Package org.apache.jackrabbit.oak.security.authentication.ldap.impl

Class LdapProviderConfig

java.lang.Object
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig
public class LdapProviderConfig extends Object
Configuration of the ldap provider.

  • Field Details

  • Constructor Details

    • LdapProviderConfig

      public LdapProviderConfig()

  • Method Details

    • of

      public static LdapProviderConfig of(ConfigurationParameters params)
      Creates a new LDAP provider configuration based on the properties store in the given parameters.
      Parameters:
      params - the configuration parameters.
      Returns:
      the config

    • getName

      @NotNull public @NotNull String getName()
      Returns the name of this provider configuration. The default is "ldap"
      Returns:
      the name.

    • setName

      @NotNull public @NotNull LdapProviderConfig setName(@NotNull @NotNull String name)
      Sets the name of this provider.
      Parameters:
      name - the name
      Returns:
      this
      See Also:

    • getHostname

      @NotNull public @NotNull String getHostname()
      Configures the hostname of the LDAP server. The default is "localhost"
      Returns:
      the hostname

    • setHostname

      @NotNull public @NotNull LdapProviderConfig setHostname(@NotNull @NotNull String hostname)
      Sets the hostname.
      Parameters:
      hostname - the hostname
      Returns:
      this
      See Also:

    • getPort

      public int getPort()
      Configures the port of the LDAP server. The default is 389
      Returns:
      the port

    • setPort

      @NotNull public @NotNull LdapProviderConfig setPort(int port)
      Sets the port.
      Parameters:
      port - the port
      Returns:
      this
      See Also:

    • useSSL

      public boolean useSSL()
      Configures whether SSL connections should be used. The default is false.
      Returns:
      true if SSL should be used.

    • setUseSSL

      @NotNull public @NotNull LdapProviderConfig setUseSSL(boolean useSSL)
      Enables SSL connections.
      Parameters:
      useSSL - true to enable SSL
      Returns:
      this
      See Also:

    • useTLS

      public boolean useTLS()
      Configures whether TLS connections should be used. The default is false.
      Returns:
      true if TLS should be used.

    • setUseTLS

      @NotNull public @NotNull LdapProviderConfig setUseTLS(boolean useTLS)
      Enables TLS connections.
      Parameters:
      useTLS - true to enable TLS
      Returns:
      this
      See Also:

    • noCertCheck

      public boolean noCertCheck()
      Configures whether certificates on SSL/TLS connections should be validated. The default is false.
      Returns:
      true if certificates should not be validated

    • setNoCertCheck

      @NotNull public @NotNull LdapProviderConfig setNoCertCheck(boolean noCertCheck)
      Disables certificate validation.
      Parameters:
      noCertCheck - true to disable certificate validation
      Returns:
      this
      See Also:

    • enabledProtocols

      @Nullable public @Nullable String[] enabledProtocols()
      Configures whether enabled protocols should be set on the LdapConnectionConfig.
      Returns:
      an array of enabled protocols or null if no protocols should be explicitly enabled

    • setEnabledProtocols

      @NotNull public @NotNull LdapProviderConfig setEnabledProtocols(@NotNull @NotNull String... enabledProtocols)
      Configures the enabled protocols to be set to the LdapConnectionConfig. By default no protocols are set explicitly.
      Parameters:
      enabledProtocols - The protocols to be enabled on the LdapConnectionConfig.
      Returns:
      this
      See Also:

    • getBindDN

      @Nullable public @Nullable String getBindDN()
      Configures the DN that is used to bind to the LDAP server. If this value is null or an empty string, anonymous connections are used.
      Returns:
      the bind DN or null.

    • setBindDN

      @NotNull public @NotNull LdapProviderConfig setBindDN(@Nullable @Nullable String bindDN)
      Sets the bind DN.
      Parameters:
      bindDN - the DN
      Returns:
      this
      See Also:

    • getBindPassword

      @Nullable public @Nullable String getBindPassword()
      Configures the password that is used to bind to the LDAP server. This value is not used for anonymous binds.
      Returns:
      the password.

