public class LdapProviderConfig extends Object
Modifier and Type | Class and Description |
---|---|
class |
LdapProviderConfig.Identity
Defines the configuration of an identity (user or group).
|
static class |
LdapProviderConfig.PoolConfig
Defines the configuration of a connection pool.
|
Constructor and Description |
---|
LdapProviderConfig() |
Modifier and Type | Method and Description |
---|---|
static String |
encodeFilterValue(String value)
Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String)
in order to keep this configuration LDAP client independent.
|
LdapProviderConfig.PoolConfig |
getAdminPoolConfig()
Returns the admin connection pool configuration.
|
String |
getBindDN()
Configures the DN that is used to bind to the LDAP server.
|
String |
getBindPassword()
Configures the password that is used to bind to the LDAP server.
|
String[] |
getCustomAttributes()
Optionally configures an array of attribute names that will be retrieved when looking up LDAP entries.
|
LdapProviderConfig.Identity |
getGroupConfig()
Returns the group specific configuration.
|
String |
getGroupMemberAttribute()
Configures the attribute that stores the members of a group.
|
String |
getHostname()
Configures the hostname of the LDAP server.
|
String |
getMemberOfSearchFilter(String dn)
Returns the LDAP filter that is used when searching for groups where an identity is member of.
|
String |
getName()
Returns the name of this provider configuration.
|
int |
getPort()
Configures the port of the LDAP server.
|
long |
getSearchTimeout()
Configures the timeout in milliseconds that is used for all LDAP searches.
|
LdapProviderConfig.Identity |
getUserConfig()
Returns the user specific configuration.
|
LdapProviderConfig.PoolConfig |
getUserPoolConfig()
Returns the user connection pool configuration.
|
boolean |
getUseUidForExtId()
If true, the value of the user id (resp.
|
boolean |
noCertCheck()
Configures whether certificates on SSL/TLS connections should be validated.
|
static LdapProviderConfig |
of(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters params)
Creates a new LDAP provider configuration based on the properties store in the given parameters.
|
LdapProviderConfig |
setBindDN(String bindDN)
Sets the bind DN.
|
LdapProviderConfig |
setBindPassword(String bindPassword)
Sets the bind password
|
LdapProviderConfig |
setCustomAttributes(String[] customAttributes)
Sets the attribute names to be retrieved when looking up LDAP entries.
|
LdapProviderConfig |
setGroupMemberAttribute(String groupMemberAttribute)
Sets the group member attribute.
|
LdapProviderConfig |
setHostname(String hostname)
Sets the hostname.
|
LdapProviderConfig |
setName(String name)
Sets the name of this provider.
|
LdapProviderConfig |
setNoCertCheck(boolean noCertCheck)
Disables certificate validation.
|
LdapProviderConfig |
setPort(int port)
Sets the port.
|
LdapProviderConfig |
setSearchTimeout(long searchTimeout)
Sets the search timeout.
|
LdapProviderConfig |
setUseSSL(boolean useSSL)
Enables SSL connections.
|
LdapProviderConfig |
setUseTLS(boolean useTLS)
Enables TLS connections.
|
LdapProviderConfig |
setUseUidForExtId(boolean useUidForExtId)
Sets the flag that controls if the user id (resp.
|
String |
toString() |
boolean |
useSSL()
Configures whether SSL connections should be used.
|
boolean |
useTLS()
Configures whether TLS connections should be used.
