Skip navigation links

Infinispan LDAP cache store v2.1

Cache loader / writer for an LDAP directory backend.

See: Description

Packages 
Package Description
com.nimbusds.infinispan.persistence.ldap
LDAP store for Infinispan 8.2+ caches and maps.
com.nimbusds.infinispan.persistence.ldap.backend
LDAP backend related classes.
com.nimbusds.infinispan.persistence.ldap.query
LDAP search query executor interfaces.

Cache loader / writer for an LDAP directory backend.

Requirements

Features

Usage

  1. Add the Maven dependency for the LDAP cache store, or make sure its JAR is present in the CLASSPATH of your project.
  2. Implement LDAPEntryTransformer to translate between Infinispan entries (key / value pairs with optional metadata) and LDAP directory entries (identified by a DN and consisting of attributes).
  3. Set up a user account for the authenticated LDAP connections to the directory. The connections will be authenticated by a simple bind to the account's DN. The LDAP cache store client can also work with unauthenticated connections.
  4. Create an LDAP directory branch (typically an organizationalUnit objectClass) where the persisted LDAP entries are located or going to be written. The LDAP user account must have the appropriate permissions to access this branch as well as any immediate entries under it.
  5. Configure an LDAP store for each Infinispan cache that requires one, by setting the properties specified in LDAPStoreConfiguration. Also, see the example below. Note that the LDAP store can safely shared between multiple replicated / distributed instances of a cache. It can also be used in read-only mode.

Maven

Maven coordinates:

    <groupId>com.nimbusds</groupId>
    <artifactId>infinispan-ldap-cache-store</artifactId>
    <version>[ version ]</version>

where [ version ] should be the latest stable version.

Example configuration

Example Infinispan configuration for a cache backed by an LDAP directory:

<infinispan xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="urn:infinispan:config:8.2 http://www.infinispan.org/schemas/infinispan-config-8.2.xsd"
            xmlns="urn:infinispan:config:8.2">

    <cache-container name="myCacheContainer" default-cache="myMap" statistics="true">
        <jmx duplicate-domains="true"/>
        <local-cache name="myMap">
            <eviction type="COUNT" size="100"/>
            <persistence passivation="false">
                <store class="com.nimbusds.infinispan.persistence.ldap.LDAPStore"
                        fetch-state="false"
                        preload="false"
                        shared="true"
                        purge="false"
                        read-only="false"
                        singleton="false">

                    <!-- LDAP user details -->
                    <property name="ldapUser.dn">cn=Directory Manager</property>
                    <property name="ldapUser.password">secret</property>

                    <!-- LDAP server details -->
                    <property name="ldapServer.url">ldap://127.0.0.1:30389</property>
                    <property name="ldapServer.selectionAlgorithm">FAILOVER</property>
                    <property name="ldapServer.connectTimeout">500</property>
                    <property name="ldapServer.responseTimeout">500</property>
                    <property name="ldapServer.security">none</property>
                    <property name="ldapServer.trustSelfSignedCerts">false</property>
                    <property name="ldapServer.connectionPoolSize">10</property>
                    <property name="ldapServer.connectionPoolInitialSize">0</property>
                    <property name="ldapServer.connectionPoolMaxWaitTime">250</property>
                    <property name="ldapServer.connectionMaxAge">0</property>

                    <!-- LDAP directory entry details -->
                    <property name="ldapDirectory.baseDN">ou=people, dc=wonderland, dc=net</property>
                    <property name="ldapDirectory.pageSize">500</property>
                    <property name="ldapDirectory.entryTransformer">com.nimbusds.infinispan.persistence.ldap.UserEntryTransformer</property>

                    <!-- Custom LDAP sever trust and key store -->
                    <property name="customTrustStore.enable">false</property>
                    <property name="customTrustStore.file">keystore.jks</property>
                    <property name="customTrustStore.password">secret</property>
                    <property name="customTrustStore.type">JKS</property>

                    <property name="customKeyStore.enable">false</property>
                    <property name="customKeyStore.file">keystore.jks</property>
                    <property name="customKeyStore.password">secret</property>
                    <property name="customKeyStore.type">JKS</property>
                </store>
            </persistence>
        </local-cache>
    </cache-container>

</infinispan>
Skip navigation links

Copyright © 2016 Connect2id Ltd.. All Rights Reserved.