Modifier and Type | Field and Description |
---|---|
static String |
LDAP_DISABLED
Whether authentication via LDAP is disabled
|
static String |
LDAP_DOMAIN
The domain for the LDAP authentication
|
static String |
LDAP_GROUP_BASE_DN
The base-DN for LDAP-groups
|
static String |
LDAP_HOST
The LDAP host
|
static String |
LDAP_ID_ATTRIBUTE
The name of the LDAP-attribute containing the user-id used for authentication
|
static String |
LDAP_PASSWORD
Password of the LDAP service-user
|
static String |
LDAP_PRINCIPAL_SCHEME
How the LDAP principal is derived from a given username when logging in (DN, SAM, UPN)
|
static String |
LDAP_START_TLS
Whether to use STARTTLS for the LDAP connection
|
static String |
LDAP_USER
The name of the LDAP service-user
|
static String |
LDAP_USER_BASE_DN
The base-DN for LDAP-users
|
Constructor and Description |
---|
LdapService() |
Modifier and Type | Method and Description |
---|---|
List<SubjectImpl> |
getMembersOfGroup(Site site,
String groupName)
Fetches the members of a given group and returns them as a List of
SubjectImpl objects. |
List<String> |
loginGroup(Site site,
String username,
char[] password,
SubjectImpl subject,
List<String> groupNames)
Tries to login the user as a member of at least one of the given groups.
|
boolean |
loginUser(Site site,
String username,
char[] password)
Tries to login the user with the given username and password.
|
void |
setLdapCtxFactory(String ldapCtxFactory)
Set another factory class to be used as JNDI parameter
Context.INITIAL_CONTEXT_FACTORY . |
public static final String LDAP_DISABLED
public static final String LDAP_DOMAIN
public static final String LDAP_GROUP_BASE_DN
public static final String LDAP_HOST
public static final String LDAP_ID_ATTRIBUTE
public static final String LDAP_PASSWORD
public static final String LDAP_PRINCIPAL_SCHEME
public static final String LDAP_START_TLS
public static final String LDAP_USER
public static final String LDAP_USER_BASE_DN
public void setLdapCtxFactory(String ldapCtxFactory)
Context.INITIAL_CONTEXT_FACTORY
. This is primarily
useful for unit testing. The default value is com.sun.jndi.ldap.LdapCtxFactory
.ldapCtxFactory
- an alternative context factory class to be used.public boolean loginUser(Site site, String username, char[] password)
site
- the Site
the user wants to login atusername
- The plain name of the user without base-DN. This name will be mapped to an LDAP principal
according to the value of "ldapPrincipalScheme".
"ldapIdAttribute"=username,"ldapUserBaseDn"
(this should work
with any LDAP server)username@"ldapDomain"
(probably most common name
format to log on to Active Directory, @see MSDN on LDAP simple
authentication)"ldapDomain"\username
(name format including
sAMAccountName and NetBios name to logon to active Directory)password
- the password of the usertrue
if the user could be successfully logged in, null
otherwisepublic List<String> loginGroup(Site site, String username, char[] password, SubjectImpl subject, List<String> groupNames)
loginUser(Site, String, char[])
.site
- the Site
the user wants to login atusername
- the name of the userpassword
- the password of the usersubject
- a SubjectImpl
where the name and real name are set, in case the user belongs to at
least one of the given groupsgroupNames
- a list containing the names of all groups to check group membership for (without base-DN, this
is set in the site-property "ldapGroupBaseDn")public List<SubjectImpl> getMembersOfGroup(Site site, String groupName)
SubjectImpl
objects. Members are LDAP
Objects in the member
attribute(s) of
"ldapIdAttribute"=groupName,"ldapGroupBaseDn"
.site
- the Site
in which the application using this group is runninggroupName
- the name of the group whose members should be fetchedCopyright © 2011–2021 aiticon GmbH. All rights reserved.