Package org.apereo.cas.configuration.model.support.pm

Class LdapPasswordManagementProperties

java.lang.Object

org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties

org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties

org.apereo.cas.configuration.model.support.pm.LdapPasswordManagementProperties

All Implemented Interfaces:

Serializable

@RequiresModule(name="cas-server-support-pm-ldap")
public class LdapPasswordManagementProperties
extends AbstractLdapSearchProperties

This is LdapPasswordManagementProperties.

Since:

6.2.0

See Also:

• Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties

AbstractLdapProperties.LdapConnectionPoolPassivator, AbstractLdapProperties.LdapConnectionStrategy, AbstractLdapProperties.LdapHostnameVerifierOptions, AbstractLdapProperties.LdapTrustManagerOptions, AbstractLdapProperties.LdapType

Constructor Summary

Constructors

Constructor	Description
LdapPasswordManagementProperties()

Method Summary

Modifier and Type	Method	Description
String	getAccountLockedAttribute()	Name of LDAP attribute that represents the account locked status.
String[]	getAccountUnlockedAttributeValues()	When CAS is about to unlock the user account, it will use the accountLockedAttribute setting to locate the appropriate attribute for the user entry.
Map<String,String>	getSecurityQuestionsAttributes()	Collection of attribute names that indicate security questions answers.
AbstractLdapProperties.LdapType	getType()	The specific variant of LDAP based on which update operations will be constructed.
String	getUsernameAttribute()	Username attribute required by LDAP.
LdapPasswordManagementProperties	setAccountLockedAttribute(String accountLockedAttribute)	Name of LDAP attribute that represents the account locked status.
LdapPasswordManagementProperties	setAccountUnlockedAttributeValues(String[] accountUnlockedAttributeValues)	When CAS is about to unlock the user account, it will use the accountLockedAttribute setting to locate the appropriate attribute for the user entry.
LdapPasswordManagementProperties	setSecurityQuestionsAttributes(Map<String,String> securityQuestionsAttributes)	Collection of attribute names that indicate security questions answers.
LdapPasswordManagementProperties	setType(AbstractLdapProperties.LdapType type)	The specific variant of LDAP based on which update operations will be constructed.
LdapPasswordManagementProperties	setUsernameAttribute(String usernameAttribute)	Username attribute required by LDAP.

Methods inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties

getBaseDn, getPageSize, getSearchEntryHandlers, getSearchFilter, isSubtreeSearch, setBaseDn, setPageSize, setSearchEntryHandlers, setSearchFilter, setSubtreeSearch

Methods inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties

getBinaryAttributes, getBindCredential, getBindDn, getBlockWaitTime, getConnectionStrategy, getConnectTimeout, getHostnameVerifier, getIdleTime, getKeystore, getKeystorePassword, getKeystoreType, getLdapUrl, getMaxPoolSize, getMinPoolSize, getName, getPoolPassivator, getPrunePeriod, getResponseTimeout, getSaslAuthorizationId, getSaslMechanism, getSaslMutualAuth, getSaslQualityOfProtection, getSaslRealm, getSaslSecurityStrength, getTrustCertificates, getTrustManager, getTrustStore, getTrustStorePassword, getTrustStoreType, getValidatePeriod, getValidateTimeout, getValidator, isAllowMultipleDns, isAllowMultipleEntries, isDisablePooling, isFailFast, isFollowReferrals, isUseStartTls, isValidateOnCheckout, isValidatePeriodically, setAllowMultipleDns, setAllowMultipleEntries, setBinaryAttributes, setBindCredential, setBindDn, setBlockWaitTime, setConnectionStrategy, setConnectTimeout, setDisablePooling, setFailFast, setFollowReferrals, setHostnameVerifier, setIdleTime, setKeystore, setKeystorePassword, setKeystoreType, setLdapUrl, setMaxPoolSize, setMinPoolSize, setName, setPoolPassivator, setPrunePeriod, setResponseTimeout, setSaslAuthorizationId, setSaslMechanism, setSaslMutualAuth, setSaslQualityOfProtection, setSaslRealm, setSaslSecurityStrength, setTrustCertificates, setTrustManager, setTrustStore, setTrustStorePassword, setTrustStoreType, setUseStartTls, setValidateOnCheckout, setValidatePeriod, setValidatePeriodically, setValidateTimeout, setValidator

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

LdapPasswordManagementProperties

public LdapPasswordManagementProperties()

Method Details

getSecurityQuestionsAttributes

public Map<String,String> getSecurityQuestionsAttributes()

Collection of attribute names that indicate security questions answers. This is done via a key-value structure where the key is the attribute name for the security question and the value is the attribute name for the answer linked to the question.

getAccountLockedAttribute

public String getAccountLockedAttribute()

Name of LDAP attribute that represents the account locked status. The value of the attribute is typically set to "true" if the account is ever updated to indicated a locked status. For Active Directory, this attribute might be called lockoutTime.

getAccountUnlockedAttributeValues

public String[] getAccountUnlockedAttributeValues()

When CAS is about to unlock the user account, it will use the accountLockedAttribute setting to locate the appropriate attribute for the user entry. This attribute will then be assigned the value(s) defined here to unlock the account.

For Active Directory and in scenarios where accountLockedAttribute is set to lockoutTime, this value might be set to zero. A value of zero means that the account is not currently locked out.

Note that the value defined here may be treated as case sensitive by the LDAP server.

getType

public AbstractLdapProperties.LdapType getType()

The specific variant of LDAP based on which update operations will be constructed. Accepted values are: *

• AD
• GENERIC
• FreeIPA
• EDirectory

getUsernameAttribute

public String getUsernameAttribute()

Username attribute required by LDAP.

setSecurityQuestionsAttributes

public LdapPasswordManagementProperties setSecurityQuestionsAttributes(Map<String,String> securityQuestionsAttributes)

Collection of attribute names that indicate security questions answers. This is done via a key-value structure where the key is the attribute name for the security question and the value is the attribute name for the answer linked to the question.

Returns:

this.

setAccountLockedAttribute

public LdapPasswordManagementProperties setAccountLockedAttribute(String accountLockedAttribute)

Name of LDAP attribute that represents the account locked status. The value of the attribute is typically set to "true" if the account is ever updated to indicated a locked status. For Active Directory, this attribute might be called lockoutTime.

Returns:

this.

setAccountUnlockedAttributeValues

public LdapPasswordManagementProperties setAccountUnlockedAttributeValues(String[] accountUnlockedAttributeValues)

When CAS is about to unlock the user account, it will use the accountLockedAttribute setting to locate the appropriate attribute for the user entry. This attribute will then be assigned the value(s) defined here to unlock the account.

For Active Directory and in scenarios where accountLockedAttribute is set to lockoutTime, this value might be set to zero. A value of zero means that the account is not currently locked out.

Note that the value defined here may be treated as case sensitive by the LDAP server.

Returns:

this.

setType

public LdapPasswordManagementProperties setType(AbstractLdapProperties.LdapType type)

The specific variant of LDAP based on which update operations will be constructed. Accepted values are: *

• AD
• GENERIC
• FreeIPA
• EDirectory

Returns:

this.

setUsernameAttribute

public LdapPasswordManagementProperties setUsernameAttribute(String usernameAttribute)

Username attribute required by LDAP.

Returns:

this.