allow to configure ldap for active directory

spaced · Sep 26, 2024 · e72cb1c · e72cb1c
1 parent a40d7ae
commit e72cb1c
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 9 deletions.
diff --git a/ebics-rest-api/README.md b/ebics-rest-api/README.md
@@ -25,6 +25,7 @@ with config:
   spring:
       ldap:
         base: dc=example,dc=org
+        domain: example.com # for active directory
         urls: ["ldap://localhost:1389"]
         username: cn=admin,dc=example,dc=org
         password: adminpassword

diff --git a/ebics-rest-api/pom.xml b/ebics-rest-api/pom.xml
@@ -127,6 +127,10 @@
 			<artifactId>logstash-logback-encoder</artifactId>
 			<version>${logstash-logback-encoder.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-actuator</artifactId>
+		</dependency>
 	</dependencies>
 
 	<build>

diff --git a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapConfiguration.kt
@@ -1,6 +1,7 @@
 package org.ebics.client.ebicsrestapi.ldap
 
 
+import org.springframework.boot.autoconfigure.ldap.LdapProperties
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@@ -10,9 +11,9 @@ import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory
 import org.springframework.security.core.GrantedAuthority
 import org.springframework.security.core.authority.SimpleGrantedAuthority
+import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider
 import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
 import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
-import java.util.*
 
 typealias AuthorityRecord = Map<String, List<String>>
 typealias AuthorityMapper = (AuthorityRecord) -> GrantedAuthority?
@@ -21,25 +22,31 @@ typealias AuthorityMapper = (AuthorityRecord) -> GrantedAuthority?
 @Profile("!dev")
 @EnableConfigurationProperties(LdapSearchProperties::class)
 class LdapConfiguration {
+
     @Bean
-    fun authorities(contextSource: BaseLdapPathContextSource, searchProperties: LdapSearchProperties): LdapAuthoritiesPopulator {
+    fun authorities(
+        contextSource: BaseLdapPathContextSource,
+        searchProperties: LdapSearchProperties
+    ): LdapAuthoritiesPopulator {
         val authorities = DefaultLdapAuthoritiesPopulator(contextSource, searchProperties.group.base)
         authorities.setGroupSearchFilter(searchProperties.group.filter)
         val mapper: AuthorityMapper = { record ->
             val roles = record["cn"]
             val role = roles?.first()
-            val mappedRole= searchProperties.mapping?.get(role)?:role
-            mappedRole?.let{ SimpleGrantedAuthority("ROLE_${mappedRole.uppercase()}") }
+            val mappedRole = searchProperties.mapping?.get(role) ?: role
+            mappedRole?.let { SimpleGrantedAuthority("ROLE_${mappedRole.uppercase()}") }
         }
 
-        authorities.setAuthorityMapper( mapper)
+        authorities.setAuthorityMapper(mapper)
         return authorities
     }
 
     @Bean
-    fun authenticationManager(contextSource: BaseLdapPathContextSource,
-                              authorities: LdapAuthoritiesPopulator,
-                              searchProperties: LdapSearchProperties
+    @Profile("openldap")
+    fun authenticationManager(
+        contextSource: BaseLdapPathContextSource,
+        authorities: LdapAuthoritiesPopulator,
+        searchProperties: LdapSearchProperties
     ): AuthenticationManager {
         val factory = LdapBindAuthenticationManagerFactory(contextSource)
         factory.setUserSearchFilter(searchProperties.user.filter)
@@ -48,4 +55,17 @@ class LdapConfiguration {
         return factory.createAuthenticationManager()
     }
 
+    @Bean
+    fun authenticationProvider(
+        ldapProperties: LdapProperties,
+        searchProperties: LdapSearchProperties
+    ): ActiveDirectoryLdapAuthenticationProvider {
+        return ActiveDirectoryLdapAuthenticationProvider(
+            searchProperties.domain,
+            ldapProperties.urls.get(0),
+            ldapProperties.base
+        )
+
+    }
+
 }
diff --git a/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt b/ebics-rest-api/src/main/kotlin/org/ebics/client/ebicsrestapi/ldap/LdapSearchProperties.kt
@@ -6,6 +6,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties
 
 @ConfigurationProperties(prefix = "spring.ldap.search")
 data class LdapSearchProperties (
+    val domain: String = "",
     val group: LdapSearchPattern = LdapSearchPattern("","member={0}"),
     val user: LdapSearchPattern = LdapSearchPattern("","(uid={0})"),
     val mapping: Map<String,String>? // mapping of spring-role -> ldap-role

diff --git a/pom.xml b/pom.xml
@@ -12,7 +12,7 @@
         <java.version>21</java.version>
         <kotlin.version>1.9.24</kotlin.version>
         <kotlin.version.short>1.9</kotlin.version.short>
-        <spring.version>3.3.0</spring.version>
+        <spring.version>3.3.4</spring.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <spring.mockk.version>4.0.2</spring.mockk.version>
         <maven.surefire.plugin.version>2.22.2</maven.surefire.plugin.version>