in interceptors/authn/src/main/java/org/apache/directory/server/core/authn/DelegatingAuthenticator.java [219:349]
public LdapPrincipal authenticate( BindOperationContext bindContext )
throws LdapException
{
LdapPrincipal principal = null;
if ( IS_DEBUG )
{
LOG.debug( "Authenticating {}", bindContext.getDn() );
}
// First, check that the Bind DN is under the delegateBaseDn
Dn bindDn = bindContext.getDn();
// Don't authenticate using this authenticator if the Bind ND is not a descendant of the
// configured delegate base DN (or if it's null)
if ( ( getBaseDn() == null ) || ( !bindDn.isDescendantOf( getBaseDn() ) ) )
{
return null;
}
LdapConnectionConfig connectionConfig;
LdapNetworkConnection ldapConnection;
// Create a connection on the remote host
if ( delegateTls )
{
connectionConfig = new LdapConnectionConfig();
connectionConfig.setLdapHost( delegateHost );
connectionConfig.setLdapPort( delegatePort );
if ( delegateTlsTrustManagerFQCN != null && !"".equals( delegateTlsTrustManagerFQCN ) )
{
try
{
Class<?> trustManagerClass = Class.forName( delegateTlsTrustManagerFQCN );
TrustManager trustManager = ( TrustManager ) trustManagerClass.newInstance();
connectionConfig.setTrustManagers( trustManager );
}
catch ( ClassNotFoundException | InstantiationException | IllegalAccessException e )
{
String message = "Cannot load " + delegateTlsTrustManagerFQCN;
LOG.error( message );
throw new LdapException( message );
}
}
ldapConnection = new LdapNetworkConnection( connectionConfig );
ldapConnection.connect();
ldapConnection.startTls();
}
else if ( delegateSsl )
{
connectionConfig = new LdapConnectionConfig();
connectionConfig.setLdapHost( delegateHost );
connectionConfig.setUseSsl( true );
connectionConfig.setLdapPort( delegatePort );
if ( delegateSslTrustManagerFQCN != null && !"".equals( delegateSslTrustManagerFQCN ) )
{
try
{
Class<?> trustManagerClass = Class.forName( delegateSslTrustManagerFQCN );
TrustManager trustManager = ( TrustManager ) trustManagerClass.newInstance();
connectionConfig.setTrustManagers( trustManager );
}
catch ( ClassNotFoundException | InstantiationException | IllegalAccessException e )
{
String message = "Cannot load " + delegateSslTrustManagerFQCN;
LOG.error( message );
throw new LdapException( message );
}
}
ldapConnection = new LdapNetworkConnection( connectionConfig );
ldapConnection.connect();
}
else
{
connectionConfig = new LdapConnectionConfig();
connectionConfig.setLdapHost( delegateHost );
connectionConfig.setLdapPort( delegatePort );
ldapConnection = new LdapNetworkConnection( delegateHost, delegatePort );
ldapConnection.connect();
}
ldapConnection.setTimeOut( 0L );
try
{
// Try to bind
try
{
ldapConnection.bind( bindDn, Strings.utf8ToString( bindContext.getCredentials() ) );
}
catch ( LdapException le )
{
String message = I18n.err( I18n.ERR_14004_INCORRECT_PASSWORD, bindDn.getName() );
LOG.info( message );
throw new LdapAuthenticationException( message );
}
finally
{
// no need to remain bound to delegate host
ldapConnection.unBind();
if ( IS_DEBUG )
{
LOG.debug( "Authenticated successfully {}", bindContext.getDn() );
}
}
// Create the new principal
principal = new LdapPrincipal( getDirectoryService().getSchemaManager(), bindDn,
AuthenticationLevel.SIMPLE,
bindContext.getCredentials() );
setAddresses( bindContext, principal );
return principal;
}
catch ( LdapException e )
{
// Bad password ...
String message = I18n.err( I18n.ERR_14004_INCORRECT_PASSWORD, bindDn.getName() );
LOG.info( message );
throw new LdapAuthenticationException( message );
}
finally
{
ldapConnection.close();
}
}