Package org.apache.jackrabbit.oak.security.authentication.ldap.impl

Class LdapProviderConfig

  • public class LdapProviderConfig
extends java.lang.Object
    Configuration of the ldap provider.

    • Field Detail

      • PARAM_NAME_DEFAULT

        public static final java.lang.String PARAM_NAME_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_LDAP_HOST_DEFAULT

        public static final java.lang.String PARAM_LDAP_HOST_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_LDAP_PORT_DEFAULT

        public static final int PARAM_LDAP_PORT_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USE_SSL_DEFAULT

        public static final boolean PARAM_USE_SSL_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USE_TLS_DEFAULT

        public static final boolean PARAM_USE_TLS_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_NO_CERT_CHECK

        public static final java.lang.String PARAM_NO_CERT_CHECK
        See Also:
        Constant Field Values

      • PARAM_NO_CERT_CHECK_DEFAULT

        public static final boolean PARAM_NO_CERT_CHECK_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_ENABLED_PROTOCOLS

        public static final java.lang.String PARAM_ENABLED_PROTOCOLS
        See Also:
        Constant Field Values

      • PARAM_BIND_DN_DEFAULT

        public static final java.lang.String PARAM_BIND_DN_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_BIND_PASSWORD

        public static final java.lang.String PARAM_BIND_PASSWORD
        See Also:
        Constant Field Values

      • PARAM_BIND_PASSWORD_DEFAULT

        public static final java.lang.String PARAM_BIND_PASSWORD_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_SEARCH_TIMEOUT

        public static final java.lang.String PARAM_SEARCH_TIMEOUT
        See Also:
        Constant Field Values

      • PARAM_SEARCH_TIMEOUT_DEFAULT

        public static final java.lang.String PARAM_SEARCH_TIMEOUT_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_MAX_ACTIVE

        public static final java.lang.String PARAM_ADMIN_POOL_MAX_ACTIVE
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT

        public static final int PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE

        public static final java.lang.String PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE_DEFAULT

        public static final boolean PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_MIN_EVICTABLE_IDLE_TIME

        public static final java.lang.String PARAM_ADMIN_POOL_MIN_EVICTABLE_IDLE_TIME
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_MIN_EVICTABLE_IDLE_TIME_DEFAULT

        public static final java.lang.String PARAM_ADMIN_POOL_MIN_EVICTABLE_IDLE_TIME_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_TIME_BETWEEN_EVICTION_RUNS

        public static final java.lang.String PARAM_ADMIN_POOL_TIME_BETWEEN_EVICTION_RUNS
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_TIME_BETWEEN_EVICTION_RUNS_DEFAULT

        public static final java.lang.String PARAM_ADMIN_POOL_TIME_BETWEEN_EVICTION_RUNS_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_NUM_TESTS_PER_EVICTION_RUN

        public static final java.lang.String PARAM_ADMIN_POOL_NUM_TESTS_PER_EVICTION_RUN
        See Also:
        Constant Field Values

      • PARAM_ADMIN_POOL_NUM_TESTS_PER_EVICTION_RUN_DEFAULT

        public static final int PARAM_ADMIN_POOL_NUM_TESTS_PER_EVICTION_RUN_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_MAX_ACTIVE

        public static final java.lang.String PARAM_USER_POOL_MAX_ACTIVE
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_MAX_ACTIVE_DEFAULT

        public static final int PARAM_USER_POOL_MAX_ACTIVE_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_LOOKUP_ON_VALIDATE

        public static final java.lang.String PARAM_USER_POOL_LOOKUP_ON_VALIDATE
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_LOOKUP_ON_VALIDATE_DEFAULT

        public static final boolean PARAM_USER_POOL_LOOKUP_ON_VALIDATE_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_MIN_EVICTABLE_IDLE_TIME

        public static final java.lang.String PARAM_USER_POOL_MIN_EVICTABLE_IDLE_TIME
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_MIN_EVICTABLE_IDLE_TIME_DEFAULT

        public static final java.lang.String PARAM_USER_POOL_MIN_EVICTABLE_IDLE_TIME_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_TIME_BETWEEN_EVICTION_RUNS

        public static final java.lang.String PARAM_USER_POOL_TIME_BETWEEN_EVICTION_RUNS
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_TIME_BETWEEN_EVICTION_RUNS_DEFAULT

        public static final java.lang.String PARAM_USER_POOL_TIME_BETWEEN_EVICTION_RUNS_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_NUM_TESTS_PER_EVICTION_RUN

        public static final java.lang.String PARAM_USER_POOL_NUM_TESTS_PER_EVICTION_RUN
        See Also:
        Constant Field Values

