Package org.apache.jackrabbit.oak.security.authentication.ldap.impl

Class LdapProviderConfig

  • public class LdapProviderConfig
extends java.lang.Object
    Configuration of the ldap provider.

    • Constructor Detail

      • LdapProviderConfig

        public LdapProviderConfig()

    • Method Detail

      • of

        public static LdapProviderConfig of​(org.apache.jackrabbit.oak.spi.security.ConfigurationParameters params)
        Creates a new LDAP provider configuration based on the properties store in the given parameters.
        Parameters:
        params - the configuration parameters.
        Returns:
        the config

      • getName

        @NotNull
public @NotNull java.lang.String getName()
        Returns the name of this provider configuration. The default is "ldap"
        Returns:
        the name.

      • setName

        @NotNull
public @NotNull LdapProviderConfig setName​(@NotNull
                                           @NotNull java.lang.String name)
        Sets the name of this provider.
        Parameters:
        name - the name
        Returns:
        this
        See Also:
        getName()

      • getHostname

        @NotNull
public @NotNull java.lang.String getHostname()
        Configures the hostname of the LDAP server. The default is "localhost"
        Returns:
        the hostname

      • setHostname

        @NotNull
public @NotNull LdapProviderConfig setHostname​(@NotNull
                                               @NotNull java.lang.String hostname)
        Sets the hostname.
        Parameters:
        hostname - the hostname
        Returns:
        this
        See Also:
        getHostname()

      • getPort

        public int getPort()
        Configures the port of the LDAP server. The default is 389
        Returns:
        the port

      • setPort

        @NotNull
public @NotNull LdapProviderConfig setPort​(int port)
        Sets the port.
        Parameters:
        port - the port
        Returns:
        this
        See Also:
        getPort()

      • useSSL

        public boolean useSSL()
        Configures whether SSL connections should be used. The default is false.
        Returns:
        true if SSL should be used.

      • setUseSSL

        @NotNull
public @NotNull LdapProviderConfig setUseSSL​(boolean useSSL)
        Enables SSL connections.
        Parameters:
        useSSL - true to enable SSL
        Returns:
        this
        See Also:
        useSSL()

      • useTLS

        public boolean useTLS()
        Configures whether TLS connections should be used. The default is false.
        Returns:
        true if TLS should be used.

      • setUseTLS

        @NotNull
public @NotNull LdapProviderConfig setUseTLS​(boolean useTLS)
        Enables TLS connections.
        Parameters:
        useTLS - true to enable TLS
        Returns:
        this
        See Also:
        useTLS()

      • noCertCheck

        public boolean noCertCheck()
        Configures whether certificates on SSL/TLS connections should be validated. The default is false.
        Returns:
        true if certificates should not be validated

      • setNoCertCheck

        @NotNull
public @NotNull LdapProviderConfig setNoCertCheck​(boolean noCertCheck)
        Disables certificate validation.
        Parameters:
        noCertCheck - true to disable certificate validation
        Returns:
        this
        See Also:
        noCertCheck()

      • enabledProtocols

        @Nullable
public @Nullable java.lang.String[] enabledProtocols()
        Configures whether enabled protocols should be set on the LdapConnectionConfig.
        Returns:
        an array of enabled protocols or null if no protocols should be explicitly enabled

      • setEnabledProtocols

        @NotNull
public @NotNull LdapProviderConfig setEnabledProtocols​(@NotNull
                                                       @NotNull java.lang.String... enabledProtocols)
        Configures the enabled protocols to be set to the LdapConnectionConfig. By default no protocols are set explicitly.
        Parameters:
        enabledProtocols - The protocols to be enabled on the LdapConnectionConfig.
        Returns:
        this
        See Also:
        enabledProtocols()

      • getBindDN

        @Nullable
public @Nullable java.lang.String getBindDN()
        Configures the DN that is used to bind to the LDAP server. If this value is null or an empty string, anonymous connections are used.
        Returns:
        the bind DN or null.

      • setBindDN

        @NotNull
public @NotNull LdapProviderConfig setBindDN​(@Nullable
                                             @Nullable java.lang.String bindDN)
        Sets the bind DN.
        Parameters:
        bindDN - the DN
        Returns:
        this
        See Also:
        getBindDN()

      • getBindPassword

        @Nullable
public @Nullable java.lang.String getBindPassword()
        Configures the password that is used to bind to the LDAP server. This value is not used for anonymous binds.
        Returns:
        the password.

