<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (1.8.0_181) on Thu Sep 20 00:34:30 UTC 2018 -->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>LdapAuthBean (HSQLDB 2.4.0 API)</title>
<meta name="date" content="2018-09-20">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
<script type="text/javascript" src="../../../script.js"></script>
</head>
<body>
<script type="text/javascript"><!--
try {
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="LdapAuthBean (HSQLDB 2.4.0 API)";
}
}
catch(err) {
}
//-->
var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar.top">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.top.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/LdapAuthBean.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../index-all.html">Index</a></li>
<li><a href="../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../org/hsqldb/auth/JaasAuthBean.UPCallbackHandler.html" title="class in org.hsqldb.auth"><span class="typeNameLink">Prev Class</span></a></li>
<li><a href="../../../org/hsqldb/auth/LdapAuthBeanTester.html" title="class in org.hsqldb.auth"><span class="typeNameLink">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../index.html?org/hsqldb/auth/LdapAuthBean.html" target="_top">Frames</a></li>
<li><a href="LdapAuthBean.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary: </li>
<li>Nested | </li>
<li>Field | </li>
<li><a href="#constructor.summary">Constr</a> | </li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail: </li>
<li>Field | </li>
<li><a href="#constructor.detail">Constr</a> | </li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">org.hsqldb.auth</div>
<h2 title="Class LdapAuthBean" class="title">Class LdapAuthBean</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li>java.lang.Object</li>
<li>
<ul class="inheritance">
<li>org.hsqldb.auth.LdapAuthBean</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><a href="../../../org/hsqldb/auth/AuthFunctionBean.html" title="interface in org.hsqldb.auth">AuthFunctionBean</a></dd>
</dl>
<hr>
<br>
<pre>public class <span class="typeNameLabel">LdapAuthBean</span>
extends java.lang.Object
implements <a href="../../../org/hsqldb/auth/AuthFunctionBean.html" title="interface in org.hsqldb.auth">AuthFunctionBean</a></pre>
<div class="block">Authenticates to a HyperSQL catalog according to entries in a LDAP
database.
If using LDAP StartTLS and your server has a certificate not trusted by
default by your JRE, then set system property 'javax.net.ssl.trustStore' to
the path to a trust store containing the cert (as well as any other certs
that your app needs for other purposes).
<P>
This class with authenticate login attempts against LDAP entries with RDN of
the HyperSQL account name (the precise attribute name defaults to 'uid', but
you may change that).
</P> <P>
This class purposefully does not support LDAPS, because LDAPS is deprecated
in favor of StartTLS, which we do support.
If you need to support LDAPS and are using SE 1.6, use our JaasAuthBean with
Sun's LdapLoginModule.
</P> <P>
This class does not support SASL/External authentication, because the work
involved with securely obtaining user-specific certs would be more complex
than everything else here combined.
Another AuthFunctionBean would have to be written if SASL/External is needed.
</P> <P>
To use instances of this class, you must use at least the methods
setLdapHost, setParentDn, initialize, plus
rolesSchemaAttribute and/or accessAttribute.
</P> <P>
For a user to be given HyperSQL catalog access, that user must either have
a value for accessAttribute if that property is set (optionally requiring
a match with accessValuePattern); or, if the accessAttribute is not set then
must have some (any) value for rolesSchemaAttribute (optionally requiring a
match with roleSchemaValuePattern).
Consequently, if you have set both accessAttribute and rolesSchemaAttribute,
the latter attribute will only be consulted if the check of the former
attribute succeeds.
</P> <P>
If you want roles assigned according to the local HyperSQL database instead
of according to LDAP, then set accessAttribute but not rolesSchemaAttribute.
</P> <P>
If what is wanted is to grant access but with no roles (overriding local
roles if there are any), then set both accessAttribute and
rolesSchemaAttribute, but do not set any rolesSchemaAttribute attribute
values for these no-role users.
(I hesitate to mention it, but you could accomplish the same thing with only
a rolesSchemaAttribute attribute, by setting only a dummy role/schema value
for non-role users, because HyperSQL will ignore unknown roles or schemas
but still give access since a list was still supplied).
