public class LdapPasswordProvider431 extends ConfigurablePasswordProvider
PasswordProvider
which can create users on
request
to synchronize with an LDAP
directory. Assuming that a user exists in the configured LDAP store but not
in the database, then a new user will be created. Authentication, however,
always takes place against LDAP, and changing passwords is not allowed.
Note: deleted LDAP users will not be removed from OMERO, but will not be able
to login.
Note: unlike LdapPasswordProvider
, this implementation
(the default LDAP password provider up until 4.3.2) does not check
the user_filter on every login, but only when a user does not exist. This means
that when using this implementation it is not possible to remove a user's login
simply by modifying a part of the user_filter. To workaround various issues described
under tickets #6248 and #6885, it was necessary to retain this logic in 4.3.3.SecuritySystem
,
Permissions
Modifier and Type | Field and Description |
---|---|
protected LdapImpl |
ldapUtil |
ctx, hash, ignoreUnknown, legacyUtil, log, salt, util
Constructor and Description |
---|
LdapPasswordProvider431(PasswordUtil util,
LdapImpl ldap) |
LdapPasswordProvider431(PasswordUtil util,
LdapImpl ldap,
boolean ignoreUnknown) |
Modifier and Type | Method and Description |
---|---|
java.lang.Boolean |
checkPassword(java.lang.String user,
java.lang.String password,
boolean readOnly)
If this was constructed with the
ignoreUnknown argument set to
true , returns null , since the base class knows no users. |
boolean |
hasPassword(java.lang.String user)
Only returns if the user is already in the database and has a DN value in
the password table.
|
changePassword, comparePasswords, comparePasswords, comparePasswords, encodePassword, encodePassword, encodeSaltedPassword, loginAttempt, setApplicationContext, setLegacyUtil
protected final LdapImpl ldapUtil
public LdapPasswordProvider431(PasswordUtil util, LdapImpl ldap)
public LdapPasswordProvider431(PasswordUtil util, LdapImpl ldap, boolean ignoreUnknown)
public boolean hasPassword(java.lang.String user)
checkPassword(String, String,boolean)
with this same user value, this
method might begin to return true
due to a call to
LdapImpl.createUser(String, String)
.hasPassword
in interface PasswordProvider
hasPassword
in class ConfigurablePasswordProvider
public java.lang.Boolean checkPassword(java.lang.String user, java.lang.String password, boolean readOnly)
ConfigurablePasswordProvider
ignoreUnknown
argument set to
true
, returns null
, since the base class knows no users.
Otherwise, returns Boolean.FALSE
specifying that
authentication should fail.checkPassword
in interface PasswordProvider
checkPassword
in class ConfigurablePasswordProvider