org.apache.jackrabbit.oak.security.authentication.ldap.impl

Class LdapProviderConfig

java.lang.Object

org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig

public class LdapProviderConfig
extends Object

Configuration of the ldap provider.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	LdapProviderConfig.Identity Defines the configuration of an identity (user or group).
class	LdapProviderConfig.PoolConfig Defines the configuration of a connection pool.

Field Summary

Fields

Modifier and Type	Field and Description
static String	PARAM_ADMIN_POOL_MAX_ACTIVE
static int	PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT
static String	PARAM_BIND_DN
static String	PARAM_BIND_DN_DEFAULT
static String	PARAM_BIND_PASSWORD
static String	PARAM_BIND_PASSWORD_DEFAULT
static String	PARAM_GROUP_BASE_DN
static String	PARAM_GROUP_BASE_DN_DEFAULT
static String	PARAM_GROUP_EXTRA_FILTER
static String	PARAM_GROUP_EXTRA_FILTER_DEFAULT
static String	PARAM_GROUP_MAKE_DN_PATH
static boolean	PARAM_GROUP_MAKE_DN_PATH_DEFAULT
static String	PARAM_GROUP_MEMBER_ATTRIBUTE
static String	PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT
static String	PARAM_GROUP_NAME_ATTRIBUTE
static String	PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT
static String	PARAM_GROUP_OBJECTCLASS
static String[]	PARAM_GROUP_OBJECTCLASS_DEFAULT
static String	PARAM_LDAP_HOST
static String	PARAM_LDAP_HOST_DEFAULT
static String	PARAM_LDAP_PORT
static int	PARAM_LDAP_PORT_DEFAULT
static String	PARAM_NAME
static String	PARAM_NAME_DEFAULT
static String	PARAM_NO_CERT_CHECK
static boolean	PARAM_NO_CERT_CHECK_DEFAULT
static String	PARAM_SEARCH_TIMEOUT
static String	PARAM_SEARCH_TIMEOUT_DEFAULT
static String	PARAM_USE_SSL
static boolean	PARAM_USE_SSL_DEFAULT
static String	PARAM_USE_TLS
static boolean	PARAM_USE_TLS_DEFAULT
static String	PARAM_USER_BASE_DN
static String	PARAM_USER_BASE_DN_DEFAULT
static String	PARAM_USER_EXTRA_FILTER
static String	PARAM_USER_EXTRA_FILTER_DEFAULT
static String	PARAM_USER_ID_ATTRIBUTE
static String	PARAM_USER_ID_ATTRIBUTE_DEFAULT
static String	PARAM_USER_MAKE_DN_PATH
static boolean	PARAM_USER_MAKE_DN_PATH_DEFAULT
static String	PARAM_USER_OBJECTCLASS
static String[]	PARAM_USER_OBJECTCLASS_DEFAULT
static String	PARAM_USER_POOL_MAX_ACTIVE
static int	PARAM_USER_POOL_MAX_ACTIVE_DEFAULT

Constructor Summary

Constructors

Constructor and Description
LdapProviderConfig()

Method Summary

Methods

Modifier and Type	Method and Description
static String	encodeFilterValue(String value) Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String) in order to keep this configuration LDAP client independent.
LdapProviderConfig.PoolConfig	getAdminPoolConfig() Returns the admin connection pool configuration.
String	getBindDN() Configures the DN that is used to bind to the LDAP server.
String	getBindPassword() Configures the password that is used to bind to the LDAP server.
LdapProviderConfig.Identity	getGroupConfig() Returns the group specific configuration.
String	getGroupMemberAttribute() Configures the attribute that stores the members of a group.
String	getHostname() Configures the hostname of the LDAP server.
String	getMemberOfSearchFilter(String dn) Returns the LDAP filter that is used when searching for groups where an identity is member of.
String	getName() Returns the name of this provider configuration.
int	getPort() Configures the port of the LDAP server.
long	getSearchTimeout() Configures the timeout in milliseconds that is used for all LDAP searches.
LdapProviderConfig.Identity	getUserConfig() Returns the user specific configuration.
LdapProviderConfig.PoolConfig	getUserPoolConfig() Returns the user connection pool configuration.
boolean	noCertCheck() Configures whether certificates on SSL/TLS connections should be validated.
static LdapProviderConfig	of(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters params) Creates a new LDAP provider configuration based on the properties store in the given parameters.
LdapProviderConfig	setBindDN(String bindDN) Sets the bind DN.
LdapProviderConfig	setBindPassword(String bindPassword) Sets the bind password
LdapProviderConfig	setGroupMemberAttribute(String groupMemberAttribute) Sets the group member attribute.
LdapProviderConfig	setHostname(String hostname) Sets the hostname.
LdapProviderConfig	setName(String name) Sets the name of this provider.
LdapProviderConfig	setNoCertCheck(boolean noCertCheck) Disables certificate validation.
LdapProviderConfig	setPort(int port) Sets the port.
LdapProviderConfig	setSearchTimeout(long searchTimeout) Sets the search timeout.
LdapProviderConfig	setUseSSL(boolean useSSL) Enables SSL connections.
LdapProviderConfig	setUseTLS(boolean useTLS) Enables TLS connections.
String	toString()
boolean	useSSL() Configures whether SSL connections should be used.
boolean	useTLS() Configures whether TLS connections should be used.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

