opendev/gerrit
Code Issues Proposed changes

Guess ldap type of Active Directory LDS as ActiveDirectory

Browse Source 
If Gerrit connects to an AD LDS [1] server it will guess its type as
RCF_2307 instead of ActiveDirectory. The reason is that an AD LDS
doesn't support the "1.2.840.113556.1.4.800" capability.  However,
AD LDS behaves like ActiveDirectory and Gerrit also needs to guess
its type as ActiveDirectory to make the default query patterns work
properly.

Extend the ldap server type guessing by checking for presence of the
"1.2.840.113556.1.4.1851" capability which indicates that this ldap
server runs ActiveDirectory as AD LDS [2].

Also remove the check for the presence of the "defaultNamingContext"
attribute as we don't use it anywhere and, by default, this attribute is
not set on an AD LDS [3]

[1] http://msdn.microsoft.com/en-us/library/aa705886(VS.85).aspx
[2] http://msdn.microsoft.com/en-us/library/cc223364.aspx
[3] http://technet.microsoft.com/en-us/library/cc816929(v=ws.10).aspx

Change-Id: I82970cc921a5830f72b5589a83e790757a3c07a0
Signed-off-by: Sasa Zivkov <sasa.zivkov@sap.com>
This commit is contained in:
Sasa Zivkov
2013-02-22 12:55:52 +01:00
parent ab33d4fc6e
commit 42032ab9ff
1 changed files with 3 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapType.java
View File

@@ -25,8 +25,9 @@ abstract class LdapType {
static LdapType guessType(final DirContext ctx) throws NamingException {
final Attributes rootAtts = ctx.getAttributes("");
Attribute supported = rootAtts.get("supportedCapabilities");
if (supported != null && supported.contains("1.2.840.113556.1.4.800")) {
return new ActiveDirectory(rootAtts);
if (supported != null && (supported.contains("1.2.840.113556.1.4.800")
|| supported.contains("1.2.840.113556.1.4.1851"))) {
return new ActiveDirectory();
}
return RFC_2307;
@@ -91,17 +92,6 @@ abstract class LdapType {
}
private static class ActiveDirectory extends LdapType {
ActiveDirectory(final Attributes atts) throws NamingException {
// Convert "defaultNamingContext: DC=foo,DC=example,DC=com" into
// the a standard DNS name as we would expect to find in the suffix
// part of the userPrincipalName.
//
Attribute defaultNamingContext = atts.get("defaultNamingContext");
if (defaultNamingContext == null || defaultNamingContext.size() < 1) {
throw new NamingException("rootDSE has no defaultNamingContext");
}
}
@Override
String groupPattern() {
return "(&(objectClass=group)(cn=${groupname}))";