Jive Forums API (5.5.20.2-oracle) Developer Javadocs

com.jivesoftware.base.ldap
Class LdapManager

java.lang.Object
  extended by com.jivesoftware.base.ldap.LdapManager

public class LdapManager
extends java.lang.Object

Centralized administration of LDAP connections. The getInstance() method should be used to get an instace. The following Jive properties correspond to the properties of this manager:

The LDAP module operates in one of two modes:

LDAP connections are made via JNDI using the Sun LDAP provider.


Field Summary
static int ALL_LDAP_MODE
          The mode for storing all user data in LDAP, including Jive-specific data.
static java.lang.String LDAP_ADMIN_PASSWORD
           
static java.lang.String LDAP_ADMIN_PASSWORD_ENCRYPTED
           
static java.lang.String LDAP_ADMIN_PASSWORD_KEY
           
static int LDAP_DB_MODE
          The mode for storing only critical user data in LDAP (username, name, and email) and all other Jive-specific user data in the normal database tables.
 
Method Summary
 boolean checkAuthentication(java.lang.String userDN, java.lang.String password)
          Returns true if the user is able to successfully authenticate against the LDAP server.
 java.lang.String findUserDN(java.lang.String username)
          Finds a user's dn using their username.
 java.lang.String findUserDN(java.lang.String username, java.lang.String baseDN)
          Finds a user's dn using their username in the specified baseDN.
 java.lang.String getAdminDN()
          Returns the starting admin DN that searches for admins will performed with.
 java.lang.String getAdminPassword()
          Returns the starting admin DN that searches for admins will performed with.
 java.lang.String getAlternateBaseDN()
          Returns the alternate starting DN that searches for users will performed with.
 java.lang.String getBaseDN()
          Returns the starting DN that searches for users will performed with.
 javax.naming.directory.DirContext getContext()
          Returns a DirContext for the LDAP server that can be used to perform lookups and searches using the default base DN.
 javax.naming.directory.DirContext getContext(java.lang.String baseDN)
          Returns a DirContext for the LDAP server that can be used to perform lookups and searches using the specified base DN.
 java.lang.String getEmailField()
          Returns the LDAP field name that the user's email address is stored in.
 java.lang.String getGroupDescriptionField()
          Return the field used to describe a group.
 java.lang.String getGroupMemberField()
          Return the field used to list members within a group.
 java.lang.String getGroupNameField()
          Returns the field name used for groups.
 java.lang.String getGroupSearchFilter()
          Return the field used as the search filter when searching for groups.
 java.lang.String getHost()
          Returns the LDAP server host; e.g.
static LdapManager getInstance()
          Provides singleton access to an instance of the LdapManager class.
 int getMode()
          Returns the LDAP mode that is being used.
 java.lang.String getNameField()
          Returns the LDAP field name that the user's name is stored in.
 int getPort()
          Returns the LDAP server port number.
 java.lang.String getSearchFilter()
          Returns the filter used for searching the directory for users.
 java.lang.String getUsernameField()
          Returns the LDAP field name that the username lookup will be performed on.
 boolean isDebugEnabled()
          Returns true if LDAP connection debugging is turned on.
 boolean isPosixMode()
          Return true if the LDAP server is operating in Posix mode.
 boolean isSslEnabled()
          Returns true if LDAP connection is via SSL or not.
 boolean prepareEncryptionUtil()
           
 void setAdminDN(java.lang.String adminDN)
          Sets the starting admin DN that searches for admins will performed with.
 void setAdminPassword(java.lang.String adminPassword)
          Sets the admin password for the LDAP server we're connecting to.
 void setAlternateBaseDN(java.lang.String alternateBaseDN)
          Sets the alternate starting DN that searches for users will performed with.
 void setBaseDN(java.lang.String baseDN)
          Sets the starting DN that searches for users will performed with.
 void setDebugEnabled(boolean debugEnabled)
          Sets whether LDAP connection debugging is turned on.
 void setEmailField(java.lang.String emailField)
          Sets the LDAP field name that the user's email address is stored in.
 void setGroupDescriptionField(java.lang.String groupDescriptionField)
          Sets the field used to describe a group.
 void setGroupmemberField(java.lang.String groupMemberField)
          Sets the field used to list members within a group.
 void setGroupNameField(java.lang.String groupNameField)
          Sets the field name used for groups.
 void setGroupSearchFilter(java.lang.String groupSearchFilter)
          Sets the field used as the search filter when searching for groups.
 void setHost(java.lang.String host)
          Sets the LDAP server host; e.g., localhost or machine.example.com, etc.
 void setMode(int mode)
          Sets the LDAP mode that should be used.
 void setNameField(java.lang.String nameField)
          Sets the LDAP field name that the user's name is stored in.
 void setPort(int port)
          Sets the LDAP server port number.
 void setPostfixMode(boolean posixMode)
          Sets whether the LDAP server is operating in Posix mode.
 void setSearchFilter(java.lang.String searchFilter)
          Sets the filter used for searching the directory for users.
 void setSslEnabled(boolean sslEnabled)
          Sets whether the connection to the LDAP server should be made via ssl or not.
 void setUsernameField(java.lang.String usernameField)
          Sets the LDAP field name that the username lookup will be performed on.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ALL_LDAP_MODE

