Skip to content

Commit

Permalink
GUACAMOLE-1881: creating custom LDAP token domain name when multiple …
Browse files Browse the repository at this point in the history 
…LDAP enabled for UPN format
  • Loading branch information
Josna battula committed Apr 9, 2024
1 parent bdf9ab0 commit 76eb5bc
Showing 1 changed file with 41 additions and 28 deletions.
69 changes: 41 additions & 28 deletions ...auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
Expand Down Expand Up @@ -65,6 +67,11 @@ public class AuthenticationProviderService {
*/
public static final String LDAP_ATTRIBUTE_TOKEN_PREFIX = "LDAP_";

/**
* The name of LDAP domain attribute.
*/
public static final String LDAP_DOMAIN_TOKEN = "DOMAIN";

/**
* Service for creating and managing connections to LDAP servers.
*/
Expand Down Expand Up @@ -295,7 +302,7 @@ public LDAPAuthenticatedUser authenticateUser(Credentials credentials)
LDAPAuthenticatedUser authenticatedUser = authenticatedUserProvider.get();

authenticatedUser.init(config, credentials,
getAttributeTokens(config, credentials), effectiveGroups);
getUserTokens(config, credentials), effectiveGroups);

return authenticatedUser;
}
Expand All @@ -306,33 +313,35 @@ public LDAPAuthenticatedUser authenticateUser(Credentials credentials)
}

}

/**
* Returns parameter current ldap domain token generated from user credentials
* If no multiple LDAP are configured on GUACAMOLE_HOME such ldap-servers.yaml,
* a null is returned.
* Returns the current LDAP domain token from the provided user credentials.
*
* @param credentials
* The credentials to use for authentication.
* The credentials used for authentication.
*
* @return
* Domain name by splitting logged username(domain/username) when multiple LDAP configuration is available
* or null if no such configuration
* Domain name by splitting login username or null if no domain is detected.
*/
private String getDomainToken(Credentials credentials) {
String ldapDomainName = null;
if (credentials.getUsername().contains("\\")) {
ldapDomainName =credentials.getUsername().split("\\\\")[0];
String username = credentials.getUsername();
//Regex is used to extract the domain from a username
//that is in either of these formats: DOMAIN\\username or username@domain.
Pattern pattern = Pattern.compile("^(.+)\\\\.*$|^.*@(.+)$");
Matcher matcher = pattern.matcher(username);
if (matcher.find()) {
return matcher.group(1) != null ? matcher.group(1) : matcher.group(2);
}
return ldapDomainName;
return null;
}

/**
* Returns parameter tokens generated from LDAP attributes on the user
* currently bound under the given LDAP connection. The attributes to be
* converted into parameter tokens must be explicitly listed in
* guacamole.properties or domain name of the LDAP connection when multiple auth enabled.
* If no attributes are specified or none are found on the LDAP user object
* or multiple auth not enabled, an empty map is returned.
* Returns parameter tokens generated based on details specific to the user
* currently bound under the given LDAP connection. Both LDAP attributes on
* the user's associated LDAP object and the credentials submitted by the user
* to Guacamole are considered. If any tokens are to be derived from LDAP
* attributes, those attributes must be explicitly listed in
* guacamole.properties. If no tokens are applicable, an empty map is returned.
*
* @param config
* The configuration of the LDAP server being queried.
Expand All @@ -341,15 +350,18 @@ private String getDomainToken(Credentials credentials) {
* The credentials to use for authentication.
*
* @return
* A map of parameter tokens generated from attributes on the user
* currently bound under the given LDAP connection, as a map of token
* name to corresponding value, or an empty map if no attributes are
* specified or none are found on the user object.
* A map of parameter tokens. These tokens are generated based on
* the attributes of the user currently bound under the given LDAP connection
* and the user's credentials. The map's keys are the canonicalized attribute
* names with an "LDAP_" prefix, and the values are the corresponding attribute
* values. If the domain name is extracted from the user's credentials, it is added
* to the map with the key "LDAP_DOMAIN". If no applicable tokens are found,
* the method returns an empty map.
*
* @throws GuacamoleException
* If an error occurs retrieving the user DN or the attributes.
*/
private Map<String, String> getAttributeTokens(ConnectedLDAPConfiguration config, Credentials credentials)
private Map<String, String> getUserTokens(ConnectedLDAPConfiguration config, Credentials credentials)
throws GuacamoleException {

// Get attributes from configuration information
Expand Down Expand Up @@ -379,17 +391,18 @@ private Map<String, String> getAttributeTokens(ConnectedLDAPConfiguration config
tokens.put(TokenName.canonicalize(attr.getId(),
LDAP_ATTRIBUTE_TOKEN_PREFIX), attr.getString());
}
String domainName = getDomainToken(credentials);
if (domainName != null) {
String tokenName = TokenName.canonicalize("domain_name", LDAP_ATTRIBUTE_TOKEN_PREFIX);
tokens.put(tokenName, domainName);
}

}
catch (LdapException e) {
throw new GuacamoleServerException("Could not query LDAP user attributes.", e);
}

// Extracting the domain name from the user's credentials
String domainName = getDomainToken(credentials);
if (domainName != null) {
String tokenName = TokenName.canonicalize(LDAP_DOMAIN_TOKEN, LDAP_ATTRIBUTE_TOKEN_PREFIX);
tokens.put(tokenName, domainName);
}

return tokens;

}
Expand Down

0 comments on commit 76eb5bc

Please sign in to comment.