public class LdapServices
extends java.lang.Object
implements java.io.Serializable
LdapServices
provides static methods that provide authentication and search methods against an Ldap Registry.
Most of the methods provided use the connection properties defined in the
XIldap.properties file.Constructor and Description |
---|
LdapServices() |
Modifier and Type | Method and Description |
---|---|
static boolean |
authenticate(java.lang.String userName,
java.lang.String password)
Authenticates the supplied user/password combination against the Ldap Registry identified by properties in the
XIldap.properties file file using simple authentication (user/password check).
|
static boolean |
authenticate(java.lang.String userName,
java.lang.String password,
java.lang.String baseDistinguishedName,
java.lang.String userKeyAttributeName,
boolean removeDomainNameFromUser)
Authenticates the supplied user/password combination against the Ldap Registry identified by properties in the
XIldap.properties file file using simple authentication (user/password check).
|
static java.lang.String[] |
getADGroups(java.lang.String userName)
Returns all Active Directory group names associated with a user including nested groups, using the
Active Directory tokenGroups attribute to obtain this information.
|
static java.lang.String[] |
getADGroups(java.lang.String userName,
java.lang.String baseDistinguishedName,
boolean removeDomainNameFromUser)
Returns all Active Directory group names associated with a user including nested groups, using the
Active Directory tokenGroups attribute to obtain this information.
|
static javax.naming.directory.DirContext |
getLdapContext()
Returns an
javax.naming.directory.InitialDirContext object that can be used for Ldap queries. |
static javax.naming.directory.DirContext |
getLdapContext(java.util.Map props)
Returns an
javax.naming.directory.InitialDirContext object using the supplied properties. |
static java.lang.String[] |
getUserAttribute(java.lang.String userName,
java.lang.String attributeName)
Returns a single attribute associated with a user from the Ldap Registry identified by properties in the
XIldap.properties file file.
|
static java.lang.String[] |
getUserAttribute(java.lang.String userName,
java.lang.String attributeName,
java.lang.String baseDistinguishedName,
java.lang.String userKeyAttributeName,
boolean removeDomainNameFromUser)
Returns a single attribute associated with a user from the Ldap Registry identified by properties in the
XIldap.properties file file.
|
static java.util.Map<java.lang.String,java.lang.String[]> |
getUserAttributes(java.lang.String userName)
Returns all attributes associated with a user from the Ldap Registry identified by properties in the
XIldap.properties file file.
|
static java.util.Map<java.lang.String,java.lang.String[]> |
getUserAttributes(java.lang.String userName,
java.lang.String baseDistinguishedName,
java.lang.String userKeyAttributeName,
boolean removeDomainNameFromUser)
Returns all attributes associated with a user from the Ldap Registry identified by properties in the
XIldap.properties file file.
|
public static boolean authenticate(java.lang.String userName, java.lang.String password) throws com.ebasetech.xi.exceptions.FormRuntimeException
This method works as follows:
Ldap.BindDistinguishedName
and
Ldap.BindPassword
in XIldap.properties file.
If these properties are missing, attempts to bind anonymously.Ldap.BaseDistinguishedName
in XIldap.properties file and obtains the full distinguished name (DN) identifying the user.
Parameter userKeyAttributeName
in XIldap.properties file is used to
build the search string.userName
- the user name. Any domain in the user name is removed prior to authenticating
e.g. myuser@domain or domain\myuser are changed to myuser.password
- user's passwordtrue
if authentication is successful, false
if userName or password is missing,
the user cannot be found in the registry or the password is incorrectcom.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs, most likely caused by incorrect properties in the
XIldap.properties file fileauthenticate(String, String, String, String, boolean)
public static boolean authenticate(java.lang.String userName, java.lang.String password, java.lang.String baseDistinguishedName, java.lang.String userKeyAttributeName, boolean removeDomainNameFromUser) throws com.ebasetech.xi.exceptions.FormRuntimeException
This method works as follows:
Ldap.BindDistinguishedName
and
Ldap.BindPassword
in XIldap.properties file.
