Package org.apache.sshd.ldap
Class LdapPasswordAuthenticator
- java.lang.Object
-
- org.apache.sshd.common.util.logging.AbstractLoggingBean
-
- org.apache.sshd.common.util.net.NetworkConnector
-
- org.apache.sshd.ldap.LdapNetworkConnector<org.apache.sshd.server.session.ServerSession>
-
- org.apache.sshd.ldap.LdapAuthenticator
-
- org.apache.sshd.ldap.LdapPasswordAuthenticator
-
- All Implemented Interfaces:
org.apache.sshd.server.auth.password.PasswordAuthenticator
public class LdapPasswordAuthenticator extends LdapAuthenticator implements org.apache.sshd.server.auth.password.PasswordAuthenticator
Uses LDAP to authenticate a user and password. By default it can achieve this using 2 ways:- Comparing the provided password with the one stored in LDAP. In this case, the bind DN and password patterns can
be either empty (if anonymous access allowed) or can contain the administrative username / password required to run
the LDAP query. The search filter pattern should be set to require a match for both the username and password
- e.g.,
"(&(user={0})(password={1}))"
. The set default (DEFAULT_SEARCH_FILTER_PATTERN
) uses the most commonly encountered attributes names for this purpose. - Using the original username + password to access LDAP - in which case the very success of retrieving anything can
be considered a successful authentication. In this case, the bind DN and password patterns should be set up to
generate the correct credentials - the default is to "echo" the provided username and password as-is. E.g.,
if the username is always the alias part of a known e-mail, the bind DN should be set to
"{0}@my.domain.com"
.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
DEFAULT_PASSWORD_ATTR_NAME
static java.lang.String
DEFAULT_SEARCH_FILTER_PATTERN
-
Fields inherited from class org.apache.sshd.ldap.LdapAuthenticator
DEFAULT_AUTHENTICATION_MODE, DEFAULT_USERNAME_ATTR_NAME
-
Fields inherited from class org.apache.sshd.ldap.LdapNetworkConnector
ALL_LDAP_ATTRIBUTES, baseDNPattern, bindDNPattern, bindPasswordPattern, DEFAULT_BINARY_ATTRIBUTES, DEFAULT_LDAP_ACCUMULATE_MULTIVALUES, DEFAULT_LDAP_BIND_DN_PATTERN, DEFAULT_LDAP_BIND_PASSWORD_PATTERN, DEFAULT_LDAP_COUNT_LIMIT, DEFAULT_LDAP_DEREF_ENABLED, DEFAULT_LDAP_FACTORY_PROPNAME, DEFAULT_LDAP_FACTORY_PROPVAL, DEFAULT_LDAP_PORT, DEFAULT_LDAP_PROTOCOL, DEFAULT_LDAP_REFERRAL_MODE, DEFAULT_LDAP_RETURN_OBJVALUE, DEFAULT_LDAP_SEARCH_SCOPE, DEFAULT_LDAP_TIME_LIMIT, ldapEnv, searchControls, searchFilterPattern
-
-
Constructor Summary
Constructors Constructor Description LdapPasswordAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
authenticate(java.lang.String username, java.lang.String password, org.apache.sshd.server.session.ServerSession session)
protected boolean
authenticate(java.lang.String username, java.lang.String password, org.apache.sshd.server.session.ServerSession session, java.util.Map<java.lang.String,?> attrs)
-
Methods inherited from class org.apache.sshd.ldap.LdapNetworkConnector
accumulateAttributeValue, getAuthenticationMode, getBaseDN, getBinaryAttributes, getBindDNPattern, getBindPasswordPattern, getCountLimit, getLdapFactory, getProtocolVersion, getReferralMode, getRetrievedAttributes, getSearchFilterPattern, getSearchScope, getTimeLimit, initializeDirContext, isAccumulateMultiValues, isDerefLink, isReturningObjFlag, processResultAttributeValue, processSearchResult, queryAttributes, resolveAttributes, resolveBaseDN, resolveSearchFilter, setAccumulateMultiValues, setAuthenticationMode, setBaseDN, setBinaryAttributes, setBindDNPattern, setBindPasswordPattern, setConnectTimeout, setCountLimit, setDerefLink, setLdapFactory, setProtocolVersion, setReadTimeout, setReferralMode, setRetrievedAttributes, setReturningObjFlag, setSearchFilterPattern, setSearchScope, setTimeLimit, setupDirContextEnvironment, toString
-
Methods inherited from class org.apache.sshd.common.util.net.NetworkConnector
getConnectTimeout, getHost, getPort, getProtocol, getReadTimeout, setHost, setPort, setProtocol, toString
-
Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn
-
-
-
-
Field Detail
-
DEFAULT_PASSWORD_ATTR_NAME
public static final java.lang.String DEFAULT_PASSWORD_ATTR_NAME
- See Also:
- Constant Field Values
-
DEFAULT_SEARCH_FILTER_PATTERN
public static final java.lang.String DEFAULT_SEARCH_FILTER_PATTERN
- See Also:
- Constant Field Values
-
-
Method Detail
-
authenticate
public boolean authenticate(java.lang.String username, java.lang.String password, org.apache.sshd.server.session.ServerSession session) throws org.apache.sshd.server.auth.password.PasswordChangeRequiredException
- Specified by:
authenticate
in interfaceorg.apache.sshd.server.auth.password.PasswordAuthenticator
- Throws:
org.apache.sshd.server.auth.password.PasswordChangeRequiredException
-
authenticate
protected boolean authenticate(java.lang.String username, java.lang.String password, org.apache.sshd.server.session.ServerSession session, java.util.Map<java.lang.String,?> attrs)
-
-