Interface LDAPPropertiesMapper
- All Known Implementing Classes:
LDAPPropertiesMapperImpl
public interface LDAPPropertiesMapper
Allows LDAP directory connectors to obtain LDAP settings, such as directory-specific names for RDNs.
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Attribute key for the LDAP group description attribute.static final String
Attribute key for the LDAP group base dn.static final String
Attribute key for the LDAP group name attribute.static final String
Attribute key for the LDAP group object class.static final String
Attribute key for the LDAP group object class.static final String
Attribute key for the LDAP group membership attribute.static final String
Attribute key for the LDAP base DN.static final String
Attribute key for the unique ID attribute in LDAP.static final String
Key to determine if the expired users should be filtered out.static final String
Attribute key for the unique group ID attribute in LDAP.static final String
Key to fine whether or not we support nested groups for a given LDAP Directorystatic final String
Attribute key for the LDAP paged results attribute.static final String
Attribute key for the LDAP paged results size attribute.static final String
Attribute key for the LDAP password.static final String
Attribute key for LDAP connection pool configuration.static final String
Initial size of the JNDI LDAP connection pool, e.g.static final String
Maximum size of JNDI LDAP connection pool.static final String
Preferred size of JNDI LDAP connection pool.static final String
Idle time stored in milliseconds for a connection before it is removed from the JNDI LDAP connection pool.static final String
Attribute key for the used LDAP connection pool type.static final String
Attribute key for connection pooling.static final String
Attribute key for the propagation of changes.static final String
Attribute key for the referral option.static final String
Key to decide whether we need full DN standardisation or can get away with faster, relaxed standardisation.static final String
Time limit on searches stored in milliseconds.static final String
Attribute key for the SSL required flag.static final String
Attribute key for the LDAP url.static final String
LDAP password encrypion algorithm, used for updating a Principal's password with the correct encryption algorithmstatic final String
Attribute key for the LDAP user DN.static final String
Key to decide if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of users that are members of a group.static final String
Key to decide if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of groups a user belongs to.static final String
Key to determine if using local storage for groups/group memberships.static final String
Key to determine if primary groups are supported.static final String
Attribute key for the LDAP role description attribute.static final String
Attribute key for the LDAP role base dn.static final String
Attribute key for the LDAP role name attribute.static final String
Attribute key for the LDAP role object class.static final String
Attribute key for the LDAP role object class.static final String
Attribute key for the LDAP role membership attribute.static final String
If set, roles are disabled.static final String
Attribute key for the LDAP principal displayName (full name) attribute.static final String
Attribute key for the LDAP principal base dn.static final String
Attribute key for the LDAP principal email attribute.static final String
Attribute key for the LDAP principal lastname attribute.static final String
Attribute key for the LDAP principal memberships attribute.static final String
Attribute key for the LDAP principal firstname attribute.static final String
Attribute key for the LDAP principal object class.static final String
Attribute key for the LDAP role object class.static final String
Attribute key for the LDAP principal password attribute.static final String
Attribute key for the LDAP principal name attribute.static final String
The name to be used when building a DN for the user. -
Method Summary
Modifier and TypeMethodDescriptiongetAttribute
(String key) int
