org.rhq.enterprise.server.core.jaas
Class LdapLoginModule

java.lang.Object
  org.jboss.security.auth.spi.AbstractServerLoginModule
      org.jboss.security.auth.spi.UsernamePasswordLoginModule
          org.rhq.enterprise.server.core.jaas.LdapLoginModule

All Implemented Interfaces:

LoginModule

public class LdapLoginModule
extends org.jboss.security.auth.spi.UsernamePasswordLoginModule

A login module for authenticating against an LDAP directory server using JNDI, based on configuration properites LDAP module options:

 java.naming.factory.initial
   This should be set to the fully qualified class name of the initial
   context factory.  Defaults to com.sun.jndi.ldap.LdapCtxFactory

 java.naming.provider.url
   The full url to the LDAP server.  Defaults to ldap://localhost.  Port
   389 is used unless java.naming.security.protocol is set to ssl.  In
   that case port 636 is used.

 java.naming.security.protocol
   Set this to 'ssl' to enable secure communications.  If the
   java.naming.provider.url is not set, it will be initialized with
   port 636.

 LoginProperty
   The LDAP property that contains the user name.  Defaults to cn.  If
   multiple matches are found, the first entry found is used.

 Filter
   Any additional filters to apply when doing the LDAP search.  Useful
   if you only want to authenticate against a group of users that have
   a given LDAP property set.  (CAMUser=true for example)

 BaseDN
   The base of the LDAP tree we are authenticating against.  For example:
   o=Covalent Technologies,c=US.  Multiple LDAP bases can be used by
   seperating each DN by ';'

 BindDN
   The BindDN to use if the LDAP server does not support anonymous searches.

 BindPW
   The password to use if the LDAP server does not support anonymous
   searches
 

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

callbackHandler, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

LdapLoginModule()
Creates a new LdapLoginModule object.

Method Summary

protected Group[]	getRoleSets()
protected String	getUsersPassword()
protected boolean	validatePassword(String inputPassword, String expectedPassword)

Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule

createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, getValidateError, initialize, login, setValidateError

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

abort, commit, createGroup, createIdentity, getUseFirstPass, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LdapLoginModule

public LdapLoginModule()

Creates a new LdapLoginModule object.

Method Detail

getUsersPassword

protected String getUsersPassword()
                           throws LoginException

Specified by:

getUsersPassword in class org.jboss.security.auth.spi.UsernamePasswordLoginModule

Throws:

LoginException

See Also:

UsernamePasswordLoginModule.getUsersPassword()

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException

Specified by:

getRoleSets in class org.jboss.security.auth.spi.AbstractServerLoginModule

Throws:

LoginException

See Also:

AbstractServerLoginModule.getRoleSets()

validatePassword

protected boolean validatePassword(String inputPassword,
                                   String expectedPassword)

Overrides:

validatePassword in class org.jboss.security.auth.spi.UsernamePasswordLoginModule

See Also:

UsernamePasswordLoginModule.validatePassword(java.lang.String,java.lang.String)