Interface LDAPPropertiesMapper

All Known Implementing Classes:
LDAPPropertiesMapperImpl

public interface LDAPPropertiesMapper
Allows LDAP directory connectors to obtain LDAP settings, such as directory-specific names for RDNs.
  • Field Details

    • LDAP_URL_KEY

      static final String LDAP_URL_KEY
      Attribute key for the LDAP url.
      See Also:
    • LDAP_SECURE_KEY

      static final String LDAP_SECURE_KEY
      Attribute key for the SSL required flag.
      See Also:
    • LDAP_REFERRAL_KEY

      static final String LDAP_REFERRAL_KEY
      Attribute key for the referral option.
      See Also:
    • LDAP_POOLING_KEY

      static final String LDAP_POOLING_KEY
      Attribute key for connection pooling.
      See Also:
    • LDAP_BASEDN_KEY

      static final String LDAP_BASEDN_KEY
      Attribute key for the LDAP base DN.
      See Also:
    • LDAP_USERDN_KEY

      static final String LDAP_USERDN_KEY
      Attribute key for the LDAP user DN.
      See Also:
    • LDAP_PASSWORD_KEY

      static final String LDAP_PASSWORD_KEY
      Attribute key for the LDAP password.
      See Also:
    • LDAP_PROPOGATE_CHANGES

      static final String LDAP_PROPOGATE_CHANGES
      Attribute key for the propagation of changes.
      See Also:
    • GROUP_DN_ADDITION

      static final String GROUP_DN_ADDITION
      Attribute key for the LDAP group base dn.
      See Also:
    • GROUP_DESCRIPTION_KEY

      static final String GROUP_DESCRIPTION_KEY
      Attribute key for the LDAP group description attribute.
      See Also:
    • GROUP_NAME_KEY

      static final String GROUP_NAME_KEY
      Attribute key for the LDAP group name attribute.
      See Also:
    • GROUP_OBJECTCLASS_KEY

      static final String GROUP_OBJECTCLASS_KEY
      Attribute key for the LDAP group object class.
      See Also:
    • GROUP_OBJECTFILTER_KEY

      static final String GROUP_OBJECTFILTER_KEY
      Attribute key for the LDAP group object class.
      See Also:
    • GROUP_USERNAMES_KEY

      static final String GROUP_USERNAMES_KEY
      Attribute key for the LDAP group membership attribute. This is a multivalued attribute on the group that extensionally defines the group membership. Typically this is "member" or "uniqueMember". In spite of the name of the constant, this attribute is also used for group-to-group membership (nested groups). Compare to USER_GROUP_KEY.
      See Also:
    • ROLE_DN_ADDITION

      static final String ROLE_DN_ADDITION
      Attribute key for the LDAP role base dn.
      See Also:
    • ROLE_DESCRIPTION_KEY

      static final String ROLE_DESCRIPTION_KEY
      Attribute key for the LDAP role description attribute.
      See Also:
    • ROLE_NAME_KEY

      static final String ROLE_NAME_KEY
      Attribute key for the LDAP role name attribute.
      See Also:
    • ROLE_OBJECTCLASS_KEY

      static final String ROLE_OBJECTCLASS_KEY
      Attribute key for the LDAP role object class.
      See Also:
    • ROLE_OBJECTFILTER_KEY

      static final String ROLE_OBJECTFILTER_KEY
      Attribute key for the LDAP role object class.
      See Also:
    • ROLE_USERNAMES_KEY

      static final String ROLE_USERNAMES_KEY
      Attribute key for the LDAP role membership attribute.
      See Also:
    • USER_DN_ADDITION

      static final String USER_DN_ADDITION
      Attribute key for the LDAP principal base dn.
      See Also:
    • USER_EMAIL_KEY

      static final String USER_EMAIL_KEY
      Attribute key for the LDAP principal email attribute.
      See Also:
    • USER_FIRSTNAME_KEY

      static final String USER_FIRSTNAME_KEY
      Attribute key for the LDAP principal lastname attribute.
      See Also:
    • USER_GROUP_KEY

