Implement LDAP authentication

debug.xml

@@ -21,4 +21,8 @@
 
     <entry key='intellitrac.port'>6037</entry>
 
+    <!--<entry key='ldap.enable'>true</entry>
+    <entry key='ldap.url'>ldap://ldap.forumsys.com:389</entry>
+    <entry key='ldap.context'>dc=example,dc=com</entry>-->
+
 </properties>

schema/changelog-3.15.xml

@@ -133,5 +133,12 @@
     <addForeignKeyConstraint baseTableName="device_notification" baseColumnNames="deviceid" constraintName="fk_device_notification_deviceid" referencedTableName="devices" referencedColumnNames="id" onDelete="CASCADE" />
     <addForeignKeyConstraint baseTableName="device_notification" baseColumnNames="notificationid" constraintName="fk_device_notification_notificationid" referencedTableName="notifications" referencedColumnNames="id" onDelete="CASCADE" />
 
+    <dropNotNullConstraint tableName="users" columnName="hashedpassword" columnDataType="VARCHAR(128)" />
+    <dropNotNullConstraint tableName="users" columnName="salt" columnDataType="VARCHAR(128)" />
+
+    <addColumn tableName="users">
+      <column name="login" type="VARCHAR(128)" />
+    </addColumn>
+
   </changeSet>
 </databaseChangeLog>

src/org/traccar/Context.java

@@ -34,6 +34,7 @@
 import org.traccar.database.DeviceManager;
 import org.traccar.database.DriversManager;
 import org.traccar.database.IdentityManager;
+import org.traccar.database.LdapProvider;
 import org.traccar.database.MediaManager;
 import org.traccar.database.NotificationManager;
 import org.traccar.database.PermissionsManager;
@@ -109,6 +110,12 @@ public static DataManager getDataManager() {
         return dataManager;
     }
 
+    private static LdapProvider ldapProvider;
+
+    public static LdapProvider getLdapProvider() {
+        return ldapProvider;
+    }
+
     private static MediaManager mediaManager;
 
     public static MediaManager getMediaManager() {
@@ -321,6 +328,10 @@ public static void init(String[] arguments) throws Exception {
             dataManager = new DataManager(config);
         }
 
+        if (config.getBoolean("ldap.enable")) {
+            ldapProvider = new LdapProvider(config.getString("ldap.url"), config.getString("ldap.context"));
+        }
+
         if (config.hasKey("media.path")) {
             mediaManager = new MediaManager(config);
         }

src/org/traccar/database/DataManager.java

@@ -40,6 +40,7 @@
 import liquibase.resource.ResourceAccessor;
 
 import org.traccar.Config;
+import org.traccar.Context;
 import org.traccar.helper.Log;
 import org.traccar.model.Attribute;
 import org.traccar.model.Device;
@@ -300,11 +301,23 @@ public User login(String email, String password) throws SQLException {
         User user = QueryBuilder.create(dataSource, getQuery("database.loginUser"))
                 .setString("email", email.trim())
                 .executeQuerySingle(User.class);
-        if (user != null && user.isPasswordValid(password)) {
-            return user;
+        LdapProvider ldapProvider = Context.getLdapProvider();
+        if (user != null) {
+            if (ldapProvider != null && ldapProvider.login(user.getLogin(), password)
+                    || user.isPasswordValid(password)) {
+                return user;
+            }
         } else {
-            return null;
+            if (ldapProvider != null && ldapProvider.login(email, password)) {
+                user = new User();
+                user.setName(email);
+                user.setEmail(email);
+                user.setLogin(email);
+                Context.getUsersManager().addItem(user);
+                return user;
+            }
         }
+        return null;
     }
 
     public void updateDeviceStatus(Device device) throws SQLException {

src/org/traccar/database/LdapProvider.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2017 Anton Tananaev ([email protected])
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.traccar.database;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.InitialDirContext;
+import java.util.Hashtable;
+
+public class LdapProvider {
+
+    private String url;
+    private String context;
+
+    public LdapProvider(String url, String context) {
+        this.url = url;
+        this.context = context;
+    }
+
+    public boolean login(String username, String password) {
+
+        Hashtable<String, String> env = new Hashtable<>();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+        env.put(Context.PROVIDER_URL, url);
+
+        env.put(Context.SECURITY_AUTHENTICATION, "simple");
+        env.put(Context.SECURITY_PRINCIPAL, "uid=" + username + "," + context);
+        env.put(Context.SECURITY_CREDENTIALS, password);
+
+        try {
+            new InitialDirContext(env).close();
+            return true;
+        } catch (NamingException e) {
+            return false;
+        }
+    }
+
+}

src/org/traccar/model/User.java

@@ -35,6 +35,16 @@ public void setName(String name) {
         this.name = name;
     }
 
+    private String login;
+
+    public String getLogin() {
+        return login;
+    }
+
+    public void setLogin(String login) {
+        this.login = login;
+    }
+
     private String email;
 
     public String getEmail() {