From 2fe1f9f61290d11d5fb7e196bc2d7573b3a8a311 Mon Sep 17 00:00:00 2001
From: MaxKey <shimingxy@qq.com>
Date: Sat, 19 Feb 2022 09:04:52 +0800
Subject: [PATCH] ldap Context accountMapping

---
 .../authn/realm/IAuthenticationServer.java    |  3 ++-
 .../realm/ldap/ActiveDirectoryServer.java     |  9 ++++++++
 .../realm/ldap/LdapAuthenticationRealm.java   |  8 +++++--
 .../ldap/LdapAuthenticationRealmService.java  |  6 +++++
 .../authn/realm/ldap/StandardLdapServer.java  | 10 ++++++++
 .../java/org/maxkey/entity/LdapContext.java   | 10 ++++++++
 .../java/org/maxkey/web/MetadataEndpoint.java |  4 ++--
 .../resources/messages/message.properties     |  1 +
 .../resources/messages/message_en.properties  |  1 +
 .../messages/message_zh_CN.properties         |  1 +
 .../views/ldapcontext/updateLdapContext.ftl   | 23 ++++++++++++++++---
 11 files changed, 68 insertions(+), 8 deletions(-)

diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/IAuthenticationServer.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/IAuthenticationServer.java
index 5b556fb78..ee7ef338c 100644
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/IAuthenticationServer.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/IAuthenticationServer.java
@@ -25,5 +25,6 @@ package org.maxkey.authn.realm;
 public interface IAuthenticationServer {
 
     public boolean authenticate(String username, String password);
-
+    
+    public boolean isMapping();
 }
diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/ActiveDirectoryServer.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/ActiveDirectoryServer.java
index f96cf6874..6fdc936e2 100644
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/ActiveDirectoryServer.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/ActiveDirectoryServer.java
@@ -36,6 +36,8 @@ public final class ActiveDirectoryServer implements IAuthenticationServer {
 
 	String filter;
 	
+	boolean mapping;
+	
 	/* (non-Javadoc)
 	 * @see com.connsec.web.authentication.realm.IAuthenticationServer#authenticate(java.lang.String, java.lang.String)
 	 */
@@ -75,4 +77,11 @@ public final class ActiveDirectoryServer implements IAuthenticationServer {
 		this.filter = filter;
 	}
 
+	public boolean isMapping() {
+		return mapping;
+	}
+
+	public void setMapping(boolean mapping) {
+		this.mapping = mapping;
+	}
 }
diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapAuthenticationRealm.java
index 2b0ba18c0..804327d87 100644
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapAuthenticationRealm.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapAuthenticationRealm.java
@@ -61,8 +61,12 @@ public class LdapAuthenticationRealm  extends AbstractAuthenticationRealm{
 	public boolean passwordMatches(UserInfo userInfo, String password) {
 		 boolean isAuthenticated=false;
 		 for (final IAuthenticationServer ldapServer : this.ldapServers) {
-            _logger.debug("Attempting to authenticate {} at {}", userInfo.getUsername(), ldapServer);
-            isAuthenticated= ldapServer.authenticate(userInfo.getUsername(), password);
+			 String username = userInfo.getUsername();
+			 if(ldapServer.isMapping()) {//if ldap Context accountMapping equals YES 
+				 username = userInfo.getWindowsAccount();
+			 }
+            _logger.debug("Attempting to authenticate {} at {}", username, ldapServer);
+            isAuthenticated= ldapServer.authenticate(username, password);
             if (isAuthenticated ) {
             	return true;
             }
diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapAuthenticationRealmService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapAuthenticationRealmService.java
index 556065adf..197239a46 100644
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapAuthenticationRealmService.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/LdapAuthenticationRealmService.java
@@ -60,6 +60,9 @@ public class LdapAuthenticationRealmService {
 			            								ldapContext.getCredentials(),
 			            								ldapContext.getMsadDomain());
 			            ldapServer.setActiveDirectoryUtils(ldapUtils);
+			            if(ldapContext.getAccountMapping().equalsIgnoreCase("YES")) {
+			            	ldapServer.setMapping(true);
+			            }
 			            ldapAuthenticationServers.add(ldapServer);
 						
