Class LdapServices
- All Implemented Interfaces:
java.io.Serializable
public class LdapServices
extends java.lang.Object
implements java.io.Serializable
LdapServices
provides static methods that provide authentication and search methods against an Ldap Registry.
Most of the methods provided use the connection properties defined in the
XIldap.properties file.- Since:
- V4.4
- See Also:
- Serialized Form
-
Constructor Summary
Constructors Constructor Description LdapServices()
-
Method Summary
Modifier and Type Method Description static boolean
authenticate(java.lang.String userName, java.lang.String password)
Authenticates the supplied user/password combination against the Ldap Registry identified by properties in the XIldap.properties file file using simple authentication (user/password check).static boolean
authenticate(java.lang.String userName, java.lang.String password, java.lang.String baseDistinguishedName, java.lang.String userKeyAttributeName, boolean removeDomainNameFromUser)
Authenticates the supplied user/password combination against the Ldap Registry identified by properties in the XIldap.properties file file using simple authentication (user/password check).static java.lang.String[]
getADGroups(java.lang.String userName)
Returns all Active Directory group names associated with a user including nested groups, using the Active Directory tokenGroups attribute to obtain this information.static java.lang.String[]
getADGroups(java.lang.String userName, java.lang.String baseDistinguishedName, boolean removeDomainNameFromUser)
Returns all Active Directory group names associated with a user including nested groups, using the Active Directory tokenGroups attribute to obtain this information.static javax.naming.directory.DirContext
getLdapContext()
Returns anjavax.naming.directory.InitialDirContext
object that can be used for Ldap queries.static javax.naming.directory.DirContext
getLdapContext(java.util.Map props)
Returns anjavax.naming.directory.InitialDirContext
object using the supplied properties.static java.lang.String[]
getUserAttribute(java.lang.String userName, java.lang.String attributeName)
Returns a single attribute associated with a user from the Ldap Registry identified by properties in the XIldap.properties file file.static java.lang.String[]
getUserAttribute(java.lang.String userName, java.lang.String attributeName, java.lang.String baseDistinguishedName, java.lang.String userKeyAttributeName, boolean removeDomainNameFromUser)
Returns a single attribute associated with a user from the Ldap Registry identified by properties in the XIldap.properties file file.static java.util.Map<java.lang.String,java.lang.String[]>
getUserAttributes(java.lang.String userName)
Returns all attributes associated with a user from the Ldap Registry identified by properties in the XIldap.properties file file.static java.util.Map<java.lang.String,java.lang.String[]>
getUserAttributes(java.lang.String userName, java.lang.String baseDistinguishedName, java.lang.String userKeyAttributeName, boolean removeDomainNameFromUser)
Returns all attributes associated with a user from the Ldap Registry identified by properties in the XIldap.properties file file.Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Constructor Details
-
LdapServices
public LdapServices()
-
-
Method Details
-
authenticate
public static boolean authenticate(java.lang.String userName, java.lang.String password) throws com.ebasetech.xi.exceptions.FormRuntimeExceptionAuthenticates the supplied user/password combination against the Ldap Registry identified by properties in the XIldap.properties file file using simple authentication (user/password check).This method works as follows:
- Connects to the Ldap Registry using the user identified by properties
Ldap.BindDistinguishedName
andLdap.BindPassword
in XIldap.properties file. If these properties are missing, attempts to bind anonymously. - Searches the registry for the user name starting from the location identified by property
Ldap.BaseDistinguishedName
in XIldap.properties file and obtains the full distinguished name (DN) identifying the user. ParameteruserKeyAttributeName
in XIldap.properties file is used to build the search string. - Connects to the registry using this DN and the supplied password.
