Class LdapAuthorizationMapping

  • All Implemented Interfaces:
    AuthorizationMapping

    public class LdapAuthorizationMapping
    extends Object
    implements AuthorizationMapping
    Provider for authorization mapping using LDAP. If the authenticated principal did not request a username, provide one via LDAP. Specify the lookup field in the system properties. An entry in that file would look like the following:
    • ldap.princField = k5login
    • ldap.princSearchFilter = princField={0}

    Each ldap object that represents a user is expcted to have exactly one of ldap.usernameField and ldap.princField, and they are both expected to be unique over the search base. A search will be performed over all objects where princField = principal, and the usernameField will be returned. Note that it is expected this search return exactly one object. (There can only be one default) If more than one is returned, the first entry encountered will be used, and no sorting is performed or requested. If more control over the search is needed, you can specify the mapSearchFilter used to perform the LDAP query. This implementation requires that LDAP be configured, obviously.

    Author:
    Jay Kline
    • Constructor Detail

      • LdapAuthorizationMapping

        public LdapAuthorizationMapping()
    • Method Detail

      • map

        public String map​(String principal)
        Description copied from interface: AuthorizationMapping
        Returns true if the principal is explicity authorized to the JID
        Specified by:
        map in interface AuthorizationMapping
        Parameters:
        principal - The autheticated principal requesting authorization.
        Returns:
        The name of the default username to use.
      • name

        public String name()
        Returns the short name of the Policy
        Specified by:
        name in interface AuthorizationMapping
        Returns:
        The short name of the Policy