }
+    ControlHelpers.tryo {
+      currentConfig.get(KEY_RETRY_INTERVAL).foreach{ 
+        prop => retryInterval.default.set(prop.toLong)
+      }
     }
-}
 
-trait SimpleLDAPVendor extends LDAPVendor
-
-class LDAPVendor extends Loggable {
-
-    type StringMap = Map[String, String]
+    ControlHelpers.tryo {
+      currentConfig.get(KEY_MAX_RETRIES).foreach{ 
+        prop => retryMaxCount.default.set(prop.toInt)
+      }
+    }
 
-    val DEFAULT_URL = "localhost"
-    val DEFAULT_BASE_DN = ""
-    val DEFAULT_USER = ""
-    val DEFAULT_PASSWORD = ""
-    val DEFAULT_INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory"
+    currentConfig
+  }
 
-    var parameters: () => StringMap = () => null
+  protected def propertiesToMap(props: Properties) : Map[String,String] = {
+    Map.empty ++ props
+  }
 
-    lazy val initialContext = getInitialContext(parameters())
+  // =========== Code ====================
 
-    def attributesFromDn(dn: String): Attributes =
-        initialContext.get.getAttributes(dn)
+  /**
+   * Obtains a (possibly cached) InitialContext
+   * instance based on the currently set parameters.
+   */
+  def initialContext = getInitialContext()
 
-    def search(filter: String): List[String] = {
-        logger.debug("--> LDAPSearch.search: Searching for '%s'".format(filter))
+  def attributesFromDn(dn: String): Attributes =
+    initialContext.getAttributes(dn)
 
-        var list = List[String]()
+  /**
+   * Searches the base DN for entities matching the given filter.
+   */
+  def search(filter: String): List[String] = {
+    logger.debug("Searching for '%s'".format(filter))
 
-        val ctx = initialContext
+    val resultList = new ListBuffer[String]()
 
-        if (!ctx.isEmpty) {
-            val result = ctx.get.search(parameters().getOrElse("ldap.base", DEFAULT_BASE_DN),
-                                        filter,
-                                        getSearchControls())
+    val searchResults = initialContext.search(ldapBaseDn.vend,
+                                              filter,
+                                              searchControls.vend)
 
-            while(result.hasMore()) {
-                var r = result.next()
-                list = list ::: List(r.getName)
-            }
-        }
-
-        return list
+    while(searchResults.hasMore()) {
+      resultList += searchResults.next().getName
     }
-
-    def bindUser(dn: String, password: String) : Boolean = {
-        logger.debug("--> LDAPSearch.bindUser: Try to bind user '%s'".format(dn))
-
-        var result = false
-
-        try {
-            val username = dn + "," + parameters().getOrElse("ldap.base", DEFAULT_BASE_DN)
-            var ctx = getInitialContext(parameters() ++ Map("ldap.userName" -> username,
-                                                            "ldap.password" -> password))
-            result = !ctx.isEmpty
-            ctx.get.close
-        }
-        catch {
-            case e: Exception => println(e)
+  
+    return resultList.reverse.toList
+  }
+
+  /**
+   * Attempts to authenticate the given DN against the configured
+   * LDAP provider.
+   */
+  def bindUser(dn: String, password: String) : Boolean = {
+    logger.debug("Attempting to bind user '%s'".format(dn))
+
+    try {
+      val username = dn + "," + ldapBaseDn.vend
+      var ctx = 
+        ldapUser.doWith(username) {
+          ldapPassword.doWith(password) {
+            openInitialContext()
+          }
         }
 
-        logger.debug("--> LDAPSearch.bindUser: Bind successfull ? %s".format(result))
+      ctx.close
 
-        return result
+      logger.info("Successfully authenticated " + dn)
+      true
+    } catch {
+      case ae : AuthenticationException => {
+        logger.warn("Authentication failed for '%s' : %s".format(dn, ae.getMessage))
+        false
+      }
     }
+  }
+
+  // This caches the context for the current thread
+  private[this] final val currentInitialContext = new ThreadGlobal[InitialLdapContext]()
+
+  /**
+   * This method attempts to fetch the cached InitialLdapContext for the
+   * current thread. If there isn't a current context, open a new one. If a
+   * test DN is configured, the connection (cached or new) will be validated
+   * by performing a lookup on the test DN.
+   */
+  protected def getInitialContext() : InitialLdapContext = {
+    val maxAttempts = retryMaxCount.vend
+    var attempts = 0
+
+    var context : Box[InitialLdapContext] = Empty
+
+    while (context.isEmpty && attempts < maxAttempts) {
+      try {
+        context = (currentInitialContext.box, testLookup.vend) match {
+          // If we don't want to test an existing context, just return it
+          case (Full(ctxt), Empty) => Full(ctxt)
+          case (Full(ctxt), Full(test)) => {
+            logger.debug("Testing InitialContext prior to returning")
+            ctxt.lookup(test)
+            Full(ctxt)
+          }
+          case (Empty,_) => {
+            // We'll just allocate a new InitialContext to the thread
+            currentInitialContext(openInitialContext())
+
+            // Setting context to Empty here forces one more iteration in case a test
+            // DN has been configured
+            Empty
+          }
+        }
+      } catch {
+        case commE : CommunicationException => {
+          logger.error("Communcations failure on attempt %d while " +
+                       "verifying InitialContext: %s".format(attempts + 1, commE.getMessage))
 
