com.atlassian.crowd.directory.ldap

Class LDAPPropertiesMapperImpl

java.lang.Object

com.atlassian.crowd.directory.ldap.LDAPPropertiesMapperImpl

All Implemented Interfaces:

LDAPPropertiesMapper

public class LDAPPropertiesMapperImpl
extends Object
implements LDAPPropertiesMapper

Field Summary

Fields

Modifier and Type	Field and Description
static String	CONNECTION_BINARY_ATTRIBUTES LDAP binary attributes.
static String	CONNECTION_FACTORY LDAP connection factory.
static String	CONNECTION_FACTORY_SSL_IMPL LDAP secure connection factory.
static String	CONNECTION_INITIAL_CONTEXT_FACTORY LDAP initial context factory.
static String	CONNECTION_SECURITY_AUTHENTICATION LDAP connection method.
static String	CONNECTION_SSL_SECURITY_PROTOCOL LDAP secure connection method.

Fields inherited from interface com.atlassian.crowd.directory.ldap.LDAPPropertiesMapper

GROUP_DESCRIPTION_KEY, GROUP_DN_ADDITION, GROUP_NAME_KEY, GROUP_OBJECTCLASS_KEY, GROUP_OBJECTFILTER_KEY, GROUP_USERNAMES_KEY, LDAP_BASEDN_KEY, LDAP_EXTERNAL_ID, LDAP_FILTER_EXPIRED_USERS, LDAP_GROUP_EXTERNAL_ID, LDAP_NESTED_GROUPS_DISABLED, LDAP_PAGEDRESULTS_KEY, LDAP_PAGEDRESULTS_SIZE, LDAP_PASSWORD_KEY, LDAP_POOL_INITSIZE, LDAP_POOL_MAXSIZE, LDAP_POOL_PREFSIZE, LDAP_POOL_TIMEOUT, LDAP_POOLING_KEY, LDAP_PROPOGATE_CHANGES, LDAP_REFERRAL_KEY, LDAP_RELAXED_DN_STANDARDISATION, LDAP_SEARCH_TIMELIMIT, LDAP_SECURE_KEY, LDAP_URL_KEY, LDAP_USER_ENCRYPTION_METHOD, LDAP_USERDN_KEY, LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE, LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP, LOCAL_GROUPS, PRIMARY_GROUP_SUPPORT, ROLE_DESCRIPTION_KEY, ROLE_DN_ADDITION, ROLE_NAME_KEY, ROLE_OBJECTCLASS_KEY, ROLE_OBJECTFILTER_KEY, ROLE_USERNAMES_KEY, ROLES_DISABLED, USER_DISPLAYNAME_KEY, USER_DN_ADDITION, USER_EMAIL_KEY, USER_FIRSTNAME_KEY, USER_GROUP_KEY, USER_LASTNAME_KEY, USER_OBJECTCLASS_KEY, USER_OBJECTFILTER_KEY, USER_PASSWORD_KEY, USER_USERNAME_KEY, USER_USERNAME_RDN_KEY

Constructor Summary

Constructors

Constructor and Description
LDAPPropertiesMapperImpl(LDAPPropertiesHelper ldapPropertiesHelper)

