Search code examples
ldapquarkus

Quarkus LDAP get user data

I am using an openLDAP server to authenticate my users on my quarkus app. Everything works well but I would like to retrieve my user data.

I thought it would be in the method identity.getAttributes() but this gives me an empty Map.

Here is an example of a user :

# tesla, example.com
dn: uid=tesla,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
cn: Nikola Tesla
sn: Tesla
uid: tesla
mail: tesla@ldap.forumsys.com
uidNumber: 88888
gidNumber: 99999
homeDirectory: home

Here is also my ldap configuration :

quarkus.security.ldap.enabled=true
quarkus.security.ldap.dir-context.url=ldap://ldap.forumsys.com:389/

quarkus.security.ldap.dir-context.principal=cn=read-only-admin,dc=example,dc=com
quarkus.security.ldap.dir-context.password=password

quarkus.security.ldap.identity-mapping.rdn-identifier=uid
quarkus.security.ldap.identity-mapping.search-base-dn=dc=example,dc=com

quarkus.security.ldap.identity-mapping.attribute-mappings."0".from=cn
quarkus.security.ldap.identity-mapping.attribute-mappings."0".to=groups
quarkus.security.ldap.identity-mapping.attribute-mappings."0".filter=(member=uid={0})
quarkus.security.ldap.identity-mapping.attribute-mappings."0".filter-base-dn=dc=example,dc=com

How can I get my user mail and CN ?

Thank by advance you for your help,

Thomas

Solution

  • Ok, I found an answer, which is quite ugly but that does work.

    Because I couldn't find how to get my data with the framework, I tried to get it in the command line by using ldapsearch. Thus, I can retrieve my user data by running the command :

    ldapsearch -H ldap://ldap.forumsys.com:389/ -x -D "cn=read-only-admin,dc=example,dc=com" -w password -b "dc=example,dc=com" -LLL "(uid=tesla)"

    which gives me :

    dn: uid=tesla,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
cn: Nikola Tesla
sn: Tesla
uid: tesla
mail: tesla@ldap.forumsys.com
uidNumber: 88888
gidNumber: 99999
homeDirectory: home

    Now, the authentication works, from my SecurityIdentity I can retrieve the login (with : identity.getPrincipal().getName()) and I have this command that gives me the data for a particular user. I think you got the point. I run this command inside my java and retrieve my data manually.

    Here is the code in Java :

    
final String cmd = "ldapsearch -H " + ldapUrl + " -x -D \"" + ldapUser + "\" -w " + ldapPassword + " -b \"" + ldapFilter + "\" -LLL \"(uid=" + login + ")\"";
String[] shellCommand = { "/bin/bash", "-c", cmd };

final Map<String, String> map = new HashMap<>();

Process process = Runtime.getRuntime().exec(shellCommand);
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));

String line;
while ((line = reader.readLine()) != null) {
    if(line.contains(": ")) {
        final String key = line.split(": ")[0];
        final String value = line.split(": ")[1];

        map.put(key, value);
    }
}
return map;

    Please notice that I get only one value per key because the data I want has one line.

    Here is the answer I found to my problem. I hope someone will find something cleaner.