Returns the interval in seconds when the local Cache should be synchronized with LDAP.Get the LDAP unique ID attribute.Get a list of Ldap Type Configuration objects.int
Deprecated.Deprecated.Deprecated.Deprecated.Deprecated.int
boolean
Specify whether expired users should be filtered out.boolean
Returnstrue
if groups and group memberships are to be mutated only (created, updated, deleted) in local storage, otherwise the mutations will be propagated to the underlying LDAP implementation (full read-write LDAP groups).boolean
Returnstrue
if user status are updated independently in the Crowd cache and the remote directory.boolean
boolean
boolean
boolean
Returns true if referrals should be followed.boolean
Whether we should use the more expensive but completely cross-directory compatible method for standardising DNs when mapping object DNs and and memberDNs (value =false
); or if we can use a more efficient but relaxed form of standardisation (value =true
).boolean
Returns true if roles should be disabled, as in some caching setups.boolean
boolean
void
setAttributes
(Map<String, String> attributes)
-
Field Details
-
LDAP_URL_KEY
Attribute key for the LDAP url.- See Also:
-
LDAP_SECURE_KEY
Attribute key for the SSL required flag.- See Also:
-
LDAP_REFERRAL_KEY
Attribute key for the referral option.- See Also:
-
LDAP_POOLING_KEY
Attribute key for connection pooling.- See Also:
-
LDAP_BASEDN_KEY
Attribute key for the LDAP base DN.- See Also:
-
LDAP_USERDN_KEY
Attribute key for the LDAP user DN.- See Also:
-
LDAP_PASSWORD_KEY
Attribute key for the LDAP password.- See Also:
-
LDAP_PROPOGATE_CHANGES
Attribute key for the propagation of changes.- See Also:
-
GROUP_DN_ADDITION
Attribute key for the LDAP group base dn.- See Also:
-
GROUP_DESCRIPTION_KEY
Attribute key for the LDAP group description attribute.- See Also:
-
GROUP_NAME_KEY
Attribute key for the LDAP group name attribute.- See Also:
-
GROUP_OBJECTCLASS_KEY
Attribute key for the LDAP group object class.- See Also:
-
GROUP_OBJECTFILTER_KEY
Attribute key for the LDAP group object class.- See Also:
-
GROUP_USERNAMES_KEY
Attribute key for the LDAP group membership attribute. This is a multivalued attribute on the group that extensionally defines the group membership. Typically this is "member" or "uniqueMember". In spite of the name of the constant, this attribute is also used for group-to-group membership (nested groups). Compare toUSER_GROUP_KEY
.- See Also:
-
ROLE_DN_ADDITION
Attribute key for the LDAP role base dn.- See Also:
-
ROLE_DESCRIPTION_KEY
Attribute key for the LDAP role description attribute.- See Also:
-
ROLE_NAME_KEY
Attribute key for the LDAP role name attribute.- See Also:
-
ROLE_OBJECTCLASS_KEY
Attribute key for the LDAP role object class.- See Also:
-
ROLE_OBJECTFILTER_KEY
Attribute key for the LDAP role object class.- See Also:
-
ROLE_USERNAMES_KEY
Attribute key for the LDAP role membership attribute.- See Also:
-
USER_DN_ADDITION
Attribute key for the LDAP principal base dn.- See Also:
-
USER_EMAIL_KEY
Attribute key for the LDAP principal email attribute.- See Also:
-
USER_FIRSTNAME_KEY
Attribute key for the LDAP principal lastname attribute.- See Also:
-
USER_GROUP_KEY
Attribute key for the LDAP principal memberships attribute. This is a multivalued attribute on the user that enumerates all the groups the user belongs to. Typical values are "memberOf" and "uniqueMemberOf". Not all directories use this attribute. Compare toGROUP_USERNAMES_KEY
.- See Also:
-
USER_LASTNAME_KEY
Attribute key for the LDAP principal firstname attribute.- See Also:
-
USER_DISPLAYNAME_KEY
Attribute key for the LDAP principal displayName (full name) attribute.- See Also:
-
USER_OBJECTCLASS_KEY
Attribute key for the LDAP principal object class.- See Also:
-
USER_OBJECTFILTER_KEY
Attribute key for the LDAP role object class.- See Also:
-
USER_USERNAME_KEY
Attribute key for the LDAP principal name attribute.- See Also:
-
USER_USERNAME_RDN_KEY
The name to be used when building a DN for the user. In most cases this will be the same asUSER_USERNAME_KEY
but for Active Directory it's different. RDN = Relative Distinguished Name, or the part of the DN containing the username.- See Also:
-
USER_PASSWORD_KEY
Attribute key for the LDAP principal password attribute.- See Also:
-
