Package org.jivesoftware.openfire.ldap

Class LdapAuthProvider

java.lang.Object

org.jivesoftware.openfire.ldap.LdapAuthProvider

All Implemented Interfaces:

AuthProvider

public class LdapAuthProvider
extends Object
implements AuthProvider

Implementation of auth provider interface for LDAP authentication service plug-in. Only plaintext authentication is currently supported.

Optionally, an authentication cache can be enabled. When enabled, a hashed version of the user's password is cached for a variable length of time (2 hours by default). This can decrease load on the directory and preserve some level of service even when the directory becomes unavailable for a period of time.

• ldap.authCache.enabled -- true to enable the auth cache.
• ldap.authCache.size -- size in bytes of the auth cache. If property is not set, the default value is 524288 (512 K).
• ldap.authCache.maxLifetime -- maximum amount of time a hashed password can be cached in milliseconds. If property is not set, the default value is 7200000 (2 hours).

Author:

Matt Tucker

Field Summary

Fields

Modifier and Type	Field	Description
static final SystemProperty<Boolean>	AUTH_CACHE_ENABLED
static final SystemProperty<Duration>	AUTH_CACHE_MAX_LIFETIME
static final SystemProperty<Long>	AUTH_CACHE_SIZE

Constructor Summary

Constructors

Constructor	Description
LdapAuthProvider()
LdapAuthProvider(String ldapConfigPropertyName)

Method Summary

Modifier and Type	Method	Description
void	authenticate(String username, String password)	Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.
int	getIterations(String username)
String	getPassword(String username)	Returns the user's password.
String	getSalt(String username)
String	getServerKey(String username)
String	getStoredKey(String username)
boolean	isScramSupported()
void	setPassword(String username, String password)	Sets the user's password.
boolean	supportsPasswordRetrieval()	Returns true if this UserProvider is able to retrieve user passwords from the backend user store.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

AUTH_CACHE_ENABLED

public static final SystemProperty<Boolean> AUTH_CACHE_ENABLED

AUTH_CACHE_SIZE

public static final SystemProperty<Long> AUTH_CACHE_SIZE

AUTH_CACHE_MAX_LIFETIME

public static final SystemProperty<Duration> AUTH_CACHE_MAX_LIFETIME

Constructor Details

LdapAuthProvider

public LdapAuthProvider()

LdapAuthProvider

public LdapAuthProvider(String ldapConfigPropertyName)

Method Details

authenticate

public void authenticate(String username,
 String password)
                  throws UnauthorizedException

Description copied from interface: AuthProvider

Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.

Specified by:

authenticate in interface AuthProvider

Parameters:

username - the username or full JID.

password - the password

Throws:

UnauthorizedException - if the username and password do not match any existing user.

getPassword

public String getPassword(String username)
                   throws UserNotFoundException,
UnsupportedOperationException

Description copied from interface: AuthProvider

Returns the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.

Specified by:

getPassword in interface AuthProvider

Parameters:

username - the username of the user.

Returns:

the user's password.

Throws:

UserNotFoundException - if the given user's password could not be loaded.

UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).

setPassword

public void setPassword(String username,
 String password)
                 throws UserNotFoundException

Description copied from interface: AuthProvider

Sets the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.

Specified by:

setPassword in interface AuthProvider

Parameters:

username - the username of the user.

password - the new plaintext password for the user.

Throws:

UserNotFoundException - if the given user could not be loaded.

supportsPasswordRetrieval

public boolean supportsPasswordRetrieval()

Description copied from interface: AuthProvider

Returns true if this UserProvider is able to retrieve user passwords from the backend user store. If this operation is not supported then AuthProvider.getPassword(String) will throw an UnsupportedOperationException if invoked.

Specified by:

supportsPasswordRetrieval in interface AuthProvider

Returns:

true if this UserProvider is able to retrieve user passwords from the backend user store.

isScramSupported

public boolean isScramSupported()

Specified by:

isScramSupported in interface AuthProvider

getSalt

public String getSalt(String username)
               throws UnsupportedOperationException,
UserNotFoundException

Specified by:

getSalt in interface AuthProvider

Throws:

UnsupportedOperationException

UserNotFoundException

getIterations

public int getIterations(String username)
                  throws UnsupportedOperationException,
UserNotFoundException

Specified by:

getIterations in interface AuthProvider

Throws:

UnsupportedOperationException

UserNotFoundException

getServerKey

public String getServerKey(String username)
                    throws UnsupportedOperationException,
UserNotFoundException

Specified by:

getServerKey in interface AuthProvider

Throws:

UnsupportedOperationException

UserNotFoundException

getStoredKey

public String getStoredKey(String username)
                    throws UnsupportedOperationException,
UserNotFoundException

Specified by:

getStoredKey in interface AuthProvider

Throws:

UnsupportedOperationException

UserNotFoundException