      static final String USER_GROUP_KEY
      Attribute key for the LDAP principal memberships attribute. This is a multivalued attribute on the user that enumerates all the groups the user belongs to. Typical values are "memberOf" and "uniqueMemberOf". Not all directories use this attribute. Compare to GROUP_USERNAMES_KEY.
      See Also:
    • USER_LASTNAME_KEY

      static final String USER_LASTNAME_KEY
      Attribute key for the LDAP principal firstname attribute.
      See Also:
    • USER_DISPLAYNAME_KEY

      static final String USER_DISPLAYNAME_KEY
      Attribute key for the LDAP principal displayName (full name) attribute.
      See Also:
    • USER_OBJECTCLASS_KEY

      static final String USER_OBJECTCLASS_KEY
      Attribute key for the LDAP principal object class.
      See Also:
    • USER_OBJECTFILTER_KEY

      static final String USER_OBJECTFILTER_KEY
      Attribute key for the LDAP role object class.
      See Also:
    • USER_USERNAME_KEY

      static final String USER_USERNAME_KEY
      Attribute key for the LDAP principal name attribute.
      See Also:
    • USER_USERNAME_RDN_KEY

      static final String USER_USERNAME_RDN_KEY
      The name to be used when building a DN for the user. In most cases this will be the same as USER_USERNAME_KEY but for Active Directory it's different. RDN = Relative Distinguished Name, or the part of the DN containing the username.
      See Also:
    • USER_PASSWORD_KEY

      static final String USER_PASSWORD_KEY
      Attribute key for the LDAP principal password attribute.
      See Also:
    • LDAP_PAGEDRESULTS_KEY

      static final String LDAP_PAGEDRESULTS_KEY
      Attribute key for the LDAP paged results attribute.
      See Also:
    • LDAP_NESTED_GROUPS_DISABLED

      static final String LDAP_NESTED_GROUPS_DISABLED
      Key to fine whether or not we support nested groups for a given LDAP Directory
      See Also:
    • LDAP_FILTER_EXPIRED_USERS

      static final String LDAP_FILTER_EXPIRED_USERS
      Key to determine if the expired users should be filtered out.
      See Also:
    • LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE

      static final String LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE
      Key to decide if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of users that are members of a group. Compare to LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP.
      See Also:
    • LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP

      static final String LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE_FOR_GROUP_MEMBERSHIP
      Key to decide if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of groups a user belongs to. Compare to LDAP_USING_USER_MEMBERSHIP_ATTRIBUTE.
      See Also:
    • LDAP_USER_ENCRYPTION_METHOD

      static final String LDAP_USER_ENCRYPTION_METHOD
      LDAP password encrypion algorithm, used for updating a Principal's password with the correct encryption algorithm
      See Also:
    • LDAP_PAGEDRESULTS_SIZE

      static final String LDAP_PAGEDRESULTS_SIZE
      Attribute key for the LDAP paged results size attribute.
      See Also:
    • LDAP_RELAXED_DN_STANDARDISATION

      static final String LDAP_RELAXED_DN_STANDARDISATION
      Key to decide whether we need full DN standardisation or can get away with faster, relaxed standardisation.
      See Also:
    • ROLES_DISABLED

      static final String ROLES_DISABLED
      If set, roles are disabled. Needed for some event-based caching configurations.
      See Also:
    • LOCAL_GROUPS

      static final String LOCAL_GROUPS
      Key to determine if using local storage for groups/group memberships.
      See Also:
    • PRIMARY_GROUP_SUPPORT

      static final String PRIMARY_GROUP_SUPPORT
      Key to determine if primary groups are supported.
      See Also:
    • LDAP_POOL_INITSIZE

      static final String LDAP_POOL_INITSIZE
      Initial size of the JNDI LDAP connection pool, e.g. number of connections to open at start-up. Default: "1"
      See Also:
    • LDAP_POOL_PREFSIZE