 					}else {
@@ -71,6 +74,9 @@ public class LdapAuthenticationRealmService {
 													ldapContext.getBasedn());
 						standardLdapServer.setLdapUtils(ldapUtils);
 						standardLdapServer.setFilterAttribute(ldapContext.getFilters());
+						if(ldapContext.getAccountMapping().equalsIgnoreCase("YES")) {
+							standardLdapServer.setMapping(true);
+			            }
 						ldapAuthenticationServers.add(standardLdapServer);
 					}
 				}
diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/StandardLdapServer.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/StandardLdapServer.java
index bfb01f13c..790dc29f7 100644
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/StandardLdapServer.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/ldap/StandardLdapServer.java
@@ -41,6 +41,8 @@ public final class StandardLdapServer implements IAuthenticationServer {
 	
 	String filterAttribute;
 	
+	boolean mapping;
+	
 	/* (non-Javadoc)
 	 * @see com.connsec.web.authentication.realm.IAuthenticationServer#authenticate(java.lang.String, java.lang.String)
 	 */
@@ -95,4 +97,12 @@ public final class StandardLdapServer implements IAuthenticationServer {
 		this.filterAttribute = filterAttribute;
 	}
 
+	public boolean isMapping() {
+		return mapping;
+	}
+
+	public void setMapping(boolean mapping) {
+		this.mapping = mapping;
+	}
+
 }
diff --git a/maxkey-core/src/main/java/org/maxkey/entity/LdapContext.java b/maxkey-core/src/main/java/org/maxkey/entity/LdapContext.java
index 01e7c0a0e..0e2391777 100644
--- a/maxkey-core/src/main/java/org/maxkey/entity/LdapContext.java
+++ b/maxkey-core/src/main/java/org/maxkey/entity/LdapContext.java
@@ -54,6 +54,8 @@ public class LdapContext extends JpaBaseEntity implements Serializable {
     @Column
     String msadDomain;
     @Column
+    String accountMapping;
+    @Column
     String sslSwitch;
     @Column
     String trustStore;
@@ -152,6 +154,14 @@ public class LdapContext extends JpaBaseEntity implements Serializable {
 		this.sslSwitch = sslSwitch;
 	}
 
+	public String getAccountMapping() {
+		return accountMapping;
+	}
+
+	public void setAccountMapping(String accountMapping) {
+		this.accountMapping = accountMapping;
+	}
+
 	public String getTrustStore() {
 		return trustStore;
 	}
diff --git a/maxkey-core/src/main/java/org/maxkey/web/MetadataEndpoint.java b/maxkey-core/src/main/java/org/maxkey/web/MetadataEndpoint.java
index 3a7e376b2..8be4407dd 100644
--- a/maxkey-core/src/main/java/org/maxkey/web/MetadataEndpoint.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/MetadataEndpoint.java
@@ -32,12 +32,12 @@ public class MetadataEndpoint {
 			        