If these properties are missing, attempts to bind anonymously.baseDistinguishedName
and obtains the full distinguished name (DN) identifying the user. Parameter userKeyAttributeName
is used to
build the search string.var root = "OU=Ebase Users and Groups,DC=ebasetech,DC=com"; var userAttr = "sAMAccountName"; var logonOk = LdapServices.authenticate(fields.USER.value, fields.PASSWORD.value, root, userAttr, false); if (logonOk) event.owner.addWarningMessage("Logon OK"); else event.owner.addErrorMessage("Logon failed");
userName
- the user name. Any domain in the user name is removed if parameter removeDomainNameFromUser
is true.password
- user's passwordbaseDistinguishedName
- the distinguished name (DN) that is used as the search root for the useruserKeyAttributeName
- the user attribute used to search the registry for the user data, this should uniquely identify the userremoveDomainNameFromUser
- if true
, any domain in the user name is removed prior to authenticating
e.g. myuser@domain or domain\myuser are changed to myuser prior to authenticatingtrue
if authentication is successful, false
if userName or password is missing,
the user cannot be found in the registry or the password is incorrectcom.ebasetech.xi.exceptions.FormRuntimeException
- if any error occursauthenticate(String, String)
public static javax.naming.directory.DirContext getLdapContext() throws com.ebasetech.xi.exceptions.FormRuntimeException
javax.naming.directory.InitialDirContext
object that can be used for Ldap queries. Connection properties
are contained in the XIldap.properties file file. Note that the context
object should be closed after use.
Javascript example:
var ctx; try { ctx = LdapServices.getLdapContext(); ctx.search(...); } finally { ctx.close(); }
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurspublic static javax.naming.directory.DirContext getLdapContext(java.util.Map props) throws javax.naming.NamingException
javax.naming.directory.InitialDirContext
object using the supplied properties. Note that the context
object should be closed after use.
Javascript example:
importPackage(javax.naming); var props = {}; props[Context.INITIAL_CONTEXT_FACTORY] = "com.sun.jndi.ldap.LdapCtxFactory"; props[Context.PROVIDER_URL] = "ldap://192.168.0.33:389"; props[Context.SECURITY_PRINCIPAL] = "Administrator@ebase"; props[Context.SECURITY_CREDENTIALS] = "*******"; props[Context.SECURITY_AUTHENTICATION] = "simple"; var ctx; try { ctx = LdapServices.getLdapContext(props); ctx.search(...); } finally { ctx.close(); }
com.ebasetech.xi.exceptions.FormRuntimeException
- if an authentication error occursjavax.naming.NamingException
- if any other error occurspublic static java.util.Map<java.lang.String,java.lang.String[]> getUserAttributes(java.lang.String userName)
The returned Map contains one entry for each unique attribute name where the key is the property name and the value is an array of property values. When a property only occurs once, this array will only contain a single value.
This method works as follows:
Ldap.BindDistinguishedName
and
Ldap.BindPassword
in XIldap.properties file.
If these properties are missing, attempts to bind anonymously.Ldap.BaseDistinguishedName
in XIldap.properties file and obtains the full distinguished name (DN) identifying the user.
Parameter userKeyAttributeName
in XIldap.properties file is used to
build the search string.Javascript example:
var attrs = LdapServices.getUserAttributes(fields.USER.value); for (var attrid in attrs) { var attrValues = attrs[attrid]; log ("Attribute: " + attrid); for each (var attrValue in attrValues) { log(" value: " + attrValue); } }
userName
- the user name. Any domain in the user name is removed prior to searching
e.g. myuser@domain or domain\myuser are changed to myuser.com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occursgetUserAttributes(String, String, String, boolean)
public static java.util.Map<java.lang.String,java.lang.String[]> getUserAttributes(java.lang.String userName, java.lang.String baseDistinguishedName, java.lang.String userKeyAttributeName, boolean removeDomainNameFromUser)
The returned Map contains one entry for each unique attribute name where the key is the property name and the value is an array of property values. When a property only occurs once, this array will only contain a single value.
This method works as follows:
Ldap.BindDistinguishedName
and
Ldap.BindPassword
in XIldap.properties file.
If these properties are missing, attempts to bind anonymously.baseDistinguishedName
and obtains the full distinguished name (DN) identifying the user. Parameter userKeyAttributeName
is used to
build the search string.Javascript example:
var root = "OU=Ebase Users and Groups,DC=ebasetech,DC=com"; var userAttr = "sAMAccountName"; var attrs = LdapServices.getUserAttributes(fields.USER.value, root, userAttr, false); for (var attrid in attrs) { var attrValues = attrs[attrid]; log ("Attribute: " + attrid); for each (var attrValue in attrValues) { log(" value: " + attrValue); } }
userName
- the user name. Any domain in the user name is removed if parameter removeDomainNameFromUser
is true.baseDistinguishedName
- the distinguished name (DN) that is used as the search root for the useruserKeyAttributeName
- the user attribute used to search the registry for the user data, this should uniquely identify the userremoveDomainNameFromUser
- if true
, any domain in the user name is removed prior to authenticating
e.g. myuser@domain or domain\myuser are changed to myuser prior to the searchcom.ebasetech.xi.exceptions.FormRuntimeException
- if any error occursgetUserAttributes(String)
public static java.lang.String[] getUserAttribute(java.lang.String userName, java.lang.String attributeName)
The returned array contains one value for each occurrence of the property in the registry. When a property only occurs once, this array will only contain a single value.
