<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <!-- NewPage --> <html lang="en"> <head> <!-- Generated by javadoc (1.8.0_181) on Thu Sep 20 00:34:30 UTC 2018 --> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>LdapAuthBean (HSQLDB 2.4.0 API)</title> <meta name="date" content="2018-09-20"> <link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style"> <script type="text/javascript" src="../../../script.js"></script> </head> <body> <script type="text/javascript"><!-- try { if (location.href.indexOf('is-external=true') == -1) { parent.document.title="LdapAuthBean (HSQLDB 2.4.0 API)"; } } catch(err) { } //--> var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10}; var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]}; var altColor = "altColor"; var rowColor = "rowColor"; var tableTab = "tableTab"; var activeTableTab = "activeTableTab"; </script> <noscript> <div>JavaScript is disabled on your browser.</div> </noscript> <!-- ========= START OF TOP NAVBAR ======= --> <div class="topNav"><a name="navbar.top"> <!-- --> </a> <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> <a name="navbar.top.firstrow"> <!-- --> </a> <ul class="navList" title="Navigation"> <li><a href="../../../overview-summary.html">Overview</a></li> <li><a href="package-summary.html">Package</a></li> <li class="navBarCell1Rev">Class</li> <li><a href="class-use/LdapAuthBean.html">Use</a></li> <li><a href="package-tree.html">Tree</a></li> <li><a href="../../../deprecated-list.html">Deprecated</a></li> <li><a href="../../../index-all.html">Index</a></li> <li><a href="../../../help-doc.html">Help</a></li> </ul> </div> <div class="subNav"> <ul class="navList"> <li><a href="../../../org/hsqldb/auth/JaasAuthBean.UPCallbackHandler.html" title="class in org.hsqldb.auth"><span class="typeNameLink">Prev Class</span></a></li> <li><a href="../../../org/hsqldb/auth/LdapAuthBeanTester.html" title="class in org.hsqldb.auth"><span class="typeNameLink">Next Class</span></a></li> </ul> <ul class="navList"> <li><a href="../../../index.html?org/hsqldb/auth/LdapAuthBean.html" target="_top">Frames</a></li> <li><a href="LdapAuthBean.html" target="_top">No Frames</a></li> </ul> <ul class="navList" id="allclasses_navbar_top"> <li><a href="../../../allclasses-noframe.html">All Classes</a></li> </ul> <div> <script type="text/javascript"><!-- allClassesLink = document.getElementById("allclasses_navbar_top"); if(window==top) { allClassesLink.style.display = "block"; } else { allClassesLink.style.display = "none"; } //--> </script> </div> <div> <ul class="subNavList"> <li>Summary: </li> <li>Nested | </li> <li>Field | </li> <li><a href="#constructor.summary">Constr</a> | </li> <li><a href="#method.summary">Method</a></li> </ul> <ul class="subNavList"> <li>Detail: </li> <li>Field | </li> <li><a href="#constructor.detail">Constr</a> | </li> <li><a href="#method.detail">Method</a></li> </ul> </div> <a name="skip.navbar.top"> <!-- --> </a></div> <!-- ========= END OF TOP NAVBAR ========= --> <!-- ======== START OF CLASS DATA ======== --> <div class="header"> <div class="subTitle">org.hsqldb.auth</div> <h2 title="Class LdapAuthBean" class="title">Class LdapAuthBean</h2> </div> <div class="contentContainer"> <ul class="inheritance"> <li>java.lang.Object</li> <li> <ul class="inheritance"> <li>org.hsqldb.auth.LdapAuthBean</li> </ul> </li> </ul> <div class="description"> <ul class="blockList"> <li class="blockList"> <dl> <dt>All Implemented Interfaces:</dt> <dd><a href="../../../org/hsqldb/auth/AuthFunctionBean.html" title="interface in org.hsqldb.auth">AuthFunctionBean</a></dd> </dl> <hr> <br> <pre>public class <span class="typeNameLabel">LdapAuthBean</span> extends java.lang.Object implements <a href="../../../org/hsqldb/auth/AuthFunctionBean.html" title="interface in org.hsqldb.auth">AuthFunctionBean</a></pre> <div class="block">Authenticates to a HyperSQL catalog according to entries in a LDAP database. If using LDAP StartTLS and your server has a certificate not trusted by default by your JRE, then set system property 'javax.net.ssl.trustStore' to the path to a trust store containing the cert (as well as any other certs that your app needs for other purposes). <P> This class with authenticate login attempts against LDAP entries with RDN of the HyperSQL account name (the precise attribute name defaults to 'uid', but you may change that). </P> <P> This class purposefully does not support