All Packages Class Hierarchy This Package Previous Next Index
Class com.netscape.certsrv.authentication.DirBasedAuthentication
com.netscape.certsrv.authentication.DirBasedAuthentication
- public abstract class DirBasedAuthentication
- implements IAuthManager
Abstract class for directory based authentication managers
Uses a pattern for formulating subject names.
The pattern is read from configuration file.
Syntax of the pattern is described in the init() method.
-
DEFAULT_DNPATTERN
-
-
mBaseDN
-
-
mConfig
-
-
mConnFactory
-
-
mImplName
-
-
mLdapAttrs
-
-
mLdapByteAttrs
-
-
mLdapConfig
-
-
mLdapStringAttrs
-
-
mLogger
-
-
mName
-
-
mPattern
-
-
PROP_BASEDN
-
-
PROP_DNPATTERN
-
-
PROP_LDAP
-
-
PROP_LDAPBYTEATTRS
-
-
PROP_LDAPSTRINGATTRS
-
-
DirBasedAuthentication()
- Default constructor, initialization must follow.
-
authenticate(IAuthCredentials)
- Authenticates user through LDAP by a set of credentials.
-
authenticate(LDAPConnection, IAuthCredentials, AuthToken)
- Authenticates a user through directory based a set of credentials.
-
formCertInfo(LDAPConnection, String, X509CertInfo, AuthToken)
- Formulate the cert info.
-
formSubjectName(LDAPEntry)
- Formulate the subject name
-
getConfigParams()
- Returns a list of configuration parameter names.
-
getConfigStore()
- Gets the configuration substore used by this authentication manager
-
getImplName()
- gets the plugin name of this authentication manager.
-
getLdapAttrs()
- Return a list of LDAP attributes with String values to retrieve.
-
getLdapByteAttrs()
- Return a list of LDAP attributes with byte[] values to retrieve.
-
getName()
- gets the name of this authentication manager instance
-
getRequiredCreds()
- get the list of required credentials.
-
init(String, String, IConfigStore)
- Initializes the UidPwdDirBasedAuthentication auth manager.
-
log(int, String)
- Logs a message for this class in the system log file.
-
setAuthTokenByteValue(String, LDAPEntry, AuthToken)
-
-
setAuthTokenStringValue(String, LDAPEntry, AuthToken)
-
-
setAuthTokenValues(LDAPEntry, AuthToken)
- Copy values from the LDAPEntry into the AuthToken.
-
shutdown()
- disconnects the ldap connections
PROP_LDAP
protected static final String PROP_LDAP
PROP_BASEDN
protected static final String PROP_BASEDN
PROP_DNPATTERN
protected static final String PROP_DNPATTERN
PROP_LDAPSTRINGATTRS
protected static final String PROP_LDAPSTRINGATTRS
PROP_LDAPBYTEATTRS
protected static final String PROP_LDAPBYTEATTRS
mName
protected String mName
mImplName
protected String mImplName
mConfig
protected IConfigStore mConfig
mLdapConfig
protected IConfigStore mLdapConfig
mBaseDN
protected String mBaseDN
mConnFactory
protected LdapAnonConnFactory mConnFactory
mLogger
protected Logger mLogger
mPattern
protected DNPattern mPattern
mLdapStringAttrs
protected String mLdapStringAttrs[]
mLdapByteAttrs
protected String mLdapByteAttrs[]
mLdapAttrs
protected String mLdapAttrs[]
DEFAULT_DNPATTERN
protected String DEFAULT_DNPATTERN
DirBasedAuthentication
public DirBasedAuthentication()
- Default constructor, initialization must follow.
init
public void init(String name,
String implName,
IConfigStore config) throws EBaseException
- Initializes the UidPwdDirBasedAuthentication auth manager.
Takes the following configuration parameters:
ldap.basedn - the ldap base dn.
ldap.ldapconn.host - the ldap host.
ldap.ldapconn.port - the ldap port
ldap.ldapconn.secureConn - whether port should be secure
ldap.minConns - minimum connections
ldap.maxConns - max connections
dnpattern - dn pattern.
dnpattern is a string representing a subject name pattern
to formulate from the directory attributes and entry dn. If empty or
not set, the ldap entry DN will be used as the certificate subject name.
The syntax is
dnpattern = SubjectNameComp *[ "," SubjectNameComp ]
SubjectNameComponent = DnComp | EntryComp | ConstantComp
DnComp = CertAttr "=" "$dn" "." DnAttr "." Num
EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num
ConstantComp = CertAttr "=" Constant
DnAttr = an attribute in the Ldap entry dn
EntryAttr = an attribute in the Ldap entry
CertAttr = a Component in the Certificate Subject Name
(multiple AVA in one RDN not supported)
Num = the nth value of tha attribute in the dn or entry.
