Package org.apereo.cas.configuration.model.support.ldap

Class AbstractLdapAuthenticationProperties

java.lang.Object

org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties

org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties

org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties

All Implemented Interfaces:

Serializable

Direct Known Subclasses:

LdapAuthenticationProperties, LdapSecurityActuatorEndpointsMonitorProperties

@RequiresModule(name="cas-server-support-ldap-core")
public abstract class AbstractLdapAuthenticationProperties
extends AbstractLdapSearchProperties

This is AbstractLdapAuthenticationProperties.

Since:

5.0.0

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	AbstractLdapAuthenticationProperties.AuthenticationTypes	The enum Authentication types.

Nested classes/interfaces inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties

AbstractLdapProperties.LdapConnectionPoolPassivator, AbstractLdapProperties.LdapConnectionStrategy, AbstractLdapProperties.LdapHostnameVerifierOptions, AbstractLdapProperties.LdapTrustManagerOptions, AbstractLdapProperties.LdapType

Constructor Summary

Constructors

Constructor	Description
AbstractLdapAuthenticationProperties()

Method Summary

Modifier and Type	Method	Description
String	getDerefAliases()	Define how aliases are de-referenced.
String	getDnFormat()	Specify the dn format accepted by the AD authenticator, etc.
String	getPrincipalAttributePassword()	If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
String	getResolveFromAttribute()	If this attribute is set, the value found in the first attribute value will be used in place of the DN.
AbstractLdapAuthenticationProperties.AuthenticationTypes	getType()	The authentication type.
boolean	isEnhanceWithEntryResolver()	Whether specific search entry resolvers need to be set on the authenticator, or the default should be used.
AbstractLdapAuthenticationProperties	setDerefAliases(String derefAliases)	Define how aliases are de-referenced.
AbstractLdapAuthenticationProperties	setDnFormat(String dnFormat)	Specify the dn format accepted by the AD authenticator, etc.
AbstractLdapAuthenticationProperties	setEnhanceWithEntryResolver(boolean enhanceWithEntryResolver)	Whether specific search entry resolvers need to be set on the authenticator, or the default should be used.
AbstractLdapAuthenticationProperties	setPrincipalAttributePassword(String principalAttributePassword)	If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
AbstractLdapAuthenticationProperties	setResolveFromAttribute(String resolveFromAttribute)	If this attribute is set, the value found in the first attribute value will be used in place of the DN.
AbstractLdapAuthenticationProperties	setType(AbstractLdapAuthenticationProperties.AuthenticationTypes type)	The authentication type.

Methods inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties

getBaseDn, getPageSize, getSearchEntryHandlers, getSearchFilter, isSubtreeSearch, setBaseDn, setPageSize, setSearchEntryHandlers, setSearchFilter, setSubtreeSearch

Methods inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties

getBinaryAttributes, getBindCredential, getBindDn, getBlockWaitTime, getConnectionStrategy, getConnectTimeout, getHostnameVerifier, getIdleTime, getKeystore, getKeystorePassword, getKeystoreType, getLdapUrl, getMaxPoolSize, getMinPoolSize, getName, getPoolPassivator, getPrunePeriod, getResponseTimeout, getSaslAuthorizationId, getSaslMechanism, getSaslMutualAuth, getSaslQualityOfProtection, getSaslRealm, getSaslSecurityStrength, getTrustCertificates, getTrustManager, getTrustStore, getTrustStorePassword, getTrustStoreType, getValidatePeriod, getValidateTimeout, getValidator, isAllowMultipleDns, isAllowMultipleEntries, isDisablePooling, isFailFast, isFollowReferrals, isUseStartTls, isValidateOnCheckout, isValidatePeriodically, setAllowMultipleDns, setAllowMultipleEntries, setBinaryAttributes, setBindCredential, setBindDn, setBlockWaitTime, setConnectionStrategy, setConnectTimeout, setDisablePooling, setFailFast, setFollowReferrals, setHostnameVerifier, setIdleTime, setKeystore, setKeystorePassword, setKeystoreType, setLdapUrl, setMaxPoolSize, setMinPoolSize, setName, setPoolPassivator, setPrunePeriod, setResponseTimeout, setSaslAuthorizationId, setSaslMechanism, setSaslMutualAuth, setSaslQualityOfProtection, setSaslRealm, setSaslSecurityStrength, setTrustCertificates, setTrustManager, setTrustStore, setTrustStorePassword, setTrustStoreType, setUseStartTls, setValidateOnCheckout, setValidatePeriod, setValidatePeriodically, setValidateTimeout, setValidator

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AbstractLdapAuthenticationProperties

public AbstractLdapAuthenticationProperties()

Method Details

getType

public AbstractLdapAuthenticationProperties.AuthenticationTypes getType()

The authentication type.