LDAPS, because LDAPS is deprecated in favor of StartTLS, which we do support. If you need to support LDAPS and are using SE 1.6, use our JaasAuthBean with Sun's LdapLoginModule. </P> <P> This class does not support SASL/External authentication, because the work involved with securely obtaining user-specific certs would be more complex than everything else here combined. Another AuthFunctionBean would have to be written if SASL/External is needed. </P> <P> To use instances of this class, you must use at least the methods setLdapHost, setParentDn, initialize, plus rolesSchemaAttribute and/or accessAttribute. </P> <P> For a user to be given HyperSQL catalog access, that user must either have a value for accessAttribute if that property is set (optionally requiring a match with accessValuePattern); or, if the accessAttribute is not set then must have some (any) value for rolesSchemaAttribute (optionally requiring a match with roleSchemaValuePattern). Consequently, if you have set both accessAttribute and rolesSchemaAttribute, the latter attribute will only be consulted if the check of the former attribute succeeds. </P> <P> If you want roles assigned according to the local HyperSQL database instead of according to LDAP, then set accessAttribute but not rolesSchemaAttribute. </P> <P> If what is wanted is to grant access but with no roles (overriding local roles if there are any), then set both accessAttribute and rolesSchemaAttribute, but do not set any rolesSchemaAttribute attribute values for these no-role users. (I hesitate to mention it, but you could accomplish the same thing with only a rolesSchemaAttribute attribute, by setting only a dummy role/schema value for non-role users, because HyperSQL will ignore unknown roles or schemas but still give access since a list was still supplied). </P></div> <dl> <dt><span class="simpleTagLabel">Since:</span></dt> <dd>2.0.1</dd> <dt><span class="simpleTagLabel">Author:</span></dt> <dd>Blaine Simpson (blaine dot simpson at admc dot com)</dd> <dt><span class="seeLabel">See Also:</span></dt> <dd><a href="../../../org/hsqldb/auth/AuthFunctionBean.html" title="interface in org.hsqldb.auth"><code>AuthFunctionBean</code></a>, <a href="../../../org/hsqldb/auth/LdapAuthBean.html#setLdapHost-java.lang.String-"><code>setLdapHost(String)</code></a>, <a href="../../../org/hsqldb/auth/LdapAuthBean.html#setParentDn-java.lang.String-"><code>setParentDn(String)</code></a>, <a href="../../../org/hsqldb/auth/LdapAuthBean.html#init--"><code>init()</code></a></dd> </dl> </li> </ul> </div> <div class="summary"> <ul class="blockList"> <li class="blockList"> <!-- ======== CONSTRUCTOR SUMMARY ======== --> <ul class="blockList"> <li class="blockList"><a name="constructor.summary"> <!-- --> </a> <h3>Constructor Summary</h3> <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation"> <caption><span>Constructors</span><span class="tabEnd"> </span></caption> <tr> <th class="colOne" scope="col">Constructor and Description</th> </tr> <tr class="altColor"> <td class="colOne"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#LdapAuthBean--">LdapAuthBean</a></span>()</code> </td> </tr> </table> </li> </ul> <!-- ========== METHOD SUMMARY =========== --> <ul class="blockList"> <li class="blockList"><a name="method.summary"> <!-- --> </a> <h3>Method Summary</h3> <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation"> <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd"> </span></span></caption> <tr> <th class="colFirst" scope="col">Modifier and Type</th> <th class="colLast" scope="col">Method and Description</th> </tr> <tr id="i0" class="altColor"> <td class="colFirst"><code>java.lang.String[]</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#authenticate-java.lang.String-java.lang.String-">authenticate</a></span>(java.lang.String userName, java.lang.String password)</code> <div class="block">Return a list of authorized roles or null to indicate that the implementation does not intend to produce a specific role list but only to indicate whether to allow access or not.</div> </td> </tr> <tr id="i1" class="rowColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#init--">init</a></span>()</code> </td> </tr> <tr id="i2" class="altColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setAccessAttribute-java.lang.String-">setAccessAttribute</a></span>(java.lang.String attribute)</code> <div class="block">Set the attribute name of the RDN + parentDn entries which will be consulted to decide whether the user can access the HyperSQL database.