 				  version.append("---------------------------------------------------------------------------------\n");
 				  version.append("+                                JAVA    \n");
-				  version.append(String.format("+                  %s java version %s, class %s\n",
+				  version.append(String.format("+                 %s java version %s, class %s\n",
 			                        SystemUtils.JAVA_VENDOR,
 			                        SystemUtils.JAVA_VERSION,
 			                        SystemUtils.JAVA_CLASS_VERSION
 			                    ));
-				  version.append(String.format("+                  %s (build %s, %s)\n",
+				  version.append(String.format("+                 %s (build %s, %s)\n",
 			                        SystemUtils.JAVA_VM_NAME,
 			                        SystemUtils.JAVA_VM_VERSION,
 			                        SystemUtils.JAVA_VM_INFO
diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message.properties b/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message.properties
index 1056d0591..9e0c057ac 100644
--- a/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message.properties
+++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message.properties
@@ -531,6 +531,7 @@ ldapcontext.credentials=\u51ED\u8BC1
 ldapcontext.filters=\u8FC7\u6EE4\u5668
 ldapcontext.basedn=\u57FA\u672CDN
 ldapcontext.msadDomain=Active Directory\u57DF
+ldapcontext.accountMapping=\u8D26\u53F7\u6620\u5C04
 ldapcontext.sslSwitch=SSL
 ldapcontext.trustStore=\u8BC1\u4E66
 ldapcontext.trustStorePassword=\u8BC1\u4E66\u5BC6\u94A5
diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message_en.properties b/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message_en.properties
index f714f615f..59e8a69af 100644
--- a/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message_en.properties
+++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message_en.properties
@@ -539,6 +539,7 @@ ldapcontext.credentials=Credentials
 ldapcontext.filters=Filters
 ldapcontext.basedn=Base DN
 ldapcontext.msadDomain=Active Directory Domain
+ldapcontext.accountMapping=Account Mapping
 ldapcontext.sslSwitch=SSL
 ldapcontext.trustStore=TrustStore
 ldapcontext.trustStorePassword=TrustStorePassword
diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message_zh_CN.properties b/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message_zh_CN.properties
index 26397fc2f..893b7de3f 100644
--- a/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message_zh_CN.properties
+++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/messages/message_zh_CN.properties
@@ -530,6 +530,7 @@ ldapcontext.credentials=\u51ED\u8BC1
 ldapcontext.filters=\u8FC7\u6EE4\u5668
 ldapcontext.basedn=\u57FA\u672CDN
 ldapcontext.msadDomain=Active Directory\u57DF
+ldapcontext.accountMapping=\u8D26\u53F7\u6620\u5C04
 ldapcontext.sslSwitch=SSL
 ldapcontext.trustStore=\u8BC1\u4E66
 ldapcontext.trustStorePassword=\u8BC1\u4E66\u5BC6\u94A5
diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/ldapcontext/updateLdapContext.ftl b/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/ldapcontext/updateLdapContext.ftl
index 31762440e..d866e957c 100644
--- a/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/ldapcontext/updateLdapContext.ftl
+++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/ldapcontext/updateLdapContext.ftl
@@ -67,9 +67,26 @@
 										</div>
 									</div>
 									<div class="row mb-3">
-                                            <label class="col-md-2 col-form-label"><@locale code="ldapcontext.providerUrl" /></label>
-                                            <div class="col-md-10">
-                                                <input required=""  class="form-control" type="text" id="providerUrl" name="providerUrl" value="${model.providerUrl!}" />
+                                            <div class="col-md-6">
+                                                <div class="form-group row">
+                                                    <label class="col-sm-3 col-form-label"><@locale code="ldapcontext.providerUrl" /></label>
+                                                    <div class="col-sm-9">
+                                                        <input  required="" class="form-control" type="text" id="providerUrl" name="providerUrl"  value="${model.providerUrl!}" />
+                                                        
+                                                    </div>
+                                                    
+                                                </div>
+                                            </div>
+                                            <div class="col-md-6">
+                                                <div class="form-group row">
+                                                    <label class="col-sm-3 col-form-label"><@locale code="ldapcontext.accountMapping" /></label>
+                                                    <div class="col-sm-9">
+                                                        <select id="accountMapping" name="accountMapping"  class="form-control  form-select">
+                                                            <option value="YES" <#if 'YES'==model.accountMapping>selected</#if> ><@locale code="common.text.yes" /></option>
+                                                            <option value="NO" <#if 'NO'==model.accountMapping>selected</#if> ><@locale code="common.text.no" /></option>
+                                                        </select>
+                                                    </div>
+                                                </div>
                                             </div>
                                     </div>
 									<div class="row mb-3">