      static final String LDAP_POOL_PREFSIZE
      Preferred size of JNDI LDAP connection pool. Default: "0"
      See Also:
    • LDAP_POOL_MAXSIZE

      static final String LDAP_POOL_MAXSIZE
      Maximum size of JNDI LDAP connection pool. Zero means no maximum size. Default: "0"
      See Also:
    • LDAP_POOL_TIMEOUT

      static final String LDAP_POOL_TIMEOUT
      Idle time stored in milliseconds for a connection before it is removed from the JNDI LDAP connection pool. Default:
      See Also:
    • LDAP_SEARCH_TIMELIMIT

      static final String LDAP_SEARCH_TIMELIMIT
      Time limit on searches stored in milliseconds. Zero means no limit. Default : 60 seconds (60000ms)
      See Also:
    • LDAP_EXTERNAL_ID

      static final String LDAP_EXTERNAL_ID
      Attribute key for the unique ID attribute in LDAP.
      See Also:
    • LDAP_GROUP_EXTERNAL_ID

      static final String LDAP_GROUP_EXTERNAL_ID
      Attribute key for the unique group ID attribute in LDAP.
      See Also:
    • LDAP_POOL_CONFIG

      static final String LDAP_POOL_CONFIG
      Attribute key for LDAP connection pool configuration.
      See Also:
    • LDAP_POOL_TYPE

      static final String LDAP_POOL_TYPE
      Attribute key for the used LDAP connection pool type.
      See Also:
  • Method Details

    • getImplementations

      Map<String,String> getImplementations()
    • getConfigurationDetails

      Map<String,Properties> getConfigurationDetails()
    • getEnvironment

      Map<String,Object> getEnvironment()
    • getAttributes

      Map<String,String> getAttributes()
    • setAttributes

      void setAttributes(Map<String,String> attributes)
    • getAttribute

      String getAttribute(String key)
    • getGroupFilter

      String getGroupFilter()
    • getConnectionURL

      String getConnectionURL()
    • getUsername

      String getUsername()
    • getPassword

      String getPassword()
    • getGroupNameAttribute

      String getGroupNameAttribute()
    • getObjectClassAttribute

      String getObjectClassAttribute()
    • getRoleFilter

      @Deprecated String getRoleFilter()
      Deprecated.
    • getRoleNameAttribute

      @Deprecated String getRoleNameAttribute()
      Deprecated.
    • getUserFilter

      String getUserFilter()
      Returns:
      the configured user filter for the directory, which may include an additional filter for expired users if: - the directory is AD - filter expired users is configured For retrieving the configured user filter without the expired users filter, please use the LDAP_FILTER_EXPIRED_USERS directory attribute
    • getUserNameAttribute

      String getUserNameAttribute()
    • getUserNameRdnAttribute

      String getUserNameRdnAttribute()
    • getUserEmailAttribute

      String getUserEmailAttribute()
    • getUserGroupMembershipsAttribute

      String getUserGroupMembershipsAttribute()
      Returns:
      attribute for the LDAP principal memberships. This is a multivalued attribute on the user that enumerates all the groups the user belongs to. Typical values are "memberOf" and "uniqueMemberOf". Not all directories use this attribute.
      See Also:
    • getGroupObjectClass

      String getGroupObjectClass()
    • getGroupDescriptionAttribute

      String getGroupDescriptionAttribute()
    • getGroupMemberAttribute

      String getGroupMemberAttribute()
      Returns:
      attribute for the LDAP group membership. This is a multivalued attribute on the group that defines the members of the group. Typically this is "member" or "uniqueMember". In spite of the name of the method, this attribute is also used for group-to-group membership (nested groups).
      See Also:
    • getRoleObjectClass

      @Deprecated String getRoleObjectClass()
      Deprecated.
    • getRoleDescriptionAttribute

      @Deprecated String getRoleDescriptionAttribute()
      Deprecated.
    • getRoleMemberAttribute

      @Deprecated String getRoleMemberAttribute()
      Deprecated.
    • getUserObjectClass