</div> </td> </tr> <tr id="i3" class="rowColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setAccessValuePattern-java.util.regex.Pattern-">setAccessValuePattern</a></span>(java.util.regex.Pattern accessValuePattern)</code> <div class="block">Assign a pattern to detect honored accessAttribute values.</div> </td> </tr> <tr id="i4" class="altColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setAccessValuePatternString-java.lang.String-">setAccessValuePatternString</a></span>(java.lang.String patternString)</code> <div class="block">String wrapper for method setAccessValuePattern(Pattern) Use the (x?) Pattern constructs to set options.</div> </td> </tr> <tr id="i5" class="rowColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setInitialContextFactory-java.lang.String-">setInitialContextFactory</a></span>(java.lang.String initialContextFactory)</code> <div class="block">Most users should not call this, and will get the default of "com.sun.jndi.ldap.LdapCtxFactory".</div> </td> </tr> <tr id="i6" class="altColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setLdapHost-java.lang.String-">setLdapHost</a></span>(java.lang.String ldapHost)</code> <div class="block">Do not specify URL scheme ("ldap:") because that is implied.</div> </td> </tr> <tr id="i7" class="rowColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setLdapPort-int-">setLdapPort</a></span>(int ldapPort)</code> </td> </tr> <tr id="i8" class="altColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setParentDn-java.lang.String-">setParentDn</a></span>(java.lang.String parentDn)</code> <div class="block">Set DN which is parent of the user DNs.</div> </td> </tr> <tr id="i9" class="rowColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setPrincipalTemplate-java.lang.String-">setPrincipalTemplate</a></span>(java.lang.String principalTemplate)</code> <div class="block">A template String containing place-holder token '${username}'.</div> </td> </tr> <tr id="i10" class="altColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRdnAttribute-java.lang.String-">setRdnAttribute</a></span>(java.lang.String rdnAttribute)</code> <div class="block">rdnAttribute must hold the user name exactly as the HyperSQL login will be made with.</div> </td> </tr> <tr id="i11" class="rowColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRoleSchemaValuePattern-java.util.regex.Pattern-">setRoleSchemaValuePattern</a></span>(java.util.regex.Pattern roleSchemaValuePattern)</code> <div class="block">Assign a pattern to both detect honored values, and to map from a single value of "rolesSchemaAttribute"s to a HyperSQL role or schema string.</div> </td> </tr> <tr id="i12" class="altColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRoleSchemaValuePatternString-java.lang.String-">setRoleSchemaValuePatternString</a></span>(java.lang.String patternString)</code> <div class="block">String wrapper for method setRoleSchemaValuePattern(Pattern) Use the (x?) Pattern constructs to set options.</div> </td> </tr> <tr id="i13" class="rowColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRolesSchemaAttribute-java.lang.String-">setRolesSchemaAttribute</a></span>(java.lang.String attribute)</code> <div class="block">Set the attribute name of the RDN + parentDn entries in which is stored the list of roles and optional schema for the authenticating user.</div> </td> </tr> <tr id="i14" class="altColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setSaslRealm-java.lang.String-">setSaslRealm</a></span>(java.lang.String saslRealm)</code> <div class="block">Some LDAP servers using a SASL mechanism require a realm to be specified, and some mechanisms allow a realm to be specified if you wish to use that feature.</div> </td> </tr> <tr id="i15" class="rowColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setSecurityMechanism-java.lang.String-">setSecurityMechanism</a></span>(java.lang.String mechanism)</code> <div class="block">Defaults to "SIMPLE".</div> </td> </tr> <tr id="i16" class="altColor"> <td class="colFirst"><code>void</code></td> <td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setStartTls-boolean-">setStartTls</a></span>(boolean isTls)</code> <div class="block">If this is set, then the entire (brief) transaction with the LDAP server will be encrypted.