Class LdapProviderConfig
- java.lang.Object
-
- org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig
-
public class LdapProviderConfig extends Object
Configuration of the ldap provider.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
LdapProviderConfig.Identity
Defines the configuration of an identity (user or group).static class
LdapProviderConfig.PoolConfig
Defines the configuration of a connection pool.
-
Field Summary
-
Constructor Summary
Constructors Constructor Description LdapProviderConfig()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description @Nullable String[]
enabledProtocols()
Configures whether enabled protocols should be set on theLdapConnectionConfig
.static String
encodeFilterValue(String value)
Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String) in order to keep this configuration LDAP client independent.@NotNull LdapProviderConfig.PoolConfig
getAdminPoolConfig()
Returns the admin connection pool configuration.@Nullable String
getBindDN()
Configures the DN that is used to bind to the LDAP server.@Nullable String
getBindPassword()
Configures the password that is used to bind to the LDAP server.@NotNull String[]
getCustomAttributes()
Optionally configures an array of attribute names that will be retrieved when looking up LDAP entries.@NotNull LdapProviderConfig.Identity
getGroupConfig()
Returns the group specific configuration.@NotNull String
getGroupMemberAttribute()
Configures the attribute that stores the members of a group.@NotNull String
getHostname()
Configures the hostname of the LDAP server.String
getMemberOfSearchFilter(@NotNull String dn)
Returns the LDAP filter that is used when searching for groups where an identity is member of.@NotNull String
getName()
Returns the name of this provider configuration.int
getPort()
Configures the port of the LDAP server.long
getSearchTimeout()
Configures the timeout in milliseconds that is used for all LDAP searches.@NotNull LdapProviderConfig.Identity
getUserConfig()
Returns the user specific configuration.@NotNull LdapProviderConfig.PoolConfig
getUserPoolConfig()
Returns the user connection pool configuration.boolean
getUseUidForExtId()
If true, the value of the user id (resp.boolean
noCertCheck()
Configures whether certificates on SSL/TLS connections should be validated.static LdapProviderConfig
of(ConfigurationParameters params)
Creates a new LDAP provider configuration based on the properties store in the given parameters.@NotNull LdapProviderConfig
setBindDN(@Nullable String bindDN)
Sets the bind DN.@NotNull LdapProviderConfig
setBindPassword(@Nullable String bindPassword)
Sets the bind password@NotNull LdapProviderConfig
setCustomAttributes(@NotNull String[] customAttributes)
Sets the attribute names to be retrieved when looking up LDAP entries.@NotNull LdapProviderConfig
setEnabledProtocols(@NotNull String... enabledProtocols)
Configures the enabled protocols to be set to theLdapConnectionConfig
.@NotNull LdapProviderConfig
setGroupMemberAttribute(@NotNull String groupMemberAttribute)
Sets the group member attribute.@NotNull LdapProviderConfig
setHostname(@NotNull String hostname)
Sets the hostname.@NotNull LdapProviderConfig
setName(@NotNull String name)
Sets the name of this provider.@NotNull LdapProviderConfig
setNoCertCheck(boolean noCertCheck)
Disables certificate validation.@NotNull LdapProviderConfig
setPort(int port)
Sets the port.@NotNull LdapProviderConfig
setSearchTimeout(long searchTimeout)
Sets the search timeout.@NotNull LdapProviderConfig
setUseSSL(boolean useSSL)
Enables SSL connections.@NotNull LdapProviderConfig
setUseTLS(boolean useTLS)
Enables TLS connections.@NotNull LdapProviderConfig
setUseUidForExtId(boolean useUidForExtId)
Sets the flag that controls if the user id (resp.String
toString()
boolean
useSSL()
Configures whether SSL connections should be used.boolean
useTLS()
Configures whether TLS connections should be used.
