Re-introduce additional filters for authorisation and user status
authFilter, userNotBlockedFilter
Change-Id: I04fed94a5b1e9de7f00c8d5dd3351e3c6a24b075
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/LDAPConfig.java b/full/src/main/java/de/ids_mannheim/korap/authentication/LDAPConfig.java
index 7608761..92ae6d6 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/LDAPConfig.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/LDAPConfig.java
@@ -19,6 +19,8 @@
public final boolean useEmbeddedServer;
public final String emailAttribute;
public final String ldif;
+ public final String authFilter;
+ public final String userNotBlockedFilter;
public LDAPConfig(String ldapConfigFilename) throws LdapConfigurationException {
Map<String, String> ldapConfig = null;
@@ -34,14 +36,14 @@
searchBase = getConfigOrThrow(ldapConfig, "searchBase");
sLoginDN = getConfigOrThrow(ldapConfig, "sLoginDN");
searchFilter = getConfigOrThrow(ldapConfig, "searchFilter");
+ authFilter = ldapConfig.getOrDefault("authFilter", null);
+ userNotBlockedFilter = ldapConfig.getOrDefault("userNotBlockedFilter", null);
sPwd = ldapConfig.getOrDefault("pwd", "");
trustStorePath = ldapConfig.getOrDefault("trustStore", "");
additionalCipherSuites = ldapConfig.getOrDefault("additionalCipherSuites", "");
useEmbeddedServer = Boolean.parseBoolean(ldapConfig.getOrDefault("useEmbeddedServer", "false"));
emailAttribute = ldapConfig.getOrDefault("emailAttribute", "mail");
ldif = ldapConfig.getOrDefault("ldifFile", null);
-
-
}
static HashMap<String, String> typeCastConvert(Properties prop) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
index 9975fcc..603ec38 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
@@ -6,6 +6,7 @@
import com.nimbusds.jose.JOSEException;
import com.unboundid.ldap.sdk.*;
+import com.unboundid.util.NotNull;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustAllTrustManager;
import com.unboundid.util.ssl.TrustStoreTrustManager;
@@ -31,11 +32,9 @@
public static final int LDAP_AUTH_ROK = 0;
public static final int LDAP_AUTH_RCONNECT = 1; // cannot connect to LDAP Server
public static final int LDAP_AUTH_RINTERR = 2; // internal error: cannot verify User+Pwd.
- /* cannot be distinguished, currently
public static final int LDAP_AUTH_RUNKNOWN = 3; // User Account or Pwd unknown;
public static final int LDAP_AUTH_RLOCKED = 4; // User Account locked;
public static final int LDAP_AUTH_RNOTREG = 5; // User known, but has not registered to KorAP/C2 Service yet;
- */
public static final int LDAP_AUTH_RNOEMAIL = 6; // cannot obtain email for sUserDN
public static final int LDAP_AUTH_RNAUTH = 7; // User Account or Pwd unknown, or not authorized
final static Boolean DEBUGLOG = false; // log debug output.