</div> </td> </tr> </table> <ul class="blockList"> <li class="blockList"><a name="methods.inherited.from.class.java.lang.Object"> <!-- --> </a> <h3>Methods inherited from class java.lang.Object</h3> <code>equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li> </ul> </li> </ul> </li> </ul> </div> <div class="details"> <ul class="blockList"> <li class="blockList"> <!-- ========= CONSTRUCTOR DETAIL ======== --> <ul class="blockList"> <li class="blockList"><a name="constructor.detail"> <!-- --> </a> <h3>Constructor Detail</h3> <a name="LdapAuthBean--"> <!-- --> </a> <ul class="blockListLast"> <li class="blockList"> <h4>LdapAuthBean</h4> <pre>public LdapAuthBean()</pre> </li> </ul> </li> </ul> <!-- ============ METHOD DETAIL ========== --> <ul class="blockList"> <li class="blockList"><a name="method.detail"> <!-- --> </a> <h3>Method Detail</h3> <a name="setStartTls-boolean-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setStartTls</h4> <pre>public void setStartTls(boolean isTls)</pre> <div class="block">If this is set, then the entire (brief) transaction with the LDAP server will be encrypted.</div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>isTls</code> - boolean</dd> </dl> </li> </ul> <a name="setLdapPort-int-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setLdapPort</h4> <pre>public void setLdapPort(int ldapPort)</pre> </li> </ul> <a name="init--"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>init</h4> <pre>public void init()</pre> <dl> <dt><span class="throwsLabel">Throws:</span></dt> <dd><code>java.lang.IllegalStateException</code> - if any required setting has not been set.</dd> </dl> </li> </ul> <a name="setAccessValuePattern-java.util.regex.Pattern-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setAccessValuePattern</h4> <pre>public void setAccessValuePattern(java.util.regex.Pattern accessValuePattern)</pre> <div class="block">Assign a pattern to detect honored accessAttribute values. If you set accessAttribute but not accessValuePattern, then all that will be checked for access is if the RDN + parentDN entry has the accessAttribute attribute. (I.e. the specific value will not matter whatsoever). <P> You may only use this property if you have set property accessAttribute. If you have set accessAttribute but not this property, then access will be decided based solely upon existence of this attribute. <P> Capture groups in the pattern will be ignored and serve no purpose. <P> N.b. this Pattern will be used for the matches() operation, therefore it must match the entire candidate value strings (this is different than the find operation which does not need to satisfy the entire candidate value). <P>Example1 :<PRE><CODE> TRUE </CODE></PRE> This will match true values per OpenLDAP's boolean OID.</div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>accessValuePattern</code> - Pattern</dd> <dt><span class="seeLabel">See Also:</span></dt> <dd><code>Matcher.matches()</code></dd> </dl> </li> </ul> <a name="setAccessValuePatternString-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setAccessValuePatternString</h4> <pre>public void setAccessValuePatternString(java.lang.String patternString)</pre> <div class="block">String wrapper for method setAccessValuePattern(Pattern) Use the (x?) Pattern constructs to set options.</div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>patternString</code> - String</dd> <dt><span class="seeLabel">See Also:</span></dt> <dd><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setAccessValuePattern-java.util.regex.Pattern-"><code>setAccessValuePattern(Pattern)</code></a></dd> </dl> </li> </ul> <a name="setRoleSchemaValuePattern-java.util.regex.Pattern-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setRoleSchemaValuePattern</h4> <pre>public void setRoleSchemaValuePattern(java.util.regex.Pattern roleSchemaValuePattern)</pre> <div class="block">Assign a pattern to both detect honored values, and to map from a single value of "rolesSchemaAttribute"s to a HyperSQL role or schema string. If your rolesSchemaAttribute holds only the String values precisely as HyperSQL needs them, then don't use this method at all and all matching attribute values will be passed directly. <P> You may only use this property if you have set property rolesSchemaAttribute. If rolesSchemaAttribute is set but this property is not set, then the value will directly determine the user's roles and schema. <P> <B>Unlike the rolesSchemaAttribute, the property at-hand uses the singular for "role", because whereas rolesSchemaAttribute is the attribute for listing multiple roles, roleSchemaValuePattern is used to evaluate single role values.