LDAP (v4.0)
pac4j allows you to validate username/password and create, update and delete users on a LDAP.
1) Dependency
You need to use the following module: pac4j-ldap
.
Example (Maven dependency):
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-ldap</artifactId>
<version>${pac4j.version}</version>
</dependency>
2) LdapProfileService
The LdapProfileService
supersedes the deprecated LdapAuthenticator
to:
- validate a username/password on a LDAP (it can be defined for HTTP clients which deal with
UsernamePasswordCredentials
) - create, update or delete a user in the LDAP.
It works with a LdapProfile
.
It is based on the great Ldpative library and built from a org.ldaptive.ConnectionFactory
and a org.ldaptive.auth.Authenticator
.
Example:
// ldaptive:
FormatDnResolver dnResolver = new FormatDnResolver();
dnResolver.setFormat(LdapServer.CN + "=%s," + LdapServer.BASE_PEOPLE_DN);
ConnectionConfig connectionConfig = new ConnectionConfig();
connectionConfig.setConnectTimeout(500);
connectionConfig.setResponseTimeout(1000);
connectionConfig.setLdapUrl("ldap://localhost:" + LdapServer.PORT);
DefaultConnectionFactory connectionFactory = new DefaultConnectionFactory();
connectionFactory.setConnectionConfig(connectionConfig);
PoolConfig poolConfig = new PoolConfig();
poolConfig.setMinPoolSize(1);
poolConfig.setMaxPoolSize(2);
poolConfig.setValidateOnCheckOut(true);
poolConfig.setValidateOnCheckIn(true);
poolConfig.setValidatePeriodically(false);
SearchValidator searchValidator = new SearchValidator();
IdlePruneStrategy pruneStrategy = new IdlePruneStrategy();
BlockingConnectionPool connectionPool = new BlockingConnectionPool();
connectionPool.setPoolConfig(poolConfig);
connectionPool.setBlockWaitTime(1000);
connectionPool.setValidator(searchValidator);
connectionPool.setPruneStrategy(pruneStrategy);
connectionPool.setConnectionFactory(connectionFactory);
connectionPool.initialize();
PooledConnectionFactory pooledConnectionFactory = new PooledConnectionFactory();
pooledConnectionFactory.setConnectionPool(connectionPool);
PooledBindAuthenticationHandler handler = new PooledBindAuthenticationHandler();
handler.setConnectionFactory(pooledConnectionFactory);
Authenticator ldaptiveAuthenticator = new Authenticator();
ldaptiveAuthenticator.setDnResolver(dnResolver);
ldaptiveAuthenticator.setAuthenticationHandler(handler);
// pac4j:
LdapProfileService ldapProfileService = new LdapProfileService(connectionFactory, ldaptiveAuthenticator);
The base users DN can be changed via the setUsersDn
method. As well as the id
, username
and password
LDAP attribute names using the setIdAttribute
, setUsernameAttribute
and setPasswordAttribute
methods.
The attributes of the user profile can be managed in the LDAP in two ways:
- either each attribute is explicitly mapped in a specific LDAP attribute and all these attributes are defined as a list of names separated by commas via the
setAttributes
method (it’s the legacy mode already existing in version 1.9) - or the whole user profile is serialized and saved in the
serializedprofile
LDAP attribute.