      • PARAM_USER_POOL_NUM_TESTS_PER_EVICTION_RUN_DEFAULT

        public static final int PARAM_USER_POOL_NUM_TESTS_PER_EVICTION_RUN_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USER_BASE_DN

        public static final java.lang.String PARAM_USER_BASE_DN
        See Also:
        Constant Field Values

      • PARAM_USER_BASE_DN_DEFAULT

        public static final java.lang.String PARAM_USER_BASE_DN_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USER_OBJECTCLASS

        public static final java.lang.String PARAM_USER_OBJECTCLASS
        See Also:
        Constant Field Values

      • PARAM_USER_OBJECTCLASS_DEFAULT

        public static final java.lang.String[] PARAM_USER_OBJECTCLASS_DEFAULT

      • PARAM_USER_ID_ATTRIBUTE

        public static final java.lang.String PARAM_USER_ID_ATTRIBUTE
        See Also:
        Constant Field Values

      • PARAM_USER_ID_ATTRIBUTE_DEFAULT

        public static final java.lang.String PARAM_USER_ID_ATTRIBUTE_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USER_EXTRA_FILTER

        public static final java.lang.String PARAM_USER_EXTRA_FILTER
        See Also:
        Constant Field Values

      • PARAM_USER_EXTRA_FILTER_DEFAULT

        public static final java.lang.String PARAM_USER_EXTRA_FILTER_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USER_MAKE_DN_PATH

        public static final java.lang.String PARAM_USER_MAKE_DN_PATH
        See Also:
        Constant Field Values

      • PARAM_USER_MAKE_DN_PATH_DEFAULT

        public static final boolean PARAM_USER_MAKE_DN_PATH_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_GROUP_BASE_DN

        public static final java.lang.String PARAM_GROUP_BASE_DN
        See Also:
        Constant Field Values

      • PARAM_GROUP_BASE_DN_DEFAULT

        public static final java.lang.String PARAM_GROUP_BASE_DN_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_GROUP_OBJECTCLASS

        public static final java.lang.String PARAM_GROUP_OBJECTCLASS
        See Also:
        Constant Field Values

      • PARAM_GROUP_OBJECTCLASS_DEFAULT

        public static final java.lang.String[] PARAM_GROUP_OBJECTCLASS_DEFAULT

      • PARAM_GROUP_NAME_ATTRIBUTE

        public static final java.lang.String PARAM_GROUP_NAME_ATTRIBUTE
        See Also:
        Constant Field Values

      • PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT

        public static final java.lang.String PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_GROUP_EXTRA_FILTER

        public static final java.lang.String PARAM_GROUP_EXTRA_FILTER
        See Also:
        Constant Field Values

      • PARAM_GROUP_EXTRA_FILTER_DEFAULT

        public static final java.lang.String PARAM_GROUP_EXTRA_FILTER_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_GROUP_MAKE_DN_PATH

        public static final java.lang.String PARAM_GROUP_MAKE_DN_PATH
        See Also:
        Constant Field Values

      • PARAM_GROUP_MAKE_DN_PATH_DEFAULT

        public static final boolean PARAM_GROUP_MAKE_DN_PATH_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_GROUP_MEMBER_ATTRIBUTE

        public static final java.lang.String PARAM_GROUP_MEMBER_ATTRIBUTE
        See Also:
        Constant Field Values

      • PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT

        public static final java.lang.String PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_USE_UID_FOR_EXT_ID

        public static final java.lang.String PARAM_USE_UID_FOR_EXT_ID
        See Also:
        Constant Field Values

      • PARAM_USE_UID_FOR_EXT_ID_DEFAULT

        public static final boolean PARAM_USE_UID_FOR_EXT_ID_DEFAULT
        See Also:
        Constant Field Values

      • PARAM_CUSTOM_ATTRIBUTES

        public static final java.lang.String PARAM_CUSTOM_ATTRIBUTES
        See Also:
        Constant Field Values

      • PARAM_CUSTOM_ATTRIBUTES_DEFAULT

        public static final java.lang.String[] PARAM_CUSTOM_ATTRIBUTES_DEFAULT

    • Constructor Detail

      • LdapProviderConfig

        public LdapProviderConfig()

    • Method Detail

      • of

        public static LdapProviderConfig of​(ConfigurationParameters params)
        Creates a new LDAP provider configuration based on the properties store in the given parameters.
        Parameters:
        params - the configuration parameters.
        Returns:
        the config

      • getName

        @NotNull
public @NotNull java.lang.String getName()
        Returns the name of this provider configuration. The default is "ldap"
        Returns:
        the name.

      • setName

        @NotNull
public @NotNull LdapProviderConfig setName​(@NotNull
                                           @NotNull java.lang.String name)
        Sets the name of this provider.
        Parameters:
        name - the name
        Returns:
        this
        See Also:
        getName()

      • getHostname

        @NotNull
public @NotNull java.lang.String getHostname()
        Configures the hostname of the LDAP server. The default is "localhost"
        Returns:
        the hostname

      • setHostname

        @NotNull
public @NotNull LdapProviderConfig setHostname​(@NotNull
                                               @NotNull java.lang.String hostname)
        Sets the hostname.
        Parameters:
        hostname - the hostname
        Returns:
        this
        See Also:
        getHostname()

      • getPort

        public int getPort()
        Configures the port of the LDAP server. The default is 389
        Returns:
        the port

      • setPort

        @NotNull
public @NotNull LdapProviderConfig setPort​(int port)
        Sets the port.
        Parameters:
        port - the port
        Returns:
        this
        See Also:
        getPort()

      • useSSL

        public boolean useSSL()
        Configures whether SSL connections should be used. The default is false.
        Returns:
        true if SSL should be used.

      • setUseSSL

        @NotNull
public @NotNull LdapProviderConfig setUseSSL​(boolean useSSL)
        Enables SSL connections.
        Parameters:
        useSSL - true to enable SSL
        Returns:
        this
        See Also:
        useSSL()

      • useTLS

        public boolean useTLS()
        Configures whether TLS connections should be used. The default is false.
        Returns:
        true if TLS should be used.

      • setUseTLS

        @NotNull
public @NotNull LdapProviderConfig setUseTLS​(boolean useTLS)
        Enables TLS connections.
        Parameters:
        useTLS - true to enable TLS
        Returns:
        this
        See Also:
        useTLS()

      • noCertCheck

        public boolean noCertCheck()
        Configures whether certificates on SSL/TLS connections should be validated. The default is false.
        Returns:
        true if certificates should not be validated

      • setNoCertCheck

        @NotNull
public @NotNull LdapProviderConfig setNoCertCheck​(boolean noCertCheck)
        Disables certificate validation.
        Parameters:
        noCertCheck - true to disable certificate validation
        Returns:
        this
        See Also:
        noCertCheck()

      • enabledProtocols

        @Nullable
public @Nullable java.lang.String[] enabledProtocols()
        Configures whether enabled protocols should be set on the LdapConnectionConfig.
        Returns:
        an array of enabled protocols or null if no protocols should be explicitly enabled

      • setEnabledProtocols

        @NotNull
public @NotNull LdapProviderConfig setEnabledProtocols​(@NotNull
                                                       @NotNull java.lang.String... enabledProtocols)
        Configures the enabled protocols to be set to the LdapConnectionConfig. By default no protocols are set explicitly.
        Parameters:
        enabledProtocols - The protocols to be enabled on the LdapConnectionConfig.
        Returns:
        this
        See Also:
        enabledProtocols()

      • getBindDN

        @Nullable
public @Nullable java.lang.String getBindDN()
        Configures the DN that is used to bind to the LDAP server. If this value is null or an empty string, anonymous connections are used.
        Returns:
        the bind DN or null.

      • setBindDN

        @NotNull
public @NotNull LdapProviderConfig setBindDN​(@Nullable
                                             @Nullable java.lang.String bindDN)
        Sets the bind DN.
        Parameters:
        bindDN - the DN
        Returns:
        this
        See Also:
        getBindDN()

      • getBindPassword

        @Nullable
public @Nullable java.lang.String getBindPassword()
        Configures the password that is used to bind to the LDAP server. This value is not used for anonymous binds.
        Returns:
        the password.

      • setBindPassword

        @NotNull
public @NotNull LdapProviderConfig setBindPassword​(@Nullable
                                                   @Nullable java.lang.String bindPassword)
        Sets the bind password
        Parameters:
        bindPassword - the password
        Returns:
        this
        See Also:
        getBindPassword()

      • getSearchTimeout

        public long getSearchTimeout()
        Configures the timeout in milliseconds that is used for all LDAP searches. The default is "60s".
        Returns:
        the timeout in milliseconds.

      • setSearchTimeout

        @NotNull
public @NotNull LdapProviderConfig setSearchTimeout​(long searchTimeout)
        Sets the search timeout.
        Parameters:
        searchTimeout - the timeout in milliseconds
        Returns:
        this
        See Also:
        getSearchTimeout()

      • getGroupMemberAttribute

        @NotNull
public @NotNull java.lang.String getGroupMemberAttribute()
        Configures the attribute that stores the members of a group. Default is "uniquemember"
        Returns:
        the group member attribute

      • setGroupMemberAttribute

        @NotNull
public @NotNull LdapProviderConfig setGroupMemberAttribute​(@NotNull
                                                           @NotNull java.lang.String groupMemberAttribute)
        Sets the group member attribute.
        Parameters:
        groupMemberAttribute - the attribute name
        Returns:
        this
        See Also:
        getGroupMemberAttribute()

      • getUseUidForExtId

        public boolean getUseUidForExtId()
        If true, the value of the user id (resp. group name) attribute will be used to create external identifiers. Otherwise the DN will be used, which is the default.
        Returns:
        true iff the value of the user id (resp. group name) attribute will be used to create external identifiers

      • setUseUidForExtId

        @NotNull
public @NotNull LdapProviderConfig setUseUidForExtId​(boolean useUidForExtId)
        Sets the flag that controls if the user id (resp. gruop name) will be used instead of the DN to create external ids.
        Parameters:
        useUidForExtId - the new value of #useUidForExtId
        Returns:
        this
        See Also:
        getUseUidForExtId()

      • getCustomAttributes

        @NotNull
public @NotNull java.lang.String[] getCustomAttributes()
        Optionally configures an array of attribute names that will be retrieved when looking up LDAP entries. Defaults to the empty array indicating that all attributes will be retrieved.
        Returns:
        an array of attribute names. The empty array indicates that all attributes will be retrieved.

      • setCustomAttributes

        @NotNull
public @NotNull LdapProviderConfig setCustomAttributes​(@NotNull
                                                       @NotNull java.lang.String[] customAttributes)
        Sets the attribute names to be retrieved when looking up LDAP entries. The empty array indicates that all attributes will be retrieved.
        Parameters:
        customAttributes - an array of attribute names
        Returns:
        the Identity instance

      • getMemberOfSearchFilter

        public java.lang.String getMemberOfSearchFilter​(@NotNull
                                                @NotNull java.lang.String dn)
        Returns the LDAP filter that is used when searching for groups where an identity is member of. The filter is based on the configuration and has the following format: 
        
     (&(${memberAttribute}=${dn})(objectclass=${objectclass})${extraFilter})
        Note that the objectclass part is repeated according to the specified objectclasses in LdapProviderConfig.Identity.getObjectClasses() of the group configuration.
        Parameters:
        dn - the dn of the identity to search for
        Returns:
        the search filter

      • getUserConfig

        @NotNull
public @NotNull LdapProviderConfig.Identity getUserConfig()
        Returns the user specific configuration.
        Returns:
        the user config.

      • getGroupConfig

        @NotNull
public @NotNull LdapProviderConfig.Identity getGroupConfig()
        Returns the group specific configuration.
        Returns:
        the groups config.

      • getAdminPoolConfig

        @NotNull
public @NotNull LdapProviderConfig.PoolConfig getAdminPoolConfig()
        Returns the admin connection pool configuration.
        Returns:
        admin pool config

      • getUserPoolConfig

        @NotNull
public @NotNull LdapProviderConfig.PoolConfig getUserPoolConfig()
        Returns the user connection pool configuration.
        Returns:
        user pool config

      • encodeFilterValue

        public static java.lang.String encodeFilterValue​(java.lang.String value)
        Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String) in order to keep this configuration LDAP client independent. Handles encoding of special characters in LDAP search filter assertion values using the <valueencoding> rule as described in RFC 4515.
        Parameters:
        value - Right hand side of "attrId=value" assertion occurring in an LDAP search filter.
        Returns:
        Escaped version of value

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object