diff --git a/src/main/java/org/codelibs/fess/Constants.java b/src/main/java/org/codelibs/fess/Constants.java
index bbd285df56463d19bb1c0f29ab567bd65de234a2..1302b4a2e38b5732eab751e670a03e8555a8f040 100644
--- a/src/main/java/org/codelibs/fess/Constants.java
+++ b/src/main/java/org/codelibs/fess/Constants.java
@@ -359,6 +359,8 @@ public class Constants extends CoreLibConstants {
public static final TimeZone TIMEZONE_UTC = TimeZone.getTimeZone("UTC");
+ public static final String LDAP_BASE_DN = "ldap.base.dn";
+
public static final String LDAP_SECURITY_PRINCIPAL = "ldap.security.principal";
public static final String LDAP_PROVIDER_URL = "ldap.provider.url";
diff --git a/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java b/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java
index 6a6d481409af96b841e249b848f7243980a38d2f..ba737d45d735b07a64fc1ece16566598d1800788 100644
--- a/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java
+++ b/src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java
@@ -162,6 +162,7 @@ public class AdminGeneralAction extends FessAdminAction {
updateProperty(Constants.PURGE_SUGGEST_SEARCH_LOG_DAY_PROPERTY, form.purgeSuggestSearchLogDay.toString());
updateProperty(Constants.LDAP_PROVIDER_URL, form.ldapProviderUrl);
updateProperty(Constants.LDAP_SECURITY_PRINCIPAL, form.ldapSecurityPrincipal);
+ updateProperty(Constants.LDAP_BASE_DN, form.ldapBaseDn);
crawlerProperties.store();
saveInfo(messages -> messages.addSuccessUpdateCrawlerParams(GLOBAL));
@@ -199,6 +200,7 @@ public class AdminGeneralAction extends FessAdminAction {
Constants.DEFAULT_SUGGEST_PURGE_DAY));
form.ldapProviderUrl = crawlerProperties.getProperty(Constants.LDAP_PROVIDER_URL, StringUtil.EMPTY);
form.ldapSecurityPrincipal = crawlerProperties.getProperty(Constants.LDAP_SECURITY_PRINCIPAL, StringUtil.EMPTY);
+ form.ldapBaseDn = crawlerProperties.getProperty(Constants.LDAP_BASE_DN, StringUtil.EMPTY);
}
private void updateProperty(final String key, final String value) {
diff --git a/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java b/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java
index fa6714ab78cc0f60380929c0373ccfc209163057..a5b5038e07a9f7d9b4a9a6b0a1da7b55d27958ce 100644
--- a/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java
+++ b/src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java
@@ -121,4 +121,7 @@ public class EditForm implements Serializable {
@Size(max = 1000)
public String ldapSecurityPrincipal;
+
+ @Size(max = 1000)
+ public String ldapBaseDn;
}
diff --git a/src/main/java/org/codelibs/fess/ldap/LdapManager.java b/src/main/java/org/codelibs/fess/ldap/LdapManager.java
index a763bb491b203e784364417f5713dd1f5a0d67fd..2e4f2933d0710c5b0d9b3e7d5cecb4cc970a7cb1 100644
--- a/src/main/java/org/codelibs/fess/ldap/LdapManager.java
+++ b/src/main/java/org/codelibs/fess/ldap/LdapManager.java
@@ -15,12 +15,19 @@
*/
package org.codelibs.fess.ldap;
+import java.util.ArrayList;
import java.util.Hashtable;
+import java.util.List;
import javax.naming.Context;
+import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.entity.FessUser;
@@ -72,4 +79,63 @@ public class LdapManager {
protected LdapUser createLdapUser(String username, Hashtable<String, String> env) {
return new LdapUser(env, username);
}
+
+ public String[] getRoles(final LdapUser ldapUser, String bindDn) {
+ final List<String> rolelist = new ArrayList<String>();
+
+ DirContext ctx = null;
+ try {
+ ctx = new InitialDirContext(ldapUser.getEnvironment());
+
+ //set search conditions