-
-
-
Field Detail
-
PARAM_NAME
public static final String PARAM_NAME
- See Also:
- Constant Field Values
-
PARAM_NAME_DEFAULT
public static final String PARAM_NAME_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_LDAP_HOST
public static final String PARAM_LDAP_HOST
- See Also:
- Constant Field Values
-
PARAM_LDAP_HOST_DEFAULT
public static final String PARAM_LDAP_HOST_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_LDAP_PORT
public static final String PARAM_LDAP_PORT
- See Also:
- Constant Field Values
-
PARAM_LDAP_PORT_DEFAULT
public static final int PARAM_LDAP_PORT_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USE_SSL
public static final String PARAM_USE_SSL
- See Also:
- Constant Field Values
-
PARAM_USE_SSL_DEFAULT
public static final boolean PARAM_USE_SSL_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USE_TLS
public static final String PARAM_USE_TLS
- See Also:
- Constant Field Values
-
PARAM_USE_TLS_DEFAULT
public static final boolean PARAM_USE_TLS_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_NO_CERT_CHECK
public static final String PARAM_NO_CERT_CHECK
- See Also:
- Constant Field Values
-
PARAM_NO_CERT_CHECK_DEFAULT
public static final boolean PARAM_NO_CERT_CHECK_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_ENABLED_PROTOCOLS
public static final String PARAM_ENABLED_PROTOCOLS
- See Also:
- Constant Field Values
-
PARAM_BIND_DN
public static final String PARAM_BIND_DN
- See Also:
- Constant Field Values
-
PARAM_BIND_DN_DEFAULT
public static final String PARAM_BIND_DN_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_BIND_PASSWORD
public static final String PARAM_BIND_PASSWORD
- See Also:
- Constant Field Values
-
PARAM_BIND_PASSWORD_DEFAULT
public static final String PARAM_BIND_PASSWORD_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_SEARCH_TIMEOUT
public static final String PARAM_SEARCH_TIMEOUT
- See Also:
- Constant Field Values
-
PARAM_SEARCH_TIMEOUT_DEFAULT
public static final String PARAM_SEARCH_TIMEOUT_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_MAX_ACTIVE
public static final String PARAM_ADMIN_POOL_MAX_ACTIVE
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT
public static final int PARAM_ADMIN_POOL_MAX_ACTIVE_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE
public static final String PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE_DEFAULT
public static final boolean PARAM_ADMIN_POOL_LOOKUP_ON_VALIDATE_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_MIN_EVICTABLE_IDLE_TIME
public static final String PARAM_ADMIN_POOL_MIN_EVICTABLE_IDLE_TIME
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_MIN_EVICTABLE_IDLE_TIME_DEFAULT
public static final String PARAM_ADMIN_POOL_MIN_EVICTABLE_IDLE_TIME_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_TIME_BETWEEN_EVICTION_RUNS
public static final String PARAM_ADMIN_POOL_TIME_BETWEEN_EVICTION_RUNS
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_TIME_BETWEEN_EVICTION_RUNS_DEFAULT
public static final String PARAM_ADMIN_POOL_TIME_BETWEEN_EVICTION_RUNS_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_NUM_TESTS_PER_EVICTION_RUN
public static final String PARAM_ADMIN_POOL_NUM_TESTS_PER_EVICTION_RUN
- See Also:
- Constant Field Values
-
PARAM_ADMIN_POOL_NUM_TESTS_PER_EVICTION_RUN_DEFAULT
public static final int PARAM_ADMIN_POOL_NUM_TESTS_PER_EVICTION_RUN_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_MAX_ACTIVE
public static final String PARAM_USER_POOL_MAX_ACTIVE
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_MAX_ACTIVE_DEFAULT
public static final int PARAM_USER_POOL_MAX_ACTIVE_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_LOOKUP_ON_VALIDATE
public static final String PARAM_USER_POOL_LOOKUP_ON_VALIDATE
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_LOOKUP_ON_VALIDATE_DEFAULT
public static final boolean PARAM_USER_POOL_LOOKUP_ON_VALIDATE_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_MIN_EVICTABLE_IDLE_TIME
public static final String PARAM_USER_POOL_MIN_EVICTABLE_IDLE_TIME
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_MIN_EVICTABLE_IDLE_TIME_DEFAULT