- Parameters:
userName
- the user name. Any domain in the user name is removed prior to authenticating e.g. myuser@domain or domain\myuser are changed to myuser.password
- user's password- Returns:
true
if authentication is successful,false
if userName or password is missing, the user cannot be found in the registry or the password is incorrect- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs, most likely caused by incorrect properties in the XIldap.properties file file- Since:
- V4.4
- See Also:
authenticate(String, String, String, String, boolean)
- Connects to the Ldap Registry using the user identified by properties
-
authenticate
public static boolean authenticate(java.lang.String userName, java.lang.String password, java.lang.String baseDistinguishedName, java.lang.String userKeyAttributeName, boolean removeDomainNameFromUser) throws com.ebasetech.xi.exceptions.FormRuntimeExceptionAuthenticates the supplied user/password combination against the Ldap Registry identified by properties in the XIldap.properties file file using simple authentication (user/password check).This method works as follows:
- Connects to the Ldap Registry using the user identified by properties
Ldap.BindDistinguishedName
andLdap.BindPassword
in XIldap.properties file. If these properties are missing, attempts to bind anonymously. - Searches the registry for the user name starting from the location identified by parameter
baseDistinguishedName
and obtains the full distinguished name (DN) identifying the user. ParameteruserKeyAttributeName
is used to build the search string. - Connects to the registry using this DN and the supplied password.
var root = "OU=Ebase Users and Groups,DC=ebasetech,DC=com"; var userAttr = "sAMAccountName"; var logonOk = LdapServices.authenticate(fields.USER.value, fields.PASSWORD.value, root, userAttr, false); if (logonOk) event.owner.addWarningMessage("Logon OK"); else event.owner.addErrorMessage("Logon failed");
- Parameters:
userName
- the user name. Any domain in the user name is removed if parameterremoveDomainNameFromUser
is true.password
- user's passwordbaseDistinguishedName
- the distinguished name (DN) that is used as the search root for the useruserKeyAttributeName
- the user attribute used to search the registry for the user data, this should uniquely identify the userremoveDomainNameFromUser
- iftrue
, any domain in the user name is removed prior to authenticating e.g. myuser@domain or domain\myuser are changed to myuser prior to authenticating- Returns:
true
if authentication is successful,false
if userName or password is missing, the user cannot be found in the registry or the password is incorrect- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs- Since:
- V4.4
- See Also:
authenticate(String, String)
- Connects to the Ldap Registry using the user identified by properties
-
getLdapContext
public static javax.naming.directory.DirContext getLdapContext() throws com.ebasetech.xi.exceptions.FormRuntimeExceptionReturns anjavax.naming.directory.InitialDirContext
object that can be used for Ldap queries. Connection properties are contained in the XIldap.properties file file. Note that the context object should be closed after use.Javascript example:
var ctx; try { ctx = LdapServices.getLdapContext(); ctx.search(...); } finally { ctx.close(); }
- Returns:
- javax.naming.directory.InitialDirContext
- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs- Since:
- V4.4
-
getLdapContext
public static javax.naming.directory.DirContext getLdapContext(java.util.Map props) throws javax.naming.NamingExceptionReturns anjavax.naming.directory.InitialDirContext
object using the supplied properties. Note that the context object should be closed after use.Javascript example:
importPackage(javax.naming); var props = {}; props[Context.INITIAL_CONTEXT_FACTORY] = "com.sun.jndi.ldap.LdapCtxFactory"; props[Context.PROVIDER_URL] = "ldap://192.168.0.33:389"; props[Context.SECURITY_PRINCIPAL] = "Administrator@ebase"; props[Context.SECURITY_CREDENTIALS] = "*******"; props[Context.SECURITY_AUTHENTICATION] = "simple"; var ctx; try { ctx = LdapServices.getLdapContext(props); ctx.search(...); } finally { ctx.close(); }
- Returns:
- directory context
- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if an authentication error occursjavax.naming.NamingException
- if any other error occurs- Since:
- V4.4
-
getUserAttributes
public static java.util.Map<java.lang.String,java.lang.String[]> getUserAttributes(java.lang.String userName)Returns all attributes associated with a user from the Ldap Registry identified by properties in the XIldap.properties file file.The returned Map contains one entry for each unique attribute name where the key is the property name and the value is an array of property values. When a property only occurs once, this array will only contain a single value.
This method works as follows:
- Connects to the Ldap Registry using the user identified by properties
Ldap.BindDistinguishedName
andLdap.BindPassword
in XIldap.properties file. If these properties are missing, attempts to bind anonymously. - Searches the registry for the user name starting from the location identified by property
Ldap.BaseDistinguishedName
in XIldap.properties file and obtains the full distinguished name (DN) identifying the user. ParameteruserKeyAttributeName
in XIldap.properties file is used to build the search string. - Returns all attributes for the DN.