</B> <P> These are two distinct and important purposes for the specified Pattern. <OL> <LI> Values that do not successfully match the pattern will be ignored. <LI> Optionally uses parentheses to specify a single capture group (if you use parentheses to specify more than one matching group, we will only capture for the first). What is captured by this group is exactly the role or schema that HyperSQL will attempt to assign. If no capture parens are given then the Pattern is only used for the acceptance decision, and the LDAP-provided value will be returned verbatim. </OL> <P> Together, these two features work great to extract just the needed role and schema names from 'memberof' DNs, and will have no problem if you also use 'memberof' for unrelated purposes. <P> N.b. this Pattern will be used for the matches() operation, therefore it must match the entire candidate value strings (this is different than the find operation which does not need to satisfy the entire candidate value). <P>Example1 :<PRE><CODE> cn=([^,]+),ou=dbRole,dc=admc,dc=com </CODE></PRE> will extract the CN value from matching attribute values. <P>Example1 :<PRE><CODE> cn=[^,]+,ou=dbRole,dc=admc,dc=com </CODE></PRE> will return the entire <CODE>cn...com</CODE> string for matching attribute values.</div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>roleSchemaValuePattern</code> - pattern</dd> <dt><span class="seeLabel">See Also:</span></dt> <dd><code>Matcher.matches()</code></dd> </dl> </li> </ul> <a name="setRoleSchemaValuePatternString-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setRoleSchemaValuePatternString</h4> <pre>public void setRoleSchemaValuePatternString(java.lang.String patternString)</pre> <div class="block">String wrapper for method setRoleSchemaValuePattern(Pattern) Use the (x?) Pattern constructs to set options.</div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>patternString</code> - pattern</dd> <dt><span class="throwsLabel">Throws:</span></dt> <dd><code>java.util.regex.PatternSyntaxException</code> - exception</dd> <dt><span class="seeLabel">See Also:</span></dt> <dd><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRoleSchemaValuePattern-java.util.regex.Pattern-"><code>setRoleSchemaValuePattern(Pattern)</code></a></dd> </dl> </li> </ul> <a name="setSecurityMechanism-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setSecurityMechanism</h4> <pre>public void setSecurityMechanism(java.lang.String mechanism)</pre> <div class="block">Defaults to "SIMPLE".</div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>mechanism</code> - Either 'SIMPLE' (the default) for LDAP Simple, or one of the LDAP SASL mechanisms, such as 'DIGEST-MD5'.</dd> </dl> </li> </ul> <a name="setLdapHost-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setLdapHost</h4> <pre>public void setLdapHost(java.lang.String ldapHost)</pre> <div class="block">Do not specify URL scheme ("ldap:") because that is implied. (Since we purposefully don't support LDAPS, there would be no reason to change that). <P> If using StartTLS, then this host name must match the cn of the LDAP server's certificate. </P> <P> If you need to support LDAPS and are using SE 1.6, use our JaasAuthBean with Sun's LdapLoginModule instead of this class. </P></div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>ldapHost</code> - host</dd> <dt><span class="seeLabel">See Also:</span></dt> <dd><a href="../../../org/hsqldb/auth/JaasAuthBean.html" title="class in org.hsqldb.auth"><code>JaasAuthBean</code></a></dd> </dl> </li> </ul> <a name="setPrincipalTemplate-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setPrincipalTemplate</h4> <pre>public void setPrincipalTemplate(java.lang.String principalTemplate)</pre> <div class="block">A template String containing place-holder token '${username}'. All occurrences of '${username}' (without the quotes) will be translated to the username that authentication is being attempted with. <P> If you supply a principalTemplate that does not contain '${username}', then authentication will be user-independent. <P> It is common to authenticate to LDAP servers with the DN of the user's LDAP entry. In this situation, set principalTemplate to <CODE><RDN_ATTR=>${username},<PARENT_DN></CODE>. For example if you use parentDn of <CODE>"ou=people,dc=admc,dc=com"</CODE> and rdnAttribute of <CODE>uid</CODE>, then you would set <PRE><CODE> "uid=${username},ou=people,dc=admc,dc=com" </CODE></PRE> <P> By default the user name will be passed exactly as it is, so don't use this setter if that is what you want. (This works great for OpenLDAP with DIGEST-MD5 SASL, for example).