Feature/ldap fixes

authenticator/src/main/java/org/openmbee/mms/authenticator/config/AuthSecurityConfig.java

@@ -19,8 +19,7 @@ public class AuthSecurityConfig {
     private static Logger logger = LoggerFactory.getLogger(AuthSecurityConfig.class);
 
     @Autowired
-    public void setAuthProvider(AuthenticationManagerBuilder auth,
-            JwtAuthenticationProvider provider) {
+    public void setAuthProvider(AuthenticationManagerBuilder auth, JwtAuthenticationProvider provider) {
         auth.authenticationProvider(provider);
     }
 

example/src/main/resources/application.properties.example

@@ -12,18 +12,18 @@ jwt.expiration=86400
 jwt.header=Authorization
 
 # See ldap module for example configuration
-ldap.provider.base=ou=something,dc=openmbee,dc=org
-ldap.provider.url=ldaps://ldap.openmbee.org/${ldap.provider.base}
+ldap.provider.base=dc=directory,dc=openmbee,dc=org
+ldap.provider.url=ldaps://ldap.openmbee.org
 ldap.provider.userdn=
 ldap.provider.password=
-ldap.user.dn.pattern=uid={0}
+ldap.user.dn.pattern=uid={0},ou=personnel
 ldap.user.attributes.username=
 ldap.user.attributes.email=
 ldap.user.attributes.firstname=
 ldap.user.attributes.lastname=
 ldap.user.attributes.update=24
 ldap.group.role.attribute=cn
-ldap.group.search.base=
+ldap.group.search.base=ou=groups
 ldap.group.search.filter=uniqueMember={0}
 
 # See core module for example configuration

ldap/src/main/java/org/openmbee/mms/ldap/LdapSecurityConfig.java

@@ -5,7 +5,6 @@
 import java.util.*;
 
 import org.openmbee.mms.core.config.AuthorizationConstants;
-import org.openmbee.mms.data.domains.global.Base;
 import org.openmbee.mms.data.domains.global.Group;
 import org.openmbee.mms.rdb.repositories.GroupRepository;
 import org.openmbee.mms.rdb.repositories.UserRepository;
@@ -20,12 +19,12 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.ldap.core.support.BaseLdapPathContextSource;
+import org.springframework.ldap.core.support.LdapContextSource;
 import org.springframework.ldap.filter.*;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 import org.springframework.security.ldap.SpringSecurityLdapTemplate;
 import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
@@ -117,7 +116,7 @@ LdapAuthoritiesPopulator ldapAuthoritiesPopulator(@Qualifier("contextSource") Ba
          */
         class CustomLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
 
-            SpringSecurityLdapTemplate ldapTemplate;
+            final SpringSecurityLdapTemplate ldapTemplate;
 
             private CustomLdapAuthoritiesPopulator(BaseLdapPathContextSource ldapContextSource) {
                 ldapTemplate = new SpringSecurityLdapTemplate(ldapContextSource);
@@ -130,6 +129,7 @@ public Collection<? extends GrantedAuthority> getGrantedAuthorities(
                 Optional<User> userOptional = userRepository.findByUsername(username);
 
                 if (userOptional.isEmpty()) {
+                    logger.info("No user record for {} in the userRepository, creating...", userData.getDn());
                     User newUser = createLdapUser(userData);
                     userOptional = Optional.of(newUser);
                 }
@@ -163,6 +163,7 @@ public Collection<? extends GrantedAuthority> getGrantedAuthorities(
 
                 String filter = andFilter.encode();
                 logger.debug("Searching LDAP with filter: {}", filter);
+
                 Set<String> memberGroups = ldapTemplate
                     .searchForSingleAttributeValues(groupSearchBase, filter, new Object[]{""}, groupRoleAttribute);
                 logger.debug("LDAP search result: {}", Arrays.toString(memberGroups.toArray()));
@@ -172,6 +173,17 @@ public Collection<? extends GrantedAuthority> getGrantedAuthorities(
                     Optional<Group> group = groupRepository.findByName(memberGroup);
                     group.ifPresent(addGroups::add);
                 }
+
+                if (logger.isDebugEnabled()) {
+                    if ((long) addGroups.size() > 0) {
+                        addGroups.forEach(group -> {
+                            logger.debug("Group received: {}", group.getName());
+                        });
+                    } else {
+                        logger.debug("No configured groups returned from LDAP");
+                    }
+                }
+
                 user.setGroups(addGroups);
                 userRepository.save(user);
 
@@ -190,12 +202,19 @@ public Collection<? extends GrantedAuthority> getGrantedAuthorities(
     }
 
     @Bean
-    public BaseLdapPathContextSource contextSource() {
-        DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
-            providerUrl);
+    public LdapContextSource contextSource() {
+        LdapContextSource contextSource = new LdapContextSource();
+
+        logger.debug("Initializing LDAP ContextSource with the following values: ");
+
+        contextSource.setUrl(providerUrl);
+        contextSource.setBase(providerBase);
         contextSource.setUserDn(providerUserDn);
         contextSource.setPassword(providerPassword);
-        contextSource.setBase(providerBase);
+
+        logger.debug("BaseLdapPath: " + contextSource.getBaseLdapPathAsString());
+        logger.debug("UserDn: " + contextSource.getUserDn());
+
         return contextSource;
     }