      • setBindPassword

        @NotNull
public @NotNull LdapProviderConfig setBindPassword​(@Nullable
                                                   @Nullable java.lang.String bindPassword)
        Sets the bind password
        Parameters:
        bindPassword - the password
        Returns:
        this
        See Also:
        getBindPassword()

      • getSearchTimeout

        public long getSearchTimeout()
        Configures the timeout in milliseconds that is used for all LDAP searches. The default is "60s".
        Returns:
        the timeout in milliseconds.

      • setSearchTimeout

        @NotNull
public @NotNull LdapProviderConfig setSearchTimeout​(long searchTimeout)
        Sets the search timeout.
        Parameters:
        searchTimeout - the timeout in milliseconds
        Returns:
        this
        See Also:
        getSearchTimeout()

      • getGroupMemberAttribute

        @NotNull
public @NotNull java.lang.String getGroupMemberAttribute()
        Configures the attribute that stores the members of a group. Default is "uniquemember"
        Returns:
        the group member attribute

      • setGroupMemberAttribute

        @NotNull
public @NotNull LdapProviderConfig setGroupMemberAttribute​(@NotNull
                                                           @NotNull java.lang.String groupMemberAttribute)
        Sets the group member attribute.
        Parameters:
        groupMemberAttribute - the attribute name
        Returns:
        this
        See Also:
        getGroupMemberAttribute()

      • getUseUidForExtId

        public boolean getUseUidForExtId()
        If true, the value of the user id (resp. group name) attribute will be used to create external identifiers. Otherwise the DN will be used, which is the default.
        Returns:
        true iff the value of the user id (resp. group name) attribute will be used to create external identifiers

      • setUseUidForExtId

        @NotNull
public @NotNull LdapProviderConfig setUseUidForExtId​(boolean useUidForExtId)
        Sets the flag that controls if the user id (resp. gruop name) will be used instead of the DN to create external ids.
        Parameters:
        useUidForExtId - the new value of #useUidForExtId
        Returns:
        this
        See Also:
        getUseUidForExtId()

      • getCustomAttributes

        @NotNull
public @NotNull java.lang.String[] getCustomAttributes()
        Optionally configures an array of attribute names that will be retrieved when looking up LDAP entries. Defaults to the empty array indicating that all attributes will be retrieved.
        Returns:
        an array of attribute names. The empty array indicates that all attributes will be retrieved.

      • setCustomAttributes

        @NotNull
public @NotNull LdapProviderConfig setCustomAttributes​(@NotNull
                                                       @NotNull java.lang.String[] customAttributes)
        Sets the attribute names to be retrieved when looking up LDAP entries. The empty array indicates that all attributes will be retrieved.
        Parameters:
        customAttributes - an array of attribute names
        Returns:
        the Identity instance

      • getMemberOfSearchFilter

        public java.lang.String getMemberOfSearchFilter​(@NotNull
                                                @NotNull java.lang.String dn)
        Returns the LDAP filter that is used when searching for groups where an identity is member of. The filter is based on the configuration and has the following format: 
        
     (&(${memberAttribute}=${dn})(objectclass=${objectclass})${extraFilter})
        Note that the objectclass part is repeated according to the specified objectclasses in LdapProviderConfig.Identity.getObjectClasses() of the group configuration.
        Parameters:
        dn - the dn of the identity to search for
        Returns:
        the search filter

      • getUserConfig

        @NotNull
public @NotNull LdapProviderConfig.Identity getUserConfig()
        Returns the user specific configuration.
        Returns:
        the user config.

      • getGroupConfig

        @NotNull
public @NotNull LdapProviderConfig.Identity getGroupConfig()
        Returns the group specific configuration.
        Returns:
        the groups config.

      • getAdminPoolConfig

        @NotNull
public @NotNull LdapProviderConfig.PoolConfig getAdminPoolConfig()
        Returns the admin connection pool configuration.
        Returns:
        admin pool config

      • getUserPoolConfig

        @NotNull
public @NotNull LdapProviderConfig.PoolConfig getUserPoolConfig()
        Returns the user connection pool configuration.
        Returns:
        user pool config

      • encodeFilterValue

        public static java.lang.String encodeFilterValue​(java.lang.String value)
        Copied from org.apache.directory.api.ldap.model.filter.FilterEncoder#encodeFilterValue(java.lang.String) in order to keep this configuration LDAP client independent. Handles encoding of special characters in LDAP search filter assertion values using the <valueencoding> rule as described in RFC 4515.
        Parameters:
        value - Right hand side of "attrId=value" assertion occurring in an LDAP search filter.
        Returns:
        Escaped version of value

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object