|
public static final String PARAM_NAME_DEFAULT
getName()
,
Constant Field Values@Property(label="LDAP Provider Name", description="Name of this LDAP provider configuration. This is used to reference this provider by the login modules.", value="ldap") public static final String PARAM_NAME
getName()
,
Constant Field Valuespublic static final String PARAM_LDAP_HOST_DEFAULT
getHostname()
,
Constant Field Values@Property(label="LDAP Server Hostname", description="Hostname of the LDAP server", value="localhost") public static final String PARAM_LDAP_HOST
getHostname()
,
Constant Field Valuespublic static final int PARAM_LDAP_PORT_DEFAULT
getPort()
,
Constant Field Values@Property(label="LDAP Server Port", description="Port of the LDAP server", intValue=389) public static final String PARAM_LDAP_PORT
getPort()
,
Constant Field Valuespublic static final boolean PARAM_USE_SSL_DEFAULT
useSSL()
,
Constant Field Values@Property(label="Use SSL", description="Indicates if an SSL (LDAPs) connection should be used.", boolValue=false) public static final String PARAM_USE_SSL
useSSL()
,
Constant Field Valuespublic static final boolean PARAM_USE_TLS_DEFAULT
useTLS()
,
Constant Field Values@Property(label="Use TLS", description="Indicates if TLS should be started on connections.", boolValue=false) public static final String PARAM_USE_TLS
useTLS()
,
Constant Field Valuespublic static final boolean PARAM_NO_CERT_CHECK_DEFAULT
noCertCheck()
,
Constant Field Values@Property(label="Disable certificate checking", description="Indicates if server certificate validation should be disabled.", boolValue=false) public static final String PARAM_NO_CERT_CHECK
noCertCheck()
,
Constant Field Valuespublic static final String PARAM_BIND_DN_DEFAULT
getBindDN()
,
Constant Field Values@Property(label="Bind DN", description="DN of the user for authentication. Leave empty for anonymous bind.", value="") public static final String PARAM_BIND_DN
getBindDN()
,
Constant Field Valuespublic static final String PARAM_BIND_PASSWORD_DEFAULT
getBindPassword()
,
Constant Field Values@Property(label="Bind Password", description="Password of the user for authentication.", passwordValue="") public static final String PARAM_BIND_PASSWORD
getBindPassword()
,
Constant Field Valuespublic static final String PARAM_SEARCH_TIMEOUT_DEFAULT
getSearchTimeout()
,
Constant Field Values@Property(label="Search Timeout", description="Time in until a search times out (eg: \'1s\' or \'1m 30s\').", value="60s") public static final String PARAM_SEARCH_TIMEOUT
getSearchTimeout()
,
Constant Field Valuespublic static final int PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT
@Property(label="Admin pool max active", description="The max active size of the admin connection pool.", longValue=8L) public static final String PARAM_ADMIN_POOL_MAX_ACTIVE
public static final boolean PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE_DEFAULT
@Property(label="Admin pool lookup on validate", description="Indicates an ROOT DSE lookup is performed to test if the connection is still valid when taking it out of the pool.", boolValue=true) public static final String PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE
public static final int PARAM_USER_POOL_MAX_ACTIVE_DEFAULT
@Property(label="User pool max active", description="The max active size of the user connection pool.", longValue=8L) public static final String PARAM_USER_POOL_MAX_ACTIVE
public static final boolean PARAM_USER_POOL_LOOKUP_ON_VALIDATE_DEFAULT
@Property(label="User pool lookup on validate", description="Indicates an ROOT DSE lookup is performed to test if the connection is still valid when taking it out of the pool.", boolValue=true) public static final String PARAM_USER_POOL_LOOKUP_ON_VALIDATE
public static final String PARAM_USER_BASE_DN_DEFAULT
@Property(label="User base DN", description="The base DN for user searches.", value="ou=people,o=example,dc=com") public static final String PARAM_USER_BASE_DN
public static final String[] PARAM_USER_OBJECTCLASS_DEFAULT
@Property(label="User object classes", description="The list of object classes an user entry must contain.", value="person", cardinality=2147483647) public static final String PARAM_USER_OBJECTCLASS
public static final String PARAM_USER_ID_ATTRIBUTE_DEFAULT
@Property(label="User id attribute", description="Name of the attribute that contains the user id.", value="uid") public static final String PARAM_USER_ID_ATTRIBUTE
public static final String PARAM_USER_EXTRA_FILTER_DEFAULT
@Property(label="User extra filter", description="Extra LDAP filter to use when searching for users. The final filter isformatted like: \'(&(<idAttr>=<userId>)(objectclass=<objectclass>)<extraFilter>)\'", value="") public static final String PARAM_USER_EXTRA_FILTER
public static final boolean PARAM_USER_MAKE_DN_PATH_DEFAULT
@Property(label="User DN paths", description="Controls if the DN should be used for calculating a portion of the intermediate path.", boolValue=false) public static final String PARAM_USER_MAKE_DN_PATH
public static final String PARAM_GROUP_BASE_DN_DEFAULT
@Property(label="Group base DN", description="The base DN for group searches.", value="ou=groups,o=example,dc=com") public static final String PARAM_GROUP_BASE_DN