</P></div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>2.0.1</dd>
<dt><span class="simpleTagLabel">Author:</span></dt>
<dd>Blaine Simpson (blaine dot simpson at admc dot com)</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../org/hsqldb/auth/AuthFunctionBean.html" title="interface in org.hsqldb.auth"><code>AuthFunctionBean</code></a>,
<a href="../../../org/hsqldb/auth/LdapAuthBean.html#setLdapHost-java.lang.String-"><code>setLdapHost(String)</code></a>,
<a href="../../../org/hsqldb/auth/LdapAuthBean.html#setParentDn-java.lang.String-"><code>setParentDn(String)</code></a>,
<a href="../../../org/hsqldb/auth/LdapAuthBean.html#init--"><code>init()</code></a></dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
<caption><span>Constructors</span><span class="tabEnd"> </span></caption>
<tr>
<th class="colOne" scope="col">Constructor and Description</th>
</tr>
<tr class="altColor">
<td class="colOne"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#LdapAuthBean--">LdapAuthBean</a></span>()</code> </td>
</tr>
</table>
</li>
</ul>
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method.summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd"> </span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>java.lang.String[]</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#authenticate-java.lang.String-java.lang.String-">authenticate</a></span>(java.lang.String userName,
java.lang.String password)</code>
<div class="block">Return a list of authorized roles or null to indicate that the
implementation does not intend to produce a specific role list but only
to indicate whether to allow access or not.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#init--">init</a></span>()</code> </td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setAccessAttribute-java.lang.String-">setAccessAttribute</a></span>(java.lang.String attribute)</code>
<div class="block">Set the attribute name of the RDN + parentDn entries which will be
consulted to decide whether the user can access the HyperSQL database.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setAccessValuePattern-java.util.regex.Pattern-">setAccessValuePattern</a></span>(java.util.regex.Pattern accessValuePattern)</code>
<div class="block">Assign a pattern to detect honored accessAttribute values.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setAccessValuePatternString-java.lang.String-">setAccessValuePatternString</a></span>(java.lang.String patternString)</code>
<div class="block">String wrapper for method setAccessValuePattern(Pattern) Use the (x?)
Pattern constructs to set options.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setInitialContextFactory-java.lang.String-">setInitialContextFactory</a></span>(java.lang.String initialContextFactory)</code>
<div class="block">Most users should not call this, and will get the default of
"com.sun.jndi.ldap.LdapCtxFactory".</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setLdapHost-java.lang.String-">setLdapHost</a></span>(java.lang.String ldapHost)</code>
<div class="block">Do not specify URL scheme ("ldap:") because that is implied.</div>
</td>
</tr>
<tr id="i7" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setLdapPort-int-">setLdapPort</a></span>(int ldapPort)</code> </td>
</tr>
<tr id="i8" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setParentDn-java.lang.String-">setParentDn</a></span>(java.lang.String parentDn)</code>
<div class="block">Set DN which is parent of the user DNs.</div>
</td>
</tr>
<tr id="i9" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setPrincipalTemplate-java.lang.String-">setPrincipalTemplate</a></span>(java.lang.String principalTemplate)</code>
<div class="block">A template String containing place-holder token '${username}'.</div>
</td>
</tr>
<tr id="i10" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRdnAttribute-java.lang.String-">setRdnAttribute</a></span>(java.lang.String rdnAttribute)</code>
<div class="block">rdnAttribute must hold the user name exactly as the HyperSQL login will
be made with.</div>
</td>
</tr>
<tr id="i11" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRoleSchemaValuePattern-java.util.regex.Pattern-">setRoleSchemaValuePattern</a></span>(java.util.regex.Pattern roleSchemaValuePattern)</code>
<div class="block">Assign a pattern to both detect honored values, and to map from a single
value of "rolesSchemaAttribute"s to a HyperSQL role or schema string.</div>
</td>
</tr>
<tr id="i12" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRoleSchemaValuePatternString-java.lang.String-">setRoleSchemaValuePatternString</a></span>(java.lang.String patternString)</code>
<div class="block">String wrapper for method setRoleSchemaValuePattern(Pattern)
Use the (x?) Pattern constructs to set options.</div>
</td>
</tr>
<tr id="i13" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRolesSchemaAttribute-java.lang.String-">setRolesSchemaAttribute</a></span>(java.lang.String attribute)</code>
<div class="block">Set the attribute name of the RDN + parentDn entries in which is stored
the list of roles and optional schema for the authenticating user.</div>
</td>
</tr>
<tr id="i14" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setSaslRealm-java.lang.String-">setSaslRealm</a></span>(java.lang.String saslRealm)</code>
<div class="block">Some LDAP servers using a SASL mechanism require a realm to be specified,
and some mechanisms allow a realm to be specified if you wish to use that
feature.</div>
</td>
</tr>
<tr id="i15" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setSecurityMechanism-java.lang.String-">setSecurityMechanism</a></span>(java.lang.String mechanism)</code>