Method Summary

Modifier and Type	Method and Description
String	getAttribute(String key)
Map<String,String>	getAttributes()
String	getBaseDN()
protected boolean	getBooleanKey(String key)
protected boolean	getBooleanKey(String key, boolean defaultValue)
int	getCacheSynchroniseInterval() Returns the interval in seconds when the local Cache should be synchronized with LDAP.
Map<String,Properties>	getConfigurationDetails() Returns a map of the LDAP names as the keys and the properties associated with that LDAP connector.
protected String	getConnectionTimeout()
String	getConnectionURL()
Map<String,Object>	getEnvironment()
String	getExternalIdAttribute() Get the LDAP unique ID attribute.
String	getGroupBaseDN()
String	getGroupDescriptionAttribute()
String	getGroupExternalIdAttribute()
String	getGroupFilter()
String	getGroupMemberAttribute()
String	getGroupNameAttribute()
String	getGroupObjectClass()
Map<String,String>	getImplementations() Returns a map of the LDAP names as the keys and the implementation class as Strings.
List<LdapTypeConfig>	getLdapTypeConfigurations() Get a list of Ldap Type Configuration objects.
String	getObjectClassAttribute()
int	getPagedResultsSize()
String	getPassword()
protected String	getPoolInitSize()
protected String	getPoolMaxSize()
protected String	getPoolPrefSize()
protected String	getPoolTimeout()
String	getPrincipalBaseDN()
protected String	getReadTimeout()
String	getRoleBaseDN()
String	getRoleDescriptionAttribute()
String	getRoleFilter()
String	getRoleMemberAttribute()
String	getRoleNameAttribute()
String	getRoleObjectClass()
int	getSearchTimeLimit()
LdapSecureMode	getSecureMode()
String	getUserDisplayNameAttribute()
String	getUserEmailAttribute()
String	getUserEncryptionMethod()
String	getUserFilter()
String	getUserFirstNameAttribute()
String	getUserGroupMembershipsAttribute()
String	getUserLastNameAttribute()
String	getUsername()
String	getUserNameAttribute()
String	getUserNameRdnAttribute()
String	getUserObjectClass()
String	getUserPasswordAttribute()
boolean	isFilteringExpiredUsers() Specify whether expired users should be filtered out.
protected boolean	isLdaps() If the connection must be secure.
boolean	isLocalGroupsEnabled() Returns true if groups and group memberships are to be mutated only (created, updated, deleted) in local storage, otherwise the mutations will be propagated to the underlying LDAP implementation (full read-write LDAP groups).
boolean	isLocalUserStatusEnabled() Returns true if user status are updated independently in the Crowd cache and the remote directory.
boolean	isNestedGroupsDisabled()
boolean	isPagedResultsControl() Checks if the configuration of the LDAP directory server uses paged results.
boolean	isPrimaryGroupSupported()
boolean	isReferral() Returns true if referrals should be followed.
boolean	isRelaxedDnStandardisation() Whether we should use the more expensive but completely cross-directory compatible method for standardising DNs when mapping object DNs and and memberDNs (value = false); or if we can use a more efficient but relaxed form of standardisation (value = true).
boolean	isRolesDisabled() Returns true if roles should be disabled, as in some caching setups.
protected boolean	isUsingConnectionPooling()
boolean	isUsingUserMembershipAttribute()
boolean	isUsingUserMembershipAttributeForGroupMembership()
void	setAttributes(Map<String,String> attributes)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CONNECTION_INITIAL_CONTEXT_FACTORY

public static final String CONNECTION_INITIAL_CONTEXT_FACTORY

LDAP initial context factory.

See Also:

Constant Field Values

CONNECTION_SECURITY_AUTHENTICATION

public static final String CONNECTION_SECURITY_AUTHENTICATION

LDAP connection method.

See Also:

Constant Field Values

CONNECTION_SSL_SECURITY_PROTOCOL

public static final String CONNECTION_SSL_SECURITY_PROTOCOL

LDAP secure connection method.

See Also:

Constant Field Values

CONNECTION_FACTORY

public static final String CONNECTION_FACTORY

LDAP connection factory.

See Also:

Constant Field Values

CONNECTION_FACTORY_SSL_IMPL

public static final String CONNECTION_FACTORY_SSL_IMPL

LDAP secure connection factory.

CONNECTION_BINARY_ATTRIBUTES

public static final String CONNECTION_BINARY_ATTRIBUTES

LDAP binary attributes.

See Also:

Constant Field Values

Constructor Detail

LDAPPropertiesMapperImpl

public LDAPPropertiesMapperImpl(LDAPPropertiesHelper ldapPropertiesHelper)

Method Detail

getImplementations

public Map<String,String> getImplementations()

Returns a map of the LDAP names as the keys and the implementation class as Strings.