LDAP_PAGEDRESULTS_KEY
Attribute key for the LDAP paged results attribute.- See Also:
-
LDAP_NESTED_GROUPS_DISABLED
Key to fine whether or not we support nested groups for a given LDAP Directory- See Also:
-
LDAP_FILTER_EXPIRED_USERS
Key to determine if the expired users should be filtered out. -
LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE
Key to decide if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of users that are members of a group. Compare toLDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP
. -
LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP
Key to decide if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of groups a user belongs to. Compare toLDAP_USING_USER_MEMBERSHIP_ATTRIBUTE
. -
LDAP_USER_ENCRYPTION_METHOD
LDAP password encrypion algorithm, used for updating a Principal's password with the correct encryption algorithm- See Also:
-
LDAP_PAGEDRESULTS_SIZE
Attribute key for the LDAP paged results size attribute.- See Also:
-
LDAP_RELAXED_DN_STANDARDISATION
Key to decide whether we need full DN standardisation or can get away with faster, relaxed standardisation.- See Also:
-
ROLES_DISABLED
If set, roles are disabled. Needed for some event-based caching configurations.- See Also:
-
LOCAL_GROUPS
Key to determine if using local storage for groups/group memberships.- See Also:
-
PRIMARY_GROUP_SUPPORT
Key to determine if primary groups are supported.- See Also:
-
LDAP_POOL_INITSIZE
Initial size of the JNDI LDAP connection pool, e.g. number of connections to open at start-up. Default: "1"- See Also:
-
LDAP_POOL_PREFSIZE
Preferred size of JNDI LDAP connection pool. Default: "0"- See Also:
-
LDAP_POOL_MAXSIZE
Maximum size of JNDI LDAP connection pool. Zero means no maximum size. Default: "0"- See Also:
-
LDAP_POOL_TIMEOUT
Idle time stored in milliseconds for a connection before it is removed from the JNDI LDAP connection pool. Default:- See Also:
-
LDAP_SEARCH_TIMELIMIT
Time limit on searches stored in milliseconds. Zero means no limit. Default : 60 seconds (60000ms)- See Also:
-
LDAP_EXTERNAL_ID
Attribute key for the unique ID attribute in LDAP.- See Also:
-
LDAP_GROUP_EXTERNAL_ID
Attribute key for the unique group ID attribute in LDAP.- See Also:
-
LDAP_POOL_CONFIG
Attribute key for LDAP connection pool configuration.- See Also:
-
LDAP_POOL_TYPE
Attribute key for the used LDAP connection pool type.- See Also:
-
-
Method Details
-
getImplementations
-
getConfigurationDetails
Map<String,Properties> getConfigurationDetails() -
getEnvironment
-
getAttributes
-
setAttributes
-
getAttribute
-
getGroupFilter
String getGroupFilter() -
getConnectionURL
String getConnectionURL() -
getUsername
String getUsername() -
getPassword
String getPassword() -
getGroupNameAttribute
String getGroupNameAttribute() -
getObjectClassAttribute
String getObjectClassAttribute() -
getRoleFilter
Deprecated. -
getRoleNameAttribute
Deprecated. -
getUserFilter
String getUserFilter()- Returns:
- the configured user filter for the directory, which may include an additional filter for expired users if:
- the directory is AD
- filter expired users is configured
For retrieving the configured user filter without the expired users filter, please use the
LDAP_FILTER_EXPIRED_USERS
directory attribute
-
getUserNameAttribute
String getUserNameAttribute() -
getUserNameRdnAttribute
String getUserNameRdnAttribute() -
getUserEmailAttribute
String getUserEmailAttribute() -
getUserGroupMembershipsAttribute
String getUserGroupMembershipsAttribute()- Returns:
- attribute for the LDAP principal memberships. This is a multivalued attribute on the user that enumerates all the groups the user belongs to. Typical values are "memberOf" and "uniqueMemberOf". Not all directories use this attribute.
- See Also:
-
getGroupObjectClass
String getGroupObjectClass() -
getGroupDescriptionAttribute
String getGroupDescriptionAttribute() -
getGroupMemberAttribute
String getGroupMemberAttribute()- Returns:
- attribute for the LDAP group membership. This is a multivalued attribute on the group that defines the members of the group. Typically this is "member" or "uniqueMember". In spite of the name of the method, this attribute is also used for group-to-group membership (nested groups).