<div class="block">Defaults to "SIMPLE".</div>
</td>
</tr>
<tr id="i16" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setStartTls-boolean-">setStartTls</a></span>(boolean isTls)</code>
<div class="block">If this is set, then the entire (brief) transaction with the LDAP server
will be encrypted.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class java.lang.Object</h3>
<code>equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a name="LdapAuthBean--">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>LdapAuthBean</h4>
<pre>public LdapAuthBean()</pre>
</li>
</ul>
</li>
</ul>
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method.detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="setStartTls-boolean-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setStartTls</h4>
<pre>public void setStartTls(boolean isTls)</pre>
<div class="block">If this is set, then the entire (brief) transaction with the LDAP server
will be encrypted.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>isTls</code> - boolean</dd>
</dl>
</li>
</ul>
<a name="setLdapPort-int-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setLdapPort</h4>
<pre>public void setLdapPort(int ldapPort)</pre>
</li>
</ul>
<a name="init--">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>init</h4>
<pre>public void init()</pre>
<dl>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.IllegalStateException</code> - if any required setting has not been set.</dd>
</dl>
</li>
</ul>
<a name="setAccessValuePattern-java.util.regex.Pattern-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setAccessValuePattern</h4>
<pre>public void setAccessValuePattern(java.util.regex.Pattern accessValuePattern)</pre>
<div class="block">Assign a pattern to detect honored accessAttribute values. If you set
accessAttribute but not accessValuePattern, then all that will be checked
for access is if the RDN + parentDN entry has the accessAttribute
attribute. (I.e. the specific value will not matter whatsoever).
<P> You may only use this property if you have set property
accessAttribute. If you have set accessAttribute but not this property,
then access will be decided based solely upon existence of this
attribute.
<P> Capture groups in the pattern will be ignored and serve no purpose.
<P> N.b. this Pattern will be used for the matches() operation, therefore
it must match the entire candidate value strings (this is different than
the find operation which does not need to satisfy the entire candidate
value).
<P>Example1 :<PRE><CODE> TRUE </CODE></PRE> This will match true values
per OpenLDAP's boolean OID.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>accessValuePattern</code> - Pattern</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><code>Matcher.matches()</code></dd>
</dl>
</li>
</ul>
<a name="setAccessValuePatternString-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setAccessValuePatternString</h4>
<pre>public void setAccessValuePatternString(java.lang.String patternString)</pre>
<div class="block">String wrapper for method setAccessValuePattern(Pattern) Use the (x?)
Pattern constructs to set options.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>patternString</code> - String</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setAccessValuePattern-java.util.regex.Pattern-"><code>setAccessValuePattern(Pattern)</code></a></dd>
</dl>
</li>
</ul>
<a name="setRoleSchemaValuePattern-java.util.regex.Pattern-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setRoleSchemaValuePattern</h4>
<pre>public void setRoleSchemaValuePattern(java.util.regex.Pattern roleSchemaValuePattern)</pre>
<div class="block">Assign a pattern to both detect honored values, and to map from a single
value of "rolesSchemaAttribute"s to a HyperSQL role or schema string.
If your rolesSchemaAttribute holds only the String values precisely as
HyperSQL needs them, then don't use this method at all and all matching
attribute values will be passed directly.
<P>
You may only use this property if you have set property
rolesSchemaAttribute.
If rolesSchemaAttribute is set but this property is not set, then
the value will directly determine the user's roles and schema.
<P>
<B>Unlike the rolesSchemaAttribute, the property at-hand uses the
singular for "role", because whereas rolesSchemaAttribute is the
attribute for listing multiple roles, roleSchemaValuePattern is used
to evaluate single role values.</B>
<P>
These are two distinct and important purposes for the specified Pattern.
<OL>
<LI>
Values that do not successfully match the pattern will be ignored.
<LI>
Optionally uses parentheses to specify a single capture group
(if you use parentheses to specify more than one matching group, we
will only capture for the first).
What is captured by this group is exactly the role or schema that
HyperSQL will attempt to assign.
If no capture parens are given then the Pattern is only used for the
acceptance decision, and the LDAP-provided value will be returned
verbatim.
</OL>
<P>
Together, these two features work great to extract just the needed role
and schema names from 'memberof' DNs, and will have no problem if you
also use 'memberof' for unrelated purposes.
<P>
N.b. this Pattern will be used for the matches() operation, therefore it
must match the entire candidate value strings (this is different than
the find operation which does not need to satisfy the entire candidate
value).
<P>Example1 :<PRE><CODE>
cn=([^,]+),ou=dbRole,dc=admc,dc=com
</CODE></PRE>
will extract the CN value from matching attribute values.