@@ -52,14 +51,12 @@
return "LDAP Authentication: connecting to LDAP Server failed!";
case LDAP_AUTH_RINTERR:
return "LDAP Authentication failed due to an internal error!";
-/* cannot be distinguished, currently
case LDAP_AUTH_RUNKNOWN:
return "LDAP Authentication failed due to unknown user or password!";
case LDAP_AUTH_RLOCKED:
return "LDAP Authentication: known user is locked!";
case LDAP_AUTH_RNOTREG:
- return "LDAP Authentication: known user has not registered yet!";
-*/
+ return "LDAP Authentication: known user, but not registered for this service!";
case LDAP_AUTH_RNOEMAIL:
return "LDAP Authentication: known user, but cannot obtain email!";
case LDAP_AUTH_RNAUTH:
@@ -83,16 +80,19 @@
}
}
- SearchResult srchRes = search(login, password, ldapConfig, !ldapConfig.searchFilter.contains("${password}"));
+ LdapAuth3Result ldapAuth3Result = search(login, password, ldapConfig, !ldapConfig.searchFilter.contains("${password}"), true);
+ SearchResult srchRes = ldapAuth3Result.getSearchResultValue();
- if (srchRes == null || srchRes.getEntryCount() == 0) {
+ if (ldapAuth3Result.getErrorCode() != 0 || srchRes == null || srchRes.getEntryCount() == 0) {
if (DEBUGLOG) System.out.printf("Finding '%s': no entry found!\n", login);
- return LDAP_AUTH_RNAUTH;
+ return ldapAuth3Result.getErrorCode();
}
return LDAP_AUTH_ROK;
}
- public static SearchResult search(String login, String password, LDAPConfig ldapConfig, boolean bindWithFoundDN) throws LDAPException {
+
+ @NotNull
+ public static LdapAuth3Result search(String login, String password, LDAPConfig ldapConfig, boolean bindWithFoundDN, boolean applyExtraFilters) {
Map<String, String> valuesMap = new HashMap<>();
valuesMap.put("login", login);
valuesMap.put("password", password);
@@ -108,11 +108,9 @@
//System.out.printf("LDAP Version = %d.\n", LDAPConnection.LDAP_V3);
System.out.printf("LDAP Host & Port = '%s':%d.\n", ldapConfig.host, ldapConfig.port);
System.out.printf("Login User = '%s'\n", login);
+ System.out.println("LDAPS " + ldapConfig.useSSL);
}
- // LDAP Connection:
- if (DEBUGLOG) System.out.println("LDAPS " + ldapConfig.useSSL);
-
LDAPConnection lc;
if (ldapConfig.useSSL) {
@@ -131,7 +129,7 @@
} catch (GeneralSecurityException e) {
System.err.printf("Error: login: Connecting to LDAPS Server: failed: '%s'!\n", e);
ldapTerminate(null);
- return null;
+ return new LdapAuth3Result(null, LDAP_AUTH_RCONNECT);
}
} else {
lc = new LDAPConnection();
@@ -144,10 +142,8 @@
String fullStackTrace = org.apache.commons.lang.exception.ExceptionUtils.getFullStackTrace(e);
System.err.printf("Error: login: Connecting to LDAP Server: failed: '%s'!\n", fullStackTrace);
ldapTerminate(lc);
- return null;
+ return new LdapAuth3Result(null, LDAP_AUTH_RCONNECT);
}
-
-
if (DEBUGLOG) System.out.printf("Debug: isConnected=%d\n", lc.isConnected() ? 1 : 0);
try {
@@ -158,31 +154,28 @@
} catch (LDAPException e) {
System.err.printf("Error: login: Binding failed: '%s'!\n", e);
ldapTerminate(lc);
- return null;
+ return new LdapAuth3Result(null, LDAP_AUTH_RINTERR);
}
if (DEBUGLOG) System.out.printf("Debug: isConnected=%d\n", lc.isConnected() ? 1 : 0);
if (DEBUGLOG) System.out.printf("Finding user '%s'...\n", login);
- SearchResult srchRes;
+ SearchResult srchRes = null;
try {
- // SCOPE_SUB = Scope Subtree.
- if (DEBUGLOG) System.out.printf("Finding Filter: '%s'.\n", insensitiveSearchFilter);
+ if (DEBUGLOG) System.out.printf("Searching with searchFilter: '%s'.\n", insensitiveSearchFilter);
srchRes = lc.search(ldapConfig.searchBase, SearchScope.SUB, searchFilterInstance);
- if (DEBUGLOG) System.out.printf("Finding '%s': %d entries.\n", login, srchRes.getEntryCount());
+ if (DEBUGLOG) System.out.printf("Found '%s': %d entries.\n", login, srchRes.getEntryCount());
} catch (LDAPSearchException e) {
System.err.printf("Error: Search for User failed: '%s'!\n", e);
- ldapTerminate(lc);
- return null;
}
