public class ReadOnlyUsersLDAPRepository extends Object implements UsersRepository, Configurable, LogEnabled
This repository implementation serves as a bridge between Apache James and LDAP. It allows James to authenticate users against an LDAP compliant server such as Apache DS or Microsoft AD. It also enables role/group based access restriction based on LDAP groups.
It is intended for organisations that already have a user-authentication and authorisation mechanism in place, and want to leverage this when deploying James. The assumption inherent here is that such organisations would not want to manage user details via James, but will do so externally using whatever mechanism provided by, or built on top off, their LDAP implementation.
Based on this assumption, this repository is strictly read-only. As a consequence, user modification, deletion and creation requests will be ignored when using this repository.
The following fragment of XML provides an example configuration to enable this repository:
<users-store> <repository name="LDAPUsers" class="org.apache.james.userrepository.ReadOnlyUsersLDAPRepository" ldapHost="ldap://myldapserver:389" principal="uid=ldapUser,ou=system" credentials="password" userBase="ou=People,o=myorg.com,ou=system" userIdAttribute="uid" userObjectClass="inetOrgPerson" maxRetries="20" retryStartInterval="0" retryMaxInterval="30" retryIntervalScale="1000" </users-store>Its constituent attributes are defined as follows:
Example Schedules
Exception
causing the fault is thrown:
Exception
causing the fault is thrown:
In order to enable group/role based access restrictions, you can use the
"<restriction>" configuration element. An example of this is
shown below:
<restriction memberAttribute="uniqueMember"> <group>cn=PermanentStaff,ou=Groups,o=myorg.co.uk,ou=system</group> <group>cn=TemporaryStaff,ou=Groups,o=myorg.co.uk,ou=system</group> </restriction>Its constituent attributes and elements are defined as follows:
The following parameters may be used to adjust the underlying
com.sun.jndi.ldap.LdapCtxFactory
. See LDAP Naming Service Provider for the Java Naming and Directory InterfaceTM
(JNDI) : Provider-specific Properties for details.
com.sun.jndi.ldap.connect.pool
to the specified boolean value
com.sun.jndi.ldap.connect.timeout
to the specified integer value
com.sun.jndi.ldap.read.timeout
to the specified integer value.
Applicable to Java 6 and above.
ReadOnlyLDAPUser
,
ReadOnlyLDAPGroupRestriction
Constructor and Description |
---|
ReadOnlyUsersLDAPRepository()
Creates a new instance of ReadOnlyUsersLDAPRepository.
|
Modifier and Type | Method and Description |
---|---|
void |
addUser(String username,
String password)
Adds a user to the repository with the specified password
|
protected LdapContext |
computeLdapContext()
Answers a new LDAP/JNDI context using the specified user credentials.
|
void |
configure(org.apache.commons.configuration.HierarchicalConfiguration configuration)
Extracts the parameters required by the repository instance from the
James server configuration data.
|
boolean |
contains(String name)
Returns whether or not this user is in the repository
|
boolean |
containsCaseInsensitive(String name) |
int |
countUsers()
Returns a count of the users in the repository.
|
protected Properties |
getContextEnvironment() |
protected LdapContext |
getLdapContext()
Answer the LDAP context used to connect with the LDAP server.
|
String |
getRealName(String name) |
User |
getUserByName(String name)
Get the user object with the specified user name.
|
User |
getUserByNameCaseInsensitive(String name) |
void |
init()
Initialises the user-repository instance.
|
Iterator<String> |
list()
List users in repository.
|
void |
removeUser(String name)
Removes a user from the repository
|
void |
setLog(org.slf4j.Logger log)
Sets the service log.
|
boolean |
supportVirtualHosting()
VirtualHosting not supported
|
boolean |
test(String name,
String password)
Test if user with name 'name' has password 'password'.
|
protected void |
updateLdapContext() |
void |
updateUser(User user)
Update the repository with the specified user object.
|
public ReadOnlyUsersLDAPRepository()
public void configure(org.apache.commons.configuration.HierarchicalConfiguration configuration) throws org.apache.commons.configuration.ConfigurationException
ldapHost
, userIdAttribute
, userBase
,
principal
, credentials
and restriction
.configure
in interface Configurable
configuration
- An encapsulation of the James server configuration data.org.apache.commons.configuration.ConfigurationException
@PostConstruct public void init() throws Exception
Exception
- If an error occurs authenticating or connecting to the
specified LDAP host.protected LdapContext getLdapContext() throws NamingException
LdapContext
NamingException
protected void updateLdapContext() throws NamingException
NamingException
protected LdapContext computeLdapContext() throws NamingException
NamingException
- Propagated from underlying LDAP communication API.protected Properties getContextEnvironment()
public boolean contains(String name) throws UsersRepositoryException
UsersRepository
contains
in interface UsersRepository
name
- the name to check in the repositoryUsersRepositoryException
- if errorUsersRepository.contains(java.lang.String)
public boolean containsCaseInsensitive(String name) throws UsersRepositoryException
UsersRepositoryException
public int countUsers() throws UsersRepositoryException
UsersRepository
countUsers
in interface UsersRepository
UsersRepositoryException
- if errorUsersRepository.countUsers()
public String getRealName(String name) throws UsersRepositoryException
UsersRepositoryException
public User getUserByName(String name) throws UsersRepositoryException
UsersRepository
getUserByName
in interface UsersRepository
name
- the name of the user to retrieveUsersRepositoryException
- if errorUsersRepository.getUserByName(java.lang.String)
public User getUserByNameCaseInsensitive(String name) throws UsersRepositoryException
UsersRepositoryException
public Iterator<String> list() throws UsersRepositoryException
UsersRepository
list
in interface UsersRepository
UsersRepositoryException
- if errorUsersRepository.list()
public void removeUser(String name) throws UsersRepositoryException
UsersRepository
removeUser
in interface UsersRepository
name
- the user to remove from the repositoryUsersRepositoryException
- if errorUsersRepository.removeUser(java.lang.String)
public boolean test(String name, String password) throws UsersRepositoryException
UsersRepository
test
in interface UsersRepository
name
- the name of the user to be testedpassword
- the password to be testedUsersRepositoryException
- if errorUsersRepository.test(java.lang.String, java.lang.String)
public void addUser(String username, String password) throws UsersRepositoryException
UsersRepository
addUser
in interface UsersRepository
username
- the username of the user to be addedpassword
- the password of the user to addUsersRepositoryException
- if errorUsersRepository.addUser(java.lang.String, java.lang.String)
public void updateUser(User user) throws UsersRepositoryException
UsersRepository
updateUser
in interface UsersRepository
UsersRepositoryException
- if errorUsersRepository#updateUser(org.apache.james.api.user.User)
public void setLog(org.slf4j.Logger log)
LogEnabled
setLog
in interface LogEnabled
log
- not nullLogEnabled.setLog(org.slf4j.Logger)
public boolean supportVirtualHosting() throws UsersRepositoryException
supportVirtualHosting
in interface UsersRepository
UsersRepositoryException
Copyright © 2002-2012 The Apache Software Foundation. All Rights Reserved.