Specified by:

getImplementations in interface LDAPPropertiesMapper

Returns:

The implementations.

getConfigurationDetails

public Map<String,Properties> getConfigurationDetails()

Returns a map of the LDAP names as the keys and the properties associated with that LDAP connector.

Specified by:

getConfigurationDetails in interface LDAPPropertiesMapper

Returns:

The configuration details.

getEnvironment

public Map<String,Object> getEnvironment()

Specified by:

getEnvironment in interface LDAPPropertiesMapper

isLdaps

protected boolean isLdaps()

If the connection must be secure.

Returns:

true if and only if the connection must be secure, otherwise false.

isUsingConnectionPooling

protected boolean isUsingConnectionPooling()

getBooleanKey

protected boolean getBooleanKey(String key)

getBooleanKey

protected boolean getBooleanKey(String key,
                                boolean defaultValue)

getPoolInitSize

protected String getPoolInitSize()

getPoolPrefSize

protected String getPoolPrefSize()

getPoolMaxSize

protected String getPoolMaxSize()

getPoolTimeout

protected String getPoolTimeout()

getConnectionTimeout

protected String getConnectionTimeout()

getReadTimeout

protected String getReadTimeout()

getSearchTimeLimit

public int getSearchTimeLimit()

Specified by:

getSearchTimeLimit in interface LDAPPropertiesMapper

getAttributes

public Map<String,String> getAttributes()

Specified by:

getAttributes in interface LDAPPropertiesMapper

setAttributes

public void setAttributes(Map<String,String> attributes)

Specified by:

setAttributes in interface LDAPPropertiesMapper

getAttribute

public String getAttribute(String key)

Specified by:

getAttribute in interface LDAPPropertiesMapper

getSecureMode

public LdapSecureMode getSecureMode()

Specified by:

getSecureMode in interface LDAPPropertiesMapper

getBaseDN

public String getBaseDN()
                 throws InvalidNameException

Throws:

InvalidNameException

getGroupBaseDN

public String getGroupBaseDN()
                      throws InvalidNameException

Throws:

InvalidNameException

getGroupFilter

public String getGroupFilter()

Specified by:

getGroupFilter in interface LDAPPropertiesMapper

getConnectionURL

public String getConnectionURL()

Specified by:

getConnectionURL in interface LDAPPropertiesMapper

getUsername

public String getUsername()

Specified by:

getUsername in interface LDAPPropertiesMapper

getPassword

public String getPassword()

Specified by:

getPassword in interface LDAPPropertiesMapper

getGroupNameAttribute

public String getGroupNameAttribute()

Specified by:

getGroupNameAttribute in interface LDAPPropertiesMapper

getObjectClassAttribute

public String getObjectClassAttribute()

Specified by:

getObjectClassAttribute in interface LDAPPropertiesMapper

getRoleFilter

public String getRoleFilter()

Specified by:

getRoleFilter in interface LDAPPropertiesMapper

getRoleBaseDN

public String getRoleBaseDN()
                     throws InvalidNameException

Throws:

InvalidNameException

getRoleNameAttribute

public String getRoleNameAttribute()

Specified by:

getRoleNameAttribute in interface LDAPPropertiesMapper

getUserFilter

public String getUserFilter()

Specified by:

getUserFilter in interface LDAPPropertiesMapper

Returns:

the configured user filter for the directory, which may include an additional filter for expired users if: - the directory is AD - filter expired users is configured For retrieving the configured user filter without the expired users filter, please use the LDAPPropertiesMapper.LDAP_FILTER_EXPIRED_USERS directory attribute

getPrincipalBaseDN

public String getPrincipalBaseDN()

getUserNameAttribute

public String getUserNameAttribute()

Specified by:

getUserNameAttribute in interface LDAPPropertiesMapper

getUserNameRdnAttribute

public String getUserNameRdnAttribute()

Specified by:

getUserNameRdnAttribute in interface LDAPPropertiesMapper

getUserEmailAttribute

public String getUserEmailAttribute()

Specified by:

getUserEmailAttribute in interface LDAPPropertiesMapper

getUserGroupMembershipsAttribute

public String getUserGroupMembershipsAttribute()

Specified by:

getUserGroupMembershipsAttribute in interface LDAPPropertiesMapper

Returns:

attribute for the LDAP principal memberships. This is a multivalued attribute on the user that enumerates all the groups the user belongs to. Typical values are "memberOf" and "uniqueMemberOf". Not all directories use this attribute.

