Skip to content

Commit

Permalink
Fixed marklogic-community#445: added apply settings for external secu…
Browse files Browse the repository at this point in the history
…rity, including bind-method
  • Loading branch information
grtjn committed Jan 28, 2016
1 parent 0d9e53e commit 1d73efe
Showing 1 changed file with 54 additions and 0 deletions.
54 changes: 54 additions & 0 deletions deploy/lib/xquery/setup.xqy
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,21 @@ declare variable $field-settings :=
<setting>word-searches</setting>
</settings>;

declare variable $external-security-settings :=
<settings>
<setting min-version="7.0-0">authentication</setting>
<setting min-version="7.0-0">authorization</setting>
<setting min-version="7.0-0">cache-timeout</setting>
<setting min-version="7.0-0">description</setting>
<setting min-version="7.0-0">ldap-attribute</setting>
<setting min-version="7.0-0">ldap-base</setting>
<setting min-version="8.0-2">ldap-bind-method</setting>
<setting min-version="7.0-0">ldap-default-user</setting>
<setting min-version="7.0-0">ldap-password</setting>
<setting min-version="7.0-0">ldap-server-uri</setting>
<setting min-version="7.0-0">name</setting>
</settings>;

(: A note on naming conventions:
$admin-config refers to the configuration passed around by the Admin APIs
$import-config is the import/export configuration format that setup:get-configuration() generates
Expand Down Expand Up @@ -445,6 +460,7 @@ declare function setup:do-setup($import-config as element(configuration)+) as it
setup:create-roles($import-config),
setup:create-users($import-config),
setup:create-external-security($import-config),
setup:apply-external-security-settings($import-config),
setup:create-mimetypes($import-config),
setup:create-groups($import-config),
setup:configure-groups($import-config),
Expand Down Expand Up @@ -4373,6 +4389,44 @@ declare function setup:create-external-security(
)
};

declare function setup:apply-external-security-settings($import-config as element(configuration)) as item()*
{
for $es-config in $import-config/sec:external-securities/sec:external-security
let $es-name := $es-config/sec:external-security-name
let $apply-settings :=
for $setting in $external-security-settings/*:setting
let $setting-test :=
if ($setting/@accept-blank = "true") then
""
else
"[fn:string-length(fn:string(.)) > 0]"
let $value :=
if ($setting/@value) then
xdmp:value($setting/@value)
else
fn:data(xdmp:value(fn:concat("$es-config/sec:", $setting, $setting-test)))
let $min-version as xs:string? := $setting/@min-version
where (fn:exists($value))
return
if (fn:empty($min-version) or setup:at-least-version($min-version)) then
xdmp:eval(
fn:concat('
xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy";
declare variable $value external;
sec:external-security-set-', fn:replace($setting, 'external-security-', ''), '("', $es-name, '", $value)
'),
(xs:QName("value"), $value),
<options xmlns="xdmp:eval"><database>{$default-security}</database></options>
)
else
fn:error(
xs:QName("VERSION_NOT_SUPPORTED"),
fn:concat("MarkLogic ", xdmp:version(), " does not support ", $setting, ". Use ", $min-version, " or higher."))
return
fn:concat("External security ", $es-name, " settings applied succesfully.")
};

declare function setup:validate-external-security(
$import-config as element(configuration))
{
Expand Down

0 comments on commit 1d73efe

Please sign in to comment.