All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class com.netscape.certsrv.authentication.DirBasedAuthentication

com.netscape.certsrv.authentication.DirBasedAuthentication

public abstract class DirBasedAuthentication
implements IAuthManager
Abstract class for directory based authentication managers Uses a pattern for formulating subject names. The pattern is read from configuration file. Syntax of the pattern is described in the init() method.


Variable Index

 o DEFAULT_DNPATTERN
 o mBaseDN
 o mConfig
 o mConnFactory
 o mImplName
 o mLdapAttrs
 o mLdapByteAttrs
 o mLdapConfig
 o mLdapStringAttrs
 o mLogger
 o mName
 o mPattern
 o PROP_BASEDN
 o PROP_DNPATTERN
 o PROP_LDAP
 o PROP_LDAPBYTEATTRS
 o PROP_LDAPSTRINGATTRS

Constructor Index

 o DirBasedAuthentication()
Default constructor, initialization must follow.

Method Index

 o authenticate(IAuthCredentials)
Authenticates user through LDAP by a set of credentials.
 o authenticate(LDAPConnection, IAuthCredentials, AuthToken)
Authenticates a user through directory based a set of credentials.
 o formCertInfo(LDAPConnection, String, X509CertInfo, AuthToken)
Formulate the cert info.
 o formSubjectName(LDAPEntry)
Formulate the subject name
 o getConfigParams()
Returns a list of configuration parameter names.
 o getConfigStore()
Gets the configuration substore used by this authentication manager
 o getImplName()
gets the plugin name of this authentication manager.
 o getLdapAttrs()
Return a list of LDAP attributes with String values to retrieve.
 o getLdapByteAttrs()
Return a list of LDAP attributes with byte[] values to retrieve.
 o getName()
gets the name of this authentication manager instance
 o getRequiredCreds()
get the list of required credentials.
 o init(String, String, IConfigStore)
Initializes the UidPwdDirBasedAuthentication auth manager.
 o log(int, String)
Logs a message for this class in the system log file.
 o setAuthTokenByteValue(String, LDAPEntry, AuthToken)
 o setAuthTokenStringValue(String, LDAPEntry, AuthToken)
 o setAuthTokenValues(LDAPEntry, AuthToken)
Copy values from the LDAPEntry into the AuthToken.
 o shutdown()
disconnects the ldap connections

Variables

 o PROP_LDAP
 protected static final String PROP_LDAP
 o PROP_BASEDN
 protected static final String PROP_BASEDN
 o PROP_DNPATTERN
 protected static final String PROP_DNPATTERN
 o PROP_LDAPSTRINGATTRS
 protected static final String PROP_LDAPSTRINGATTRS
 o PROP_LDAPBYTEATTRS
 protected static final String PROP_LDAPBYTEATTRS
 o mName
 protected String mName
 o mImplName
 protected String mImplName
 o mConfig
 protected IConfigStore mConfig
 o mLdapConfig
 protected IConfigStore mLdapConfig
 o mBaseDN
 protected String mBaseDN
 o mConnFactory
 protected LdapAnonConnFactory mConnFactory
 o mLogger
 protected Logger mLogger
 o mPattern
 protected DNPattern mPattern
 o mLdapStringAttrs
 protected String mLdapStringAttrs[]
 o mLdapByteAttrs
 protected String mLdapByteAttrs[]
 o mLdapAttrs
 protected String mLdapAttrs[]
 o DEFAULT_DNPATTERN
 protected String DEFAULT_DNPATTERN

Constructors

 o DirBasedAuthentication
 public DirBasedAuthentication()
Default constructor, initialization must follow.

Methods

 o init
 public void init(String name,
                  String implName,
                  IConfigStore config) throws EBaseException
Initializes the UidPwdDirBasedAuthentication auth manager. Takes the following configuration parameters:
		ldap.basedn             - the ldap base dn.
		ldap.ldapconn.host      - the ldap host.
		ldap.ldapconn.port      - the ldap port 
		ldap.ldapconn.secureConn - whether port should be secure 
		ldap.minConns           - minimum connections
		ldap.maxConns           - max connections
		dnpattern               - dn pattern.
 

dnpattern is a string representing a subject name pattern to formulate from the directory attributes and entry dn. If empty or not set, the ldap entry DN will be used as the certificate subject name.

The syntax is

     dnpattern = SubjectNameComp *[ "," SubjectNameComp ]
     SubjectNameComponent = DnComp | EntryComp | ConstantComp  
     DnComp = CertAttr "=" "$dn" "." DnAttr "." Num
     EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num
     ConstantComp = CertAttr "=" Constant
     DnAttr    =  an attribute in the Ldap entry dn
     EntryAttr =  an attribute in the Ldap entry 
     CertAttr  =  a Component in the Certificate Subject Name
                  (multiple AVA in one RDN not supported) 
     Num       =  the nth value of tha attribute  in the dn or entry.
     Constant  =  Constant String, with any accepted ldap string value. 
 