Javascript example:
var attrs = LdapServices.getUserAttributes(fields.USER.value); for (var attrid in attrs) { var attrValues = attrs[attrid]; log ("Attribute: " + attrid); for each (var attrValue in attrValues) { log(" value: " + attrValue); } }
- Parameters:
userName
- the user name. Any domain in the user name is removed prior to searching e.g. myuser@domain or domain\myuser are changed to myuser.- Returns:
- a map of all attributes (with Javascript, this will be returned as a Javascript Object).
- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs- Since:
- V4.4
- See Also:
getUserAttributes(String, String, String, boolean)
- Connects to the Ldap Registry using the user identified by properties
-
getUserAttributes
public static java.util.Map<java.lang.String,java.lang.String[]> getUserAttributes(java.lang.String userName, java.lang.String baseDistinguishedName, java.lang.String userKeyAttributeName, boolean removeDomainNameFromUser)Returns all attributes associated with a user from the Ldap Registry identified by properties in the XIldap.properties file file.The returned Map contains one entry for each unique attribute name where the key is the property name and the value is an array of property values. When a property only occurs once, this array will only contain a single value.
This method works as follows:
- Connects to the Ldap Registry using the user identified by properties
Ldap.BindDistinguishedName
andLdap.BindPassword
in XIldap.properties file. If these properties are missing, attempts to bind anonymously. - Searches the registry for the user name starting from the location identified by parameter
baseDistinguishedName
and obtains the full distinguished name (DN) identifying the user. ParameteruserKeyAttributeName
is used to build the search string. - Returns all attributes for the DN.
Javascript example:
var root = "OU=Ebase Users and Groups,DC=ebasetech,DC=com"; var userAttr = "sAMAccountName"; var attrs = LdapServices.getUserAttributes(fields.USER.value, root, userAttr, false); for (var attrid in attrs) { var attrValues = attrs[attrid]; log ("Attribute: " + attrid); for each (var attrValue in attrValues) { log(" value: " + attrValue); } }
- Parameters:
userName
- the user name. Any domain in the user name is removed if parameterremoveDomainNameFromUser
is true.baseDistinguishedName
- the distinguished name (DN) that is used as the search root for the useruserKeyAttributeName
- the user attribute used to search the registry for the user data, this should uniquely identify the userremoveDomainNameFromUser
- iftrue
, any domain in the user name is removed prior to authenticating e.g. myuser@domain or domain\myuser are changed to myuser prior to the search- Returns:
- a map of all attributes (with Javascript, this will be returned as a Javascript Object).
- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs- Since:
- V4.4
- See Also:
getUserAttributes(String)
- Connects to the Ldap Registry using the user identified by properties
-
getUserAttribute
public static java.lang.String[] getUserAttribute(java.lang.String userName, java.lang.String attributeName)Returns a single attribute associated with a user from the Ldap Registry identified by properties in the XIldap.properties file file.The returned array contains one value for each occurrence of the property in the registry. When a property only occurs once, this array will only contain a single value.
This method works in the same way as
getUserAttributes(String)
except that values for only one attribute are returned.Javascript example:
var attrs = LdapServices.getUserAttribute(system.securityManager.userName, "mail"); if (attrs.length > 0) var email = attrs[0];
- Parameters:
userName
- the user name. Any domain in the user name is removed prior to searching e.g. myuser@domain or domain\myuser are changed to myuser.attributeName
- name of the attribute- Returns:
- an array of values for the attribute
- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs- Since:
- V4.4
- See Also:
getUserAttribute(String, String, String, String, boolean)
-
getUserAttribute
public static java.lang.String[] getUserAttribute(java.lang.String userName, java.lang.String attributeName, java.lang.String baseDistinguishedName, java.lang.String userKeyAttributeName, boolean removeDomainNameFromUser)Returns a single attribute associated with a user from the Ldap Registry identified by properties in the XIldap.properties file file.The returned array contains one value for each occurrence of the property in the registry. When a property only occurs once, this array will only contain a single value.
This method works in the same way as
getUserAttributes(String, String, String, boolean)
except that values for only one attribute are returned.Javascript example:
var root = "OU=Ebase Users and Groups,DC=ebasetech,DC=com"; var userAttr = "sAMAccountName"; var attrs = LdapServices.getUserAttribute(system.securityManager.userName, "mail", root, userAttr, false); if (attrs.length > 0) var email = attrs[0];
- Parameters:
userName
- the user name. Any domain in the user name is removed if parameterremoveDomainNameFromUser
is true.attributeName
- name of the attributebaseDistinguishedName
- the distinguished name (DN) that is used as the search root for the useruserKeyAttributeName
- the user attribute used to search the registry for the user data, this should uniquely identify the userremoveDomainNameFromUser
- iftrue
, any domain in the user name is removed prior to authenticating- Returns:
- an array of values for the attribute
- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs- Since:
- V4.4
- See Also:
getUserAttribute(String, String)
-
getADGroups
public static java.lang.String[] getADGroups(java.lang.String userName) throws com.ebasetech.xi.exceptions.FormRuntimeExceptionReturns all Active Directory group names associated with a user including nested groups, using the Active Directory tokenGroups attribute to obtain this information. Connection parameters for the Active Directory system are taken from the XIldap.properties file properties file. In this file, propertyLdap.BaseDistinguishedName
should be set to a directory location that includes all users and groups.This method works as follows:
- Connects to the Ldap Registry using the user identified by properties
Ldap.BindDistinguishedName
andLdap.BindPassword
in XIldap.properties file. If these properties are missing, attempts to bind anonymously. - Searches the registry for the user name starting from the location identified by property
Ldap.BaseDistinguishedName
in XIldap.properties file and obtains the full distinguished name (DN) identifying the user. ParameteruserKeyAttributeName
in XIldap.properties file is used to build the search string. - Obtains a list of groups for the user by searching for the special Active Directory tokenGroups attribute within the user DN.
- Searches for each group in turn starting from the location identified by property
Ldap.BaseDistinguishedName
in XIldap.properties file.
Javascript example:
var groups = LdapServices.getADGroups(fields.USER.value); for each (var group in groups) { tables.GROUPS.insertRow(); tables.GROUPS.NAME.value = group; }
- Parameters:
userName
- the user name. Any domain in the user name is removed prior to searching e.g. myuser@domain or domain\myuser are changed to myuser.- Returns:
- an array of group names for the user
- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs- Since:
- V4.4
- See Also:
getADGroups(String, String, boolean)
- Connects to the Ldap Registry using the user identified by properties
-
getADGroups
public static java.lang.String[] getADGroups(java.lang.String userName, java.lang.String baseDistinguishedName, boolean removeDomainNameFromUser) throws com.ebasetech.xi.exceptions.FormRuntimeExceptionReturns all Active Directory group names associated with a user including nested groups, using the Active Directory tokenGroups attribute to obtain this information. Connection parameters for the Active Directory system are taken from the XIldap.properties file properties file.This method works as follows:
- Connects to the Ldap Registry using the user identified by properties
Ldap.BindDistinguishedName
andLdap.BindPassword
in XIldap.properties file. If these properties are missing, attempts to bind anonymously. - Searches the registry for the user name starting from the location identified by parameter
baseDistinguishedName
and obtains the full distinguished name (DN) identifying the user. - Obtains a list of groups for the user by searching for the special Active Directory tokenGroups attribute within the user DN.
- Searches for each group in turn starting from the location identified by parameter
baseDistinguishedName
.
Javascript example:
var root = "DC=ebasetech,DC=com"; var groups = LdapServices.getADGroups(fields.USER.value, root, true); for each (var group in groups) { tables.GROUPS.insertRow(); tables.GROUPS.NAME.value = group; }
- Parameters:
userName
- the user name. Any domain in the user name is removed if parameterremoveDomainNameFromUser
is true.baseDistinguishedName
- the distinguished name (DN) that is used as the search root for the user and groupsremoveDomainNameFromUser
- iftrue
, any domain in the user name is removed prior to authenticating- Returns:
- an array of group names for the user
- Throws:
com.ebasetech.xi.exceptions.FormRuntimeException
- if any error occurs- Since:
- V4.4
- See Also:
getADGroups(String)
- Connects to the Ldap Registry using the user identified by properties
-