public static final String[] PARAM_GROUP_OBJECTCLASS_DEFAULT
@Property(label="Group object classes", description="The list of object classes a group entry must contain.", value="groupOfUniqueNames", cardinality=2147483647) public static final String PARAM_GROUP_OBJECTCLASS
public static final String PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT
@Property(label="Group name attribute", description="Name of the attribute that contains the group name.", value="cn") public static final String PARAM_GROUP_NAME_ATTRIBUTE
public static final String PARAM_GROUP_EXTRA_FILTER_DEFAULT
@Property(label="Group extra filter", description="Extra LDAP filter to use when searching for groups. The final filter isformatted like: \'(&(<nameAttr>=<groupName>)(objectclass=<objectclass>)<extraFilter>)\'", value="") public static final String PARAM_GROUP_EXTRA_FILTER
public static final boolean PARAM_GROUP_MAKE_DN_PATH_DEFAULT
@Property(label="Group DN paths", description="Controls if the DN should be used for calculating a portion of the intermediate path.", boolValue=false) public static final String PARAM_GROUP_MAKE_DN_PATH
public static final String PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT
getGroupMemberAttribute()
,
Constant Field Values@Property(label="Group member attribute", description="Group attribute that contains the member(s) of a group.", value="uniquemember") public static final String PARAM_GROUP_MEMBER_ATTRIBUTE
getGroupMemberAttribute()
,
Constant Field Valuespublic static final boolean PARAM_USE_UID_FOR_EXT_ID_DEFAULT
getUseUidForExtId()
,
Constant Field Values@Property(label="Use user id for external ids", description="If enabled, the value of the user id (resp. group name) attribute will be used to create external identifiers. Leave disabled to use the DN instead.", boolValue=false) public static final String PARAM_USE_UID_FOR_EXT_ID
getUseUidForExtId()
,
Constant Field Valuespublic static final String[] PARAM_CUSTOM_ATTRIBUTES_DEFAULT
getCustomAttributes()
@Property(label="Custom Attributes", description="Attributes retrieved when looking up LDAP entries. Leave empty to retrieve all attributes.", value={}, cardinality=2147483647) public static final String PARAM_CUSTOM_ATTRIBUTES
getCustomAttributes()
,
Constant Field Valuespublic static LdapProviderConfig of(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters params)
params
- the configuration parameters.@Nonnull public String getName()
@Nonnull public LdapProviderConfig setName(@Nonnull String name)
name
- the namethis
getName()
@Nonnull public String getHostname()
@Nonnull public LdapProviderConfig setHostname(@Nonnull String hostname)
hostname
- the hostnamethis
getHostname()
public int getPort()
@Nonnull public LdapProviderConfig setPort(int port)
port
- the portthis
getPort()
public boolean useSSL()
true
if SSL should be used.@Nonnull public LdapProviderConfig setUseSSL(boolean useSSL)
useSSL
- true
to enable SSLthis
useSSL()
public boolean useTLS()
true
if TLS should be used.@Nonnull public LdapProviderConfig setUseTLS(boolean useTLS)
useTLS
- true
to enable TLSthis
useTLS()
public boolean noCertCheck()
true
if certificates should not be validated@Nonnull public LdapProviderConfig setNoCertCheck(boolean noCertCheck)
noCertCheck
- true
to disable certificate validationthis
noCertCheck()
@CheckForNull public String getBindDN()
null
or an empty string,
anonymous connections are used.null
.@Nonnull public LdapProviderConfig setBindDN(@Nullable String bindDN)
bindDN
- the DNthis
getBindDN()
@CheckForNull public String getBindPassword()
@Nonnull public LdapProviderConfig setBindPassword(@Nullable String bindPassword)
bindPassword
- the passwordthis
getBindPassword()
public long getSearchTimeout()
@Nonnull public LdapProviderConfig setSearchTimeout(long searchTimeout)
searchTimeout
- the timeout in millisecondsthis
getSearchTimeout()
@Nonnull public String getGroupMemberAttribute()
@Nonnull public LdapProviderConfig setGroupMemberAttribute(@Nonnull String groupMemberAttribute)
groupMemberAttribute
- the attribute namethis
getGroupMemberAttribute()
@Nonnull public boolean getUseUidForExtId()
@Nonnull public LdapProviderConfig setUseUidForExtId(boolean useUidForExtId)
useUidForExtId
- the new value of #useUidForExtIdthis
getUseUidForExtId()
@Nonnull public String[] getCustomAttributes()
@Nonnull public LdapProviderConfig setCustomAttributes(@Nonnull String[] customAttributes)
customAttributes
- an array of attribute namespublic String getMemberOfSearchFilter(@Nonnull String dn)
(&(${memberAttribute}=${dn})(objectclass=${objectclass})${extraFilter})
Note that the objectclass part is repeated according to the specified objectclasses in
LdapProviderConfig.Identity.getObjectClasses()
of the group configuration.dn
- the dn of the identity to search for@Nonnull public LdapProviderConfig.Identity getUserConfig()
@Nonnull public LdapProviderConfig.Identity getGroupConfig()
@Nonnull public LdapProviderConfig.PoolConfig getAdminPoolConfig()
@Nonnull public LdapProviderConfig.PoolConfig getUserPoolConfig()
public static String encodeFilterValue(String value)
value
- Right hand side of "attrId=value" assertion occurring in an LDAP search filter.value
Copyright © 2012–2018 The Apache Software Foundation. All rights reserved.