[RORDEV-1275] LDAP with group with spaces

ror-demo-cluster/conf/es/log4j2.properties

@@ -79,4 +79,7 @@ appender.index_indexing_slowlog_rolling.policies.time.modulate=true
 logger.index_indexing_slowlog.name=index.indexing.slowlog.index
 logger.index_indexing_slowlog.level=trace
 logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref=index_indexing_slowlog_rolling
-logger.index_indexing_slowlog.additivity=false
+logger.index_indexing_slowlog.additivity=false
+
+logger.ror_ldap.name=tech.beshu.ror.accesscontrol.blocks.definitions.ldap
+logger.ror_ldap.level=debug

ror-demo-cluster/conf/es/readonlyrest.yml

@@ -18,3 +18,31 @@ readonlyrest:
       verbosity: error
       auth_key: admin:admin
       kibana_access: admin
+
+    - name: "TEST"
+      ldap_authentication:
+        name: "ldap2"
+      ldap_authorization:
+        name: "ldap2"
+        groups_and: ["*"]
+
+  ldaps:
+
+    - name: ldap2
+      host: ldap
+      port: 389
+      ssl_enabled: false                                        # default true
+      ssl_trust_all_certs: true                                 # default false
+      bind_dn: "cn=admin,dc=example,dc=com"                     # skip for anonymous bind
+      bind_password: "password"                                 # skip for anonymous bind
+      connection_pool_size: 10                                  # default 30
+      connection_timeout: 10s                                   # default 1
+      request_timeout: 10s                                      # default 1
+      cache_ttl: 60s                                            # default 0 - cache disabled
+      search_user_base_DN: "dc=example,dc=com"
+      search_groups_base_DN: "dc=example,dc=com"
+      user_id_attribute: "uid"                              
+      unique_member_attribute: "uniqueMember"                             
+      group_search_filter: "(cn=*)"                                 
+      group_name_attribute: "cn"  
+      nested_groups_depth: 3

ror-demo-cluster/conf/ldap/example-com.ldif

@@ -0,0 +1,96 @@
+version: 1
+
+dn: ou=People,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: People
+
+dn: cn=Morgan Freeman,ou=People,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Morgan Freeman
+sn: Freeman
+uid: morgan
+userPassword:: e1NNRDV9cTg2ZHlvbGRRRk5pZ04waVprMDgzYnZrVEY3bFdacFk=
+
+dn: cn=Eric Cartman,ou=People,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Eric Cartman
+sn: Cartman
+uid: cartman
+userPassword:: e1NNRDV9czdnM0NVekVCMGQxMm5CM0N3VGFrQmp3K0VGMTE3cFg=
+
+dn: cn=Chanandler Bong,ou=People,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Chanandler Bong
+sn: Bong
+uid: bong
+userPassword:: e1NIQX1zOXFuZTB3RXFWVWJoNEhRTVpIK0NZOHlYbWM9
+
+dn: cn=Bìlbö Bággįnš,ou=People,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Bìlbö Bággįnš
+sn: Bìlbö Bággįnš
+uid: Bìlbö Bággįnš
+userPassword:: e1NNRDV9czdnM0NVekVCMGQxMm5CM0N3VGFrQmp3K0VGMTE3cFg=
+
+dn: cn=Danny DeVito,ou=People,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: Danny DeVito
+sn: DeVito
+uid: devito
+userPassword:: e1NNRDV9czdnM0NVekVCMGQxMm5CM0N3VGFrQmp3K0VGMTE3cFg=
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=group1 (nested),ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: group1 (nested)
+o: Group 1
+uniqueMember: cn=Eric Cartman,ou=People,dc=exammple,dc=com
+uniqueMember: cn=Chanandler Bong,ou=People,dc=example,dc=com
+uniqueMember: cn=group3,ou=Groups,dc=example,dc=com
+
+dn: cn=AAA-BBB-Cccccc Dddd (Eeeee),ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: AAA-BBB-Cccccc Dddd (Eeeee)
+o: Group 2
+uniqueMember: cn=Morgan Freeman,ou=People,dc=example,dc=com
+uniqueMember: cn=Bìlbö Bággįnš,ou=People,dc=example,dc=com
+
+dn: cn=group3,ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: group3
+o: Group 3
+uniqueMember: cn=Chanandler Bong,ou=People,dc=example,dc=com
+uniqueMember: cn=Eric Cartman,ou=People,dc=example,dc=com
+uniqueMember: cn=Morgan Freeman,ou=People,dc=example,dc=com
+
+dn: cn=groupAll,ou=Groups,dc=example,dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: groupAll
+o: Group All
+uniqueMember: cn=Chanandler Bong,ou=People,dc=example,dc=com
+uniqueMember: cn=Eric Cartman,ou=People,dc=example,dc=com
+uniqueMember: cn=Bìlbö Bággįnš,ou=People,dc=example,dc=com

ror-demo-cluster/docker-compose.yml

@@ -61,6 +61,20 @@ services:
         soft: -1
         hard: -1
 
+  ldap:
+    image: osixia/openldap:1.3.0
+    command: [--copy-service]
+    volumes:
+      - ./conf/ldap/example-com.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/example-com.ldif
+    ports:
+      - "389:389"
+      - "636:636"
+    environment:
+      - LDAP_ADMIN_PASSWORD=password
+      - LDAP_DOMAIN=example.com
+    networks:
+      - es-ror-network
+
 networks:
   es-ror-network:
     driver: bridge