    • setBindPassword

      @NotNull public @NotNull LdapProviderConfig setBindPassword(@Nullable @Nullable String bindPassword)
      Sets the bind password
      Parameters:
      bindPassword - the password
      Returns:
      this
      See Also:

    • getSearchTimeout

      public long getSearchTimeout()
      Configures the timeout in milliseconds that is used for all LDAP searches. The default is "60s".
      Returns:
      the timeout in milliseconds.

    • setSearchTimeout

      @NotNull public @NotNull LdapProviderConfig setSearchTimeout(long searchTimeout)
      Sets the search timeout.
      Parameters:
      searchTimeout - the timeout in milliseconds
      Returns:
      this
      See Also:

    • getGroupMemberAttribute

      @NotNull public @NotNull String getGroupMemberAttribute()
      Configures the attribute that stores the members of a group. Default is "uniquemember"
      Returns:
      the group member attribute

    • setGroupMemberAttribute

      @NotNull public @NotNull LdapProviderConfig setGroupMemberAttribute(@NotNull @NotNull String groupMemberAttribute)
      Sets the group member attribute.
      Parameters:
      groupMemberAttribute - the attribute name
      Returns:
      this
      See Also:

    • getUseUidForExtId

      public boolean getUseUidForExtId()
      If true, the value of the user id (resp. group name) attribute will be used to create external identifiers. Otherwise the DN will be used, which is the default.
      Returns:
      true iff the value of the user id (resp. group name) attribute will be used to create external identifiers

    • setUseUidForExtId

      @NotNull public @NotNull LdapProviderConfig setUseUidForExtId(boolean useUidForExtId)
      Sets the flag that controls if the user id (resp. gruop name) will be used instead of the DN to create external ids.
      Parameters:
      useUidForExtId - the new value of #useUidForExtId
      Returns:
      this
      See Also:

    • getCustomAttributes

      @NotNull public @NotNull String[] getCustomAttributes()
      Optionally configures an array of attribute names that will be retrieved when looking up LDAP entries. Defaults to the empty array indicating that all attributes will be retrieved.
      Returns:
      an array of attribute names. The empty array indicates that all attributes will be retrieved.

    • setCustomAttributes

      @NotNull public @NotNull LdapProviderConfig setCustomAttributes(@NotNull @NotNull String[] customAttributes)
      Sets the attribute names to be retrieved when looking up LDAP entries. The empty array indicates that all attributes will be retrieved.
      Parameters:
      customAttributes - an array of attribute names
      Returns:
      the Identity instance

    • getMemberOfSearchFilter

      public String getMemberOfSearchFilter(@NotNull @NotNull String dn)
      Returns the LDAP filter that is used when searching for groups where an identity is member of. The filter is based on the configuration and has the following format: 
      
     (&(${memberAttribute}=${dn})(objectclass=${objectclass})${extraFilter})
      Note that the objectclass part is repeated according to the specified objectclasses in LdapProviderConfig.Identity.getObjectClasses() of the group configuration.
      Parameters:
      dn - the dn of the identity to search for
      Returns:
      the search filter

    • getUserConfig

      @NotNull public @NotNull LdapProviderConfig.Identity getUserConfig()
      Returns the user specific configuration.
      Returns:
      the user config.

    • getGroupConfig

      @NotNull public @NotNull LdapProviderConfig.Identity getGroupConfig()
      Returns the group specific configuration.
      Returns:
      the groups config.

    • getAdminPoolConfig

      @NotNull public @NotNull LdapProviderConfig.PoolConfig getAdminPoolConfig()
      Returns the admin connection pool configuration.
      Returns:
      admin pool config

    • getUserPoolConfig

      @NotNull public @NotNull LdapProviderConfig.PoolConfig getUserPoolConfig()
      Returns the user connection pool configuration.
      Returns:
      user pool config

    • encodeFilterValue

      public static String encodeFilterValue(String value)
      Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String) in order to keep this configuration LDAP client independent. Handles encoding of special characters in LDAP search filter assertion values using the <valueencoding> rule as described in RFC 4515.
      Parameters:
      value - Right hand side of "attrId=value" assertion occurring in an LDAP search filter.
      Returns:
      Escaped version of value

    • toString

      public String toString()
      Overrides:
      toString in class Object