diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidator.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidator.java index 956a382ed2..85fa653196 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidator.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidator.java @@ -46,28 +46,27 @@ public void validate(ConfigProblemSetBuilder p, Ldap ldap) { switch (UserSearchMethod.toUserSearchMethod(ldap)) { case DN_PATTERN: // fall through. - case SEARCH_AND_FILTER: + case SEARCH_AND_OR_FILTER: break; case UNSPECIFIED_OR_INVALID: // fall through. default: p.addProblem( Problem.Severity.ERROR, "No valid user search method defined. Please " - + "specify with either --user-dn-pattern OR (--user-search-base and --user-search-filter)."); + + "specify with either --user-dn-pattern OR (--user-search-base and/or --user-search-filter)."); } } enum UserSearchMethod { UNSPECIFIED_OR_INVALID, DN_PATTERN, - SEARCH_AND_FILTER; + SEARCH_AND_OR_FILTER; static UserSearchMethod toUserSearchMethod(Ldap ldap) { if (StringUtils.isNotEmpty(ldap.getUserDnPattern())) { return DN_PATTERN; - } else if (StringUtils.isNotEmpty(ldap.getUserSearchBase()) - && StringUtils.isNotEmpty(ldap.getUserSearchFilter())) { - return SEARCH_AND_FILTER; + } else if (StringUtils.isNotEmpty(ldap.getUserSearchFilter())) { + return SEARCH_AND_OR_FILTER; } return UNSPECIFIED_OR_INVALID; } diff --git a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidatorSpec.groovy b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidatorSpec.groovy index 4036218682..17da913804 100644 --- a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidatorSpec.groovy +++ b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/validate/v1/security/LdapValidatorSpec.groovy @@ -32,11 +32,13 @@ class LdapValidatorSpec extends Specification { problemSet.empty where: - description | enabled | ldapUrl | userDnPattern | userSearchBase | userSearchFilter | managerDn | managerPassword | groupSearchBase - "not enabled" | false | null | null | null | null | null | null | null - "user DN pattern" | true | "ldaps://ldap.some.com:123" | "some pattern" | null | null | null | null | null - "search and filter" | true | "ldap://ldap.some.com:123" | null | "sub" | "ou=foo" | null | null | null - "search and filter" | true | "ldap://ldap.some.com:123" | null | "sub" | "ou=foo" | "admin" | "secret" | "ou=company" + description | enabled | ldapUrl | userDnPattern | userSearchBase | userSearchFilter | managerDn | managerPassword | groupSearchBase + "not enabled" | false | null | null | null | null | null | null | null + "user DN pattern" | true | "ldaps://ldap.some.com:123" | "some pattern" | null | null | null | null | null + "search and filter" | true | "ldap://ldap.some.com:123" | null | "sub" | "ou=foo" | null | null | null + "search and filter" | true | "ldap://ldap.some.com:123" | null | "sub" | "ou=foo" | "admin" | "secret" | "ou=company" + "search and root in url" | true | "ldap://ldap.some.com:123/root_dn" | null | null | "ou=foo" | "admin" | "secret" | "ou=company" + "search and root no mgr" | true | "ldap://ldap.some.com:123/root_dn" | null | null | "ou=foo" | null | null | "ou=company" } @Unroll