PARAM_NAME_DEFAULT

public static final String PARAM_NAME_DEFAULT

See Also:

getName(), Constant Field Values

PARAM_NAME

@Property(label="LDAP Provider Name",
          description="Name of this LDAP provider configuration. This is used to reference this provider by the login modules.",
          value="ldap")
public static final String PARAM_NAME

See Also:

getName(), Constant Field Values

PARAM_LDAP_HOST_DEFAULT

public static final String PARAM_LDAP_HOST_DEFAULT

See Also:

getHostname(), Constant Field Values

PARAM_LDAP_HOST

@Property(label="LDAP Server Hostname",
          description="Hostname of the LDAP server",
          value="localhost")
public static final String PARAM_LDAP_HOST

See Also:

getHostname(), Constant Field Values

PARAM_LDAP_PORT_DEFAULT

public static final int PARAM_LDAP_PORT_DEFAULT

See Also:

getPort(), Constant Field Values

PARAM_LDAP_PORT

@Property(label="LDAP Server Port",
          description="Port of the LDAP server",
          intValue=389)
public static final String PARAM_LDAP_PORT

See Also:

getPort(), Constant Field Values

PARAM_USE_SSL_DEFAULT

public static final boolean PARAM_USE_SSL_DEFAULT

See Also:

useSSL(), Constant Field Values

PARAM_USE_SSL

@Property(label="Use SSL",
          description="Indicates if an SSL (LDAPs) connection should be used.",
          boolValue=false)
public static final String PARAM_USE_SSL

See Also:

useSSL(), Constant Field Values

PARAM_USE_TLS_DEFAULT

public static final boolean PARAM_USE_TLS_DEFAULT

See Also:

useTLS(), Constant Field Values

PARAM_USE_TLS

@Property(label="Use TLS",
          description="Indicates if TLS should be started on connections.",
          boolValue=false)
public static final String PARAM_USE_TLS

See Also:

useTLS(), Constant Field Values

PARAM_NO_CERT_CHECK_DEFAULT

public static final boolean PARAM_NO_CERT_CHECK_DEFAULT

See Also:

noCertCheck(), Constant Field Values

PARAM_NO_CERT_CHECK

@Property(label="Disable certificate checking",
          description="Indicates if server certificate validation should be disabled.",
          boolValue=false)
public static final String PARAM_NO_CERT_CHECK

See Also:

noCertCheck(), Constant Field Values

PARAM_BIND_DN_DEFAULT

public static final String PARAM_BIND_DN_DEFAULT

See Also:

getBindDN(), Constant Field Values

PARAM_BIND_DN

@Property(label="Bind DN",
          description="DN of the user for authentication. Leave empty for anonymous bind.",
          value="")
public static final String PARAM_BIND_DN

See Also:

getBindDN(), Constant Field Values

PARAM_BIND_PASSWORD_DEFAULT

public static final String PARAM_BIND_PASSWORD_DEFAULT

See Also:

getBindPassword(), Constant Field Values

PARAM_BIND_PASSWORD

@Property(label="Bind Password",
          description="Password of the user for authentication.",
          passwordValue="")
public static final String PARAM_BIND_PASSWORD

See Also:

getBindPassword(), Constant Field Values

PARAM_SEARCH_TIMEOUT_DEFAULT

public static final String PARAM_SEARCH_TIMEOUT_DEFAULT

See Also:

getSearchTimeout(), Constant Field Values

PARAM_SEARCH_TIMEOUT

@Property(label="Search Timeout",
          description="Time in until a search times out (eg: \'1s\' or \'1m 30s\').",
          value="60s")
public static final String PARAM_SEARCH_TIMEOUT

See Also:

getSearchTimeout(), Constant Field Values

PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT

public static final int PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT

See Also:

LdapProviderConfig.PoolConfig.getMaxActive(), Constant Field Values

PARAM_ADMIN_POOL_MAX_ACTIVE

@Property(label="Admin pool max active",
          description="The max active size of the admin connection pool.",
          longValue=8L)
public static final String PARAM_ADMIN_POOL_MAX_ACTIVE

See Also:

LdapProviderConfig.PoolConfig.getMaxActive(), Constant Field Values

PARAM_USER_POOL_MAX_ACTIVE_DEFAULT

public static final int PARAM_USER_POOL_MAX_ACTIVE_DEFAULT

See Also:

LdapProviderConfig.PoolConfig.getMaxActive(), Constant Field Values

PARAM_USER_POOL_MAX_ACTIVE

@Property(label="User pool max active",
          description="The max active size of the user connection pool.",
          longValue=8L)
public static final String PARAM_USER_POOL_MAX_ACTIVE

See Also:

LdapProviderConfig.PoolConfig.getMaxActive(), Constant Field Values

PARAM_USER_BASE_DN_DEFAULT

public static final String PARAM_USER_BASE_DN_DEFAULT

See Also:

LdapProviderConfig.Identity.getBaseDN(), Constant Field Values

PARAM_USER_BASE_DN

@Property(label="User base DN",
          description="The base DN for user searches.",
          value="ou=people,o=example,dc=com")
public static final String PARAM_USER_BASE_DN

See Also:

LdapProviderConfig.Identity.getBaseDN(), Constant Field Values

PARAM_USER_OBJECTCLASS_DEFAULT

public static final String[] PARAM_USER_OBJECTCLASS_DEFAULT

See Also:

LdapProviderConfig.Identity.getObjectClasses()

PARAM_USER_OBJECTCLASS

@Property(label="User object classes",
          description="The list of object classes an user entry must contain.",
          value="person",
          cardinality=2147483647)
public static final String PARAM_USER_OBJECTCLASS

See Also:

LdapProviderConfig.Identity.getObjectClasses(), Constant Field Values

PARAM_USER_ID_ATTRIBUTE_DEFAULT

public static final String PARAM_USER_ID_ATTRIBUTE_DEFAULT

See Also:

LdapProviderConfig.Identity.getIdAttribute(), Constant Field Values

PARAM_USER_ID_ATTRIBUTE

@Property(label="User id attribute",
          description="Name of the attribute that contains the user id.",
          value="uid")
public static final String PARAM_USER_ID_ATTRIBUTE

See Also:

LdapProviderConfig.Identity.getIdAttribute(), Constant Field Values

PARAM_USER_EXTRA_FILTER_DEFAULT

public static final String PARAM_USER_EXTRA_FILTER_DEFAULT

See Also:

LdapProviderConfig.Identity.getExtraFilter(), Constant Field Values

PARAM_USER_EXTRA_FILTER

@Property(label="User extra filter",
          description="Extra LDAP filter to use when searching for users. The final filter isformatted like: \'(&(=)(objectclass=))\'",
          value="")
public static final String PARAM_USER_EXTRA_FILTER

See Also:

LdapProviderConfig.Identity.getExtraFilter(), Constant Field Values

PARAM_USER_MAKE_DN_PATH_DEFAULT

public static final boolean PARAM_USER_MAKE_DN_PATH_DEFAULT

See Also:

LdapProviderConfig.Identity.makeDnPath(), Constant Field Values

PARAM_USER_MAKE_DN_PATH

@Property(label="User DN paths",
          description="Controls if the DN should be used for calculating a portion of the intermediate path.",
          boolValue=false)
public static final String PARAM_USER_MAKE_DN_PATH

See Also:

LdapProviderConfig.Identity.makeDnPath(), Constant Field Values

PARAM_GROUP_BASE_DN_DEFAULT

public static final String PARAM_GROUP_BASE_DN_DEFAULT

See Also:

LdapProviderConfig.Identity.getBaseDN(), Constant Field Values

PARAM_GROUP_BASE_DN

@Property(label="Group base DN",
          description="The base DN for group searches.",
          value="ou=groups,o=example,dc=com")
public static final String PARAM_GROUP_BASE_DN

See Also:

LdapProviderConfig.Identity.getBaseDN(), Constant Field Values

PARAM_GROUP_OBJECTCLASS_DEFAULT

public static final String[] PARAM_GROUP_OBJECTCLASS_DEFAULT

See Also:

LdapProviderConfig.Identity.getObjectClasses()

PARAM_GROUP_OBJECTCLASS

@Property(label="Group object classes",
          description="The list of object classes a group entry must contain.",
          value="groupOfUniqueNames",
          cardinality=2147483647)
public static final String PARAM_GROUP_OBJECTCLASS

See Also:

LdapProviderConfig.Identity.getObjectClasses(), Constant Field Values

PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT

public static final String PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT

See Also:

LdapProviderConfig.Identity.getIdAttribute(), Constant Field Values

PARAM_GROUP_NAME_ATTRIBUTE

@Property(label="Group name attribute",
          description="Name of the attribute that contains the group name.",
          value="cn")
public static final String PARAM_GROUP_NAME_ATTRIBUTE

See Also:

LdapProviderConfig.Identity.getIdAttribute(), Constant Field Values

PARAM_GROUP_EXTRA_FILTER_DEFAULT

public static final String PARAM_GROUP_EXTRA_FILTER_DEFAULT

See Also:

LdapProviderConfig.Identity.getExtraFilter(), Constant Field Values

PARAM_GROUP_EXTRA_FILTER

@Property(label="Group extra filter",
          description="Extra LDAP filter to use when searching for groups. The final filter isformatted like: \'(&(=)(objectclass=))\'",
          value="")
public static final String PARAM_GROUP_EXTRA_FILTER

See Also:

LdapProviderConfig.Identity.getExtraFilter(), Constant Field Values

PARAM_GROUP_MAKE_DN_PATH_DEFAULT

public static final boolean PARAM_GROUP_MAKE_DN_PATH_DEFAULT

See Also:

LdapProviderConfig.Identity.makeDnPath(), Constant Field Values

PARAM_GROUP_MAKE_DN_PATH

@Property(label="Group DN paths",
          description="Controls if the DN should be used for calculating a portion of the intermediate path.",
          boolValue=false)
public static final String PARAM_GROUP_MAKE_DN_PATH

See Also:

LdapProviderConfig.Identity.makeDnPath(), Constant Field Values

PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT

public static final String PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT

See Also:

getGroupMemberAttribute(), Constant Field Values

PARAM_GROUP_MEMBER_ATTRIBUTE

@Property(label="Group member attribute",
          description="Group attribute that contains the member(s) of a group.",
          value="uniquemember")
public static final String PARAM_GROUP_MEMBER_ATTRIBUTE

See Also:

getGroupMemberAttribute(), Constant Field Values

Constructor Detail

LdapProviderConfig

public LdapProviderConfig()

Method Detail

of

public static LdapProviderConfig of(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters params)

Creates a new LDAP provider configuration based on the properties store in the given parameters.

Parameters:

params - the configuration parameters.

Returns:

the config

getName

@Nonnull
public String getName()

Returns the name of this provider configuration. The default is "ldap"

Returns:

the name.

setName

@Nonnull
public LdapProviderConfig setName(@Nonnull
                                 String name)

Sets the name of this provider.

Parameters:

name - the name

Returns:

this

See Also:

getName()

getHostname

@Nonnull
public String getHostname()

Configures the hostname of the LDAP server. The default is "localhost"

Returns:

the hostname

setHostname

@Nonnull
public LdapProviderConfig setHostname(@Nonnull
                                     String hostname)

Sets the hostname.

Parameters:

hostname - the hostname

Returns:

this

See Also:

getHostname()

getPort

public int getPort()

Configures the port of the LDAP server. The default is 389

Returns:

the port

setPort

@Nonnull
public LdapProviderConfig setPort(int port)

Sets the port.

Parameters:

port - the port

Returns:

this

See Also:

getPort()

useSSL

public boolean useSSL()

Configures whether SSL connections should be used. The default is false.

Returns:

true if SSL should be used.

setUseSSL

@Nonnull
public LdapProviderConfig setUseSSL(boolean useSSL)

Enables SSL connections.

Parameters:

useSSL - true to enable SSL

Returns:

this

See Also:

useSSL()

useTLS

public boolean useTLS()

Configures whether TLS connections should be used. The default is false.

Returns:

true if TLS should be used.

setUseTLS

@Nonnull
public LdapProviderConfig setUseTLS(boolean useTLS)

Enables TLS connections.

Parameters:

useTLS - true to enable TLS

Returns:

this

See Also:

useTLS()

noCertCheck

public boolean noCertCheck()

Configures whether certificates on SSL/TLS connections should be validated. The default is false.

Returns:

true if certificates should not be validated

setNoCertCheck

@Nonnull
public LdapProviderConfig setNoCertCheck(boolean noCertCheck)

Disables certificate validation.

Parameters:

noCertCheck - true to disable certificate validation

Returns:

this

See Also:

noCertCheck()

getBindDN

@CheckForNull
public String getBindDN()

Configures the DN that is used to bind to the LDAP server. If this value is null or an empty string, anonymous connections are used.

Returns:

the bind DN or null.

setBindDN

@Nonnull
public LdapProviderConfig setBindDN(@Nullable
                                   String bindDN)

Sets the bind DN.

Parameters:

bindDN - the DN

Returns:

this

See Also:

getBindDN()

getBindPassword

@CheckForNull
public String getBindPassword()

Configures the password that is used to bind to the LDAP server. This value is not used for anonymous binds.

Returns:

the password.

setBindPassword

@Nonnull
public LdapProviderConfig setBindPassword(@Nullable
                                         String bindPassword)

Sets the bind password

Parameters:

bindPassword - the password

Returns:

this

See Also:

getBindPassword()

getSearchTimeout

public long getSearchTimeout()

Configures the timeout in milliseconds that is used for all LDAP searches. The default is "60s".

Returns:

the timeout in milliseconds.

setSearchTimeout

@Nonnull
public LdapProviderConfig setSearchTimeout(long searchTimeout)

Sets the search timeout.

Parameters:

searchTimeout - the timeout in milliseconds

Returns:

this

See Also:

getSearchTimeout()

getGroupMemberAttribute

@Nonnull
public String getGroupMemberAttribute()

Configures the attribute that stores the members of a group. Default is "uniquemember"

Returns:

the group member attribute

setGroupMemberAttribute

@Nonnull
public LdapProviderConfig setGroupMemberAttribute(@Nonnull
                                                 String groupMemberAttribute)

Sets the group member attribute.

Parameters:

groupMemberAttribute - the attribute name

Returns:

this

See Also:

getGroupMemberAttribute()

getMemberOfSearchFilter

public String getMemberOfSearchFilter(@Nonnull
                             String dn)

Returns the LDAP filter that is used when searching for groups where an identity is member of. The filter is based on the configuration and has the following format:

     (&(${memberAttribute}=${dn})(objectclass=${objectclass})${extraFilter})
 

Note that the objectclass part is repeated according to the specified objectclasses in LdapProviderConfig.Identity.getObjectClasses() of the group configuration.

Parameters:

dn - the dn of the identity to search for

Returns:

the search filter

getUserConfig

@Nonnull
public LdapProviderConfig.Identity getUserConfig()

Returns the user specific configuration.

Returns:

the user config.

getGroupConfig

@Nonnull
public LdapProviderConfig.Identity getGroupConfig()

Returns the group specific configuration.

Returns:

the groups config.

getAdminPoolConfig

@Nonnull
public LdapProviderConfig.PoolConfig getAdminPoolConfig()

Returns the admin connection pool configuration.

Returns:

admin pool config

getUserPoolConfig

@Nonnull
public LdapProviderConfig.PoolConfig getUserPoolConfig()

Returns the user connection pool configuration.

Returns:

user pool config

encodeFilterValue

public static String encodeFilterValue(String value)

Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String) in order to keep this configuration LDAP client independent. Handles encoding of special characters in LDAP search filter assertion values using the <valueencoding> rule as described in RFC 4515.

Parameters:

value - Right hand side of "attrId=value" assertion occurring in an LDAP search filter.

Returns:

Escaped version of value

toString

public String toString()

Overrides:

toString in class Object