keycloak-aplcache
Changes
testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java 19(+17 -2)
Details
diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
index d739b6c..4c3fab6 100644
--- a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
+++ b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/EmbeddedServersFactory.java
@@ -1,5 +1,8 @@
package org.keycloak.testutils.ldap;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
/**
* Factory for ApacheDS based LDAP and Kerberos servers
*
@@ -21,6 +24,7 @@ public class EmbeddedServersFactory {
private String baseDN;
private String bindHost;
private int bindPort;
+ private String ldapSaslPrincipal;
private String ldifFile;
private String kerberosRealm;
private int kdcPort;
@@ -39,6 +43,7 @@ public class EmbeddedServersFactory {
this.bindHost = System.getProperty("ldap.host");
String bindPort = System.getProperty("ldap.port");
this.ldifFile = System.getProperty("ldap.ldif");
+ this.ldapSaslPrincipal = System.getProperty("ldap.saslPrincipal");
this.kerberosRealm = System.getProperty("kerberos.realm");
String kdcPort = System.getProperty("kerberos.port");
@@ -62,6 +67,16 @@ public class EmbeddedServersFactory {
if (kdcEncryptionTypes == null || kdcEncryptionTypes.isEmpty()) {
kdcEncryptionTypes = DEFAULT_KDC_ENCRYPTION_TYPES;
}
+
+ if (ldapSaslPrincipal == null || ldapSaslPrincipal.isEmpty()) {
+ try {
+ // Same algorithm like sun.security.krb5.PrincipalName constructor
+ String canonicalHost = (InetAddress.getByName(bindHost)).getCanonicalHostName();
+ this.ldapSaslPrincipal = "ldap/" + canonicalHost + "@" + kerberosRealm;
+ } catch (UnknownHostException uhe) {
+ throw new RuntimeException(uhe);
+ }
+ }
}
@@ -72,7 +87,7 @@ public class EmbeddedServersFactory {
ldifFile = DEFAULT_LDIF_FILE;
}
- return new LDAPEmbeddedServer(baseDN, bindHost, bindPort, ldifFile);
+ return new LDAPEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, ldapSaslPrincipal);
}
@@ -83,6 +98,6 @@ public class EmbeddedServersFactory {
ldifFile = DEFAULT_KERBEROS_LDIF_FILE;
}
- return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, kerberosRealm, kdcPort, kdcEncryptionTypes);
+ return new KerberosEmbeddedServer(baseDN, bindHost, bindPort, ldifFile, ldapSaslPrincipal, kerberosRealm, kdcPort, kdcEncryptionTypes);
}
}
diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java
index f568342..63cc027 100644
--- a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java
+++ b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/KerberosEmbeddedServer.java
@@ -2,6 +2,7 @@ package org.keycloak.testutils.ldap;
import java.io.IOException;
import java.lang.reflect.Field;
+import java.util.ArrayList;
import java.util.HashSet;
import java.util.Set;
@@ -48,8 +49,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
}
- protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) {
- super(baseDN, bindHost, bindPort, ldifFile);
+ protected KerberosEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String ldapSaslPrincipal, String kerberosRealm, int kdcPort, String kdcEncryptionTypes) {
+ super(baseDN, bindHost, bindPort, ldifFile, ldapSaslPrincipal);
this.kdcEncryptionTypes = kdcEncryptionTypes;
this.kerberosRealm = kerberosRealm;
this.kdcPort = kdcPort;
@@ -79,7 +80,8 @@ public class KerberosEmbeddedServer extends LDAPEmbeddedServer {
LdapServer ldapServer = super.createLdapServer();
ldapServer.setSaslHost( this.bindHost );
- ldapServer.setSaslPrincipal( "ldap/" + this.bindHost + "@" + this.kerberosRealm);
+ ldapServer.setSaslPrincipal( this.ldapSaslPrincipal);
+ ldapServer.setSaslRealms(new ArrayList<String>());
ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.PLAIN, new PlainMechanismHandler());
ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.CRAM_MD5, new CramMd5MechanismHandler());
diff --git a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/LDAPEmbeddedServer.java b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/LDAPEmbeddedServer.java
index 4fde15b..e6e7be1 100644
--- a/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/LDAPEmbeddedServer.java
+++ b/testsuite/integration/src/main/java/org/keycloak/testutils/ldap/LDAPEmbeddedServer.java
@@ -2,7 +2,6 @@ package org.keycloak.testutils.ldap;
import java.io.File;
import java.io.InputStream;
-import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
@@ -35,6 +34,7 @@ public class LDAPEmbeddedServer {
protected final String bindHost;
protected final int bindPort;
protected final String ldifFile;
+ protected final String ldapSaslPrincipal;
protected DirectoryService directoryService;
protected LdapServer ldapServer;
@@ -47,16 +47,19 @@ public class LDAPEmbeddedServer {
ldapEmbeddedServer.start();
}
- public LDAPEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile) {
+ public LDAPEmbeddedServer(String baseDN, String bindHost, int bindPort, String ldifFile, String ldapSaslPrincipal) {
this.baseDN = baseDN;
this.bindHost = bindHost;
this.bindPort = bindPort;
this.ldifFile = ldifFile;
+ this.ldapSaslPrincipal = ldapSaslPrincipal;
}
public void init() throws Exception {
- log.info("Creating LDAP Directory Service. Config: baseDN=" + baseDN + ", bindHost=" + bindHost + ", bindPort=" + bindPort);
+ log.info("Creating LDAP Directory Service. Config: baseDN=" + baseDN + ", bindHost=" + bindHost + ", bindPort=" + bindPort +
+ ", ldapSaslPrincipal=" + ldapSaslPrincipal);
+
this.directoryService = createDirectoryService();
log.info("Importing LDIF: " + ldifFile);
@@ -133,9 +136,6 @@ public class LDAPEmbeddedServer {
// Propagate the anonymous flag to the DS
directoryService.setAllowAnonymousAccess(false);
- ldapServer.setSaslHost( this.bindHost );
- ldapServer.setSaslPrincipal( "ldap/" + this.bindHost + "@KEYCLOAK.ORG");
- ldapServer.setSaslRealms(new ArrayList<String>());
return ldapServer;
}
@@ -143,6 +143,7 @@ public class LDAPEmbeddedServer {
private void importLdif() throws Exception {
Map<String, String> map = new HashMap<String, String>();
map.put("hostname", this.bindHost);
+ map.put("ldapSaslPrincipal", this.ldapSaslPrincipal);
// For now, assume that LDIF file is on classpath
InputStream is = getClass().getClassLoader().getResourceAsStream(ldifFile);
diff --git a/testsuite/integration/src/main/resources/kerberos/users-kerberos.ldif b/testsuite/integration/src/main/resources/kerberos/users-kerberos.ldif
index acdd570..fd9936c 100644
--- a/testsuite/integration/src/main/resources/kerberos/users-kerberos.ldif
+++ b/testsuite/integration/src/main/resources/kerberos/users-kerberos.ldif
@@ -32,7 +32,7 @@ cn: LDAP
sn: Service
uid: ldap
userPassword: randall
-krb5PrincipalName: ldap/${hostname}@KEYCLOAK.ORG
+krb5PrincipalName: ${ldapSaslPrincipal}
krb5KeyVersionNumber: 0
dn: uid=HTTP,ou=People,dc=keycloak,dc=org