public static final int ALL_LDAP_MODE
The mode for storing all user data in LDAP, including Jive-specific data.

See Also:
Constant Field Values

LDAP_DB_MODE

public static final int LDAP_DB_MODE
The mode for storing only critical user data in LDAP (username, name, and email) and all other Jive-specific user data in the normal database tables.

See Also:
Constant Field Values

LDAP_ADMIN_PASSWORD_KEY

public static final java.lang.String LDAP_ADMIN_PASSWORD_KEY
See Also:
Constant Field Values

LDAP_ADMIN_PASSWORD

public static final java.lang.String LDAP_ADMIN_PASSWORD
See Also:
Constant Field Values

LDAP_ADMIN_PASSWORD_ENCRYPTED

public static final java.lang.String LDAP_ADMIN_PASSWORD_ENCRYPTED
See Also:
Constant Field Values
Method Detail

getInstance

public static LdapManager getInstance()
Provides singleton access to an instance of the LdapManager class.

Returns:
an LdapManager instance.

getContext

public javax.naming.directory.DirContext getContext()
                                             throws javax.naming.NamingException
Returns a DirContext for the LDAP server that can be used to perform lookups and searches using the default base DN. The context uses the admin login that is defined by adminDN and adminPassword.

Returns:
a connection to the LDAP server.
Throws:
javax.naming.NamingException - if there is an error making the LDAP connection.

getContext

public javax.naming.directory.DirContext getContext(java.lang.String baseDN)
                                             throws javax.naming.NamingException
Returns a DirContext for the LDAP server that can be used to perform lookups and searches using the specified base DN. The context uses the admin login that is defined by adminDN and adminPassword.

Parameters:
baseDN - the base DN to use for the context.
Returns:
a connection to the LDAP server.
Throws:
javax.naming.NamingException - if there is an error making the LDAP connection.

checkAuthentication

public boolean checkAuthentication(java.lang.String userDN,
                                   java.lang.String password)
Returns true if the user is able to successfully authenticate against the LDAP server. The "simple" authentication protocol is used.

Parameters:
userDN - the user's dn to authenticate (relative to baseDN).
password - the user's password.
Returns:
true if the user successfully authenticates.

findUserDN

public java.lang.String findUserDN(java.lang.String username)
                            throws java.lang.Exception
Finds a user's dn using their username. Normally, this search will be performed using the field "uid", but this can be changed by setting the usernameField property.

Searches are performed over all subtrees relative to the baseDN. If the search fails in the baseDN then another search will be performed in the alternateBaseDN. For example, if the baseDN is "o=jivesoftware, o=com" and we do a search for "mtucker", then we might find a userDN of "uid=mtucker,ou=People". This kind of searching is a good thing since it doesn't make the assumption that all user records are stored in a flat structure. However, it does add the requirement that "uid" field (or the other field specified) must be unique over the entire subtree from the baseDN. For example, it's entirely possible to create two dn's in your LDAP directory with the same uid: "uid=mtucker,ou=People" and "uid=mtucker,ou=Administrators". In such a case, it's not possible to uniquely identify a user, so this method will throw an error.

The dn that's returned is relative to the default baseDN.

Parameters:
username - the username to lookup the dn for.
Returns:
the dn associated with username.
Throws:
java.lang.Exception - if the search for the dn fails.

findUserDN

public java.lang.String findUserDN(java.lang.String username,
                                   java.lang.String baseDN)
                            throws java.lang.Exception
Finds a user's dn using their username in the specified baseDN. Normally, this search will be performed using the field "uid", but this can be changed by setting the usernameField property.