+ final String filter = "cn=" + ldapUser.getName();
+ final SearchControls controls = new SearchControls();
+ controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
+
+ //search
+ final NamingEnumeration<SearchResult> rslt = ctx.search(bindDn, filter, controls);
+ while (rslt.hasMoreElements()) {
+ final SearchResult srcrslt = rslt.next();
+ final Attributes attrs = srcrslt.getAttributes();
+
+ //get group attr
+ final Attribute attr = attrs.get("memberOf");
+ if (attr == null) {
+ continue;
+ }
+
+ for (int i = 0; i < attr.size(); i++) {
+ Object attrValue = attr.get(i);
+ if (attrValue != null) {
+ // TODO replace with regexp
+ String strTmp = attrValue.toString();
+
+ int strStart = 0;
+ int strEnd = 0;
+
+ strStart = strTmp.indexOf("CN=");
+ strStart += "CN=".length();
+ strEnd = strTmp.indexOf(',');
+
+ strTmp = strTmp.substring(strStart, strEnd);
+
+ rolelist.add(strTmp);
+ }
+ }
+ }
+
+ } catch (final Exception e) {
+ logger.warn("Failed to resolve roles: " + ldapUser.getName(), e);
+ } finally {
+ if (ctx != null) {
+ try {
+ ctx.close();
+ } catch (final NamingException e) {
+ // ignored
+ }
+ }
+ }
+
+ return rolelist.toArray(new String[rolelist.size()]);
+ }
}
diff --git a/src/main/java/org/codelibs/fess/ldap/LdapUser.java b/src/main/java/org/codelibs/fess/ldap/LdapUser.java
index a7b73973c0a8490bb5b8977754f100348f3fa360..48a553922627f1e7e27148b47f9cd9f7e90ff8d3 100644
--- a/src/main/java/org/codelibs/fess/ldap/LdapUser.java
+++ b/src/main/java/org/codelibs/fess/ldap/LdapUser.java
@@ -19,6 +19,8 @@ import java.util.Hashtable;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.fess.entity.FessUser;
+import org.codelibs.fess.mylasta.direction.FessConfig;
+import org.codelibs.fess.util.ComponentUtil;
public class LdapUser implements FessUser {
@@ -28,6 +30,8 @@ public class LdapUser implements FessUser {
protected String name;
+ protected String[] roles = null;
+
public LdapUser(Hashtable<String, String> env, String name) {
this.env = env;
this.name = name;
@@ -40,8 +44,13 @@ public class LdapUser implements FessUser {
@Override
public String[] getRoleNames() {
- // TODO
- return StringUtil.EMPTY_STRINGS;
+ if (roles == null) {
+ final String baseDn = ComponentUtil.getFessConfig().getLdapBaseDn();
+ if (StringUtil.isNotBlank(baseDn)) {
+ roles = ComponentUtil.getLdapManager().getRoles(this, baseDn);
+ }
+ }
+ return roles;
}
@Override
@@ -49,4 +58,8 @@ public class LdapUser implements FessUser {
// TODO
return StringUtil.EMPTY_STRINGS;
}
+
+ public Hashtable<String, String> getEnvironment() {
+ return env;
+ }
}
diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
index d958d30e4fd1e20d97dd472aac2506af0fa9d834..e0f2c23c7454d97993ca195d3634ad4a00639052 100644
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
@@ -43,4 +43,8 @@ public interface FessProp {
public default String getLdapSecurityPrincipal(String username) {
return String.format(getProperty(Constants.LDAP_SECURITY_PRINCIPAL, StringUtil.EMPTY), username);
}
+
+ public default String getLdapBaseDn() {
+ return getProperty(Constants.LDAP_BASE_DN);
+ }
}
diff --git a/src/main/resources/fess_label.properties b/src/main/resources/fess_label.properties
index 59a3fa4a39bb4774af211b92c571efcda54d013c..e053a6a8ed04471da8c4d4d122217907e6bdf253 100644
--- a/src/main/resources/fess_label.properties
+++ b/src/main/resources/fess_label.properties
@@ -134,7 +134,8 @@ labels.searchParams=Search Parameters
labels.fields=Fields
labels.ex_q=Extended Query
labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=LDAP Principal
