Class AbstractLdapAuthenticationProperties
java.lang.Object
org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties
org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties
org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties
- All Implemented Interfaces:
Serializable
- Direct Known Subclasses:
LdapAuthenticationProperties
,LdapSecurityActuatorEndpointsMonitorProperties
@RequiresModule(name="cas-server-support-ldap-core")
public abstract class AbstractLdapAuthenticationProperties
extends AbstractLdapSearchProperties
This is
AbstractLdapAuthenticationProperties
.- Since:
- 5.0.0
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
The enum Authentication types.Nested classes/interfaces inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties
AbstractLdapProperties.LdapConnectionPoolPassivator, AbstractLdapProperties.LdapConnectionStrategy, AbstractLdapProperties.LdapHostnameVerifierOptions, AbstractLdapProperties.LdapTrustManagerOptions, AbstractLdapProperties.LdapType
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionDefine how aliases are de-referenced.Specify the dn format accepted by the AD authenticator, etc.If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.If this attribute is set, the value found in the first attribute value will be used in place of the DN.getType()
The authentication type.boolean
Whether specific search entry resolvers need to be set on the authenticator, or the default should be used.setDerefAliases
(String derefAliases) Define how aliases are de-referenced.setDnFormat
(String dnFormat) Specify the dn format accepted by the AD authenticator, etc.setEnhanceWithEntryResolver
(boolean enhanceWithEntryResolver) Whether specific search entry resolvers need to be set on the authenticator, or the default should be used.setPrincipalAttributePassword
(String principalAttributePassword) If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.setResolveFromAttribute
(String resolveFromAttribute) If this attribute is set, the value found in the first attribute value will be used in place of the DN.The authentication type.Methods inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties
getBaseDn, getPageSize, getSearchEntryHandlers, getSearchFilter, isSubtreeSearch, setBaseDn, setPageSize, setSearchEntryHandlers, setSearchFilter, setSubtreeSearch
Methods inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties
getBinaryAttributes, getBindCredential, getBindDn, getBlockWaitTime, getConnectionStrategy, getConnectTimeout, getHostnameVerifier, getIdleTime, getKeystore, getKeystorePassword, getKeystoreType, getLdapUrl, getMaxPoolSize, getMinPoolSize, getName, getPoolPassivator, getPrunePeriod, getResponseTimeout, getSaslAuthorizationId, getSaslMechanism, getSaslMutualAuth, getSaslQualityOfProtection, getSaslRealm, getSaslSecurityStrength, getTrustCertificates, getTrustManager, getTrustStore, getTrustStorePassword, getTrustStoreType, getValidatePeriod, getValidateTimeout, getValidator, isAllowMultipleDns, isAllowMultipleEntries, isDisablePooling, isFailFast, isFollowReferrals, isUseStartTls, isValidateOnCheckout, isValidatePeriodically, setAllowMultipleDns, setAllowMultipleEntries, setBinaryAttributes, setBindCredential, setBindDn, setBlockWaitTime, setConnectionStrategy, setConnectTimeout, setDisablePooling, setFailFast, setFollowReferrals, setHostnameVerifier, setIdleTime, setKeystore, setKeystorePassword, setKeystoreType, setLdapUrl, setMaxPoolSize, setMinPoolSize, setName, setPoolPassivator, setPrunePeriod, setResponseTimeout, setSaslAuthorizationId, setSaslMechanism, setSaslMutualAuth, setSaslQualityOfProtection, setSaslRealm, setSaslSecurityStrength, setTrustCertificates, setTrustManager, setTrustStore, setTrustStorePassword, setTrustStoreType, setUseStartTls, setValidateOnCheckout, setValidatePeriod, setValidatePeriodically, setValidateTimeout, setValidator
-
Constructor Details
-
AbstractLdapAuthenticationProperties
public AbstractLdapAuthenticationProperties()
-
-
Method Details
-
getType
The authentication type.AD
- Users authenticate withsAMAccountName
.AUTHENTICATED
- Manager bind/search type of authentication. If principalAttributePassword} is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the givenprincipalAttributePassword
using theSHA
encrypted value of it.ANONYMOUS
: Similar semantics asAUTHENTICATED
except nobindDn
andbindCredential
may be specified to initialize the connection. IfprincipalAttributePassword
is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the givenprincipalAttributePassword
using theSHA
encrypted value of it.- DIRECT: Direct Bind - Compute user DN from format string and perform simple bind.