-    // TODO : Allow search controls && attributes without override method ?
-    def getSearchControls() : SearchControls = {
-        val searchAttributes = new Array[String](1)
-        searchAttributes(0) = "cn"
+          // The current context failed, so clear it
+          currentInitialContext(null)
 
-        val constraints = new SearchControls()
-        constraints.setSearchScope(SearchControls.SUBTREE_SCOPE)
-        constraints.setReturningAttributes(searchAttributes)
-        return constraints
+          // We sleep before retrying
+          Thread.sleep(retryInterval.vend)
+          attempts += 1
+        }
+      }
     }
 
-    private def getInitialContext(props: StringMap) : Option[InitialLdapContext] = {
-        logger.debug("--> LDAPSearch.getInitialContext: Get initial context from '%s'".format(props.get("ldap.url")))
-
-        var env = new Hashtable[String, String]()
-        env.put(Context.PROVIDER_URL, props.getOrElse("ldap.url", DEFAULT_URL))
-        env.put(Context.SECURITY_AUTHENTICATION, "simple")
-        env.put(Context.SECURITY_PRINCIPAL, props.getOrElse("ldap.userName", DEFAULT_USER))
-        env.put(Context.SECURITY_CREDENTIALS, props.getOrElse("ldap.password", DEFAULT_PASSWORD))
-        env.put(Context.INITIAL_CONTEXT_FACTORY, parameters().getOrElse("ldap.initial_context_factory",
-                                                                        DEFAULT_INITIAL_CONTEXT_FACTORY))
-        return Some(new InitialLdapContext(env, null))
+    // We have a final check on the context before returning
+    context match {
+      case Full(ctxt) => ctxt
+      case Empty => throw new CommunicationException("Failed to connect to '%s' after %d attempts".
+                                                     format(ldapUrl.vend, attempts))
     }
+  }
+
+  /**
+   * This method does the actual work of setting up the environment and constructing
+   * the InitialLdapContext.
+   */
+  protected def openInitialContext () : InitialLdapContext = {
+    logger.debug("Obtaining an initial context from '%s'".format(ldapUrl.vend))
+            
+    var env = new Hashtable[String, String]()
+    env.put(Context.PROVIDER_URL, ldapUrl.vend)
+    env.put(Context.SECURITY_AUTHENTICATION, ldapAuthType.vend)
+    env.put(Context.SECURITY_PRINCIPAL, ldapUser.vend)
+    env.put(Context.SECURITY_CREDENTIALS, ldapPassword.vend)
+    env.put(Context.INITIAL_CONTEXT_FACTORY, ldapFactory.vend)
+    new InitialLdapContext(env, null)
+  }
 }
 
-}
-}
+}} // Close nested packages
+
diff --git a/lift-ldap/src/main/scala/net/liftweb/ldap/LDAPProtoUser.scala b/lift-ldap/src/main/scala/net/liftweb/ldap/LDAPProtoUser.scala
index 719e129..b53c056 100644
--- a/lift-ldap/src/main/scala/net/liftweb/ldap/LDAPProtoUser.scala
+++ b/lift-ldap/src/main/scala/net/liftweb/ldap/LDAPProtoUser.scala
@@ -103,7 +103,7 @@ trait MetaLDAPProtoUser[ModelType <: LDAPProtoUser[ModelType]] extends MetaMegaP
         </form>
     }
 