public static final String PARAM_USER_POOL_MIN_EVICTABLE_IDLE_TIME_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_TIME_BETWEEN_EVICTION_RUNS
public static final String PARAM_USER_POOL_TIME_BETWEEN_EVICTION_RUNS
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_TIME_BETWEEN_EVICTION_RUNS_DEFAULT
public static final String PARAM_USER_POOL_TIME_BETWEEN_EVICTION_RUNS_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_NUM_TESTS_PER_EVICTION_RUN
public static final String PARAM_USER_POOL_NUM_TESTS_PER_EVICTION_RUN
- See Also:
- Constant Field Values
-
PARAM_USER_POOL_NUM_TESTS_PER_EVICTION_RUN_DEFAULT
public static final int PARAM_USER_POOL_NUM_TESTS_PER_EVICTION_RUN_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USER_BASE_DN
public static final String PARAM_USER_BASE_DN
- See Also:
- Constant Field Values
-
PARAM_USER_BASE_DN_DEFAULT
public static final String PARAM_USER_BASE_DN_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USER_OBJECTCLASS
public static final String PARAM_USER_OBJECTCLASS
- See Also:
- Constant Field Values
-
PARAM_USER_OBJECTCLASS_DEFAULT
public static final String[] PARAM_USER_OBJECTCLASS_DEFAULT
-
PARAM_USER_ID_ATTRIBUTE
public static final String PARAM_USER_ID_ATTRIBUTE
- See Also:
- Constant Field Values
-
PARAM_USER_ID_ATTRIBUTE_DEFAULT
public static final String PARAM_USER_ID_ATTRIBUTE_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USER_EXTRA_FILTER
public static final String PARAM_USER_EXTRA_FILTER
- See Also:
- Constant Field Values
-
PARAM_USER_EXTRA_FILTER_DEFAULT
public static final String PARAM_USER_EXTRA_FILTER_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USER_MAKE_DN_PATH
public static final String PARAM_USER_MAKE_DN_PATH
- See Also:
- Constant Field Values
-
PARAM_USER_MAKE_DN_PATH_DEFAULT
public static final boolean PARAM_USER_MAKE_DN_PATH_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_GROUP_BASE_DN
public static final String PARAM_GROUP_BASE_DN
- See Also:
- Constant Field Values
-
PARAM_GROUP_BASE_DN_DEFAULT
public static final String PARAM_GROUP_BASE_DN_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_GROUP_OBJECTCLASS
public static final String PARAM_GROUP_OBJECTCLASS
- See Also:
- Constant Field Values
-
PARAM_GROUP_OBJECTCLASS_DEFAULT
public static final String[] PARAM_GROUP_OBJECTCLASS_DEFAULT
-
PARAM_GROUP_NAME_ATTRIBUTE
public static final String PARAM_GROUP_NAME_ATTRIBUTE
- See Also:
- Constant Field Values
-
PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT
public static final String PARAM_GROUP_NAME_ATTRIBUTE_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_GROUP_EXTRA_FILTER
public static final String PARAM_GROUP_EXTRA_FILTER
- See Also:
- Constant Field Values
-
PARAM_GROUP_EXTRA_FILTER_DEFAULT
public static final String PARAM_GROUP_EXTRA_FILTER_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_GROUP_MAKE_DN_PATH
public static final String PARAM_GROUP_MAKE_DN_PATH
- See Also:
- Constant Field Values
-
PARAM_GROUP_MAKE_DN_PATH_DEFAULT
public static final boolean PARAM_GROUP_MAKE_DN_PATH_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_GROUP_MEMBER_ATTRIBUTE
public static final String PARAM_GROUP_MEMBER_ATTRIBUTE
- See Also:
- Constant Field Values
-
PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT
public static final String PARAM_GROUP_MEMBER_ATTRIBUTE_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_USE_UID_FOR_EXT_ID
public static final String PARAM_USE_UID_FOR_EXT_ID
- See Also:
- Constant Field Values
-
PARAM_USE_UID_FOR_EXT_ID_DEFAULT
public static final boolean PARAM_USE_UID_FOR_EXT_ID_DEFAULT
- See Also:
- Constant Field Values
-
PARAM_CUSTOM_ATTRIBUTES
public static final String PARAM_CUSTOM_ATTRIBUTES
- See Also:
- Constant Field Values
-
PARAM_CUSTOM_ATTRIBUTES_DEFAULT
public static final String[] PARAM_CUSTOM_ATTRIBUTES_DEFAULT
-
-
Method Detail
-
of
public static LdapProviderConfig of(ConfigurationParameters params)
Creates a new LDAP provider configuration based on the properties store in the given parameters.- Parameters:
params
- the configuration parameters.- Returns:
- the config
-
getName
@NotNull public @NotNull String getName()
Returns the name of this provider configuration. The default is "ldap"- Returns:
- the name.
