Class LdapPasswordAuthenticator

java.lang.Object

org.apache.sshd.common.util.logging.AbstractLoggingBean

org.apache.sshd.common.util.net.NetworkConnector

org.apache.sshd.ldap.LdapNetworkConnector<org.apache.sshd.server.session.ServerSession>

org.apache.sshd.ldap.LdapAuthenticator

org.apache.sshd.ldap.LdapPasswordAuthenticator

All Implemented Interfaces:

org.apache.sshd.server.auth.password.PasswordAuthenticator

public class LdapPasswordAuthenticator
extends LdapAuthenticator
implements org.apache.sshd.server.auth.password.PasswordAuthenticator

Uses LDAP to authenticate a user and password. By default it can achieve this using 2 ways:

1. Comparing the provided password with the one stored in LDAP. In this case, the bind DN and password patterns can be either empty (if anonymous access allowed) or can contain the administrative username / password required to run the LDAP query. The search filter pattern should be set to require a match for both the username and password - e.g., "(&(user={0})(password={1}))". The set default (DEFAULT_SEARCH_FILTER_PATTERN) uses the most commonly encountered attributes names for this purpose.
2. Using the original username + password to access LDAP - in which case the very success of retrieving anything can be considered a successful authentication. In this case, the bind DN and password patterns should be set up to generate the correct credentials - the default is to "echo" the provided username and password as-is. E.g., if the username is always the alias part of a known e-mail, the bind DN should be set to "{0}@my.domain.com".

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DEFAULT_PASSWORD_ATTR_NAME
static final String	DEFAULT_SEARCH_FILTER_PATTERN

Fields inherited from class LdapAuthenticator

DEFAULT_AUTHENTICATION_MODE, DEFAULT_USERNAME_ATTR_NAME

Fields inherited from class LdapNetworkConnector

ALL_LDAP_ATTRIBUTES, baseDNPattern, bindDNPattern, bindPasswordPattern, DEFAULT_BINARY_ATTRIBUTES, DEFAULT_LDAP_ACCUMULATE_MULTIVALUES, DEFAULT_LDAP_BIND_DN_PATTERN, DEFAULT_LDAP_BIND_PASSWORD_PATTERN, DEFAULT_LDAP_COUNT_LIMIT, DEFAULT_LDAP_DEREF_ENABLED, DEFAULT_LDAP_FACTORY_PROPNAME, DEFAULT_LDAP_FACTORY_PROPVAL, DEFAULT_LDAP_PORT, DEFAULT_LDAP_PROTOCOL, DEFAULT_LDAP_REFERRAL_MODE, DEFAULT_LDAP_RETURN_OBJVALUE, DEFAULT_LDAP_SEARCH_SCOPE, DEFAULT_LDAP_TIME_LIMIT, ldapEnv, searchControls, searchFilterPattern

Fields inherited from class org.apache.sshd.common.util.net.NetworkConnector

DEFAULT_CONNECT_TIMEOUT, DEFAULT_HOST, DEFAULT_READ_TIMEOUT

Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

log

Constructor Summary

Constructors

Constructor	Description
LdapPasswordAuthenticator()

Method Summary

Modifier and Type	Method	Description
boolean	authenticate(String username, String password, org.apache.sshd.server.session.ServerSession session)
protected boolean	authenticate(String username, String password, org.apache.sshd.server.session.ServerSession session, Map<String,?> attrs)

Methods inherited from class LdapNetworkConnector

accumulateAttributeValue, getAuthenticationMode, getBaseDN, getBinaryAttributes, getBindDNPattern, getBindPasswordPattern, getCountLimit, getLdapFactory, getProtocolVersion, getReferralMode, getRetrievedAttributes, getSearchFilterPattern, getSearchScope, getTimeLimit, initializeDirContext, isAccumulateMultiValues, isDerefLink, isReturningObjFlag, processResultAttributeValue, processSearchResult, queryAttributes, resolveAttributes, resolveBaseDN, resolveSearchFilter, setAccumulateMultiValues, setAuthenticationMode, setBaseDN, setBinaryAttributes, setBindDNPattern, setBindPasswordPattern, setConnectTimeout, setCountLimit, setDerefLink, setLdapFactory, setProtocolVersion, setReadTimeout, setReferralMode, setRetrievedAttributes, setReturningObjFlag, setSearchFilterPattern, setSearchScope, setTimeLimit, setupDirContextEnvironment, toString

Methods inherited from class org.apache.sshd.common.util.net.NetworkConnector

getConnectTimeout, getHost, getPort, getProtocol, getReadTimeout, setHost, setPort, setProtocol, toString

Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.sshd.server.auth.password.PasswordAuthenticator

handleClientPasswordChangeRequest

Field Details

DEFAULT_PASSWORD_ATTR_NAME

public static final String DEFAULT_PASSWORD_ATTR_NAME

See Also:

• Constant Field Values

DEFAULT_SEARCH_FILTER_PATTERN

public static final String DEFAULT_SEARCH_FILTER_PATTERN

See Also:

• Constant Field Values

Constructor Details

LdapPasswordAuthenticator

public LdapPasswordAuthenticator()

Method Details

authenticate

public boolean authenticate(String username,
 String password,
 org.apache.sshd.server.session.ServerSession session)
                     throws org.apache.sshd.server.auth.password.PasswordChangeRequiredException

Specified by:

authenticate in interface org.apache.sshd.server.auth.password.PasswordAuthenticator

Throws:

org.apache.sshd.server.auth.password.PasswordChangeRequiredException

authenticate

protected boolean authenticate(String username,
 String password,
 org.apache.sshd.server.session.ServerSession session,
 Map<String,?> attrs)