if (srchRes == null || srchRes.getEntryCount() == 0) {
if (DEBUGLOG) System.out.printf("Finding '%s': no entry found!\n", login);
ldapTerminate(lc);
- return null;
+ return new LdapAuth3Result(null, LDAP_AUTH_RUNKNOWN);
}
if (bindWithFoundDN) {
@@ -191,16 +184,52 @@
try {
// bind to server:
if (DEBUGLOG) System.out.printf("Binding with '%s' ...\n", matchedDN);
- lc.bind(matchedDN, password);
+ BindResult bindResult = lc.bind(matchedDN, password);
if (DEBUGLOG) System.out.print("Binding: OK.\n");
+ if (!bindResult.getResultCode().equals(ResultCode.SUCCESS)) {
+ ldapTerminate(lc);
+ return new LdapAuth3Result(null, LDAP_AUTH_RUNKNOWN);
+ }
} catch (LDAPException e) {
System.err.printf("Error: login: Binding failed: '%s'!\n", e);
ldapTerminate(lc);
- return null;
+ return new LdapAuth3Result(null, LDAP_AUTH_RUNKNOWN);
+ }
+ }
+
+ if (applyExtraFilters) {
+ if (ldapConfig.authFilter != null && !ldapConfig.authFilter.isEmpty()) {
+ srchRes = applyAdditionalFilter(login, ldapConfig, ldapConfig.authFilter, searchFilterInstance, lc);
+ if (srchRes == null || srchRes.getEntryCount() == 0) {
+ ldapTerminate(lc);
+ return new LdapAuth3Result(null, LDAP_AUTH_RNOTREG);
+ }
+ }
+
+ if (ldapConfig.userNotBlockedFilter != null && !ldapConfig.userNotBlockedFilter.isEmpty()) {
+ srchRes = applyAdditionalFilter(login, ldapConfig, ldapConfig.userNotBlockedFilter, searchFilterInstance, lc);
+ if (srchRes == null || srchRes.getEntryCount() == 0) {
+ ldapTerminate(lc);
+ return new LdapAuth3Result(null, LDAP_AUTH_RLOCKED);
+ }
}
}
ldapTerminate(lc);
+ return new LdapAuth3Result(srchRes, LDAP_AUTH_ROK);
+ }
+
+ private static SearchResult applyAdditionalFilter(String login, LDAPConfig ldapConfig, String searchFilterInstance, String extraFilter, LDAPConnection lc) {
+ SearchResult srchRes;
+ srchRes = null;
+ try {
+ String combindedFilterInstance = "(&" + searchFilterInstance + extraFilter + ")";
+ if (DEBUGLOG) System.out.printf("Searching with additional Filter: '%s'.\n", extraFilter);
+ srchRes = lc.search(ldapConfig.searchBase, SearchScope.SUB, combindedFilterInstance);
+ if (DEBUGLOG) System.out.printf("Found '%s': %d entries.\n", login, srchRes.getEntryCount());
+ } catch (LDAPSearchException e) {
+ System.err.printf("Error: Search for User failed: '%s'!\n", e);
+ }
return srchRes;
}
@@ -209,7 +238,7 @@
LDAPConfig ldapConfig = new LDAPConfig(ldapConfigFilename);
final String emailAttribute = ldapConfig.emailAttribute;
- SearchResult searchResult = search(sUserDN, sUserPwd, ldapConfig, false);
+ SearchResult searchResult = search(sUserDN, sUserPwd, ldapConfig, false, false).getSearchResultValue();
if (searchResult == null) {
return null;
@@ -246,4 +275,26 @@
return TokenType.API;
}
+ public static class LdapAuth3Result {
+ final int errorCode;
+ final Object value;
+
+
+ public LdapAuth3Result(Object value, int errorCode) {
+ this.errorCode = errorCode;
+ this.value = value;
+ }
+
+ public int getErrorCode() {
+ return errorCode;
+ }
+
+ public Object getValue() {
+ return value;
+ }
+
+ public SearchResult getSearchResultValue() {
+ return (SearchResult) value;
+ }
+ }
}
diff --git a/full/src/test/java/de/ids_mannheim/korap/authentication/LdapAuth3Test.java b/full/src/test/java/de/ids_mannheim/korap/authentication/LdapAuth3Test.java
index 48d5c88..c926579 100644
--- a/full/src/test/java/de/ids_mannheim/korap/authentication/LdapAuth3Test.java
+++ b/full/src/test/java/de/ids_mannheim/korap/authentication/LdapAuth3Test.java
@@ -16,8 +16,7 @@
import java.security.GeneralSecurityException;
-import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_RNAUTH;
-import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_ROK;
+import static de.ids_mannheim.korap.authentication.LdapAuth3.*;
import static org.junit.Assert.assertEquals;
public class LdapAuth3Test {
@@ -59,26 +58,31 @@
}
@Test
- public void testLoginWithUsername() throws LDAPException {
- assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "topsecret", TEST_LDAP_CONF));
+ public void loginWithExtraProfileNameWorks() throws LDAPException {
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser123", "password", TEST_LDAP_CONF));
}
@Test
- public void testLoginWithUid() throws LDAPException {
+ public void loginWithUidWorks() throws LDAPException {
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAP_CONF));
+ }
+
+ @Test
+ public void loginWithUidAndBase64PasswordWorks() throws LDAPException {
final byte[] passwordBytes = StaticUtils.getBytes("password");
String pw = Base64.encode(passwordBytes);
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", pw, TEST_LDAP_CONF));
}
@Test
- public void testLoginWithEmail() throws LDAPException {
+ public void loginWithEmailWorks() throws LDAPException {
final byte[] passwordBytes = StaticUtils.getBytes("password");
String pw = Base64.encode(passwordBytes);
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser@example.com", pw, TEST_LDAP_CONF));
}
@Test
- public void testAllLoginPwCombinations() throws LDAPException {
+ public void allLoginPasswordCombinationsWork() throws LDAPException {
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("uid", "userPassword", TEST_LDAP_CONF));
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("uid", "extraPassword", TEST_LDAP_CONF));
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("mail@example.org", "userPassword", TEST_LDAP_CONF));
@@ -88,68 +92,80 @@
}
@Test
- public void testFailingLoginWithWrongEmail() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("notestuser@example.com", "topsecret", TEST_LDAP_CONF));
+ public void loginWithWrongEmailFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("notestuser@example.com", "topsecret", TEST_LDAP_CONF));
}
@Test
- public void testFailingLoginWithEmailAndWrongPassword() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser@example.com", "wrongpw", TEST_LDAP_CONF));
+ public void loginWithEmailAndWrongPasswordFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser@example.com", "wrongpw", TEST_LDAP_CONF));
}
@Test
- public void testFailingLoginWithUsernameAndWrongPassword() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser", "wrongpw", TEST_LDAP_CONF));
+ public void loginWithUsernameAndWrongPasswordFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser", "wrongpw", TEST_LDAP_CONF));
}
@Test
- public void testFailingLoginWithoutC2Attr() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("doe", "topsecret", TEST_LDAP_CONF));
+ public void loginOfNotRegisteredUserFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RNOTREG, LdapAuth3.login("not_registered_user", "topsecret", TEST_LDAP_CONF));
}
@Test
- public void testFailingLoginWithoutBadStatus() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("berserker", "topsecret", TEST_LDAP_CONF));
+ public void blockedUserIsRefused() throws LDAPException {
+ assertEquals(LDAP_AUTH_RLOCKED, LdapAuth3.login("nameOfBlockedUser", "topsecret", TEST_LDAP_CONF));
}
@Test
- public void testSecureLoginWithUsername() throws LDAPException {
- assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "topsecret", TEST_LDAPS_CONF));
+ public void loginWithUsernameOverSSLWorks() throws LDAPException {
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAPS_CONF));
}
@Test
- public void testSecureLoginWithTrustStoreAndUsername() throws LDAPException {
- assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "topsecret", TEST_LDAPS_TS_CONF));
+ public void loginOnTrustedServerWorks() throws LDAPException {
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAPS_TS_CONF));
}
@Test
- public void testFailingSecureLoginWithTrustStoreAndUsernameAndWrongPW() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser", "topsecrets", TEST_LDAPS_TS_CONF));