-
setName
@NotNull public @NotNull LdapProviderConfig setName(@NotNull @NotNull String name)
Sets the name of this provider.- Parameters:
name
- the name- Returns:
this
- See Also:
getName()
-
getHostname
@NotNull public @NotNull String getHostname()
Configures the hostname of the LDAP server. The default is "localhost"- Returns:
- the hostname
-
setHostname
@NotNull public @NotNull LdapProviderConfig setHostname(@NotNull @NotNull String hostname)
Sets the hostname.- Parameters:
hostname
- the hostname- Returns:
this
- See Also:
getHostname()
-
getPort
public int getPort()
Configures the port of the LDAP server. The default is 389- Returns:
- the port
-
setPort
@NotNull public @NotNull LdapProviderConfig setPort(int port)
Sets the port.- Parameters:
port
- the port- Returns:
this
- See Also:
getPort()
-
useSSL
public boolean useSSL()
Configures whether SSL connections should be used. The default is false.- Returns:
true
if SSL should be used.
-
setUseSSL
@NotNull public @NotNull LdapProviderConfig setUseSSL(boolean useSSL)
Enables SSL connections.- Parameters:
useSSL
-true
to enable SSL- Returns:
this
- See Also:
useSSL()
-
useTLS
public boolean useTLS()
Configures whether TLS connections should be used. The default is false.- Returns:
true
if TLS should be used.
-
setUseTLS
@NotNull public @NotNull LdapProviderConfig setUseTLS(boolean useTLS)
Enables TLS connections.- Parameters:
useTLS
-true
to enable TLS- Returns:
this
- See Also:
useTLS()
-
noCertCheck
public boolean noCertCheck()
Configures whether certificates on SSL/TLS connections should be validated. The default is false.- Returns:
true
if certificates should not be validated
-
setNoCertCheck
@NotNull public @NotNull LdapProviderConfig setNoCertCheck(boolean noCertCheck)
Disables certificate validation.- Parameters:
noCertCheck
-true
to disable certificate validation- Returns:
this
- See Also:
noCertCheck()
-
enabledProtocols
@Nullable public @Nullable String[] enabledProtocols()
Configures whether enabled protocols should be set on theLdapConnectionConfig
.- Returns:
- an array of enabled protocols or null if no protocols should be explicitly enabled
-
setEnabledProtocols
@NotNull public @NotNull LdapProviderConfig setEnabledProtocols(@NotNull @NotNull String... enabledProtocols)
Configures the enabled protocols to be set to theLdapConnectionConfig
. By default no protocols are set explicitly.- Parameters:
enabledProtocols
- The protocols to be enabled on theLdapConnectionConfig
.- Returns:
this
- See Also:
enabledProtocols()
-
getBindDN
@Nullable public @Nullable String getBindDN()
Configures the DN that is used to bind to the LDAP server. If this value isnull
or an empty string, anonymous connections are used.- Returns:
- the bind DN or
null
.
-
setBindDN
@NotNull public @NotNull LdapProviderConfig setBindDN(@Nullable @Nullable String bindDN)
Sets the bind DN.- Parameters:
bindDN
- the DN- Returns:
this
- See Also:
getBindDN()
-
getBindPassword
@Nullable public @Nullable String getBindPassword()
Configures the password that is used to bind to the LDAP server. This value is not used for anonymous binds.- Returns:
- the password.
