Package org.jivesoftware.openfire.ldap
Class LdapAuthProvider
- java.lang.Object
-
- org.jivesoftware.openfire.ldap.LdapAuthProvider
-
- All Implemented Interfaces:
AuthProvider
public class LdapAuthProvider extends Object implements AuthProvider
Implementation of auth provider interface for LDAP authentication service plug-in. Only plaintext authentication is currently supported.Optionally, an authentication cache can be enabled. When enabled, a hashed version of the user's password is cached for a variable length of time (2 hours by default). This can decrease load on the directory and preserve some level of service even when the directory becomes unavailable for a period of time.
ldap.authCache.enabled
-- true to enable the auth cache.ldap.authCache.size
-- size in bytes of the auth cache. If property is not set, the default value is 524288 (512 K).ldap.authCache.maxLifetime
-- maximum amount of time a hashed password can be cached in milleseconds. If property is not set, the default value is 7200000 (2 hours).
- Author:
- Matt Tucker
-
-
Constructor Summary
Constructors Constructor Description LdapAuthProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
authenticate(String username, String password)
Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.int
getIterations(String username)
String
getPassword(String username)
Returns the user's password.String
getSalt(String username)
String
getServerKey(String username)
String
getStoredKey(String username)
boolean
isScramSupported()
void
setPassword(String username, String password)
Sets the users's password.boolean
supportsPasswordRetrieval()
Returns true if this UserProvider is able to retrieve user passwords from the backend user store.
-
-
-
Method Detail
-
authenticate
public void authenticate(String username, String password) throws UnauthorizedException
Description copied from interface:AuthProvider
Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.- Specified by:
authenticate
in interfaceAuthProvider
- Parameters:
username
- the username or full JID.password
- the password- Throws:
UnauthorizedException
- if the username and password do not match any existing user.
-
getPassword
public String getPassword(String username) throws UserNotFoundException, UnsupportedOperationException
Description copied from interface:AuthProvider
Returns the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.- Specified by:
getPassword
in interfaceAuthProvider
- Parameters:
username
- the username of the user.- Returns:
- the user's password.
- Throws:
UserNotFoundException
- if the given user's password could not be loaded.UnsupportedOperationException
- if the provider does not support the operation (this is an optional operation).
-
setPassword
public void setPassword(String username, String password) throws UserNotFoundException
Description copied from interface:AuthProvider
Sets the users's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.- Specified by:
setPassword
in interfaceAuthProvider
- Parameters:
username
- the username of the user.password
- the new plaintext password for the user.- Throws:
UserNotFoundException
- if the given user could not be loaded.
-
supportsPasswordRetrieval
public boolean supportsPasswordRetrieval()
Description copied from interface:AuthProvider
Returns true if this UserProvider is able to retrieve user passwords from the backend user store. If this operation is not supported thenAuthProvider.getPassword(String)
will throw anUnsupportedOperationException
if invoked.- Specified by:
supportsPasswordRetrieval
in interfaceAuthProvider
- Returns:
- true if this UserProvider is able to retrieve user passwords from the backend user store.
-
isScramSupported
public boolean isScramSupported()
- Specified by:
isScramSupported
in interfaceAuthProvider
-
getSalt
public String getSalt(String username) throws UnsupportedOperationException, UserNotFoundException
- Specified by:
getSalt
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
getIterations
public int getIterations(String username) throws UnsupportedOperationException, UserNotFoundException
- Specified by:
getIterations
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
getServerKey
public String getServerKey(String username) throws UnsupportedOperationException, UserNotFoundException
- Specified by:
getServerKey
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
getStoredKey
public String getStoredKey(String username) throws UnsupportedOperationException, UserNotFoundException
- Specified by:
getStoredKey
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
-