com.opensymphony.user.provider.ldap
Class LDAPCredentialsProvider

java.lang.Object
  com.opensymphony.user.provider.ldap.LDAPCredentialsProvider

All Implemented Interfaces:

CredentialsProvider, java.io.Serializable, UserProvider

public class LDAPCredentialsProvider

extends java.lang.Object

implements CredentialsProvider

Provider for checking credentials against a LDAP directory.

Tries to connect to an LDAP directory with the specified username/password. Succeeds or fails depending on whether the LDAP authentication succeeds/fails.

The authentication algorithm is as follows:

• Establish an anonymous or authenticated connection with LDAP
• Search within a subtree for a node representing the user, eg. search below 'ou=People,dc=example,dc=com' for (uid=fred) if the username is 'fred'.
• If a user node is found (eg. 'uid=fred,ou=People,dc=example,dc=com'), try to connect to LDAP again, using the found node as the 'bind DN', and using the user's password.
• If this second connection succeeds, return true

A sample osuser.xml configuration:

 <provider class="com.opensymphony.user.provider.ldap.LDAPCredentialsProvider">
     <property name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</property>
     <property name="java.naming.provider.url">ldap://localhost:389</property>
     <property name="searchBase">ou=People,dc=example,dc=com</property>
     <property name="uidSearchName">uid</property>
     <property name="java.naming.security.principal">cn=admin,dc=example,dc=com</property>
     <property name="java.naming.security.credentials">secret</property>
     <property name="exclusive-access">true</property>
    </provider>
 

The security principal and credentials lines are optional, depending on whether your initial connection need be authenticated or not.

Currently, there must be at least one other non-LDAP CredentialsProvider configured for this provider to work. This is because there are user management features that LDAPCredentialsProvider does not provide on its own (create/delete user, change password). When calls to these methods are made, LDAPCredentialsProvider delegates the call to the other CredentialsProvider implementation.

Notes:

• Entering blank password will always fail, regardless of whether the underlying LDAP allows anonymous user connects.
• If the initial LDAP connection cannot be established, or there is an unexpected error, the authentication attempt is passed on to other non-LDAP CredentialsProvider.
• If the user exists in LDAP but the password was incorrect, the module fails without consulting other CredentialsProviders.
• Turning logging up to DEBUG will reveal details on authentication attempts.

Author:

Jeff Turner, Andrzej Michalec

See Also:

Serialized Form

Constructor Summary

LDAPCredentialsProvider()

Method Summary

boolean	authenticate(java.lang.String name, java.lang.String password) Check password supplied matches that of User.
boolean	changePassword(java.lang.String name, java.lang.String password) Change password of user.
boolean	create(java.lang.String name) Create new Entity with given name.
void	flushCaches() Flush the providers caches - if it is caching.
boolean	handles(java.lang.String name) Determine whether this UserProvider implementation is responsible for handling this Entity.
boolean	init(java.util.Properties properties) Called by UserManager before any other method.
java.util.List	list() Returns List of names (Strings) of all Entities that can be accessed by this UserProvider If this UserProvider cannot retrieve a list of names, null is to be returned.
boolean	load(java.lang.String name, Entity.Accessor accessor) Load Entity.
boolean	remove(java.lang.String name) Remove Entity with given name.
boolean	store(java.lang.String name, Entity.Accessor accessor) Stores changes to Entity.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LDAPCredentialsProvider

public LDAPCredentialsProvider()

Method Detail

authenticate

public boolean authenticate(java.lang.String name,
                            java.lang.String password)

Description copied from interface: CredentialsProvider

Check password supplied matches that of User.

Specified by:

authenticate in interface CredentialsProvider

changePassword

public boolean changePassword(java.lang.String name,
                              java.lang.String password)

Description copied from interface: CredentialsProvider

Change password of user.

Specified by:

changePassword in interface CredentialsProvider

create

public boolean create(java.lang.String name)

Description copied from interface: UserProvider

Create new Entity with given name.

Specified by:

create in interface UserProvider

Returns:

Whether entity was successfully created.

flushCaches

public void flushCaches()

Description copied from interface: UserProvider

Flush the providers caches - if it is caching. Providers may implement their own caching strategies. This method merely indicates to the provider that it should flush it's caches now.

Specified by:

flushCaches in interface UserProvider

handles

public boolean handles(java.lang.String name)

Description copied from interface: UserProvider

Determine whether this UserProvider implementation is responsible for handling this Entity.

Specified by:

handles in interface UserProvider

init

public boolean init(java.util.Properties properties)

Description copied from interface: UserProvider

Called by UserManager before any other method. Allows for UserProvider specific initialization.

Specified by:

init in interface UserProvider

Parameters:

properties - Extra properties passed across by UserManager.

list

public java.util.List list()

Description copied from interface: UserProvider

Returns List of names (Strings) of all Entities that can be accessed by this UserProvider If this UserProvider cannot retrieve a list of names, null is to be returned. If there are no current Entities stored by this provider, an empty List is to be returned. The order of names returned can be determined by the UserProvider (it may or may not be relevant). This List should be immutable.

Specified by:

list in interface UserProvider

load

public boolean load(java.lang.String name,
                    Entity.Accessor accessor)

Description copied from interface: UserProvider

Load Entity.

Specified by:

load in interface UserProvider

Returns:

Whether entity was successfully loaded.

remove

public boolean remove(java.lang.String name)

Description copied from interface: UserProvider

Remove Entity with given name.

Specified by:

remove in interface UserProvider

Returns:

Whether entity was successfully removed.

store

public boolean store(java.lang.String name,
                     Entity.Accessor accessor)

Description copied from interface: UserProvider

Stores changes to Entity.

Specified by:

store in interface UserProvider

Returns:

Whether changes to entity were successfully stored.