From e76582ede7c0da18b556a77c7af05ef55cb35939 Mon Sep 17 00:00:00 2001
From: mguessan <mguessan@3d1905a2-6b24-0410-a738-b14d5a86fcbd>
Date: Wed, 28 Sep 2011 09:04:48 +0000
Subject: [PATCH] LDAP: fix DIGEST-MD5 authentication and adjust dn context for
 OSX Lion, still experimental

git-svn-id: http://svn.code.sf.net/p/davmail/code/trunk@1800 3d1905a2-6b24-0410-a738-b14d5a86fcbd
---
 src/java/davmail/ldap/LdapConnection.java | 24 ++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/java/davmail/ldap/LdapConnection.java b/src/java/davmail/ldap/LdapConnection.java
index 0c914c05..4d650a56 100644
--- a/src/java/davmail/ldap/LdapConnection.java
+++ b/src/java/davmail/ldap/LdapConnection.java
@@ -27,6 +27,7 @@ import davmail.Settings;
 import davmail.exception.DavMailException;
 import davmail.exchange.ExchangeSession;
 import davmail.exchange.ExchangeSessionFactory;
+import davmail.exchange.dav.DavExchangeSession;
 import davmail.ui.tray.DavGatewayTray;
 import org.apache.log4j.Logger;
 
@@ -60,6 +61,10 @@ public class LdapConnection extends AbstractConnection {
     static final String COMPUTER_CONTEXT = "cn=computers, o=od";
     static final String OD_GROUP_CONTEXT = "cn=groups, o=od";
 
+    // TODO: adjust Directory Utility settings
+    static final String COMPUTER_CONTEXT_LION = "cn=computers,o=od";
+    static final String OD_USER_CONTEXT_LION = "cn=users, ou=people";
+
     /**
      * Root DSE naming contexts (default and OpenDirectory)
      */
@@ -552,8 +557,7 @@ public class LdapConnection extends AbstractConnection {
                         }
                     };
                     int status;
-                    if (reqBer.bytesLeft() > 0) {
-                        if (saslServer != null) {
+                    if (reqBer.bytesLeft() > 0 && saslServer != null) {
                             byte[] clientResponse = reqBer.parseOctetString(Ber.ASN_OCTET_STR, null);
                             serverResponse = saslServer.evaluateResponse(clientResponse);
                             status = LDAP_SUCCESS;
@@ -568,10 +572,6 @@ public class LdapConnection extends AbstractConnection {
                                 DavGatewayTray.debug(new BundleMessage("LOG_LDAP_REQ_BIND_INVALID_CREDENTIALS"));
                             }
 
-                        } else {
-                            throw new IOException("Invalid authentication sequence");
-                        }
-
                     } else {
                         Map<String, String> properties = new HashMap<String, String>();
                         properties.put("javax.security.sasl.qop", "auth,auth-int");
@@ -634,7 +634,7 @@ public class LdapConnection extends AbstractConnection {
                 LdapFilter ldapFilter = parseFilter(reqBer);
                 Set<String> returningAttributes = parseReturningAttributes(reqBer);
                 SearchRunnable searchRunnable = new SearchRunnable(currentMessageId, dn, scope, sizeLimit, timelimit, ldapFilter, returningAttributes);
-                if (BASE_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT.equalsIgnoreCase(dn)) {
+                if (BASE_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT_LION.equalsIgnoreCase(dn)) {
                     // launch search in a separate thread
                     synchronized (searchThreadMap) {
                         searchThreadMap.put(currentMessageId, searchRunnable);
@@ -759,8 +759,8 @@ public class LdapConnection extends AbstractConnection {
         String sValue = value.toString();
 
         if ("uid".equalsIgnoreCase(attributeName) && sValue.equals(userName)) {
-            // replace with actual alias instead of login name search
-            if (sValue.equals(userName)) {
+            // replace with actual alias instead of login name search, only in Dav mode
+            if (sValue.equals(userName) && session instanceof DavExchangeSession) {
                 sValue = session.getAlias();
                 DavGatewayTray.debug(new BundleMessage("LOG_LDAP_REPLACED_UID_FILTER", userName, sValue));
             }
@@ -908,6 +908,8 @@ public class LdapConnection extends AbstractConnection {
         addIf(attributes, returningAttributes, "objectClass", objectClasses);
         addIf(attributes, returningAttributes, "apple-generateduid", COMPUTER_GUID);
         addIf(attributes, returningAttributes, "apple-serviceinfo", getServiceInfo());
+        // TODO: remove ?
+        addIf(attributes, returningAttributes, "apple-xmlplist", getServiceInfo());
         addIf(attributes, returningAttributes, "apple-serviceslocator", "::anyService");
         addIf(attributes, returningAttributes, "cn", getCurrentHostName());
 
@@ -1461,11 +1463,11 @@ public class LdapConnection extends AbstractConnection {
                     } else {
                         DavGatewayTray.debug(new BundleMessage("LOG_LDAP_REQ_SEARCH_INVALID_DN", currentMessageId, dn));
                     }
-                } else if (COMPUTER_CONTEXT.equals(dn)) {
+                } else if (COMPUTER_CONTEXT.equals(dn) || COMPUTER_CONTEXT_LION.equals(dn)) {
                     size = 1;
                     // computer context for iCal
                     sendComputerContext(currentMessageId, returningAttributes);
-                } else if ((BASE_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT.equalsIgnoreCase(dn))) {
+                } else if ((BASE_CONTEXT.equalsIgnoreCase(dn) || OD_USER_CONTEXT.equalsIgnoreCase(dn)) || OD_USER_CONTEXT_LION.equalsIgnoreCase(dn)) {
                     if (session != null) {
                         Map<String, ExchangeSession.Contact> persons = new HashMap<String, ExchangeSession.Contact>();
                         if (ldapFilter.isFullSearch()) {