</div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>principalTemplate</code> - template</dd> </dl> </li> </ul> <a name="setInitialContextFactory-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setInitialContextFactory</h4> <pre>public void setInitialContextFactory(java.lang.String initialContextFactory)</pre> <div class="block">Most users should not call this, and will get the default of "com.sun.jndi.ldap.LdapCtxFactory". Use this method if you prefer to use a context factory provided by your framework or container, for example, or if you are using a non-Sun JRE.</div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>initialContextFactory</code> - factory</dd> </dl> </li> </ul> <a name="setSaslRealm-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setSaslRealm</h4> <pre>public void setSaslRealm(java.lang.String saslRealm)</pre> <div class="block">Some LDAP servers using a SASL mechanism require a realm to be specified, and some mechanisms allow a realm to be specified if you wish to use that feature. By default no realm will be sent to the LDAP server. <P> Don't use this setter if you are not setting a SASL mechanism. </P></div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>saslRealm</code> - realm</dd> </dl> </li> </ul> <a name="setParentDn-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setParentDn</h4> <pre>public void setParentDn(java.lang.String parentDn)</pre> <div class="block">Set DN which is parent of the user DNs. E.g. "ou=people,dc=admc,dc=com"</div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>parentDn</code> - parent DN</dd> </dl> </li> </ul> <a name="setRdnAttribute-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setRdnAttribute</h4> <pre>public void setRdnAttribute(java.lang.String rdnAttribute)</pre> <div class="block">rdnAttribute must hold the user name exactly as the HyperSQL login will be made with. <P> This is the RDN relative to the Parent DN specified with setParentDN. Defaults to 'uid'. </P></div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>rdnAttribute</code> - RDN attribute</dd> <dt><span class="seeLabel">See Also:</span></dt> <dd><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setParentDn-java.lang.String-"><code>setParentDn(String)</code></a></dd> </dl> </li> </ul> <a name="setRolesSchemaAttribute-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setRolesSchemaAttribute</h4> <pre>public void setRolesSchemaAttribute(java.lang.String attribute)</pre> <div class="block">Set the attribute name of the RDN + parentDn entries in which is stored the list of roles and optional schema for the authenticating user. <P> There is no default. <b>You must set this attribute if you want LDAP instead of the local HyperSQL database to determine the user's roles!</b> You must set the rolesSchemaAttribute property and/or the accessAttribute property. Consequently, if you do no tset this property, then you must set the accessAttribute property, and this LdapAuthBean will only determine access not roles. </P> <P> To use the nice <i>reverse group membership</i> feature of LDAP, set this value to "memberof". </P> <P> If you have set both rolesSchemaAttribute and this value, then the attribute set here will only be consulted if the accessAttribute check succeeds. </P></div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>attribute</code> - attribute</dd> </dl> </li> </ul> <a name="setAccessAttribute-java.lang.String-"> <!-- --> </a> <ul class="blockList"> <li class="blockList"> <h4>setAccessAttribute</h4> <pre>public void setAccessAttribute(java.lang.String attribute)</pre> <div class="block">Set the attribute name of the RDN + parentDn entries which will be consulted to decide whether the user can access the HyperSQL database. <P> There is no default. If you set this attribute, then the attribute will determine whether the user can access the HyperSQL database, regardless of whether the rolesSchemaAttribute attribute is set. </P> <P> If you set just this property, then the local HyperSQL database will decide all roles for the user. If you set this property and property rolesSchemaAttribute then this attribute will determine access, and if this attribute grants access then the rolesSchemaAttribute value will determine the user's roles. </P></div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>attribute</code> - attribute</dd> </dl> </li> </ul> <a name="authenticate-java.lang.String-java.lang.String-"> <!