in src/main/java/org/apache/directory/fortress/core/ldap/LdapConnectionProvider.java [110:258]
private void init()
{
boolean IS_TLS = Config.getInstance().getBoolean( GlobalIds.ENABLE_LDAP_STARTTLS, false );
boolean IS_SSL = Config.getInstance().getBoolean( GlobalIds.ENABLE_LDAP_SSL, false );
String host = Config.getInstance().getProperty( GlobalIds.LDAP_HOST, "localhost" );
int port = Config.getInstance().getInt( GlobalIds.LDAP_PORT, 389 );
int min = Config.getInstance().getInt( GlobalIds.LDAP_ADMIN_POOL_MIN, 1 );
int max = Config.getInstance().getInt( GlobalIds.LDAP_ADMIN_POOL_MAX, 10 );
int logmin = Config.getInstance().getInt( GlobalIds.LDAP_LOG_POOL_MIN, 1 );
int logmax = Config.getInstance().getInt( GlobalIds.LDAP_LOG_POOL_MAX, 10 );
boolean testOnBorrow = Config.getInstance().getBoolean( GlobalIds.TEST_ON_BORROW, false );
boolean testWhileIdle = Config.getInstance().getBoolean( GlobalIds.TEST_ON_IDLE, false );
boolean isBlockOnMaxConnection = Config.getInstance().getBoolean( GlobalIds.IS_MAX_CONN_BLOCK, true );
int maxConnBlockTime = Config.getInstance().getInt( GlobalIds.MAX_CONN_BLOCK_TIME, 5000 );
int timeBetweenEvictionRunMillis = Config.getInstance().getInt( GlobalIds.LDAP_ADMIN_POOL_EVICT_RUN_MILLIS, 1000 * 60 * 30 );
int logTimeBetweenEvictionRunMillis = Config.getInstance().getInt( GlobalIds.LDAP_LOG_POOL_EVICT_RUN_MILLIS, 1000 * 60 * 30 );
LOG.info( "LDAP POOL: host=[{}], port=[{}], min=[{}], max=[{}]", host, port, min, max );
LdapConnectionConfig config = new LdapConnectionConfig();
config.setLdapHost( host );
config.setLdapPort( port );
config.setName( Config.getInstance().getProperty( GlobalIds.LDAP_ADMIN_POOL_UID, "" ) );
config.setEnabledProtocols( getDefaultProtocols() );
//config.setTrustManagers( new NoVerificationTrustManager() );
if ( ( IS_TLS || IS_SSL ) && StringUtils.isNotEmpty( Config.getInstance().getProperty( GlobalIds.TRUST_STORE ) ) &&
StringUtils.isNotEmpty( Config.getInstance().getProperty( GlobalIds.TRUST_STORE_PW, true ) ) )
{
// Can't use both!
if ( IS_SSL && IS_TLS )
{
throw new CfgRuntimeException( GlobalErrIds.FT_APACHE_LDAP_POOL_INIT_FAILED, " enable.ldap.starttls and enable.ldap.ssl cannot be used simultaneously" );
}
// One will be set here:
config.setUseTls( IS_TLS );
config.setUseSsl( IS_SSL );
// Always validate certificate but allow self-signed from this truststore:
config.setTrustManagers( new LdapClientTrustStoreManager( Config.getInstance().getProperty( GlobalIds
.TRUST_STORE ), Config.getInstance().getProperty( GlobalIds.TRUST_STORE_PW, true ).toCharArray(), null,
true ) );
}
String adminPw;
if ( EncryptUtil.isEnabled() )
{
adminPw = EncryptUtil.getInstance().decrypt( Config.getInstance().getProperty( GlobalIds
.LDAP_ADMIN_POOL_PW, true ) );
}
else
{
adminPw = Config.getInstance().getProperty( GlobalIds.LDAP_ADMIN_POOL_PW, true );
}
config.setCredentials( adminPw );
// TODO: FC-295 - Move/Improve RBAC Accelerator Client
try
{
List<String> listExOps = new ArrayList<>();
listExOps.add( "org.openldap.accelerator.impl.createSession.RbacCreateSessionFactory" );
listExOps.add( "org.openldap.accelerator.impl.checkAccess.RbacCheckAccessFactory" );
listExOps.add( "org.openldap.accelerator.impl.addRole.RbacAddRoleFactory" );
listExOps.add( "org.openldap.accelerator.impl.dropRole.RbacDropRoleFactory" );
listExOps.add( "org.openldap.accelerator.impl.deleteSession.RbacDeleteSessionFactory" );
listExOps.add( "org.openldap.accelerator.impl.sessionRoles.RbacSessionRolesFactory" );
LdapApiService ldapApiService = new StandaloneLdapApiService( new ArrayList<String>(), new ArrayList<String>(), listExOps, new ArrayList<String>() );