+ public void loginOnTrustedServerWithWrongPassswordFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser", "topsecrets", TEST_LDAPS_TS_CONF));
}
@Test
- public void testPasswordWithAsterisk() throws LDAPException {
+ public void passwordWithAsteriskWorks() throws LDAPException {
assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("test", "top*ecret", TEST_LDAPS_CONF));
}
@Test
- public void testFailingEscapedPW() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser", "top*", TEST_LDAPS_TS_CONF));
+ public void passwordWithGlobOperatorFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser", "passw*", TEST_LDAPS_TS_CONF));
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAPS_TS_CONF));
}
@Test
- public void testFailingIllegalPW() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("testuser", "*", TEST_LDAPS_TS_CONF));
+ public void passwordWithExistenceOperatorFails() throws LDAPException {
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("testuser", "*", TEST_LDAPS_TS_CONF));
+ assertEquals(LDAP_AUTH_ROK, LdapAuth3.login("testuser", "password", TEST_LDAPS_TS_CONF));
}
@Test
- public void testGettingMailForUid() throws LDAPException {
+ public void gettingMailAttributeForUid() throws LDAPException {
assertEquals("testuser@example.com", LdapAuth3.getEmail("testuser", TEST_LDAP_CONF));
assertEquals("peter@example.org", LdapAuth3.getEmail("testuser2", TEST_LDAPS_CONF));
assertEquals(null, LdapAuth3.getEmail("non-exsting", TEST_LDAPS_CONF));
}
@Test
+ public void gettingMailAttributeForNotRegisteredUserWorks() throws LDAPException {
+ assertEquals("not_registered_user@example.com", LdapAuth3.getEmail("not_registered_user", TEST_LDAP_CONF));
+ }
+
+ @Test
+ public void gettingMailAttributeForBlockedUserWorks() throws LDAPException {
+ assertEquals("nameOfBlockedUser@example.com", LdapAuth3.getEmail("nameOfBlockedUser", TEST_LDAP_CONF));
+ }
+
+ @Test
public void canLoadLdapConfig() {
LDAPConfig ldapConfig = new LDAPConfig(TEST_LDAPS_CONF);
assertEquals(3269, ldapConfig.port);
diff --git a/full/src/test/java/de/ids_mannheim/korap/server/EmbeddedLdapServerTest.java b/full/src/test/java/de/ids_mannheim/korap/server/EmbeddedLdapServerTest.java
index 196451e..9e9700e 100644
--- a/full/src/test/java/de/ids_mannheim/korap/server/EmbeddedLdapServerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/server/EmbeddedLdapServerTest.java
@@ -14,8 +14,8 @@
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
-import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_RNAUTH;
import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_ROK;
+import static de.ids_mannheim.korap.authentication.LdapAuth3.LDAP_AUTH_RUNKNOWN;
import static org.junit.Assert.assertEquals;
public class EmbeddedLdapServerTest {
@@ -49,7 +49,7 @@
@Test
public void asteriskPasswordsFail() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("user1", "*", TEST_EMBEDDED_LDAP_CONF));
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("user1", "*", TEST_EMBEDDED_LDAP_CONF));
}
@Test
@@ -66,12 +66,12 @@
@Test
public void loginWithUnEncodedPBKDF2PasswordFails() throws LDAPException, NoSuchAlgorithmException, InvalidKeySpecException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("user5", "password5", TEST_EMBEDDED_LDAP_CONF));
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("user5", "password5", TEST_EMBEDDED_LDAP_CONF));
}
@Test
public void unauthorizedUsersAreNotAllowed() throws LDAPException {
- assertEquals(LDAP_AUTH_RNAUTH, LdapAuth3.login("yuser", "password", TEST_EMBEDDED_LDAP_CONF));
+ assertEquals(LDAP_AUTH_RUNKNOWN, LdapAuth3.login("yuser", "password", TEST_EMBEDDED_LDAP_CONF));
}
@Test
diff --git a/full/src/test/resources/test-ldap-users.ldif b/full/src/test/resources/test-ldap-users.ldif
index af687a8..b35a919 100644
--- a/full/src/test/resources/test-ldap-users.ldif
+++ b/full/src/test/resources/test-ldap-users.ldif
@@ -15,11 +15,9 @@