Searches are performed over all subtrees relative to the baseDN. For example, if the baseDN is "o=jivesoftware, o=com" and we do a search for "mtucker", then we might find a userDN of "uid=mtucker,ou=People". This kind of searching is a good thing since it doesn't make the assumption that all user records are stored in a flat structure. However, it does add the requirement that "uid" field (or the other field specified) must be unique over the entire subtree from the baseDN. For example, it's entirely possible to create two dn's in your LDAP directory with the same uid: "uid=mtucker,ou=People" and "uid=mtucker,ou=Administrators". In such a case, it's not possible to uniquely identify a user, so this method will throw an error.

The dn that's returned is relative to the baseDN.

Parameters:
username - the username to lookup the dn for.
baseDN - the base DN to use for this search.
Returns:
the dn associated with username.
Throws:
java.lang.Exception - if the search for the dn fails.
See Also:
to search using the default baseDN and alternateBaseDN.

getHost

public java.lang.String getHost()
Returns the LDAP server host; e.g. localhost or machine.example.com, etc. This value is stored as the Jive Property ldap.host.

Returns:
the LDAP server host name.

setHost

public void setHost(java.lang.String host)
Sets the LDAP server host; e.g., localhost or machine.example.com, etc. This value is store as the Jive Property ldap.host

Parameters:
host - the LDAP server host name.

getPort

public int getPort()
Returns the LDAP server port number. The default is 389. This value is stored as the Jive Property ldap.port.

Returns:
the LDAP server port number.

setPort

public void setPort(int port)
Sets the LDAP server port number. The default is 389. This value is stored as the Jive property ldap.port.

Parameters:
port - the LDAP server port number.

isDebugEnabled

public boolean isDebugEnabled()
Returns true if LDAP connection debugging is turned on. When on, trace information about BER buffers sent and received by the LDAP provider is written to System.out. Debugging is turned off by default.

Returns:
true if LDAP debugging is turned on.

setDebugEnabled

public void setDebugEnabled(boolean debugEnabled)
Sets whether LDAP connection debugging is turned on. When on, trace information about BER buffers sent and received by the LDAP provider is written to System.out. Debugging is turned off by default.

Parameters:
debugEnabled - true if debugging should be turned on.

isSslEnabled

public boolean isSslEnabled()
Returns true if LDAP connection is via SSL or not. SSL is turned off by default.

Returns:
true if SSL connections are enabled or not.

setSslEnabled

public void setSslEnabled(boolean sslEnabled)
Sets whether the connection to the LDAP server should be made via ssl or not.

Parameters:
sslEnabled - true if ssl should be enabled, false otherwise.

getUsernameField

public java.lang.String getUsernameField()
Returns the LDAP field name that the username lookup will be performed on. By default this is "uid".

Returns:
the LDAP field that the username lookup will be performed on.

setUsernameField

public void setUsernameField(java.lang.String usernameField)
Sets the LDAP field name that the username lookup will be performed on. By default this is "uid".

Parameters:
usernameField - the LDAP field that the username lookup will be performed on.

getNameField

public java.lang.String getNameField()
Returns the LDAP field name that the user's name is stored in. By default this is "cn". Another common value is "displayName".

Returns:
the LDAP field that that correspond's to the user's name.

setNameField

public void setNameField(java.lang.String nameField)
Sets the LDAP field name that the user's name is stored in. By default this is "cn". Another common value is "displayName".

Parameters:
nameField - the LDAP field that that correspond's to the user's name.

getEmailField

public java.lang.String getEmailField()
Returns the LDAP field name that the user's email address is stored in. By default this is "mail".

Returns:
the LDAP field that that correspond's to the user's email address.

setEmailField

public void setEmailField(java.lang.String emailField)
Sets the LDAP field name that the user's email address is stored in. By default this is "mail".

Parameters:
emailField - the LDAP field that that correspond's to the user's email address.

getBaseDN

public java.lang.String getBaseDN()
Returns the starting DN that searches for users will performed with. Searches will performed on the entire sub-tree under the base DN.

Returns:
the starting DN used for performing searches.

setBaseDN

public void setBaseDN(java.lang.String baseDN)
Sets the starting DN that searches for users will performed with. Searches will performed on the entire sub-tree under the base DN.

Parameters:
baseDN - the starting DN used for performing searches.

getAlternateBaseDN

public java.lang.String getAlternateBaseDN()
Returns the alternate starting DN that searches for users will performed with. Searches will performed on the entire sub-tree under the alternate base DN after they are performed on the main base DN.

Returns:
the alternate starting DN used for performing searches. If no alternate DN is set, this method will return null.

setAlternateBaseDN

public void setAlternateBaseDN(java.lang.String alternateBaseDN)
Sets the alternate starting DN that searches for users will performed with. Searches will performed on the entire sub-tree under the alternate base DN after they are performed on the main base dn.