<P>Example1 :<PRE><CODE>
cn=[^,]+,ou=dbRole,dc=admc,dc=com
</CODE></PRE>
will return the entire <CODE>cn...com</CODE> string for matching
attribute values.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>roleSchemaValuePattern</code> - pattern</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><code>Matcher.matches()</code></dd>
</dl>
</li>
</ul>
<a name="setRoleSchemaValuePatternString-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setRoleSchemaValuePatternString</h4>
<pre>public void setRoleSchemaValuePatternString(java.lang.String patternString)</pre>
<div class="block">String wrapper for method setRoleSchemaValuePattern(Pattern)
Use the (x?) Pattern constructs to set options.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>patternString</code> - pattern</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.util.regex.PatternSyntaxException</code> - exception</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setRoleSchemaValuePattern-java.util.regex.Pattern-"><code>setRoleSchemaValuePattern(Pattern)</code></a></dd>
</dl>
</li>
</ul>
<a name="setSecurityMechanism-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setSecurityMechanism</h4>
<pre>public void setSecurityMechanism(java.lang.String mechanism)</pre>
<div class="block">Defaults to "SIMPLE".</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>mechanism</code> - Either 'SIMPLE' (the default) for LDAP Simple, or
one of the LDAP SASL mechanisms, such as 'DIGEST-MD5'.</dd>
</dl>
</li>
</ul>
<a name="setLdapHost-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setLdapHost</h4>
<pre>public void setLdapHost(java.lang.String ldapHost)</pre>
<div class="block">Do not specify URL scheme ("ldap:") because that is implied.
(Since we purposefully don't support LDAPS, there would be no reason to
change that).
<P>
If using StartTLS, then this host name must match the cn of the LDAP
server's certificate.
</P> <P>
If you need to support LDAPS and are using SE 1.6, use our JaasAuthBean
with Sun's LdapLoginModule instead of this class.
</P></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>ldapHost</code> - host</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../org/hsqldb/auth/JaasAuthBean.html" title="class in org.hsqldb.auth"><code>JaasAuthBean</code></a></dd>
</dl>
</li>
</ul>
<a name="setPrincipalTemplate-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setPrincipalTemplate</h4>
<pre>public void setPrincipalTemplate(java.lang.String principalTemplate)</pre>
<div class="block">A template String containing place-holder token '${username}'.
All occurrences of '${username}' (without the quotes) will be translated
to the username that authentication is being attempted with.
<P>
If you supply a principalTemplate that does not contain '${username}',
then authentication will be user-independent.
<P>
It is common to authenticate to LDAP servers with the DN of the user's
LDAP entry. In this situation, set principalTemplate to
<CODE><RDN_ATTR=>${username},<PARENT_DN></CODE>.
For example if you use parentDn of
<CODE>"ou=people,dc=admc,dc=com"</CODE> and rdnAttribute of
<CODE>uid</CODE>, then you would set <PRE><CODE>
"uid=${username},ou=people,dc=admc,dc=com"
</CODE></PRE>
<P>
By default the user name will be passed exactly as it is, so don't use
this setter if that is what you want. (This works great for OpenLDAP
with DIGEST-MD5 SASL, for example).</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>principalTemplate</code> - template</dd>
</dl>
</li>
</ul>
<a name="setInitialContextFactory-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setInitialContextFactory</h4>
<pre>public void setInitialContextFactory(java.lang.String initialContextFactory)</pre>
<div class="block">Most users should not call this, and will get the default of
"com.sun.jndi.ldap.LdapCtxFactory".
Use this method if you prefer to use a context factory provided by your
framework or container, for example, or if you are using a non-Sun JRE.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>initialContextFactory</code> - factory</dd>
</dl>
</li>
</ul>
<a name="setSaslRealm-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setSaslRealm</h4>
<pre>public void setSaslRealm(java.lang.String saslRealm)</pre>
<div class="block">Some LDAP servers using a SASL mechanism require a realm to be specified,
and some mechanisms allow a realm to be specified if you wish to use that
feature.
By default no realm will be sent to the LDAP server.
<P>
Don't use this setter if you are not setting a SASL mechanism.
</P></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>saslRealm</code> - realm</dd>
</dl>
</li>
</ul>
<a name="setParentDn-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setParentDn</h4>
<pre>public void setParentDn(java.lang.String parentDn)</pre>
<div class="block">Set DN which is parent of the user DNs.
E.g. "ou=people,dc=admc,dc=com"</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>parentDn</code> - parent DN</dd>
</dl>
</li>
</ul>
<a name="setRdnAttribute-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setRdnAttribute</h4>
<pre>public void setRdnAttribute(java.lang.String rdnAttribute)</pre>
<div class="block">rdnAttribute must hold the user name exactly as the HyperSQL login will
be made with.
