Unknown bind DN using LDAP anonymous bind aka bind type none (#15546)
Closes #15497
This commit is contained in:
rmartinc
GitHub
parent
18381ecd2e
commit
b7188c3891
4 changed files with 15 additions and 5 deletions
|
|
@ -82,7 +82,7 @@ public class LDAPServerCapabilitiesManager {
|
|||
// If AUTHENTICATION action is executed add also dn and credentials to configuration
|
||||
// LDAPContextManager is responsible for correct order of addition of credentials to context in case
|
||||
// tls is true
|
||||
if (config.getBindDn() == null || config.getBindDn().isEmpty()) {
|
||||
if ((config.getBindDn() == null || config.getBindDn().isEmpty()) && LDAPConstants.AUTH_TYPE_SIMPLE.equals(config.getAuthType())) {
|
||||
logger.error("Unknown bind DN");
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ public final class LDAPContextManager implements AutoCloseable {
|
|||
|
||||
if (vaultCharSecret != null && !ldapConfig.isStartTls()) {
|
||||
connProp.put(SECURITY_CREDENTIALS, vaultCharSecret.getAsArray()
|
||||
.orElse(ldapConfig.getBindCredential().toCharArray()));
|
||||
.orElse(ldapConfig.getBindCredential() != null? ldapConfig.getBindCredential().toCharArray() : null));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -90,7 +90,8 @@ public final class LDAPContextManager implements AutoCloseable {
|
|||
}
|
||||
|
||||
tlsResponse = startTLS(ldapContext, ldapConfig.getAuthType(), ldapConfig.getBindDN(),
|
||||
vaultCharSecret.getAsArray().orElse(ldapConfig.getBindCredential().toCharArray()), sslSocketFactory);
|
||||
vaultCharSecret.getAsArray().orElse(ldapConfig.getBindCredential() != null? ldapConfig.getBindCredential().toCharArray() : null),
|
||||
sslSocketFactory);
|
||||
|
||||
// Exception should be already thrown by LDAPContextManager.startTLS if "startTLS" could not be established, but rather do some additional check
|
||||
if (tlsResponse == null) {
|
||||
|
|
|
|||
|
|
@ -232,6 +232,8 @@ public class LDAPRule extends ExternalResource {
|
|||
switch (defaultProperties.getProperty(LDAPEmbeddedServer.PROPERTY_ENABLE_ANONYMOUS_ACCESS)) {
|
||||
case "true":
|
||||
config.put(LDAPConstants.AUTH_TYPE, LDAPConstants.AUTH_TYPE_NONE);
|
||||
config.remove(LDAPConstants.BIND_DN);
|
||||
config.remove(LDAPConstants.BIND_CREDENTIAL);
|
||||
break;
|
||||
default:
|
||||
// Default to username + password LDAP authentication method
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
|
|||
assertStatus(response, 400);
|
||||
|
||||
// Connection success
|
||||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldap://localhost:10389", "foo", "bar", "false", null, "false", LDAPConstants.AUTH_TYPE_NONE));
|
||||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldap://localhost:10389", null, null, "false", null, "false", LDAPConstants.AUTH_TYPE_NONE));
|
||||
assertStatus(response, 204);
|
||||
|
||||
// Bad authentication
|
||||
|
|
@ -69,6 +69,10 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
|
|||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "uid=admin,ou=system", "${vault.ldap_bindCredential}", "false", null));
|
||||
assertStatus(response, 204);
|
||||
|
||||
// Authentication success anonymous bind
|
||||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldap://localhost:10389", null, null, "false", null, "false", LDAPConstants.AUTH_TYPE_NONE));
|
||||
assertStatus(response, 204);
|
||||
|
||||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldap://localhost:10389", "uid=admin,ou=system", "${vault.ldap_bindCredential}", "false", null));
|
||||
assertStatus(response, 204);
|
||||
|
||||
|
|
@ -81,7 +85,7 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
|
|||
@Test
|
||||
public void testLdapConnectionsSsl() {
|
||||
|
||||
Response response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldaps://localhost:10636", "foo", "bar", "false", null, null, LDAPConstants.AUTH_TYPE_NONE));
|
||||
Response response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldaps://localhost:10636", null, null, "false", null, null, LDAPConstants.AUTH_TYPE_NONE));
|
||||
assertStatus(response, 204);
|
||||
|
||||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_CONNECTION, "ldaps://localhostt:10636", "foo", "bar", "false", null));
|
||||
|
|
@ -96,6 +100,9 @@ public class UserFederationLdapConnectionTest extends AbstractAdminTest {
|
|||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "uid=admin,ou=system", "secret", "true", "10000"));
|
||||
assertStatus(response, 204);
|
||||
|
||||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", null, null, "false", null, "false", LDAPConstants.AUTH_TYPE_NONE));
|
||||
assertStatus(response, 204);
|
||||
|
||||
// Authentication success with bindCredential from Vault
|
||||
response = realm.testLDAPConnection(new TestLdapConnectionRepresentation(LDAPServerCapabilitiesManager.TEST_AUTHENTICATION, "ldaps://localhost:10636", "uid=admin,ou=system", "${vault.ldap_bindCredential}", "true", null));
|
||||
assertStatus(response, 204);
|
||||
|
|
|
|||
Loading…
Reference in a new issue