Parameters:
alternateBaseDN - the alternate starting DN used for performing searches.

getAdminDN

public java.lang.String getAdminDN()
Returns the starting admin DN that searches for admins will performed with. Searches will performed on the entire sub-tree under the admin DN.

Returns:
the starting DN used for performing searches.

setAdminDN

public void setAdminDN(java.lang.String adminDN)
Sets the starting admin DN that searches for admins will performed with. Searches will performed on the entire sub-tree under the admins DN.

Parameters:
adminDN - the starting DN used for performing admin searches.

getAdminPassword

public java.lang.String getAdminPassword()
Returns the starting admin DN that searches for admins will performed with. Searches will performed on the entire sub-tree under the admin DN.

Returns:
the starting DN used for performing searches.

setAdminPassword

public void setAdminPassword(java.lang.String adminPassword)
Sets the admin password for the LDAP server we're connecting to.

Parameters:
adminPassword - the admin password for the LDAP server we're connecting to.

getMode

public int getMode()
Returns the LDAP mode that is being used. Valid values are LdapManager.ALL_LDAP_MODE and LdapManager.LDAP_DB_MODE. The mode dictates what user data will be stored and what data (if any) will be stored in the database. Authentication is always performed using LDAP regardless of the mode.

Returns:
the current mode.

setMode

public void setMode(int mode)
Sets the LDAP mode that should be used. Valid values are LdapManager.ALL_LDAP_MODE and LdapManager.LDAP_DB_MODE. The mode dictates what user data will be stored and what data (if any) will be stored in the database. Authentication is always performed using LDAP regardless of the mode.

Parameters:
mode - the mode to use.

getSearchFilter

public java.lang.String getSearchFilter()
Returns the filter used for searching the directory for users.

Returns:
the search filter.

setSearchFilter

public void setSearchFilter(java.lang.String searchFilter)
Sets the filter used for searching the directory for users. The filter should contain a single token "{0}" that will be dynamically replaced with the user's unique ID.

Parameters:
searchFilter - the search filter.

getGroupNameField

public java.lang.String getGroupNameField()
Returns the field name used for groups. Value of groupNameField defaults to "cn".

Returns:
the field used for groups.

setGroupNameField

public void setGroupNameField(java.lang.String groupNameField)
Sets the field name used for groups.

Parameters:
groupNameField - the field used for groups.

getGroupMemberField

public java.lang.String getGroupMemberField()
Return the field used to list members within a group. Value of groupMemberField defaults to "member".

Returns:
the field used to list members within a group.

setGroupmemberField

public void setGroupmemberField(java.lang.String groupMemberField)
Sets the field used to list members within a group. Value of groupMemberField defaults to "member".

Parameters:
groupMemberField - the field used to list members within a group.

getGroupDescriptionField

public java.lang.String getGroupDescriptionField()
Return the field used to describe a group. Value of groupDescriptionField defaults to "description".

Returns:
the field used to describe a group.

setGroupDescriptionField

public void setGroupDescriptionField(java.lang.String groupDescriptionField)
Sets the field used to describe a group. Value of groupDescriptionField defaults to "description".

Parameters:
groupDescriptionField - the field used to describe a group.

isPosixMode

public boolean isPosixMode()
Return true if the LDAP server is operating in Posix mode. By default false is returned. When in Posix mode, users are stored within a group by their username alone. When not enabled, users are stored in a group using their entire DN.

Returns:
true if posix mode is being used by the LDAP server.

setPostfixMode

public void setPostfixMode(boolean posixMode)
Sets whether the LDAP server is operating in Posix mode. When in Posix mode, users are stored within a group by their username alone. When not enabled, users are stored in a group using their entire DN.

Parameters:
posixMode - true if posix mode is being used by the LDAP server.

getGroupSearchFilter

public java.lang.String getGroupSearchFilter()
Return the field used as the search filter when searching for groups. Value of groupSearchFilter defaults "(groupMemberField=*)".

Returns:
the field used as the search filter when searching for groups.

setGroupSearchFilter

public void setGroupSearchFilter(java.lang.String groupSearchFilter)
Sets the field used as the search filter when searching for groups. Value of groupSearchFilter defaults "(groupMemberField=*)".

Parameters:
groupSearchFilter - the field used as the search filter when searching for groups.

prepareEncryptionUtil

public boolean prepareEncryptionUtil()

Jive Forums Project Page

Copyright © 1999-2006 Jive Software.