• AD - Users authenticate with sAMAccountName.
• AUTHENTICATED - Manager bind/search type of authentication. If principalAttributePassword} is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
• ANONYMOUS: Similar semantics as AUTHENTICATED except no bindDn and bindCredential may be specified to initialize the connection. If principalAttributePassword is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
• DIRECT: Direct Bind - Compute user DN from format string and perform simple bind. This is relevant when no search is required to compute the DN needed for a bind operation. Use cases for this type are: 1) All users are under a single branch in the directory, e.g. ou=Users,dc=example,dc=org. 2) The username provided on the CAS login form is part of the DN, e.g. uid=%s,ou=Users,dc=example,dc=org.

getPrincipalAttributePassword

public String getPrincipalAttributePassword()

If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.

For the anonymous authentication type, if principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.

getDnFormat

public String getDnFormat()

Specify the dn format accepted by the AD authenticator, etc. Example format might be uid=%s,ou=people,dc=example,dc=org.

isEnhanceWithEntryResolver

public boolean isEnhanceWithEntryResolver()

Whether specific search entry resolvers need to be set on the authenticator, or the default should be used.

getDerefAliases

public String getDerefAliases()

Define how aliases are de-referenced. Accepted values are:

• NEVER
• SEARCHING: dereference when searching the entries beneath the starting point but not when searching for the starting entry.
• FINDING: dereference when searching for the starting entry but not when searching the entries beneath the starting point.
• ALWAYS: dereference when searching for the starting entry and when searching the entries beneath the starting point.

getResolveFromAttribute

public String getResolveFromAttribute()

If this attribute is set, the value found in the first attribute value will be used in place of the DN.

setType

public AbstractLdapAuthenticationProperties setType(AbstractLdapAuthenticationProperties.AuthenticationTypes type)

The authentication type.

• AD - Users authenticate with sAMAccountName.
• AUTHENTICATED - Manager bind/search type of authentication. If principalAttributePassword} is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
• ANONYMOUS: Similar semantics as AUTHENTICATED except no bindDn and bindCredential may be specified to initialize the connection. If principalAttributePassword is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
• DIRECT: Direct Bind - Compute user DN from format string and perform simple bind. This is relevant when no search is required to compute the DN needed for a bind operation. Use cases for this type are: 1) All users are under a single branch in the directory, e.g. ou=Users,dc=example,dc=org. 2) The username provided on the CAS login form is part of the DN, e.g. uid=%s,ou=Users,dc=example,dc=org.

Returns:

this.

setPrincipalAttributePassword

public AbstractLdapAuthenticationProperties setPrincipalAttributePassword(String principalAttributePassword)

If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.

For the anonymous authentication type, if principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.

Returns:

this.

setDnFormat

public AbstractLdapAuthenticationProperties setDnFormat(String dnFormat)

Specify the dn format accepted by the AD authenticator, etc. Example format might be uid=%s,ou=people,dc=example,dc=org.

Returns:

this.

setEnhanceWithEntryResolver

public AbstractLdapAuthenticationProperties setEnhanceWithEntryResolver(boolean enhanceWithEntryResolver)

Whether specific search entry resolvers need to be set on the authenticator, or the default should be used.

Returns:

this.

setDerefAliases

public AbstractLdapAuthenticationProperties setDerefAliases(String derefAliases)

Define how aliases are de-referenced. Accepted values are:

• NEVER
• SEARCHING: dereference when searching the entries beneath the starting point but not when searching for the starting entry.
• FINDING: dereference when searching for the starting entry but not when searching the entries beneath the starting point.
• ALWAYS: dereference when searching for the starting entry and when searching the entries beneath the starting point.

Returns:

this.

setResolveFromAttribute

public AbstractLdapAuthenticationProperties setResolveFromAttribute(String resolveFromAttribute)

If this attribute is set, the value found in the first attribute value will be used in place of the DN.

Returns:

this.