Package de.elo.ix.client.ldap

Class Domain

java.lang.Object
byps.BValueClass
de.elo.ix.client.ValueClass
de.elo.ix.client.ldap.Domain
All Implemented Interfaces:
Serializable
public class Domain extends ValueClass
This class defines how to connect to a domain controller, login a user and find her groups.
Since:
11.00.000.007
See Also:

  • Field Details

    • FILTER_PERSON

      public static final String FILTER_PERSON
      Filter expression used to find a person by her/his sAMAccountName.
      Since:
      11.00.000.011
      See Also:

    • FILTER_PERSON_USER_PRINCIPAL_NAME

      public static final String FILTER_PERSON_USER_PRINCIPAL_NAME
      Filter expression used to find a person by her/his userPrinicpalName.
      Since:
      11.00.000.060
      See Also:

    • FILTER_PERSON_MAIL

      public static final String FILTER_PERSON_MAIL
      Filter expression used to find a person by her mail address.
      Since:
      11.00.000.011
      See Also:

    • FILTER_GROUPS

      public static final String FILTER_GROUPS
      Filter expression used to find groups of a given user.
      Since:
      11.00.000.011
      See Also:

    • AD_ATTRIBUTE_MEMBER_OF

      public static final String AD_ATTRIBUTE_MEMBER_OF
      LDAP attribute ID that specifies the group list of a given user or group.
      Since:
      11.00.000.011
      See Also:

    • AD_ATTRIBUTE_MAIL

      public static final String AD_ATTRIBUTE_MAIL
      LDAP attribute ID that specifies the mail address of a given user.
      Since:
      11.00.000.011
      See Also:

    • AD_SAM_ACCOUNT_NAME

      public static final String AD_SAM_ACCOUNT_NAME
      LDAP attribute ID for sAMAccountName.
      Since:
      11.00.000.060
      See Also:

    • AD_USER_PRINCIPAL_NAME

      public static final String AD_USER_PRINCIPAL_NAME
      LDAP attribute ID for userPrincipalName.
      Since:
      11.00.000.060
      See Also:

    • DEFAULT_ENVIRONMENT

      public static final String[][] DEFAULT_ENVIRONMENT
      Default properties for LDAP connection via Java.
      Since:
      11.00.000.011

    • DEFAULT_ATTRIBUTES

      public static final String[] DEFAULT_ATTRIBUTES
      Default attributes to read.
      Since:
      11.00.000.011

    • servers

      protected List<Server> servers
      List of LDAP servers of the domain.

    • attributeForUserPropOS

      protected String attributeForUserPropOS
      LDAP attribute to be used as OS name for UserInfoC.PROP_NAME_OS. This value is either AD_SAM_ACCOUNT_NAME or AD_USER_PRINCIPAL_NAME. If set as AD_USER_PRINCIPAL_NAME, also set searchFilterForPerson to FILTER_PERSON_USER_PRINCIPAL_NAME. Default is sAMAccountName.
      Since:
      11.00.000.060

    • name

      protected String name
      Domain name. E.g. ELO.LOCAL

    • domainPrefix

      protected String domainPrefix
      Domain prefix. The login name of the user is prefixed by this value to build the user property UserInfoC.PROP_NAME_OS. When using this prefix, users should also use this prefix for login. This value must end with a separator char, e.g. backslash. E.g. ELO\\

    • defaultUserName

      protected String defaultUserName
      Optional user name to connect to the LDAP servers. This account must have the permission to list the group associations of all users. It does not need to be an ELO account too.

    • defaultUserPasswordEncr

      protected String defaultUserPasswordEncr
      Optional encrypted user password to connect to the LDAP servers. This password can also be set in plain text. It is automatically encrypted when stored into a file or database.

    • personSearchDNList

      protected List<String> personSearchDNList
      Search paths to find persons. Only users that are found in one of this DN can login to ELO. E.g. "cn=users,dc=elotest2,dc=local".

    • groupSearchDNList

      protected List<String> groupSearchDNList
      Search paths to find groups. If empty, only those groups are assigned to the user in ELO the user is a direct member of in LDAP. If not empty, the user's groups are recursively searched through group in group membership. A group found via this search is always added to the user regardless of whether its location fits to the given list. But groups that do not match any location are not investigated deeper.

    • connectionTimeoutSeconds

      protected int connectionTimeoutSeconds
      Timeout limit when connecting to a LDAP server.

    • searchTimeLimitSeconds

      protected int searchTimeLimitSeconds
      Search for groups can least up to this number of seconds.

    • maxGroupNesting

      protected int maxGroupNesting
      Groups are collected recursively up to this depth. A value of 0 means no depth limit. This value is ignored, if groupSearchDNList is empty.

    • requiredGroup

      protected String requiredGroup
      Users must be member of this LDAP group. Optional, short LDAP group name (not a DN) the user must be a member of in order to login. The membership in this group is checked after the group list has been collected. Hence, groupSearchDNList and maxGroupNesting have an effect on this check too. The comparison to this value is case-sensitive.

    • nameFormatter

      protected String nameFormatter
      Format string to build a unique ELO account name from LDAP attributes. LDAP attributes have to be enclosed in $. Examples: 1. $cn$, $department$ ; 2. $sAMAccountName$ $department$

    • attributeNameMemberOf

      protected String attributeNameMemberOf
      Name of attribute that contains the user's groups. Defaults to "memberOf".

    • attributeNameMail

      protected String attributeNameMail
      Name of attribute that contains the user's mail address. Defaults to "mail".