Constant = Constant String, with any accepted ldap string value.
Example:
dnpattern:
E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US
Ldap entry dn:
UID=joesmith, OU=people, O=Acme.com
Ldap attributes:
cn: Joe Smith
sn: Smith
mail: joesmith@acme.com
mail: joesmith@aol.com
ou: people
ou: IS
etc.
The subject name formulated in the cert will be :
E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US
E = the first 'mail' ldap attribute value in user's entry - joesmithe@acme.com
CN = the (first) 'cn' ldap attribute value in the user's entry - Joe Smith
OU = the second 'ou' value in the ldap entry - IS
O = the (first) 'o' value in the user's entry DN - "Acme.com"
C = the constant string "US"
- Parameters:
- name - The name for this authentication manager instance.
- implNamel - The name of the authentication manager plugin.
- config - - The configuration store for this instance.
- Throws: EBaseException
- If an error occurs during initialization.
getName
public String getName()
- gets the name of this authentication manager instance
getImplName
public String getImplName()
- gets the plugin name of this authentication manager.
authenticate
public AuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException
- Authenticates user through LDAP by a set of credentials.
Resulting AuthToken a TOKEN_CERTINFO field of a X509CertInfo
- Parameters:
- authCred - Authentication credentials, CRED_UID and CRED_PWD.
- Returns:
- A AuthToken with a TOKEN_SUBJECT of X500name type.
- Throws: EMissingCredential
- If a required authentication credential is missing.
- Throws: EInvalidCredentials
- If credentials failed authentication.
- Throws: EBaseException
- If an internal error occurred.
- See Also:
- AuthToken
getRequiredCreds
public abstract String[] getRequiredCreds()
- get the list of required credentials.
- Returns:
- list of required credentials as strings.
getConfigParams
public abstract String[] getConfigParams()
- Returns a list of configuration parameter names.
The list is passed to the configuration console so instances of
this implementation can be configured through the console.
- Returns:
- String array of configuration parameter names.
shutdown
public void shutdown()
- disconnects the ldap connections
getConfigStore
public IConfigStore getConfigStore()
- Gets the configuration substore used by this authentication manager
- Returns:
- configuration store
authenticate
protected abstract String authenticate(LDAPConnection conn,
IAuthCredentials authCreds,
AuthToken token) throws EBaseException
- Authenticates a user through directory based a set of credentials.
- Parameters:
- authCreds - The authentication credentials.
- Returns:
- The user's ldap entry dn.
- Throws: EInvalidCredentials
- If the uid and password are not valid
- Throws: EBaseException
- If an internal error occurs.
formCertInfo
protected void formCertInfo(LDAPConnection conn,
String userdn,
X509CertInfo certinfo,
AuthToken token) throws EBaseException
- Formulate the cert info.
- Parameters:
- conn - A LDAP Connection authenticated to user to use.
- userdn - The user's dn.
- certinfo - A certinfo object to fill.
- authToken - A authentication token to fill.
- Throws: EBaseException
- If an internal error occurs.
setAuthTokenValues
protected void setAuthTokenValues(LDAPEntry e,
AuthToken tok)
- Copy values from the LDAPEntry into the AuthToken. The
list of values that should be store this way is given in
a the ldapAttributes configuration parameter.
setAuthTokenStringValue
protected void setAuthTokenStringValue(String name,
LDAPEntry entry,
AuthToken tok)
setAuthTokenByteValue
protected void setAuthTokenByteValue(String name,
LDAPEntry entry,
AuthToken tok)
getLdapAttrs
protected String[] getLdapAttrs()
- Return a list of LDAP attributes with String values to retrieve.
Subclasses can override to return any set of attributes.
- Returns:
- Array of LDAP attributes to retrieve from the directory.
getLdapByteAttrs
protected String[] getLdapByteAttrs()
- Return a list of LDAP attributes with byte[] values to retrieve.
Subclasses can override to return any set of attributes.
- Returns:
- Array of LDAP attributes to retrieve from the directory.
formSubjectName
protected String formSubjectName(LDAPEntry entry) throws EAuthException
- Formulate the subject name
- Parameters:
- entry - The LDAP entry
- Returns:
- The subject name string.
- Throws: EBaseException
- If an internal error occurs.
log
protected void log(int level,
String msg)
- Logs a message for this class in the system log file.
- Parameters:
- level - The log level.
- msg - The message to log.
- See Also:
- ILogger
All Packages Class Hierarchy This Package Previous Next Index