LDAP (v4.3)
pac4j allows you to validate username/password and create, update and delete users on a LDAP.
1) Dependency
You need to use the following module: pac4j-ldap.
Example (Maven dependency):
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-ldap</artifactId>
<version>${pac4j.version}</version>
</dependency>
2) LdapProfileService
The LdapProfileService allows you to:
- validate a username/password on a LDAP (it can be defined as the
Authenticatorfor HTTP clients which deal withUsernamePasswordCredentials) - create, update or delete a user in the LDAP.
It works with a LdapProfile.
It is based on the great Ldpative library and built from a org.ldaptive.ConnectionFactory and a org.ldaptive.auth.Authenticator.
Example:
// ldaptive:
FormatDnResolver dnResolver = new FormatDnResolver();
dnResolver.setFormat(LdapServer.CN + "=%s," + LdapServer.BASE_PEOPLE_DN);
ConnectionConfig connectionConfig = new ConnectionConfig();
connectionConfig.setConnectTimeout(500);
connectionConfig.setResponseTimeout(1000);
connectionConfig.setLdapUrl("ldap://localhost:" + LdapServer.PORT);
DefaultConnectionFactory connectionFactory = new DefaultConnectionFactory();
connectionFactory.setConnectionConfig(connectionConfig);
PoolConfig poolConfig = new PoolConfig();
poolConfig.setMinPoolSize(1);
poolConfig.setMaxPoolSize(2);
poolConfig.setValidateOnCheckOut(true);
poolConfig.setValidateOnCheckIn(true);
poolConfig.setValidatePeriodically(false);
SearchValidator searchValidator = new SearchValidator();
IdlePruneStrategy pruneStrategy = new IdlePruneStrategy();
BlockingConnectionPool connectionPool = new BlockingConnectionPool();
connectionPool.setPoolConfig(poolConfig);
connectionPool.setBlockWaitTime(1000);
connectionPool.setValidator(searchValidator);
connectionPool.setPruneStrategy(pruneStrategy);
connectionPool.setConnectionFactory(connectionFactory);
connectionPool.initialize();
PooledConnectionFactory pooledConnectionFactory = new PooledConnectionFactory();
pooledConnectionFactory.setConnectionPool(connectionPool);
PooledBindAuthenticationHandler handler = new PooledBindAuthenticationHandler();
handler.setConnectionFactory(pooledConnectionFactory);
Authenticator ldaptiveAuthenticator = new Authenticator();
ldaptiveAuthenticator.setDnResolver(dnResolver);
ldaptiveAuthenticator.setAuthenticationHandler(handler);
// pac4j:
LdapProfileService ldapProfileService = new LdapProfileService(connectionFactory, ldaptiveAuthenticator);
The base users DN can be changed via the setUsersDn method. As well as the id, username and password LDAP attribute names using the setIdAttribute, setUsernameAttribute and setPasswordAttribute methods.
The attributes of the user profile can be managed in the LDAP in two ways:
- either each attribute is explicitly mapped in a specific LDAP attribute and all these attributes are defined as a list of names separated by commas via the
setAttributesmethod (it’s the legacy mode existing since version 1.9) - or the whole user profile is serialized and saved in the
serializedprofileLDAP attribute.
Starting with v3.9.0 in the 3.x stream, v4.2.0 in the 4.x stream and v5.0, the
serializedprofile is written in JSON instead of using the Java serialization.