    • searchFilterForGroups

      protected String searchFilterForGroups
      Name of attribute that contains the user's groups. Defaults to "(&(objectCategory=group)(member={0}))"

    • searchFilterForMail

      protected String searchFilterForMail
      Search filter for mail address. Defaults to "(&(objectclass=person)(mail={0}))"

    • searchFilterForPerson

      protected String searchFilterForPerson
      Search filter for person. Defaults to "(&(objectclass=person)(sAMAccountName={0}))"

    • initialContextEnvironment

      protected Map<String,String> initialContextEnvironment
      Additional properties to build the login environment. Example: initialContextEnvironment.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");

    • attributesToRead

      protected Set<String> attributesToRead
      Read this LDAP attributes into ldapProperties of UserInfo. The attributes getAttributeNameMail() and getAttributeNameMemberOf() are always read and need not to be included in this collection.

    • attributeSuperior

      protected String attributeSuperior
      Attribute to determine the superior of an ELO user. Set this attribute ID e.g. to AD_ATTRIBUTE_MANAGER to assign the superior of a user on login. This value is empty by default, which means that ELO Administrator (user ID 0) is assigned as superior.
      Since:
      12.00.000.052

    • parentOfNewUser

      protected String parentOfNewUser
      Assign this user as parent for a new ELO user. ID, GUID or name of existing ELO user or group that is assigned as UserInfo#parent when a new ELO user is created. This value is empty by default, which means that ELO Administrator (user ID 0) is assigned as parent.
      Since:
      12.00.000.056

    • AD_ATTRIBUTE_MANAGER

      public static final String AD_ATTRIBUTE_MANAGER
      AD attribute ID -manager- that specifies the superior of an ELO user.
      Since:
      12.00.000.052
      See Also:

  • Constructor Details

    • Domain

      public Domain()

  • Method Details

    • getServers

      public List<Server> getServers()

    • getName

      public String getName()

    • getDomainPrefix

      public String getDomainPrefix()

    • getDefaultUserName

      public String getDefaultUserName()

    • getDefaultUserPasswordEncr

      public String getDefaultUserPasswordEncr()

    • getPersonSearchDNList

      public List<String> getPersonSearchDNList()

    • getGroupSearchDNList

      public List<String> getGroupSearchDNList()

    • setServers

      public void setServers(List<Server> servers)

    • setName

      public void setName(String name)

    • setDomainPrefix

      public void setDomainPrefix(String domainPrefix)

    • setDefaultUserName

      public void setDefaultUserName(String defaultUserName)

    • setDefaultUserPasswordEncr

      public void setDefaultUserPasswordEncr(String defaultUserPassword)

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • setPersonSearchDNList

      public void setPersonSearchDNList(List<String> personSearchDnList)

    • setGroupSearchDNList

      public void setGroupSearchDNList(List<String> groupSearchDnList)

    • getConnectionTimeoutSeconds

      public int getConnectionTimeoutSeconds()

    • setConnectionTimeoutSeconds

      public void setConnectionTimeoutSeconds(int connectionTimeoutSeconds)

    • getSearchTimeLimitSeconds

      public int getSearchTimeLimitSeconds()

    • getMaxGroupNesting

      public int getMaxGroupNesting()

    • getRequiredGroup

      public String getRequiredGroup()

    • setSearchTimeLimitSeconds

      public void setSearchTimeLimitSeconds(int searchTimeLimitSeconds)

    • setMaxGroupNesting

      public void setMaxGroupNesting(int maxGroupNesting)

    • setRequiredGroup

      public void setRequiredGroup(String requiredGroup)

    • getNameFormatter

      public String getNameFormatter()

    • setNameFormatter

      public void setNameFormatter(String nameFormatter)

    • getInitialContextEnvironment

      public Map<String,String> getInitialContextEnvironment()

    • setInitialContextEnvironment

      public void setInitialContextEnvironment(Map<String,String> initialContextEnvironment)

    • getAttributeNameMemberOf

      public String getAttributeNameMemberOf()

    • setAttributeNameMemberOf

      public void setAttributeNameMemberOf(String attributeNameMemberOf)

    • getSearchFilterForGroups

      public String getSearchFilterForGroups()

    • getSearchFilterForMail

      public String getSearchFilterForMail()

    • getSearchFilterForPerson

      public String getSearchFilterForPerson()

    • setSearchFilterForGroups

      public void setSearchFilterForGroups(String searchFilterForGroups)

    • setSearchFilterForMail

      public void setSearchFilterForMail(String searchFilterForMail)

    • setSearchFilterForPerson

      public void setSearchFilterForPerson(String searchFilterForPerson)

    • getAttributeNameMail

      public String getAttributeNameMail()

    • setAttributeNameMail

      public void setAttributeNameMail(String attributeNameMail)

    • getAttributesToRead

      public Set<String> getAttributesToRead()

    • setAttributesToRead

      public void setAttributesToRead(Set<String> attributesToRead)

    • getAttributeForUserPropOS

      public String getAttributeForUserPropOS()

    • setAttributeForUserPropOS

      public void setAttributeForUserPropOS(String ldapAttributeForUserPropOS)

    • getAttributeSuperior

      public String getAttributeSuperior()

    • setAttributeSuperior

      public void setAttributeSuperior(String attributeSuperior)

    • getParentOfNewUser

      public String getParentOfNewUser()

    • setParentOfNewUser

      public void setParentOfNewUser(String parentOfNewUser)

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object