      String getUserObjectClass()
    • getUserFirstNameAttribute

      String getUserFirstNameAttribute()
    • getUserLastNameAttribute

      String getUserLastNameAttribute()
    • getUserDisplayNameAttribute

      String getUserDisplayNameAttribute()
    • getUserPasswordAttribute

      String getUserPasswordAttribute()
    • getUserEncryptionMethod

      String getUserEncryptionMethod()
    • isPagedResultsControl

      boolean isPagedResultsControl()
    • getPagedResultsSize

      int getPagedResultsSize()
    • getSearchTimeLimit

      int getSearchTimeLimit()
    • isNestedGroupsDisabled

      boolean isNestedGroupsDisabled()
    • isFilteringExpiredUsers

      boolean isFilteringExpiredUsers()
      Specify whether expired users should be filtered out.

      If true, any expired user will be locally removed, as if it had been removed in the remote directory.

    • isUsingUserMembershipAttribute

      boolean isUsingUserMembershipAttribute()
      Returns:
      true if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of users that are members of a group, or false if the group member attribute ("member" or equivalent) should be used instead. Note that this only affects queries that fetch the list of users that are members of a group, but not the queries to fetch the list of groups of a user.
      See Also:
    • isUsingUserMembershipAttributeForGroupMembership

      boolean isUsingUserMembershipAttributeForGroupMembership()
      Returns:
      true if the user group membership attribute ("memberOf" or equivalent) should be used to fetch the list of groups a user belongs to, or false if the group member attribute ("member" or equivalent) should be used instead. This option is not available to all directory types. Note that this only affects queries that fetch the list of groups of a user, but not the queries to fetch the list of users that are members of a group.
      See Also:
    • isReferral

      boolean isReferral()
      Returns true if referrals should be followed.
      Returns:
      true if referrals should be followed
    • isRelaxedDnStandardisation

      boolean isRelaxedDnStandardisation()
      Whether we should use the more expensive but completely cross-directory compatible method for standardising DNs when mapping object DNs and and memberDNs (value = false); or if we can use a more efficient but relaxed form of standardisation (value = true).

      See DNStandardiser for more information.

      Returns:
      false if proper standardisation is required.
    • isRolesDisabled

      boolean isRolesDisabled()
      Returns true if roles should be disabled, as in some caching setups. The grammatical atrocity that is the name of this method pains me more than you can imagine.
    • isLocalUserStatusEnabled

      boolean isLocalUserStatusEnabled()
      Returns true if user status are updated independently in the Crowd cache and the remote directory. Otherwise, user status is synchronised between the cache and the remote directory.
      Returns:
      true if user status in the cache is updated independently of the remote directory.
    • isLocalGroupsEnabled

      boolean isLocalGroupsEnabled()
      Returns true if groups and group memberships are to be mutated only (created, updated, deleted) in local storage, otherwise the mutations will be propagated to the underlying LDAP implementation (full read-write LDAP groups).
      Returns:
      true if using local storage for groups and memberships
    • isPrimaryGroupSupported

      boolean isPrimaryGroupSupported()
      Returns:
      true if the support for primary groups is enabled for this directory.
    • getCacheSynchroniseInterval

      int getCacheSynchroniseInterval()
      Returns the interval in seconds when the local Cache should be synchronized with LDAP.
      Returns:
      the interval in seconds when the local Cache should be synchronized with LDAP.
    • getLdapTypeConfigurations

      List<LdapTypeConfig> getLdapTypeConfigurations()
      Get a list of Ldap Type Configuration objects.
      Returns:
      List of LdapTypeConfigurations
    • getExternalIdAttribute

      String getExternalIdAttribute()
      Get the LDAP unique ID attribute.
    • getGroupExternalIdAttribute

      String getGroupExternalIdAttribute()
    • getSecureMode

      LdapSecureMode getSecureMode()
    • getLdapPoolConfig

      String getLdapPoolConfig()
    • getLdapPoolType

      LdapPoolType getLdapPoolType()