- See Also:
-
getRoleObjectClass
Deprecated. -
getRoleDescriptionAttribute
Deprecated. -
getRoleMemberAttribute
Deprecated. -
getUserObjectClass
String getUserObjectClass() -
getUserFirstNameAttribute
String getUserFirstNameAttribute() -
getUserLastNameAttribute
String getUserLastNameAttribute() -
getUserDisplayNameAttribute
String getUserDisplayNameAttribute() -
getUserPasswordAttribute
String getUserPasswordAttribute() -
getUserEncryptionMethod
String getUserEncryptionMethod() -
isPagedResultsControl
boolean isPagedResultsControl() -
getPagedResultsSize
int getPagedResultsSize() -
getSearchTimeLimit
int getSearchTimeLimit() -
isNestedGroupsDisabled
boolean isNestedGroupsDisabled() -
isFilteringExpiredUsers
boolean isFilteringExpiredUsers()Specify whether expired users should be filtered out.If
true
, any expired user will be locally removed, as if it had been removed in the remote directory. -
isUsingUserMembershipAttribute
boolean isUsingUserMembershipAttribute()- Returns:
true
if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of users that are members of a group, orfalse
if the group member attribute ("member" or equivalent) should be used instead. Note that this only affects queries that fetch the list of users that are members of a group, but not the queries to fetch the list of groups of a user.- See Also:
-
isUsingUserMembershipAttributeForGroupMembership
boolean isUsingUserMembershipAttributeForGroupMembership()- Returns:
true
if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of groups a user belongs to, orfalse
if the group member attribute ("member" or equivalent) should be used instead. This option is not available to all directory types. Note that this only affects queries that fetch the list of groups of a user, but not the queries to fetch the list of users that are members of a group.- See Also:
-
isReferral
boolean isReferral()Returns true if referrals should be followed.- Returns:
- true if referrals should be followed
-
isRelaxedDnStandardisation
boolean isRelaxedDnStandardisation()Whether we should use the more expensive but completely cross-directory compatible method for standardising DNs when mapping object DNs and and memberDNs (value =false
); or if we can use a more efficient but relaxed form of standardisation (value =true
).See
DNStandardiser
for more information.- Returns:
false
if proper standardisation is required.
-
isRolesDisabled
boolean isRolesDisabled()Returns true if roles should be disabled, as in some caching setups. The grammatical atrocity that is the name of this method pains me more than you can imagine. -
isLocalUserStatusEnabled
boolean isLocalUserStatusEnabled()Returnstrue
if user status are updated independently in the Crowd cache and the remote directory. Otherwise, user status is synchronised between the cache and the remote directory.- Returns:
true
if user status in the cache is updated independently of the remote directory.
-
isLocalGroupsEnabled
boolean isLocalGroupsEnabled()Returnstrue
if groups and group memberships are to be mutated only (created, updated, deleted) in local storage, otherwise the mutations will be propagated to the underlying LDAP implementation (full read-write LDAP groups).- Returns:
true
if using local storage for groups and memberships
-
isPrimaryGroupSupported
boolean isPrimaryGroupSupported()- Returns:
true
if the support for primary groups is enabled for this directory.
-
getCacheSynchroniseInterval
int getCacheSynchroniseInterval()Returns the interval in seconds when the local Cache should be synchronized with LDAP.- Returns:
- the interval in seconds when the local Cache should be synchronized with LDAP.
-
getLdapTypeConfigurations
List<LdapTypeConfig> getLdapTypeConfigurations()Get a list of Ldap Type Configuration objects.- Returns:
- List of LdapTypeConfigurations
-
getExternalIdAttribute
String getExternalIdAttribute()Get the LDAP unique ID attribute. -
getGroupExternalIdAttribute
String getGroupExternalIdAttribute() -
getSecureMode
LdapSecureMode getSecureMode() -
getLdapPoolConfig
String getLdapPoolConfig() -
getLdapPoolType
LdapPoolType getLdapPoolType()
-