See Also:

LDAPPropertiesMapper.getGroupMemberAttribute()

getGroupObjectClass

public String getGroupObjectClass()

Specified by:

getGroupObjectClass in interface LDAPPropertiesMapper

getGroupDescriptionAttribute

public String getGroupDescriptionAttribute()

Specified by:

getGroupDescriptionAttribute in interface LDAPPropertiesMapper

getGroupMemberAttribute

public String getGroupMemberAttribute()

Specified by:

getGroupMemberAttribute in interface LDAPPropertiesMapper

Returns:

attribute for the LDAP group membership. This is a multivalued attribute on the group that defines the members of the group. Typically this is "member" or "uniqueMember". In spite of the name of the method, this attribute is also used for group-to-group membership (nested groups).

See Also:

LDAPPropertiesMapper.getUserGroupMembershipsAttribute()

getRoleObjectClass

public String getRoleObjectClass()

Specified by:

getRoleObjectClass in interface LDAPPropertiesMapper

getRoleDescriptionAttribute

public String getRoleDescriptionAttribute()

Specified by:

getRoleDescriptionAttribute in interface LDAPPropertiesMapper

getRoleMemberAttribute

public String getRoleMemberAttribute()

Specified by:

getRoleMemberAttribute in interface LDAPPropertiesMapper

getUserObjectClass

public String getUserObjectClass()

Specified by:

getUserObjectClass in interface LDAPPropertiesMapper

getUserFirstNameAttribute

public String getUserFirstNameAttribute()

Specified by:

getUserFirstNameAttribute in interface LDAPPropertiesMapper

getUserLastNameAttribute

public String getUserLastNameAttribute()

Specified by:

getUserLastNameAttribute in interface LDAPPropertiesMapper

getUserDisplayNameAttribute

public String getUserDisplayNameAttribute()

Specified by:

getUserDisplayNameAttribute in interface LDAPPropertiesMapper

getUserPasswordAttribute

public String getUserPasswordAttribute()

Specified by:

getUserPasswordAttribute in interface LDAPPropertiesMapper

getUserEncryptionMethod

public String getUserEncryptionMethod()

Specified by:

getUserEncryptionMethod in interface LDAPPropertiesMapper

isPagedResultsControl

public boolean isPagedResultsControl()

Checks if the configuration of the LDAP directory server uses paged results.

Specified by:

isPagedResultsControl in interface LDAPPropertiesMapper

Returns:

true if and only if paged results is enabled for the LDAP server, otherwise false.

getPagedResultsSize

public int getPagedResultsSize()

Specified by:

getPagedResultsSize in interface LDAPPropertiesMapper

isNestedGroupsDisabled

public boolean isNestedGroupsDisabled()

Specified by:

isNestedGroupsDisabled in interface LDAPPropertiesMapper

isFilteringExpiredUsers

public boolean isFilteringExpiredUsers()

Description copied from interface: LDAPPropertiesMapper

Specify whether expired users should be filtered out.

If true, any expired user will be locally removed, as if it had been removed in the remote directory.

Specified by:

isFilteringExpiredUsers in interface LDAPPropertiesMapper

isUsingUserMembershipAttribute

public boolean isUsingUserMembershipAttribute()

Specified by:

isUsingUserMembershipAttribute in interface LDAPPropertiesMapper

Returns:

true if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of users that are members of a group, or false if the group member attribute ("member" or equivalent) should be used instead. Note that this only affects queries that fetch the list of users that are members of a group, but not the queries to fetch the list of groups of a user.