+labels.ldapSecurityPrincipal=Bind DN
+labels.ldapBaseDn=Base DN
labels.menu_system=System
labels.menu_wizard=Wizard
@@ -658,5 +659,6 @@ labels.general_menu_logging=Logging
labels.general_menu_suggest=Suggest
labels.general_menu_ldap=LDAP
labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=LDAP Principal
+labels.ldap_security_principal=Bind DN
+labels.ldap_base_dn=Base DN
labels.send_testmail=Send TestMail
diff --git a/src/main/resources/fess_label_en.properties b/src/main/resources/fess_label_en.properties
index 59a3fa4a39bb4774af211b92c571efcda54d013c..e053a6a8ed04471da8c4d4d122217907e6bdf253 100644
--- a/src/main/resources/fess_label_en.properties
+++ b/src/main/resources/fess_label_en.properties
@@ -134,7 +134,8 @@ labels.searchParams=Search Parameters
labels.fields=Fields
labels.ex_q=Extended Query
labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=LDAP Principal
+labels.ldapSecurityPrincipal=Bind DN
+labels.ldapBaseDn=Base DN
labels.menu_system=System
labels.menu_wizard=Wizard
@@ -658,5 +659,6 @@ labels.general_menu_logging=Logging
labels.general_menu_suggest=Suggest
labels.general_menu_ldap=LDAP
labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=LDAP Principal
+labels.ldap_security_principal=Bind DN
+labels.ldap_base_dn=Base DN
labels.send_testmail=Send TestMail
diff --git a/src/main/resources/fess_label_ja.properties b/src/main/resources/fess_label_ja.properties
index f00bb8f65196c3034408d70a3c68d3d9da61a973..78a19ddaa6a1e74c7126436746ef89d72e51c496 100644
--- a/src/main/resources/fess_label_ja.properties
+++ b/src/main/resources/fess_label_ja.properties
@@ -646,7 +646,9 @@ labels.general_menu_logging = \u30ed\u30ae\u30f3\u30b0
labels.general_menu_suggest = \u30b5\u30b8\u30a7\u30b9\u30c8
labels.send_testmail=\u30c6\u30b9\u30c8\u30e1\u30fc\u30eb\u306e\u9001\u4fe1
labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=LDAP \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb
+labels.ldapSecurityPrincipal=Bind DN
+labels.ldapBaseDn=Base DN
labels.general_menu_ldap=LDAP
labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=LDAP \u30d7\u30ea\u30f3\u30b7\u30d1\u30eb
+labels.ldap_security_principal=Bind DN
+labels.ldap_base_dn=Base DN
diff --git a/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp b/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp
index 4df4c35f3e3173a6c99bdd52e103875f11aa37d7..b1ca3f7643d54fa82043d8cbb0f6f1a824c6868c 100644
--- a/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp
+++ b/src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp
@@ -293,7 +293,7 @@
<div class="form-group">
<label for="ldapProviderUrl"
class="col-sm-3 control-label"><la:message
- key="labels.ldapProviderUrl" /></label>
+ key="labels.ldap_provider_url" /></label>
<div class="col-sm-9">
<la:errors property="ldapProviderUrl" />
<la:text property="ldapProviderUrl"
@@ -303,13 +303,23 @@
<div class="form-group">
<label for="ldapSecurityPrincipal"
class="col-sm-3 control-label"><la:message
- key="labels.ldapSecurityPrincipal" /></label>
+ key="labels.ldap_security_principal" /></label>
<div class="col-sm-9">
<la:errors property="ldapSecurityPrincipal" />
<la:text property="ldapSecurityPrincipal"
styleClass="form-control" />
</div>
</div>
+ <div class="form-group">
+ <label for="ldapBaseDn"
+ class="col-sm-3 control-label"><la:message
+ key="labels.ldap_base_dn" /></label>
+ <div class="col-sm-9">
+ <la:errors property="ldapBaseDn" />
+ <la:text property="ldapBaseDn"
+ styleClass="form-control" />
+ </div>
+ </div>
</div>
<!-- /.box-body -->
<div class="box-footer">