summaryrefslogtreecommitdiffstats
path: root/java/com/google/gerrit/server/auth/ldap/LdapType.java
diff options
context:
space:
mode:
Diffstat (limited to 'java/com/google/gerrit/server/auth/ldap/LdapType.java')
-rw-r--r--java/com/google/gerrit/server/auth/ldap/LdapType.java201
1 files changed, 201 insertions, 0 deletions
diff --git a/java/com/google/gerrit/server/auth/ldap/LdapType.java b/java/com/google/gerrit/server/auth/ldap/LdapType.java
new file mode 100644
index 0000000000..fe1f1ffd1f
--- /dev/null
+++ b/java/com/google/gerrit/server/auth/ldap/LdapType.java
@@ -0,0 +1,201 @@
+// Copyright (C) 2009 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.google.gerrit.server.auth.ldap;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+
+abstract class LdapType {
+ static final LdapType RFC_2307 = new Rfc2307();
+
+ static LdapType guessType(DirContext ctx) throws NamingException {
+ final Attributes rootAtts = ctx.getAttributes("");
+ Attribute supported = rootAtts.get("supportedCapabilities");
+ if (supported != null
+ && (supported.contains("1.2.840.113556.1.4.800")
+ || supported.contains("1.2.840.113556.1.4.1851"))) {
+ return new ActiveDirectory();
+ }
+
+ supported = rootAtts.get("supportedExtension");
+ if (supported != null && supported.contains("2.16.840.1.113730.3.8.10.1")) {
+ return new FreeIPA();
+ }
+
+ return RFC_2307;
+ }
+
+ abstract String groupPattern();
+
+ abstract String groupMemberPattern();
+
+ abstract String groupName();
+
+ abstract String accountFullName();
+
+ abstract String accountEmailAddress();
+
+ abstract String accountSshUserName();
+
+ abstract String accountMemberField();
+
+ abstract boolean accountMemberExpandGroups();
+
+ abstract String accountPattern();
+
+ private static class Rfc2307 extends LdapType {
+ @Override
+ String groupPattern() {
+ return "(cn=${groupname})";
+ }
+
+ @Override
+ String groupMemberPattern() {
+ return "(|(memberUid=${username})(gidNumber=${gidNumber}))";
+ }
+
+ @Override
+ String groupName() {
+ return "cn";
+ }
+
+ @Override
+ String accountFullName() {
+ return "displayName";
+ }
+
+ @Override
+ String accountEmailAddress() {
+ return "mail";
+ }
+
+ @Override
+ String accountSshUserName() {
+ return "uid";
+ }
+
+ @Override
+ String accountMemberField() {
+ return null; // Not defined in RFC 2307
+ }
+
+ @Override
+ String accountPattern() {
+ return "(uid=${username})";
+ }
+
+ @Override
+ boolean accountMemberExpandGroups() {
+ return true;
+ }
+ }
+
+ private static class ActiveDirectory extends LdapType {
+ @Override
+ String groupPattern() {
+ return "(&(objectClass=group)(cn=${groupname}))";
+ }
+
+ @Override
+ String groupName() {
+ return "cn";
+ }
+
+ @Override
+ String groupMemberPattern() {
+ return null; // Active Directory uses memberOf in the account
+ }
+
+ @Override
+ String accountFullName() {
+ return "${givenName} ${sn}";
+ }
+
+ @Override
+ String accountEmailAddress() {
+ return "mail";
+ }
+
+ @Override
+ String accountSshUserName() {
+ return "${sAMAccountName.toLowerCase}";
+ }
+
+ @Override
+ String accountMemberField() {
+ return "memberOf";
+ }
+
+ @Override
+ String accountPattern() {
+ return "(&(objectClass=user)(sAMAccountName=${username}))";
+ }
+
+ @Override
+ boolean accountMemberExpandGroups() {
+ return true;
+ }
+ }
+
+ private static class FreeIPA extends LdapType {
+
+ @Override
+ String groupPattern() {
+ return "(cn=${groupname})";
+ }
+
+ @Override
+ String groupName() {
+ return "cn";
+ }
+
+ @Override
+ String groupMemberPattern() {
+ return null; // FreeIPA uses memberOf in the account
+ }
+
+ @Override
+ String accountFullName() {
+ return "displayName";
+ }
+
+ @Override
+ String accountEmailAddress() {
+ return "mail";
+ }
+
+ @Override
+ String accountSshUserName() {
+ return "uid";
+ }
+
+ @Override
+ String accountMemberField() {
+ return "memberOf";
+ }
+
+ @Override
+ String accountPattern() {
+ return "(uid=${username})";
+ }
+
+ @Override
+ boolean accountMemberExpandGroups() {
+ return false;
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 00:11:33 +0000