Example:

 dnpattern: 
     E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US
 
Ldap entry dn: UID=joesmith, OU=people, O=Acme.com
Ldap attributes: cn: Joe Smith sn: Smith mail: joesmith@acme.com mail: joesmith@aol.com ou: people ou: IS etc.

The subject name formulated in the cert will be :

   E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US
      E = the first 'mail' ldap attribute value in user's entry - joesmithe@acme.com 
      CN = the (first) 'cn' ldap attribute value in the user's entry - Joe Smith 
      OU = the second 'ou' value in the ldap entry - IS
      O = the (first) 'o' value in the user's entry DN - "Acme.com" 
      C = the constant string "US"
 

Parameters:
name - The name for this authentication manager instance.
implNamel - The name of the authentication manager plugin.
config - - The configuration store for this instance.
Throws: EBaseException
If an error occurs during initialization.
 o getName
 public String getName()
gets the name of this authentication manager instance

 o getImplName
 public String getImplName()
gets the plugin name of this authentication manager.

 o authenticate
 public AuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException
Authenticates user through LDAP by a set of credentials. Resulting AuthToken a TOKEN_CERTINFO field of a X509CertInfo

Parameters:
authCred - Authentication credentials, CRED_UID and CRED_PWD.
Returns:
A AuthToken with a TOKEN_SUBJECT of X500name type.
Throws: EMissingCredential
If a required authentication credential is missing.
Throws: EInvalidCredentials
If credentials failed authentication.
Throws: EBaseException
If an internal error occurred.
See Also:
AuthToken
 o getRequiredCreds
 public abstract String[] getRequiredCreds()
get the list of required credentials.

Returns:
list of required credentials as strings.
 o getConfigParams
 public abstract String[] getConfigParams()
Returns a list of configuration parameter names. The list is passed to the configuration console so instances of this implementation can be configured through the console.

Returns:
String array of configuration parameter names.
 o shutdown
 public void shutdown()
disconnects the ldap connections

 o getConfigStore
 public IConfigStore getConfigStore()
Gets the configuration substore used by this authentication manager

Returns:
configuration store
 o authenticate
 protected abstract String authenticate(LDAPConnection conn,
                                        IAuthCredentials authCreds,
                                        AuthToken token) throws EBaseException
Authenticates a user through directory based a set of credentials.

Parameters:
authCreds - The authentication credentials.
Returns:
The user's ldap entry dn.
Throws: EInvalidCredentials
If the uid and password are not valid
Throws: EBaseException
If an internal error occurs.
 o formCertInfo
 protected void formCertInfo(LDAPConnection conn,
                             String userdn,
                             X509CertInfo certinfo,
                             AuthToken token) throws EBaseException
Formulate the cert info.

Parameters:
conn - A LDAP Connection authenticated to user to use.
userdn - The user's dn.
certinfo - A certinfo object to fill.
authToken - A authentication token to fill.
Throws: EBaseException
If an internal error occurs.
 o setAuthTokenValues
 protected void setAuthTokenValues(LDAPEntry e,
                                   AuthToken tok)
Copy values from the LDAPEntry into the AuthToken. The list of values that should be store this way is given in a the ldapAttributes configuration parameter.

 o setAuthTokenStringValue
 protected void setAuthTokenStringValue(String name,
                                        LDAPEntry entry,
                                        AuthToken tok)
 o setAuthTokenByteValue
 protected void setAuthTokenByteValue(String name,
                                      LDAPEntry entry,
                                      AuthToken tok)
 o getLdapAttrs
 protected String[] getLdapAttrs()
Return a list of LDAP attributes with String values to retrieve. Subclasses can override to return any set of attributes.

Returns:
Array of LDAP attributes to retrieve from the directory.
 o getLdapByteAttrs
 protected String[] getLdapByteAttrs()
Return a list of LDAP attributes with byte[] values to retrieve. Subclasses can override to return any set of attributes.

Returns:
Array of LDAP attributes to retrieve from the directory.
 o formSubjectName
 protected String formSubjectName(LDAPEntry entry) throws EAuthException
Formulate the subject name

Parameters:
entry - The LDAP entry
Returns:
The subject name string.
Throws: EBaseException
If an internal error occurs.
 o log
 protected void log(int level,
                    String msg)
Logs a message for this class in the system log file.

Parameters:
level - The log level.
msg - The message to log.
See Also:
ILogger

All Packages  Class Hierarchy  This Package  Previous  Next  Index