/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
* add the following below this CDDL HEADER, with the fields enclosed
|
* by brackets "[]" replaced with your own identifying information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2008 Sun Microsystems, Inc.
|
*/
|
|
import java.util.Hashtable;
|
import javax.naming.Context;
|
import javax.naming.NamingException;
|
import javax.naming.directory.Attributes;
|
import javax.naming.ldap.LdapContext;
|
import javax.naming.ldap.InitialLdapContext;
|
import javax.naming.CompositeName;
|
import javax.naming.directory.BasicAttribute;
|
import javax.naming.directory.BasicAttributes;
|
import javax.naming.CommunicationException;
|
import javax.naming.directory.InvalidSearchFilterException;
|
import javax.security.sasl.AuthenticationException;
|
import javax.naming.NamingEnumeration;
|
import javax.naming.directory.SearchResult;
|
import javax.naming.directory.SearchControls;
|
import java.util.HashSet;
|
import java.util.Iterator;
|
|
/**
|
* Perform an Ldap search using SASL as authentication mechanism.
|
* Supports sasl encryption.
|
* The function returns the ldap error code
|
*/
|
public class saslSearchClient {
|
|
/**
|
* Main.
|
*
|
* @param args arguments
|
*/
|
public static void main(String[] args) {
|
|
// Ldapsearch parameters
|
String hostname = null;
|
String ldapPort = null;
|
String basedn = null;
|
String filter = null;
|
int scope;
|
|
|
// SASL options
|
String mechanism = null;
|
String authid = null;
|
String password = null;
|
String authzid = null;
|
String realm = null;
|
String qop = null;
|
String strength = null;
|
String maxbufsize = null;
|
|
|
String errorCode = null;
|
String errorMessage = null;
|
String errorCause = null;
|
|
|
Hashtable envLdap = new Hashtable();
|
LdapContext ctx = null;
|
SearchControls searchControls = null;
|
NamingEnumeration results = null;
|
|
|
|
for (int k=0; k< args.length; k++) {
|
String opt1 = args[k];
|
String val1 = args[k+1];
|
|
// Get ldapsearch parameters
|
if (opt1.equals("-h")) {
|
hostname = val1;
|
}
|
if (opt1.equals("-p")) {
|
ldapPort = val1;
|
}
|
if (opt1.equals("-s")) {
|
if (val1.equals("base")) {
|
scope = SearchControls.OBJECT_SCOPE;
|
} else if (opt1.equals("one")) {
|
scope = SearchControls.ONELEVEL_SCOPE;
|
} else {
|
// default scope: "sub"
|
scope = SearchControls.SUBTREE_SCOPE;
|
}
|
searchControls = new SearchControls();
|
searchControls.setSearchScope(scope);
|
}
|
if (opt1.equals("-b")) {
|
basedn = val1;
|
}
|
if (opt1.equals("-f")) {
|
filter = val1;
|
}
|
|
// Get SASL options
|
if (opt1.equals("--mech")) {
|
mechanism = val1;
|
}
|
if (opt1.equals("--authid")) {
|
authid = val1;
|
}
|
if (opt1.equals("-w")) {
|
password = val1;
|
}
|
if (opt1.equals("--authzid")) {
|
authzid = val1;
|
}
|
if (opt1.equals("--realm")) {
|
realm = val1;
|
}
|
if (opt1.equals("--qop")) {
|
qop = val1;
|
}
|
if (opt1.equals("--strength")) {
|
strength = val1;
|
}
|
if (opt1.equals("--maxbufsize")) {
|
maxbufsize = val1;
|
}
|
k++;
|
}
|
|
|
|
|
String provider = "ldap://" + hostname + ":" + ldapPort + "/";
|
|
envLdap.put("java.naming.factory.initial",
|
"com.sun.jndi.ldap.LdapCtxFactory");
|
envLdap.put(Context.PROVIDER_URL, provider);
|
|
if (mechanism != null) {
|
envLdap.put(Context.SECURITY_AUTHENTICATION, mechanism);
|
}
|
|
envLdap.put(Context.SECURITY_PRINCIPAL, authid);
|
envLdap.put(Context.SECURITY_CREDENTIALS, password);
|
|
if (authzid != null) {
|
envLdap.put("javax.security.sasl.authorizationId", authzid);
|
}
|
if (realm != null) {
|
envLdap.put("javax.security.sasl.realm", realm);
|
}
|
if (qop != null) {
|
envLdap.put("javax.security.sasl.qop", qop);
|
}
|
if (strength != null) {
|
envLdap.put("javax.security.sasl.strength", strength);
|
}
|
if (maxbufsize != null) {
|
envLdap.put("javax.security.sasl.maxbuf", maxbufsize);
|
}
|
|
try {
|
System.out.println("Search with SASL auth " + mechanism);
|
System.out.println("Authentication ID " + authid);
|
System.out.println("Password " + password);
|
System.out.println("Authorization ID " + authzid);
|
System.out.println("Realm " + realm);
|
System.out.println("Quality of Protection " + qop);
|
System.out.println("Cipher Strength " + strength);
|
System.out.println("Maximum receive buffer size " + maxbufsize);
|
|
// connect to server
|
ctx = new InitialLdapContext(envLdap, null);
|
|
// issue ldapsearch
|
results = ctx.search(basedn, filter, searchControls);
|
|
ctx.close();
|
} catch (CommunicationException e1) {
|
e1.printStackTrace();
|
errorMessage = e1.getMessage();
|
if (e1.getCause() != null)
|
errorCause = e1.getCause().toString();
|
} catch (InvalidSearchFilterException e2) {
|
e2.printStackTrace();
|
errorMessage = e2.getMessage();
|
if (e2.getCause() != null)
|
errorCause = e2.getCause().toString();
|
} catch (NamingException e3) {
|
e3.printStackTrace();
|
errorMessage = e3.getMessage();
|
if (e3.getCause() != null)
|
errorCause = e3.getCause().toString();
|
} catch (Exception e4) {
|
e4.printStackTrace();
|
errorMessage = e4.getMessage();
|
if (e4.getCause() != null)
|
errorCause = e4.getCause().toString();
|
}
|
|
|
String NO_COMMON_QOP_LAYER =
|
"No common protection layer between client and server";
|
|
|
// No error, the modify is success
|
if ( errorMessage == null ) {
|
errorCode = "0";
|
} else {
|
System.out.println();
|
System.out.println(errorMessage);
|
if (errorCause != null)
|
System.out.println(errorCause);
|
System.out.println();
|
System.out.println();
|
if (errorCause != null && errorCause.indexOf(NO_COMMON_QOP_LAYER) != -1) {
|
// return 89-LDAP_PARAM_ERROR, which is also returned by ldap clients
|
errorCode = "89";
|
} else {
|
int ind = errorMessage.indexOf("-");
|
if ( ind > 0 ) {
|
errorCode = errorMessage.substring(18, ind-1);
|
} else errorCode = "0";
|
}
|
}
|
|
try {
|
if ((errorCode.equals("0")) && (results != null)) {
|
while (results.hasMore()) {
|
SearchResult searchResult = (SearchResult) results.next();
|
System.out.println(searchResult.toString());
|
}
|
results.close();
|
}
|
} catch (NamingException ne) {
|
ne.printStackTrace();
|
}
|
|
int RC = Integer.parseInt(errorCode);
|
System.exit(RC);
|
}
|
|
}
|
