introduced possibility to fallback to different principalSuffix to combine different users together

account/src/main/java/de/muehlencord/shared/account/util/UserNameActiveDirectoryRealm.java

@@ -24,32 +24,48 @@ public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
     private static final Logger LOGGER = LoggerFactory.getLogger(UserNameActiveDirectoryRealm.class);
 
     private boolean permissionsLookupEnabled = true;
+    protected String fallbackPrincipalSuffix = null;
 
     @Override
     protected AuthenticationInfo queryForAuthenticationInfo(AuthenticationToken token, LdapContextFactory ldapContextFactory) throws NamingException {
         UsernamePasswordToken upToken = (UsernamePasswordToken) token;
 
+        String userName = getUserName(upToken, principalSuffix);
         LdapContext ctx = null;
-        String userName = upToken.getUsername();
         try {
-            if (principalSuffix != null) {
+            ctx = lookupUser(userName, upToken.getCredentials(), ldapContextFactory);
-                if (!userName.contains(principalSuffix)) {
+        } catch (NamingException ex) {
-                    userName += principalSuffix;
+            if (fallbackPrincipalSuffix == null) {
-                }
+                throw ex;
             }
-
-            // Binds using the username and password provided by the user.
             if (LOGGER.isDebugEnabled()) {
-                LOGGER.debug("start creating context");
+                LOGGER.debug("Lookup with principalSuffix {} failed, falling back to {}", principalSuffix, fallbackPrincipalSuffix);
-            }
-            ctx = ldapContextFactory.getLdapContext(userName, upToken.getCredentials());
-            if (LOGGER.isDebugEnabled()) {
-                LOGGER.debug("User {} LDAP authenticated", userName);
             }
         } finally {
             LdapUtils.closeContext(ctx);
         }
 
+        if ((ctx == null) && (fallbackPrincipalSuffix != null)) {
+            userName = getUserName(upToken, fallbackPrincipalSuffix);
+            try {
+                ctx = lookupUser(userName, upToken.getCredentials(), ldapContextFactory);
+            } catch (NamingException ex) {
+                if (LOGGER.isDebugEnabled()) {
+                    LOGGER.debug("Lookup with fallbackSuffix {} also failed", fallbackPrincipalSuffix);
+                }
+                throw ex;
+            } finally {
+                LdapUtils.closeContext(ctx);
+            }
+        }
+        
+        if (ctx == null) {
+            throw new NamingException("Unknown error authenticationing user "+userName+". Context still null. Check implementation"); 
+        }
+
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug("User {} LDAP authenticated", userName);
+        }
         LOGGER.debug("building authentication info");
         AuthenticationInfo authInfo = buildAuthenticationInfo(userName, upToken.getPassword());
 
@@ -103,4 +119,31 @@ public class UserNameActiveDirectoryRealm extends ActiveDirectoryRealm {
         this.permissionsLookupEnabled = permissionsLookupEnabled;
     }
 
+    public String getFallbackPrincipalSuffix() {
+        return fallbackPrincipalSuffix;
+    }
+
+    public void setFallbackPrincipalSuffix(String fallbackPrincipalSuffix) {
+        this.fallbackPrincipalSuffix = fallbackPrincipalSuffix;
+    }
+
+    private String getUserName(UsernamePasswordToken upToken, String suffix) {
+        String userName = upToken.getUsername();
+        if (suffix != null) {
+            if (!userName.contains(suffix)) {
+                userName += suffix;
+            }
+        }
+        return userName;
+    }
+
+    private LdapContext lookupUser(String userName, Object credentials, LdapContextFactory ldapContextFactory) throws NamingException {
+
+        // Binds using the username and password provided by the user.
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug("start creating context");
+        }
+        return ldapContextFactory.getLdapContext(userName, credentials);
+    }
+
 }