-    def ldapVendor: SimpleLDAPVendor = SimpleLDAPVendor
+    def ldapVendor: LDAPVendor = SimpleLDAPVendor
 
     override def login : NodeSeq = {
         if (S.post_?) {
diff --git a/lift-ldap/src/test/scala/net/liftweb/ldap/LdapSpec.scala b/lift-ldap/src/test/scala/net/liftweb/ldap/LdapSpec.scala
new file mode 100644
index 0000000..310c93c
--- /dev/null
+++ b/lift-ldap/src/test/scala/net/liftweb/ldap/LdapSpec.scala
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2010 WorldWide Conferencing, LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.liftweb {
+package ldap {
+
+import _root_.org.specs._
+import _root_.org.specs.runner.JUnit3
+import _root_.org.specs.runner.ConsoleRunner
+
+import javax.naming.CommunicationException
+
+import org.apache.mina.util.AvailablePortFinder
+import org.apache.directory.server.core.DefaultDirectoryService
+import org.apache.directory.server.core.partition.impl.btree.jdbm.{JdbmIndex,JdbmPartition}
+import org.apache.directory.server.ldap.LdapServer
+import org.apache.directory.server.protocol.shared.transport.TcpTransport
+import org.apache.directory.server.xdbm.Index
+import org.apache.directory.server.core.entry.ServerEntry
+import org.apache.directory.shared.ldap.name.LdapDN
+
+class LdapSpecsAsTest extends JUnit3(LdapSpecs)
+object LdapSpecsRunner extends ConsoleRunner(LdapSpecs)
+
+object LdapSpecs extends Specification {
+  val ROOT_DN = "dc=ldap,dc=liftweb,dc=net"
+
+  // Thanks to Francois Armand for pointing this utility out!
+  val service_port = AvailablePortFinder.getNextAvailable(40000)
+  val service = new DefaultDirectoryService
+  val ldap = new LdapServer
+
+
+  /*
+   * The following is taken from:
+   * http://directory.apache.org/apacheds/1.5/41-embedding-apacheds-into-an-application.html
+   * http://stackoverflow.com/questions/1560230/running-apache-ds-embedded-in-my-application
+   */
+  doBeforeSpec {
+    try {
+      // Disable changelog
+      service.getChangeLog.setEnabled(false)
+
+      // Set up a partition
+      val partition = new JdbmPartition
+      partition.setId("lift-ldap")
+      partition.setSuffix(ROOT_DN)
+      service.addPartition(partition)
+
+      // Index attributes (gnarly type due to poor type inferencing)
+      val indices : java.util.Set[Index[_,ServerEntry]] = new java.util.HashSet()
+
+      List("objectClass", "ou", "uid", "sn").foreach {
+        attr : String => indices.add(new JdbmIndex(attr))
+      }
+
+      partition.setIndexedAttributes(indices)
+
+      // Set up the transport to use our "available" port
+      ldap.setTransports(new TcpTransport(service_port))
+      ldap.setDirectoryService(service)
+
+      service.startup()
+
+      // Inject the root entry if it does not already exist
+      if ( !service.getAdminSession().exists(partition.getSuffixDn)) {
+        println("Adding root entry")
+        val rootEntry = service.newEntry(new LdapDN(ROOT_DN))
+        rootEntry.add( "objectClass", "top", "domain", "extensibleObject" );
+        rootEntry.add( "dc", "ldap" );
+        service.getAdminSession().add( rootEntry );
+      }
+
+      addTestData()
+
+      ldap.start()
+
+      println("Started LDAP server on port " + service_port)
+    } catch {
+      case e => e.printStackTrace
+    }
+  }
+
+  "LDAPVendor" should {
+    shareVariables()
+
+    object myLdap extends LDAPVendor
+
+    myLdap.configure(Map("ldap.url" -> "ldap://localhost:%d/".format(service_port),
+                         "ldap.base" -> "dc=ldap,dc=liftweb,dc=net"))
+
+    "handle simple lookups" in {
+      myLdap.search("objectClass=person") must_== List("cn=Test User")
+    }
+
+    "handle simple authentication" in {
+      myLdap.bindUser("cn=Test User", "letmein")
+    }
+
+    "attempt reconnects" in {
+      object badLdap extends LDAPVendor
+      badLdap.configure()
+
+      badLdap.search("objectClass=person") must throwA[CommunicationException]
+    }
+  }
+
+
+  doAfterSpec {
+    ldap.stop()
+    service.shutdown()
+    println("Stopped server")
+  }
+
+  def addTestData() {
+    val username = new LdapDN("cn=Test User," + ROOT_DN)
+    if (! service.getAdminSession().exists(username)) {
+      println("Adding test user")
+      // Add a test user. This will be used for searching and binding
+      val entry = service.newEntry(username)
+      entry.add("objectClass", "person", "organizationalPerson")
+      entry.add("cn", "Test User")
+      entry.add("sn", "User")
+      entry.add("userpassword", "letmein")
+      service.getAdminSession.add(entry)
+    }
+  }
+}
+
+
+}} // Close nested packages