Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.opensymphony.user.provider.ldap
Class LDAPCredentialsProvider

java.lang.Object
  extended bycom.opensymphony.user.provider.ldap.LDAPCredentialsProvider
All Implemented Interfaces:
CredentialsProvider, java.io.Serializable, UserProvider
public class LDAPCredentialsProvider
extends java.lang.Object
implements CredentialsProvider

Provider for checking credentials against a LDAP directory.

Tries to connect to an LDAP directory with the specified username/password. Succeeds or fails depending on whether the LDAP authentication succeeds/fails.

The authentication algorithm is as follows:

  • Establish an anonymous or authenticated connection with LDAP
  • Search within a subtree for a node representing the user, eg. search below 'ou=People,dc=example,dc=com' for (uid=fred) if the username is 'fred'.
  • If a user node is found (eg. 'uid=fred,ou=People,dc=example,dc=com'), try to connect to LDAP again, using the found node as the 'bind DN', and using the user's password.
  • If this second connection succeeds, return true

A sample osuser.xml configuration: 

 <provider class="com.opensymphony.user.provider.ldap.LDAPCredentialsProvider">
     <property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property>
     <property name="java.naming.provider.url">ldap://localhost:389</property>
     <property name="searchBase">ou=People,dc=example,dc=com</property>
     <property name="uidSearchName">uid</property>
     <property name="java.naming.security.principal">cn=admin,dc=example,dc=com</property>
     <property name="java.naming.security.credentials">secret</property>
     <property name="exclusive-access">true</property>
    </provider>
The security principal and credentials lines are optional, depending on whether your initial connection need be authenticated or not.

Currently, there must be at least one other non-LDAP CredentialsProvider configured for this provider to work. This is because there are user management features that LDAPCredentialsProvider does not provide on its own (create/delete user, change password). When calls to these methods are made, LDAPCredentialsProvider delegates the call to the other CredentialsProvider implementation.

Notes:

  • Entering blank password will always fail, regardless of whether the underlying LDAP allows anonymous user connects.
  • If the initial LDAP connection cannot be established, or there is an unexpected error, the authentication attempt is passed on to other non-LDAP CredentialsProvider.
  • If the user exists in LDAP but the password was incorrect, the module fails without consulting other CredentialsProviders.
  • Turning logging up to DEBUG will reveal details on authentication attempts.

Author:
Jeff Turner, Andrzej Michalec
See Also:
Serialized Form

Constructor Summary
LDAPCredentialsProvider()
           
 
Method Summary
 boolean authenticate(java.lang.String name, java.lang.String password)
          Check password supplied matches that of User.
 boolean changePassword(java.lang.String name, java.lang.String password)
          Change password of user.
 boolean create(java.lang.String name)
          Create new Entity with given name.
 void flushCaches()
          Flush the providers caches - if it is caching.
 boolean handles(java.lang.String name)
          Determine whether this UserProvider implementation is responsible for handling this Entity.
 boolean init(java.util.Properties properties)
          Called by UserManager before any other method.
 java.util.List list()
          Returns List of names (Strings) of all Entities that can be accessed by this UserProvider If this UserProvider cannot retrieve a list of names, null is to be returned.
 boolean load(java.lang.String name, Entity.Accessor accessor)
          Load Entity.
 boolean remove(java.lang.String name)
          Remove Entity with given name.
 boolean store(java.lang.String name, Entity.Accessor accessor)
          Stores changes to Entity.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LDAPCredentialsProvider

public LDAPCredentialsProvider()
Method Detail

authenticate

public boolean authenticate(java.lang.String name,
                            java.lang.String password)
Description copied from interface: CredentialsProvider
Check password supplied matches that of User.

Specified by:
authenticate in interface CredentialsProvider

changePassword

public boolean changePassword(java.lang.String name,
                              java.lang.String password)
Description copied from interface: CredentialsProvider
Change password of user.

Specified by:
changePassword in interface CredentialsProvider

create

public boolean create(java.lang.String name)
Description copied from interface: UserProvider
Create new Entity with given name.

Specified by:
create in interface UserProvider
Returns:
Whether entity was successfully created.

flushCaches

public void flushCaches()
Description copied from interface: UserProvider
Flush the providers caches - if it is caching. Providers may implement their own caching strategies. This method merely indicates to the provider that it should flush it's caches now.

Specified by:
flushCaches in interface UserProvider

handles

public boolean handles(java.lang.String name)
Description copied from interface: UserProvider
Determine whether this UserProvider implementation is responsible for handling this Entity.

Specified by:
handles in interface UserProvider

init

public boolean init(java.util.Properties properties)
Description copied from interface: UserProvider
Called by UserManager before any other method. Allows for UserProvider specific initialization.

Specified by:
init in interface UserProvider
Parameters:
properties - Extra properties passed across by UserManager.

list

public java.util.List list()
Description copied from interface: UserProvider
Returns List of names (Strings) of all Entities that can be accessed by this UserProvider If this UserProvider cannot retrieve a list of names, null is to be returned. If there are no current Entities stored by this provider, an empty List is to be returned. The order of names returned can be determined by the UserProvider (it may or may not be relevant). This List should be immutable.

Specified by:
list in interface UserProvider

load

public boolean load(java.lang.String name,
                    Entity.Accessor accessor)
Description copied from interface: UserProvider
Load Entity.

Specified by:
load in interface UserProvider
Returns:
Whether entity was successfully loaded.

remove

public boolean remove(java.lang.String name)
Description copied from interface: UserProvider
Remove Entity with given name.

Specified by:
remove in interface UserProvider
Returns:
Whether entity was successfully removed.

store

public boolean store(java.lang.String name,
                     Entity.Accessor accessor)
Description copied from interface: UserProvider
Stores changes to Entity.

Specified by:
store in interface UserProvider
Returns:
Whether changes to entity were successfully stored.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
See www.opensymphony.com for more information.
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright 2000-2005 - OpenSymphony