See Also:

LDAPPropertiesMapper.isUsingUserMembershipAttributeForGroupMembership(), LDAPPropertiesMapper.getUserGroupMembershipsAttribute()

isUsingUserMembershipAttributeForGroupMembership

public boolean isUsingUserMembershipAttributeForGroupMembership()

Specified by:

isUsingUserMembershipAttributeForGroupMembership in interface LDAPPropertiesMapper

Returns:

true if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of groups a user belongs to, or false if the group member attribute ("member" or equivalent) should be used instead. This option is not available to all directory types. Note that this only affects queries that fetch the list of groups of a user, but not the queries to fetch the list of users that are members of a group.

See Also:

LDAPPropertiesMapper.isUsingUserMembershipAttribute(), LDAPPropertiesMapper.getUserGroupMembershipsAttribute()

isReferral

public boolean isReferral()

Description copied from interface: LDAPPropertiesMapper

Returns true if referrals should be followed.

Specified by:

isReferral in interface LDAPPropertiesMapper

Returns:

true if referrals should be followed

isRelaxedDnStandardisation

public boolean isRelaxedDnStandardisation()

Description copied from interface: LDAPPropertiesMapper

Whether we should use the more expensive but completely cross-directory compatible method for standardising DNs when mapping object DNs and and memberDNs (value = false); or if we can use a more efficient but relaxed form of standardisation (value = true). See DNStandardiser for more information.

Specified by:

isRelaxedDnStandardisation in interface LDAPPropertiesMapper

Returns:

false if proper standardisation is required.

isRolesDisabled

public boolean isRolesDisabled()

Description copied from interface: LDAPPropertiesMapper

Returns true if roles should be disabled, as in some caching setups. The grammatical atrocity that is the name of this method pains me more than you can imagine.

Specified by:

isRolesDisabled in interface LDAPPropertiesMapper

isLocalGroupsEnabled

public boolean isLocalGroupsEnabled()

Description copied from interface: LDAPPropertiesMapper

Returns true if groups and group memberships are to be mutated only (created, updated, deleted) in local storage, otherwise the mutations will be propagated to the underlying LDAP implementation (full read-write LDAP groups).

Specified by:

isLocalGroupsEnabled in interface LDAPPropertiesMapper

Returns:

true if using local storage for groups and memberships

isLocalUserStatusEnabled

public boolean isLocalUserStatusEnabled()

Description copied from interface: LDAPPropertiesMapper

Returns true if user status are updated independently in the Crowd cache and the remote directory. Otherwise, user status is synchronised between the cache and the remote directory.

Specified by:

isLocalUserStatusEnabled in interface LDAPPropertiesMapper

Returns:

true if user status in the cache is updated independently of the remote directory.

getExternalIdAttribute

public String getExternalIdAttribute()

Description copied from interface: LDAPPropertiesMapper

Get the LDAP unique ID attribute.

Specified by:

getExternalIdAttribute in interface LDAPPropertiesMapper

getGroupExternalIdAttribute

public String getGroupExternalIdAttribute()

Specified by:

getGroupExternalIdAttribute in interface LDAPPropertiesMapper

isPrimaryGroupSupported

public boolean isPrimaryGroupSupported()

Specified by:

isPrimaryGroupSupported in interface LDAPPropertiesMapper

Returns:

true if the support for primary groups is enabled for this directory.

getCacheSynchroniseInterval

public int getCacheSynchroniseInterval()

Description copied from interface: LDAPPropertiesMapper

Returns the interval in seconds when the local Cache should be synchronized with LDAP.

Specified by:

getCacheSynchroniseInterval in interface LDAPPropertiesMapper

Returns:

the interval in seconds when the local Cache should be synchronized with LDAP.

getLdapTypeConfigurations

public List<LdapTypeConfig> getLdapTypeConfigurations()

Description copied from interface: LDAPPropertiesMapper

Get a list of Ldap Type Configuration objects.

Specified by:

getLdapTypeConfigurations in interface LDAPPropertiesMapper

Returns:

List of LdapTypeConfigurations