-
setBindPassword
@NotNull public @NotNull LdapProviderConfig setBindPassword(@Nullable @Nullable String bindPassword)
Sets the bind password- Parameters:
bindPassword
- the password- Returns:
this
- See Also:
getBindPassword()
-
getSearchTimeout
public long getSearchTimeout()
Configures the timeout in milliseconds that is used for all LDAP searches. The default is "60s".- Returns:
- the timeout in milliseconds.
-
setSearchTimeout
@NotNull public @NotNull LdapProviderConfig setSearchTimeout(long searchTimeout)
Sets the search timeout.- Parameters:
searchTimeout
- the timeout in milliseconds- Returns:
this
- See Also:
getSearchTimeout()
-
getGroupMemberAttribute
@NotNull public @NotNull String getGroupMemberAttribute()
Configures the attribute that stores the members of a group. Default is "uniquemember"- Returns:
- the group member attribute
-
setGroupMemberAttribute
@NotNull public @NotNull LdapProviderConfig setGroupMemberAttribute(@NotNull @NotNull String groupMemberAttribute)
Sets the group member attribute.- Parameters:
groupMemberAttribute
- the attribute name- Returns:
this
- See Also:
getGroupMemberAttribute()
-
getUseUidForExtId
public boolean getUseUidForExtId()
If true, the value of the user id (resp. group name) attribute will be used to create external identifiers. Otherwise the DN will be used, which is the default.- Returns:
- true iff the value of the user id (resp. group name) attribute will be used to create external identifiers
-
setUseUidForExtId
@NotNull public @NotNull LdapProviderConfig setUseUidForExtId(boolean useUidForExtId)
Sets the flag that controls if the user id (resp. gruop name) will be used instead of the DN to create external ids.- Parameters:
useUidForExtId
- the new value of #useUidForExtId- Returns:
this
- See Also:
getUseUidForExtId()
-
getCustomAttributes
@NotNull public @NotNull String[] getCustomAttributes()
Optionally configures an array of attribute names that will be retrieved when looking up LDAP entries. Defaults to the empty array indicating that all attributes will be retrieved.- Returns:
- an array of attribute names. The empty array indicates that all attributes will be retrieved.
-
setCustomAttributes
@NotNull public @NotNull LdapProviderConfig setCustomAttributes(@NotNull @NotNull String[] customAttributes)
Sets the attribute names to be retrieved when looking up LDAP entries. The empty array indicates that all attributes will be retrieved.- Parameters:
customAttributes
- an array of attribute names- Returns:
- the Identity instance
-
getMemberOfSearchFilter
public String getMemberOfSearchFilter(@NotNull @NotNull String dn)
Returns the LDAP filter that is used when searching for groups where an identity is member of. The filter is based on the configuration and has the following format:
Note that the objectclass part is repeated according to the specified objectclasses in(&(${memberAttribute}=${dn})(objectclass=${objectclass})${extraFilter})
LdapProviderConfig.Identity.getObjectClasses()
of the group configuration.- Parameters:
dn
- the dn of the identity to search for- Returns:
- the search filter
-
getUserConfig
@NotNull public @NotNull LdapProviderConfig.Identity getUserConfig()
Returns the user specific configuration.- Returns:
- the user config.
-
getGroupConfig
@NotNull public @NotNull LdapProviderConfig.Identity getGroupConfig()
Returns the group specific configuration.- Returns:
- the groups config.
-
getAdminPoolConfig
@NotNull public @NotNull LdapProviderConfig.PoolConfig getAdminPoolConfig()
Returns the admin connection pool configuration.- Returns:
- admin pool config
-
getUserPoolConfig
@NotNull public @NotNull LdapProviderConfig.PoolConfig getUserPoolConfig()
Returns the user connection pool configuration.- Returns:
- user pool config
-
encodeFilterValue
public static String encodeFilterValue(String value)
Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String) in order to keep this configuration LDAP client independent. Handles encoding of special characters in LDAP search filter assertion values using the <valueencoding> rule as described in RFC 4515.- Parameters:
value
- Right hand side of "attrId=value" assertion occurring in an LDAP search filter.- Returns:
- Escaped version of
value
-
-