Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-470

Callbackhandlers to get information from LDAP

    XMLWordPrintable

Details

    Description

      A CallbackHandler using the LDAP to match the passed password.

      There are two callbacks that can be passed to this handler.

      PasswordCallback: Passing this callback will get the password for the user. The returned password will not be in clear text. It will be in the hashed form the ldap server has stored.
      VerifyPasswordCallback Passing this callback with a value will make the handler to do a ldap bind to verify the user password.
      The main method is #setConfiguration(Map) which takes in a map of String key/value pairs. The possible pairs are:

      passwordAttributeID : what is the name of the attribute where the password is stored. Default: userPassword
      bindDN : DN used to bind against the ldap server with read/write permissions for baseCtxDN.
      bindCredential : Password for the bindDN. This can be encrypted if the jaasSecurityDomain is specified.
      baseCtxDN : The fixed DN of the context to start the user search from.
      baseFilter: A search filter used to locate the context of the user to authenticate. The input username/userDN as provided by the NameCallback will be substituted into the filter anywhere a "

      {0}" expression is seen. This substitution behavior comes from the standard.
      searchTimeLimit : The timeout in milliseconds for the user/role searches. Defaults to 10000 (10 seconds).
      jaasSecurityDomain : The JMX ObjectName of the JaasSecurityDomain to use to decrypt the java.naming.security.principal. The encrypted form of the password is that returned by the JaasSecurityDomain#encrypt64(byte[]) method. The org.jboss.security.plugins.PBEUtils can also be used to generate the encrypted form.
      distinguishedNameAttribute : Used in ldap servers such as Active Directory where the ldap provider has a property (distinguishedName) to return the relative CN of the user. Default: distinguishedName
      Example Usages:

      LdapCallbackHandler cbh = new LdapCallbackHandler();
      Map map = new HashMap();
      map.put("bindDN", "cn=Directory Manager");
      map.put("bindCredential", "password");
      map.put("baseFilter", "(uid={0}

      )");
      map.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
      map.put("java.naming.provider.url", "ldap://localhost:10389");
      map.put("baseCtxDN", "ou=People,dc=jboss,dc=org");
      cbh.setConfiguration(map);
      NameCallback ncb = new NameCallback("Enter");
      ncb.setName("jduke");
      VerifyPasswordCallback vpc = new VerifyPasswordCallback();
      vpc.setValue("theduke");
      cbh.handle(new Callback[]

      {ncb,vpc}

      );
      assertTrue(vpc.isVerified());

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            anil.saldhana Anil Saldanha (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: