Package org.forgerock.opendj.rest2ldap.authz

Class AuthenticationStrategies

  • public final class AuthenticationStrategies
extends Object
    Factory methods of AuthenticationStrategy allowing to perform authentication against LDAP server through different method.

    • Method Detail

      • newSimpleBindStrategy

        public static AuthenticationStrategy newSimpleBindStrategy​(LdapClient ldapClient,
                                                           String bindDNTemplate,
                                                           Schema schema)
        Creates an AuthenticationStrategy performing simple BIND authentication against an LDAP server.
        Parameters:
        ldapClient - LdapClient to the LDAP server used to perform the bind operation.
        bindDNTemplate - Template of the DN to use for the bind operation. The first %s will be replaced by the provided authentication-id (i.e: uid=%s,dc=example,dc=com)
        schema - Schema used to validate the DN format.*
        Returns:
        a new simple bind AuthenticationStrategy
        Throws:
        NullPointerException - If a parameter is null

      • newSearchThenBindStrategy

        public static AuthenticationStrategy newSearchThenBindStrategy​(LdapClient searchLdapClient,
                                                               LdapClient bindLdapClient,
                                                               Dn baseDN,
                                                               SearchScope searchScope,
                                                               String filterTemplate)
        Creates an AuthenticationStrategy performing authentication against an LDAP server by first performing a lookup of the entry to bind with. This is to find the user DN to bind with from its metadata (i.e: email address).
        Parameters:
        searchLdapClient - LdapClient to the LDAP server used to perform the lookup of the entry.
        bindLdapClient - LdapClient to the LDAP server used to perform the bind one the user's DN has been found. Can be the same than the searchConnectionFactory.
        baseDN - Base DN of the search request performed to find the user's DN.
        searchScope - SearchScope of the search request performed to find the user's DN.
        filterTemplate - Filter of the search request (i.e: (&(email=%s)(objectClass=inetOrgPerson)) where the first %s will be replaced by the user's provided authentication-id.
        Returns:
        a new search then bind AuthenticationStrategy
        Throws:
        NullPointerException - If a parameter is null

      • newSaslPlainStrategy

        public static AuthenticationStrategy newSaslPlainStrategy​(LdapClient ldapClient,
                                                          Schema schema,
                                                          String authcIdTemplate)
        Creates an AuthenticationStrategy performing authentication against an LDAP server using a plain SASL bind request.
        Parameters:
        ldapClient - LdapClient to the LDAP server to authenticate with.
        authcIdTemplate - Authentication identity template containing a single %s which will be replaced by the authenticating user's name. (i.e: (u:%s)
        schema - Schema used to perform DN validation.
        Returns:
        a new SASL plain bind AuthenticationStrategy
        Throws:
        NullPointerException - If a parameter is null

      • newSaslScramStrategy

        public static AuthenticationStrategy newSaslScramStrategy​(LdapClient ldapClient,
                                                          ScramMechanism scramMechanism,
                                                          Schema schema,
                                                          String authcIdTemplate)
        Creates an AuthenticationStrategy performing authentication against an LDAP server using a SCRAM SASL bind request.
        Parameters:
        ldapClient - LdapClient to the LDAP server to authenticate with.
        scramMechanism - The SCRAM mechanism which should be used.
        schema - Schema used to perform DN validation.
        authcIdTemplate - Authentication identity template containing a single %s which will be replaced by the authenticating user's name. (i.e: (u:%s)
        Returns:
        a new SASL SCRAM bind AuthenticationStrategy
        Throws:
        NullPointerException - If a parameter is null