<P>
This is the RDN relative to the Parent DN specified with setParentDN.
Defaults to 'uid'.
</P></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>rdnAttribute</code> - RDN attribute</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../org/hsqldb/auth/LdapAuthBean.html#setParentDn-java.lang.String-"><code>setParentDn(String)</code></a></dd>
</dl>
</li>
</ul>
<a name="setRolesSchemaAttribute-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setRolesSchemaAttribute</h4>
<pre>public void setRolesSchemaAttribute(java.lang.String attribute)</pre>
<div class="block">Set the attribute name of the RDN + parentDn entries in which is stored
the list of roles and optional schema for the authenticating user.
<P>
There is no default. <b>You must set this attribute if you want LDAP
instead of the local HyperSQL database to determine the user's roles!</b>
You must set the rolesSchemaAttribute property and/or the
accessAttribute property.
Consequently, if you do no tset this property, then you must set the
accessAttribute property, and this LdapAuthBean will only determine
access not roles.
</P> <P>
To use the nice <i>reverse group membership</i> feature of LDAP, set
this value to "memberof".
</P> <P>
If you have set both rolesSchemaAttribute and this value, then the
attribute set here will only be consulted if the accessAttribute check
succeeds.
</P></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>attribute</code> - attribute</dd>
</dl>
</li>
</ul>
<a name="setAccessAttribute-java.lang.String-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setAccessAttribute</h4>
<pre>public void setAccessAttribute(java.lang.String attribute)</pre>
<div class="block">Set the attribute name of the RDN + parentDn entries which will be
consulted to decide whether the user can access the HyperSQL database.
<P>
There is no default. If you set this attribute, then the attribute will
determine whether the user can access the HyperSQL database, regardless
of whether the rolesSchemaAttribute attribute is set.
</P> <P>
If you set just this property, then the local HyperSQL database will
decide all roles for the user. If you set this property and property
rolesSchemaAttribute then this attribute will determine access, and if
this attribute grants access then the rolesSchemaAttribute value will
determine the user's roles.
</P></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>attribute</code> - attribute</dd>
</dl>
</li>
</ul>
<a name="authenticate-java.lang.String-java.lang.String-">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>authenticate</h4>
<pre>public java.lang.String[] authenticate(java.lang.String userName,
java.lang.String password)
throws org.hsqldb.auth.DenyException</pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface: <code><a href="../../../org/hsqldb/auth/AuthFunctionBean.html#authenticate-java.lang.String-java.lang.String-">AuthFunctionBean</a></code></span></div>
<div class="block">Return a list of authorized roles or null to indicate that the
implementation does not intend to produce a specific role list but only
to indicate whether to allow access or not.
A return value of String[0] is different from returning null, and means
that the user should not be granted any roles.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../../org/hsqldb/auth/AuthFunctionBean.html#authenticate-java.lang.String-java.lang.String-">authenticate</a></code> in interface <code><a href="../../../org/hsqldb/auth/AuthFunctionBean.html" title="interface in org.hsqldb.auth">AuthFunctionBean</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>userName</code> - String</dd>
<dd><code>password</code> - String</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>String[]</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>org.hsqldb.auth.DenyException</code> - on access denial</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../org/hsqldb/auth/AuthFunctionBean.html#authenticate-java.lang.String-java.lang.String-"><code>AuthFunctionBean.authenticate(String, String)</code></a></dd>
</dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar.bottom">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.bottom.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/LdapAuthBean.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../index-all.html">Index</a></li>
<li><a href="../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../org/hsqldb/auth/JaasAuthBean.UPCallbackHandler.html" title="class in org.hsqldb.auth"><span class="typeNameLink">Prev Class</span></a></li>
<li><a href="../../../org/hsqldb/auth/LdapAuthBeanTester.html" title="class in org.hsqldb.auth"><span class="typeNameLink">Next Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../index.html?org/hsqldb/auth/LdapAuthBean.html" target="_top">Frames</a></li>
<li><a href="LdapAuthBean.html" target="_top">No Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../allclasses-noframe.html">All Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary: </li>
<li>Nested | </li>
<li>Field | </li>
<li><a href="#constructor.summary">Constr</a> | </li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail: </li>
<li>Field | </li>
<li><a href="#constructor.detail">Constr</a> | </li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
<p class="legalCopy"><small><i>Copyright �� 2001 - 2017 HSQL Development Group.</i></small></p>
</body>
</html>