if ( !LdapApiServiceFactory.isInitialized() )
{
LdapApiServiceFactory.initialize( ldapApiService );
}
config.setLdapApiService( ldapApiService );
}
catch ( Exception ex )
{
String error = "Exception caught initializing Admin Pool: " + ex;
throw new CfgRuntimeException( GlobalErrIds.FT_APACHE_LDAP_POOL_INIT_FAILED, error, ex );
}
PooledObjectFactory<LdapConnection> poolFactory = new ValidatingPoolableLdapConnectionFactory( config );
// Create the Admin pool
adminPool = new LdapConnectionPool( poolFactory );
adminPool.setTestOnBorrow( testOnBorrow );
adminPool.setMaxTotal( max );
adminPool.setBlockWhenExhausted( isBlockOnMaxConnection );
adminPool.setMaxWaitMillis( maxConnBlockTime );
adminPool.setMinIdle( min );
adminPool.setMaxIdle( -1 );
adminPool.setTestWhileIdle( testWhileIdle );
adminPool.setTimeBetweenEvictionRunsMillis( timeBetweenEvictionRunMillis );
// Create the User pool
userPool = new LdapConnectionPool( poolFactory );
userPool.setTestOnBorrow( testOnBorrow );
userPool.setMaxTotal( max );
userPool.setBlockWhenExhausted( isBlockOnMaxConnection );
userPool.setMaxWaitMillis( maxConnBlockTime );
userPool.setMinIdle( min );
userPool.setMaxIdle( -1 );
userPool.setTestWhileIdle( testWhileIdle );
userPool.setTimeBetweenEvictionRunsMillis( timeBetweenEvictionRunMillis );
// This pool of access log connections is used by {@link org.apache.directory.fortress.AuditMgr}.
// To enable, set {@code log.admin.user} && {@code log.admin.pw} inside fortress.properties file:
if ( StringUtils.isNotEmpty( GlobalIds.LDAP_LOG_POOL_UID ) && StringUtils.isNotEmpty( GlobalIds.LDAP_LOG_POOL_PW ) )
{
// Initializing the log pool in static block requires static props set within fortress.properties.
// To make this dynamic requires moving this code outside of static block AND storing the connection
// metadata inside fortress config node (in ldap).
LdapConnectionConfig logConfig = new LdapConnectionConfig();
logConfig.setLdapHost( host );
logConfig.setLdapPort( port );
logConfig.setName( Config.getInstance().getProperty( GlobalIds.LDAP_ADMIN_POOL_UID, "" ) );
logConfig.setEnabledProtocols( getDefaultProtocols() );
logConfig.setUseSsl( IS_SSL );
if ( IS_SSL && StringUtils.isNotEmpty( Config.getInstance().getProperty( GlobalIds.TRUST_STORE ) ) &&
StringUtils.isNotEmpty( Config.getInstance().getProperty( GlobalIds.TRUST_STORE_PW, true ) ) )
{
// validate certificates but allow self-signed certs if within this truststore:
logConfig.setTrustManagers( new LdapClientTrustStoreManager( Config.getInstance().getProperty(
GlobalIds.TRUST_STORE ), Config.getInstance().getProperty( GlobalIds.TRUST_STORE_PW, true ).toCharArray
(), null, true ) );
}
logConfig.setName( Config.getInstance().getProperty( GlobalIds.LDAP_LOG_POOL_UID, "" ) );
String logPw;
if ( EncryptUtil.isEnabled() )
{
logPw = EncryptUtil.getInstance().decrypt( Config.getInstance().getProperty( GlobalIds.LDAP_LOG_POOL_PW, true ) );
}
else
{
logPw = Config.getInstance().getProperty( GlobalIds.LDAP_LOG_POOL_PW, true );
}
logConfig.setCredentials( logPw );
poolFactory = new ValidatingPoolableLdapConnectionFactory( logConfig );
logPool = new LdapConnectionPool( poolFactory );
logPool.setTestOnBorrow( testOnBorrow );
logPool.setMaxTotal( logmax );
logPool.setBlockWhenExhausted( isBlockOnMaxConnection );
logPool.setMaxWaitMillis( maxConnBlockTime );
logPool.setMinIdle( logmin );
logPool.setTestWhileIdle( testWhileIdle );
logPool.setTimeBetweenEvictionRunsMillis( logTimeBetweenEvictionRunMillis );
}
}