- All Implemented Interfaces:
- org.jboss.security.mapping.MappingProvider<List<Attribute<String>>>
public class LdapAttributeMappingProvider
extends Object
implements org.jboss.security.mapping.MappingProvider<List<Attribute<String>>>
Maps attributes from LDAP
The options include whatever options your LDAP JNDI provider
supports. Examples of standard property names are:
Context.INITIAL_CONTEXT_FACTORY = "java.naming.factory.initial"
Context.SECURITY_PROTOCOL = "java.naming.security.protocol"
Context.PROVIDER_URL = "java.naming.provider.url"
Context.SECURITY_AUTHENTICATION = "java.naming.security.authentication"
Other Module Options:-
bindDN:The DN used to bind against the ldap server for the user and
roles queries. This is some DN with read/search permissions on the baseCtxDN and
rolesCtxDN values.
bindCredential: The password for the bindDN. This can be encrypted if the
jaasSecurityDomain is specified.
baseCtxDN: The fixed DN of the context to start the user search from.
baseFilter:A search filter used to locate the context of the user to
authenticate. The input username/userDN as obtained from the login module
callback will be substituted into the filter anywhere a "{0}" expression is
seen. This substituion behavior comes from the standard
__DirContext.search(Name, String, Object[], SearchControls cons)__ method. An
common example search filter is "(uid={0})".
searchTimeLimit:The timeout in milliseconds for the user/role searches.
Defaults to 10000 (10 seconds).
attributeList: A comma-separated list of attributes for the user
(Example: mail,cn,sn,employeeType,employeeNumber)
jaasSecurityDomain: The JMX ObjectName of the JaasSecurityDomain to use
to decrypt the java.naming.security.principal. The encrypted form of the
password is that returned by the JaasSecurityDomain#encrypt64(byte[]) method.
The org.jboss.security.plugins.PBEUtils can also be used to generate the
encrypted form.
- Since:
- August 5, 2009
- Author:
- Anil.Saldhana@redhat.com