This method works in the same way as getUserAttributes(String)
except that values for only one attribute are returned.
Javascript example:
var attrs = LdapServices.getUserAttribute(system.securityManager.userName, "mail"); if (attrs.length > 0) var email = attrs[0];
userName
- the user name. Any domain in the user name is removed prior to searching
e.g. myuser@domain or domain\myuser are changed to myuser.attributeName
- name of the attributecom.ebasetech.xi.exceptions.FormRuntimeException
- if any error occursgetUserAttribute(String, String, String, String, boolean)
public static java.lang.String[] getUserAttribute(java.lang.String userName, java.lang.String attributeName, java.lang.String baseDistinguishedName, java.lang.String userKeyAttributeName, boolean removeDomainNameFromUser)
The returned array contains one value for each occurrence of the property in the registry. When a property only occurs once, this array will only contain a single value.
This method works in the same way as getUserAttributes(String, String, String, boolean)
except that values for only one
attribute are returned.
Javascript example:
var root = "OU=Ebase Users and Groups,DC=ebasetech,DC=com"; var userAttr = "sAMAccountName"; var attrs = LdapServices.getUserAttribute(system.securityManager.userName, "mail", root, userAttr, false); if (attrs.length > 0) var email = attrs[0];
userName
- the user name. Any domain in the user name is removed if parameter removeDomainNameFromUser
is true.attributeName
- name of the attributebaseDistinguishedName
- the distinguished name (DN) that is used as the search root for the useruserKeyAttributeName
- the user attribute used to search the registry for the user data, this should uniquely identify the userremoveDomainNameFromUser
- if true
, any domain in the user name is removed prior to authenticatingcom.ebasetech.xi.exceptions.FormRuntimeException
- if any error occursgetUserAttribute(String, String)
public static java.lang.String[] getADGroups(java.lang.String userName) throws com.ebasetech.xi.exceptions.FormRuntimeException
Ldap.BaseDistinguishedName
should be set to a directory location that includes all users and groups.
This method works as follows:
Ldap.BindDistinguishedName
and
Ldap.BindPassword
in XIldap.properties file.
If these properties are missing, attempts to bind anonymously.Ldap.BaseDistinguishedName
in XIldap.properties file and obtains the full distinguished name (DN) identifying the user.
Parameter userKeyAttributeName
in XIldap.properties file is used to
build the search string.Ldap.BaseDistinguishedName
in XIldap.properties file.Javascript example:
var groups = LdapServices.getADGroups(fields.USER.value); for each (var group in groups) { tables.GROUPS.insertRow(); tables.GROUPS.NAME.value = group; }
userName
- the user name. Any domain in the user name is removed prior to searching
e.g. myuser@domain or domain\myuser are changed to myuser.com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occursgetADGroups(String, String, boolean)
public static java.lang.String[] getADGroups(java.lang.String userName, java.lang.String baseDistinguishedName, boolean removeDomainNameFromUser) throws com.ebasetech.xi.exceptions.FormRuntimeException
This method works as follows:
Ldap.BindDistinguishedName
and
Ldap.BindPassword
in XIldap.properties file.
If these properties are missing, attempts to bind anonymously.baseDistinguishedName
and obtains the full distinguished name (DN) identifying the user.baseDistinguishedName
.Javascript example:
var root = "DC=ebasetech,DC=com"; var groups = LdapServices.getADGroups(fields.USER.value, root, true); for each (var group in groups) { tables.GROUPS.insertRow(); tables.GROUPS.NAME.value = group; }
userName
- the user name. Any domain in the user name is removed if parameter removeDomainNameFromUser
is true.baseDistinguishedName
- the distinguished name (DN) that is used as the search root for the user and groupsremoveDomainNameFromUser
- if true
, any domain in the user name is removed prior to authenticatingcom.ebasetech.xi.exceptions.FormRuntimeException
- if any error occursgetADGroups(String)