mail: testuser@example.com
userPassword: cGFzc3dvcmQ=
displayName: Dr. Peter Testuser
-extra: TRUE
-extraProfile: testuser
-extraPassword: topsecret
-extraNews: TRUE
-title: Herr
+registered: TRUE
+extraProfile: testuser123
+extraPassword: password
uid: testuser
dn: uid=test,ou=people,dc=example,dc=com
@@ -29,41 +27,28 @@
mail: test@example.com
userPassword: top*ecret
displayName: Dr. Peter Test
-extra: TRUE
-idsStatus: 1
+registered: TRUE
+userStatus: 1
extraProfile: test
extraPassword: top*ecret
uid: test
-dn: uid=doe,ou=people,dc=example,dc=com
-cn: John Doe
-sn: doe
-givenName: John
-mail: doe@example.com
+dn: uid=not_registered_user,ou=people,dc=example,dc=com
+mail: not_registered_user@example.com
userPassword: cGFzc3dvcmQ=
-displayName: Dr. John Doe
-idsStatus: 0
-extra: FALSE
-extraProfile: doe
+userStatus: 0
+registered: FALSE
+extraProfile: not_registered_user
extraPassword: topsecret
-extraNews: TRUE
-title: Herr
-uid: doe
+uid: not_registered_user
-dn: uid=berserk,ou=people,dc=example,dc=com
-cn: Bernd Berserker
-sn: berserker
-givenName: Joe
-mail: berserker@example.com
+dn: uid=nameOfBlockedUser,ou=people,dc=example,dc=com
+mail: nameOfBlockedUser@example.com
userPassword: cGFzc3dvcmQ=
-displayName: berserk
-idsStatus: 2
-extra: TRUE
-extraProfile: doe
+userStatus: 2
+registered: TRUE
extraPassword: topsecret
-extraNews: TRUE
-title: Herr
-uid: berserk
+uid: nameOfBlockedUser
dn: uid=testuser2,ou=people,dc=example,dc=com
cn: Peter Testuser
@@ -72,8 +57,8 @@
mail: peter@example.org
userPassword: cGFzc3dvcmQ=
displayName: Dr. Peter Testuser
-idsStatus: 0
-extra: TRUE
+userStatus: 0
+registered: TRUE
extraProfile: testuser2
extraPassword: topsecret
extraNews: TRUE
@@ -83,7 +68,7 @@
dn: uid=uid,ou=people,dc=example,dc=com
mail: mail@example.org
userPassword: userPassword
-extra: TRUE
+registered: TRUE
extraProfile: extraProfile
extraPassword: extraPassword
uid: uid
diff --git a/full/src/test/resources/test-ldap.conf b/full/src/test/resources/test-ldap.conf
index 1bccb3b..614275c 100644
--- a/full/src/test/resources/test-ldap.conf
+++ b/full/src/test/resources/test-ldap.conf
@@ -3,4 +3,6 @@
searchBase=dc=example,dc=com
sLoginDN=cn=admin,dc=example,dc=com
pwd=adminpassword
-searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password}))(extra=TRUE)(|(idsStatus=0)(idsStatus=1)(!(idsStatus=*))))
+searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password})))
+authFilter=(registered=TRUE)
+userNotBlockedFilter=(|(userStatus=0)(userStatus=1)(!(userStatus=*)))
diff --git a/full/src/test/resources/test-ldaps-with-truststore.conf b/full/src/test/resources/test-ldaps-with-truststore.conf
index 788de73..22d0899 100644
--- a/full/src/test/resources/test-ldaps-with-truststore.conf
+++ b/full/src/test/resources/test-ldaps-with-truststore.conf
@@ -5,4 +5,6 @@
searchBase=dc=example,dc=com
sLoginDN=cn=admin,dc=example,dc=com
pwd=adminpassword
-searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password}))(extra=TRUE)(|(idsStatus=0)(idsStatus=1)(!(idsStatus=*))))
+searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password})))
+authFilter=(registered=TRUE)
+userNotBlockedFilter=(|(userStatus=0)(userStatus=1)(!(userStatus=*)))
diff --git a/full/src/test/resources/test-ldaps.conf b/full/src/test/resources/test-ldaps.conf
index 9b414be..dfbed4f 100644
--- a/full/src/test/resources/test-ldaps.conf
+++ b/full/src/test/resources/test-ldaps.conf
@@ -5,4 +5,6 @@
searchBase=dc=example,dc=com
sLoginDN=cn=admin,dc=example,dc=com
pwd=adminpassword
-searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password}))(extra=TRUE)(|(idsStatus=0)(idsStatus=1)(!(idsStatus=*))))
+searchFilter=(&(|(uid=${login})(mail=${login})(extraProfile=${login}))(|(userPassword=${password})(extraPassword=${password})))
+authFilter=(registered=TRUE)
+userNotBlockedFilter=(|(userStatus=0)(userStatus=1)(!(userStatus=*)))