-- --> </a> <ul class="blockListLast"> <li class="blockList"> <h4>authenticate</h4> <pre>public java.lang.String[] authenticate(java.lang.String userName, java.lang.String password) throws org.hsqldb.auth.DenyException</pre> <div class="block"><span class="descfrmTypeLabel">Description copied from interface: <code><a href="../../../org/hsqldb/auth/AuthFunctionBean.html#authenticate-java.lang.String-java.lang.String-">AuthFunctionBean</a></code></span></div> <div class="block">Return a list of authorized roles or null to indicate that the implementation does not intend to produce a specific role list but only to indicate whether to allow access or not. A return value of String[0] is different from returning null, and means that the user should not be granted any roles.</div> <dl> <dt><span class="overrideSpecifyLabel">Specified by:</span></dt> <dd><code><a href="../../../org/hsqldb/auth/AuthFunctionBean.html#authenticate-java.lang.String-java.lang.String-">authenticate</a></code> in interface <code><a href="../../../org/hsqldb/auth/AuthFunctionBean.html" title="interface in org.hsqldb.auth">AuthFunctionBean</a></code></dd> <dt><span class="paramLabel">Parameters:</span></dt> <dd><code>userName</code> - String</dd> <dd><code>password</code> - String</dd> <dt><span class="returnLabel">Returns:</span></dt> <dd>String[]</dd> <dt><span class="throwsLabel">Throws:</span></dt> <dd><code>org.hsqldb.auth.DenyException</code> - on access denial</dd> <dt><span class="seeLabel">See Also:</span></dt> <dd><a href="../../../org/hsqldb/auth/AuthFunctionBean.html#authenticate-java.lang.String-java.lang.String-"><code>AuthFunctionBean.authenticate(String, String)</code></a></dd> </dl> </li> </ul> </li> </ul> </li> </ul> </div> </div> <!-- ========= END OF CLASS DATA ========= --> <!-- ======= START OF BOTTOM NAVBAR ====== --> <div class="bottomNav"><a name="navbar.bottom"> <!-- --> </a> <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> <a name="navbar.bottom.firstrow"> <!-- --> </a> <ul class="navList" title="Navigation"> <li><a href="../../../overview-summary.html">Overview</a></li> <li><a href="package-summary.html">Package</a></li> <li class="navBarCell1Rev">Class</li> <li><a href="class-use/LdapAuthBean.html">Use</a></li> <li><a href="package-tree.html">Tree</a></li> <li><a href="../../../deprecated-list.html">Deprecated</a></li> <li><a href="../../../index-all.html">Index</a></li> <li><a href="../../../help-doc.html">Help</a></li> </ul> </div> <div class="subNav"> <ul class="navList"> <li><a href="../../../org/hsqldb/auth/JaasAuthBean.UPCallbackHandler.html" title="class in org.hsqldb.auth"><span class="typeNameLink">Prev Class</span></a></li> <li><a href="../../../org/hsqldb/auth/LdapAuthBeanTester.html" title="class in org.hsqldb.auth"><span class="typeNameLink">Next Class</span></a></li> </ul> <ul class="navList"> <li><a href="../../../index.html?org/hsqldb/auth/LdapAuthBean.html" target="_top">Frames</a></li> <li><a href="LdapAuthBean.html" target="_top">No Frames</a></li> </ul> <ul class="navList" id="allclasses_navbar_bottom"> <li><a href="../../../allclasses-noframe.html">All Classes</a></li> </ul> <div> <script type="text/javascript"><!-- allClassesLink = document.getElementById("allclasses_navbar_bottom"); if(window==top) { allClassesLink.style.display = "block"; } else { allClassesLink.style.display = "none"; } //--> </script> </div> <div> <ul class="subNavList"> <li>Summary: </li> <li>Nested | </li> <li>Field | </li> <li><a href="#constructor.summary">Constr</a> | </li> <li><a href="#method.summary">Method</a></li> </ul> <ul class="subNavList"> <li>Detail: </li> <li>Field | </li> <li><a href="#constructor.detail">Constr</a> | </li> <li><a href="#method.detail">Method</a></li> </ul> </div> <a name="skip.navbar.bottom"> <!-- --> </a></div> <!-- ======== END OF BOTTOM NAVBAR ======= --> <p class="legalCopy"><small><i>Copyright �� 2001 - 2017 HSQL Development Group.</i></small></p> </body> </html>