From a34d838b8e5a96142984773a52196c94a5048d79 Mon Sep 17 00:00:00 2001
From: MaxKey <shimingxy@qq.com>
Date: Wed, 28 Jul 2021 17:57:13 +0800
Subject: [PATCH] ActiveDirectory fix

---
 .../constants/ldap/ActiveDirectoryUser.java    |  9 ++++++++-
 .../maxkey/constants/ldap/GroupOfNames.java    |  2 ++
 .../constants/ldap/GroupOfUniqueNames.java     |  2 ++
 .../maxkey/constants/ldap/InetOrgPerson.java   |  2 ++
 .../maxkey/constants/ldap/Organization.java    |  4 ++++
 .../constants/ldap/OrganizationalUnit.java     |  4 ++++
 .../persistence/ldap/ActiveDirectoryUtils.java | 18 ++++++++++++------
 7 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/ActiveDirectoryUser.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/ActiveDirectoryUser.java
index ee13f0f2..b01686a9 100644
--- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/ActiveDirectoryUser.java
+++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/ActiveDirectoryUser.java
@@ -30,6 +30,8 @@ import java.util.Arrays;
 
 public class ActiveDirectoryUser {
 	public static ArrayList<String> OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "person", "organizationalPerson", "user"));
+	
+	public static String	   objectClass				 	 = "user";
 	/** userAccountControl值得说明
 	 * http://support.microsoft.com/zh-cn/kb/305144
 	 * https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
@@ -117,6 +119,7 @@ public class ActiveDirectoryUser {
 
 	public static final String CN 							= "cn";
 	public static final String NAME 						= "name";
+	public static final String UID 							= "uid";
 	
 	public static final String GIVENNAME 					= "givenName";
 	public static final String SN 							= "sn";
@@ -145,7 +148,7 @@ public class ActiveDirectoryUser {
 	public static final String SAMACCOUNTNAME 				= "sAMAccountname";
 	public static final String LOGONHOURS 					= "logonHours";
 	public static final String LOGONWORKSTATION 			= "logonWorkstation";
-	public static final String USERACCOUNTCONTROL		 	= "userAccountControl   ";
+	public static final String USERACCOUNTCONTROL		 	= "userAccountControl";
 	public static final String PWDLASTSET 					= "pwdLastSet";
 	public static final String ACCOUNTEXPIRES 				= "accountExpires";
 	
@@ -161,6 +164,10 @@ public class ActiveDirectoryUser {
 	public static final String TITLE 						= "title";
 	public static final String COMPANY 						= "company";
 	public static final String DEPARTMENT 					= "department";
+	public static final String EMPLOYEENUMBER 				= "employeeNumber";
+	public static final String OU 							= "ou";
+	public static final String DEPARTMENTNUMBER 			= "departmentNumber";
+	
 	public static final String MANAGER 						= "manager";
 	public static final String DIRECTREPORTS 				= "directReports";
 
diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfNames.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfNames.java
index b3edfc31..8f486d68 100644
--- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfNames.java
+++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfNames.java
@@ -28,6 +28,8 @@ import java.util.Arrays;
  */
 public class GroupOfNames {
 	public static ArrayList<String> OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "groupOfNames"));
+	
+	public static String	   objectClass				 	 = "groupOfNames";
 	public static final String DISTINGUISHEDNAME 			 = "distinguishedname";
 	public static final String CN                            = "cn";
 	public static final String MEMBER                  		 = "member";
diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfUniqueNames.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfUniqueNames.java
index 4600f3dd..851ef3b2 100644
--- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfUniqueNames.java
+++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfUniqueNames.java
@@ -28,6 +28,8 @@ import java.util.Arrays;
  */
 public class GroupOfUniqueNames {
 	public static ArrayList<String> OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "groupOfUniqueNames"));
+	
+	public static String	   objectClass				 	 = "groupOfUniqueNames";
 	public static final String DISTINGUISHEDNAME 			 = "distinguishedname";
 	public static final String CN                            = "cn";
 	public static final String UNIQUEMEMBER                  = "uniqueMember";
diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/InetOrgPerson.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/InetOrgPerson.java
index 4d217e90..513c6634 100644
--- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/InetOrgPerson.java
+++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/InetOrgPerson.java
@@ -28,6 +28,8 @@ import java.util.Arrays;
  */
 public class InetOrgPerson {
 	public static ArrayList<String> OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "person","organizationalPerson","inetOrgPerson"));
+	
+	public static String	   objectClass				 	 = "inetOrgPerson";
 	public static final String DISTINGUISHEDNAME 			 = "distinguishedname";
 	//person sup top
 	/**person sn MUST*/
diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/Organization.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/Organization.java
index 91122fa0..e21e1966 100644
--- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/Organization.java
+++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/Organization.java
@@ -29,6 +29,7 @@ import java.util.Arrays;
 public class Organization {
 	public static ArrayList<String> OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "organization"));
 	
+	public static String	   objectClass				 	 = "organization";
 	public static final String DISTINGUISHEDNAME 			 = "distinguishedname";
 	
 	/**Organization o*/
@@ -76,4 +77,7 @@ public class Organization {
 	/**Organization l*/
 	public static final String L                             = "l";
 	
+	//for id
+	public static final String CN                   		 = "cn";
+	
 }
diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/OrganizationalUnit.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/OrganizationalUnit.java
index 7628af23..02a94ccb 100644
--- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/OrganizationalUnit.java
+++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/OrganizationalUnit.java
@@ -28,6 +28,7 @@ import java.util.Arrays;
  */
 public class OrganizationalUnit {
 	public static ArrayList<String> OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "OrganizationalUnit"));
+	public static String	   objectClass				 	 = "OrganizationalUnit";
 	public static final String DISTINGUISHEDNAME 			 = "distinguishedname";
 	/**OrganizationalUnit ou*/
 	public static final String OU                         	 = "ou";
@@ -79,4 +80,7 @@ public class OrganizationalUnit {
 	public static final String COUNTRYCODE                   = "countryCode";//156
 	public static final String NAME                   		 = "name";
 	
+	//for id
+	public static final String CN                   		 = "cn";
+	
 }
diff --git a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java
index 96235a67..ed0cf3a7 100644
--- a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java
+++ b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java
@@ -34,7 +34,8 @@ public class ActiveDirectoryUtils extends LdapUtils {
     private final static Logger _logger = LoggerFactory.getLogger(ActiveDirectoryUtils.class);
 
     protected String domain;
-
+    
+    String activeDirectoryDomain;
     /**
      * 
      */
@@ -78,21 +79,26 @@ public class ActiveDirectoryUtils extends LdapUtils {
         props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
 
         props.setProperty(Context.PROVIDER_URL, providerUrl);
-        if (domain.indexOf(".") > -1) {
-            domain = domain.substring(0, domain.indexOf("."));
+        
+        if (activeDirectoryDomain == null && domain.indexOf(".") > -1) {
+        	activeDirectoryDomain = domain.substring(0, domain.indexOf("."));
+        }else {
+        	activeDirectoryDomain = domain;
         }
-        _logger.info("PROVIDER_DOMAIN:" + domain);
-        String activeDirectoryPrincipal = domain + "\\" + principal;
+        
+        _logger.info("PROVIDER_DOMAIN:" + activeDirectoryDomain + " for " + domain);
+        String activeDirectoryPrincipal = activeDirectoryDomain + "\\" + principal;
         _logger.debug("Active Directory SECURITY_PRINCIPAL : " + activeDirectoryPrincipal);
         props.setProperty(Context.SECURITY_PRINCIPAL, activeDirectoryPrincipal);
         props.setProperty(Context.SECURITY_CREDENTIALS, credentials);
 
         if (ssl && providerUrl.toLowerCase().startsWith("ldaps")) {
+        	_logger.info("ldaps security protocol.");
             System.setProperty("javax.net.ssl.trustStore", trustStore);
             System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
             props.put(Context.SECURITY_PROTOCOL, "ssl");
-            props.put(Context.REFERRAL, "follow");
         }
+        props.put(Context.REFERRAL, "follow");
 
         return InitialDirContext(props);
     }