This is relevant when no search is required to compute the DN needed for a bind operation.
Use cases for this type are:
1) All users are under a single branch in the directory,
e.g. ou=Users,dc=example,dc=org.
2) The username provided on the CAS login form is part of the DN, e.g.uid=%s,ou=Users,dc=example,dc=org
.
-
getPrincipalAttributePassword
If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.For the anonymous authentication type, if principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
-
getDnFormat
Specify the dn format accepted by the AD authenticator, etc. Example format might beuid=%s,ou=people,dc=example,dc=org
. -
isEnhanceWithEntryResolver
public boolean isEnhanceWithEntryResolver()Whether specific search entry resolvers need to be set on the authenticator, or the default should be used. -
getDerefAliases
Define how aliases are de-referenced. Accepted values are:NEVER
SEARCHING
: dereference when searching the entries beneath the starting point but not when searching for the starting entry.FINDING
: dereference when searching for the starting entry but not when searching the entries beneath the starting point.ALWAYS
: dereference when searching for the starting entry and when searching the entries beneath the starting point.
-
getResolveFromAttribute
If this attribute is set, the value found in the first attribute value will be used in place of the DN. -
setType
public AbstractLdapAuthenticationProperties setType(AbstractLdapAuthenticationProperties.AuthenticationTypes type) The authentication type.AD
- Users authenticate withsAMAccountName
.AUTHENTICATED
- Manager bind/search type of authentication. If principalAttributePassword} is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the givenprincipalAttributePassword
using theSHA
encrypted value of it.ANONYMOUS
: Similar semantics asAUTHENTICATED
except nobindDn
andbindCredential
may be specified to initialize the connection. IfprincipalAttributePassword
is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the givenprincipalAttributePassword
using theSHA
encrypted value of it.- DIRECT: Direct Bind - Compute user DN from format string and perform simple bind.
This is relevant when no search is required to compute the DN needed for a bind operation.
Use cases for this type are:
1) All users are under a single branch in the directory,
e.g. ou=Users,dc=example,dc=org.
2) The username provided on the CAS login form is part of the DN, e.g.uid=%s,ou=Users,dc=example,dc=org
.
- Returns:
this
.
-
setPrincipalAttributePassword
public AbstractLdapAuthenticationProperties setPrincipalAttributePassword(String principalAttributePassword) If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.For the anonymous authentication type, if principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
- Returns:
this
.
-
setDnFormat
Specify the dn format accepted by the AD authenticator, etc. Example format might beuid=%s,ou=people,dc=example,dc=org
.- Returns:
this
.
-
setEnhanceWithEntryResolver
public AbstractLdapAuthenticationProperties setEnhanceWithEntryResolver(boolean enhanceWithEntryResolver) Whether specific search entry resolvers need to be set on the authenticator, or the default should be used.- Returns:
this
.
-
setDerefAliases
Define how aliases are de-referenced. Accepted values are:NEVER
SEARCHING
: dereference when searching the entries beneath the starting point but not when searching for the starting entry.FINDING
: dereference when searching for the starting entry but not when searching the entries beneath the starting point.ALWAYS
: dereference when searching for the starting entry and when searching the entries beneath the starting point.
- Returns:
this
.
-
setResolveFromAttribute
If this attribute is set, the value found in the first attribute value will be used in place of the DN.- Returns:
this
.
-