com.rsa.certj.provider.db

Class LDAPConfiguration

java.lang.Object
  |
  +--com.rsa.certj.provider.db.LDAPConfiguration

public final class LDAPConfiguration

extends Object

This class captures LDAP configuration information. LDAP repositories vary widely on their schema and usage conventions, so each LDAP repository that the client may wish to search has a separate LDAPConfiguration object.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

Field Summary

static int	LDAP_AUTH_NONE Indicates that no authentication is required when connecting to the LDAP server.
static int	LDAP_AUTH_SIMPLE Indicates that simple authentication is required.
static int	LDAP_DEFAULT_AUTH_TYPE Indicates the default authentication type to use, unless explicitly specified by setAuthType.
static String	LDAP_DEFAULT_BASE_DN_ATTRS Indicates the default base DN attributes to use, unless explicitly specified by setDNAttributes.
static String	LDAP_DEFAULT_CERTIFICATE_ATTRS Indicates the default certificate attributes to use, unless explicitly specified by setCertificateAttrs.
static String	LDAP_DEFAULT_CERTIFICATE_REVOCATION_ATTRS Indicates the default certificate revocation attributes to use, unless explicitly specified by setCertificateRevocationAttrs.
static boolean	LDAP_DEFAULT_DISCONNECT_BEFORE_CONNECT Indicates the default disconnect-before-connect boolean value, unless explicitly specified by setDisconnectBeforeConnect.
static int	LDAP_DEFAULT_PORT_NUMBER Indicates the default port number to use, unless explicitly specified at object construction time.
static String	LDAP_DEFAULT_SEARCH_FILTER_ATTRS Indicates the default search filter attributes to use, unless explicitly specified by setSearchFilterAttributes.
static int	LDAP_DEFAULT_SEARCH_PRIORITY Indicates the default search priority to use, unless explicitly specified by setSearchPriority.
static int	LDAP_DEFAULT_SIZE_LIMIT Indicates the default size limit to use, unless explicitly specified by setSizeLimit.
static int	LDAP_DEFAULT_TIME_LIMIT Indicates the default time limit to use, unless explicitly specified by setTimeLimit.

Constructor Summary

LDAPConfiguration(String hostname)

Constructs an LDAPConfiguration for an LDAP server using hostname with the default port number, LDAP_DEFAULT_PORT_NUMBER.

LDAPConfiguration(String descriptiveName, InetAddress networkAddress, int portNumber)

Constructs an LDAPConfiguration for an LDAP server using an identifying name, descriptiveName whose address and port number is given in networkAddress and portNumber respectively.

Method Summary

int	getAuthType() Returns the authorization type to be used to connect to this LDAP host.
String	getBaseDNAttrs() Returns the base DN attributes string.
String	getCertificateAttrs() Returns the certificate attributes string of directory attributes that can have certificates as their values.
String	getCertificateRevocationAttrs() Returns the certificate revocation attributes string of directory attributes that have CRLs as their values.
String	getDescriptiveName() Returns the descriptive name of the LDAP server associated with this configuration.
boolean	getDisconnectBeforeConnect() Returns a boolean that indicates whether the LDAP source requires the client to disconnect before performing another operation.
InetAddress	getNetworkAddress() Returns the network address of the LDAP host.
int	getPortNumber() Returns the port number of the LDAP host.
String	getSearchFilterAttrs() Returns the filter attributes string.
int	getSearchPriority() Returns the search priority value that determines the order in which the provider searches multiple LDAP sources.
String	getSearchRoot() Returns the search root string.
int	getSizeLimit() Returns the limit on the number of entries to return from the search.
int	getTimeLimit() Returns the limit on the number of seconds to spend on the search.
void	setAuthType(int authType) Sets the authorization type to be used for connection to this LDAP host to authType.
void	setBaseDNAttrs(String baseDNAttrs) Sets the base DN attributes string to baseDNAttrs.
void	setCertificateAttrs(String certificateAttrs) Sets the certificate attributes string to certificateAttrs.
void	setCertificateRevocationAttrs(String certificateRevocationAttrs) Sets the certificate revocation attributes string to certificateRevocationAttrs.
void	setDisconnectBeforeConnect(boolean disconnectBeforeConnect) Sets the disconnect-before-connect value to disconnectBeforeConnect.
void	setSearchFilterAttrs(String searchFilterAttrs) Sets the search filter attributes string to searchFilterAttrs.
void	setSearchPriority(int searchPriority) Sets the search priority value to searchPriority.
void	setSearchRoot(String searchRoot) Sets the search root string to searchRoot.
void	setSizeLimit(int sizeLimit) Sets the the limit on the number of entries to return from the search to sizeLimit.
void	setTimeLimit(int timeLimit) Sets the limit on the number of seconds to spend on the search to timeLimit.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LDAP_AUTH_NONE

public static final int LDAP_AUTH_NONE

Indicates that no authentication is required when connecting to the LDAP server.

LDAP_AUTH_SIMPLE

public static final int LDAP_AUTH_SIMPLE

Indicates that simple authentication is required. The user name and password are used to authenticate the user when connecting to the LDAP server.

LDAP_DEFAULT_AUTH_TYPE

public static final int LDAP_DEFAULT_AUTH_TYPE

Indicates the default authentication type to use, unless explicitly specified by setAuthType.

LDAP_DEFAULT_PORT_NUMBER

public static final int LDAP_DEFAULT_PORT_NUMBER

Indicates the default port number to use, unless explicitly specified at object construction time.

LDAP_DEFAULT_SIZE_LIMIT

public static final int LDAP_DEFAULT_SIZE_LIMIT

Indicates the default size limit to use, unless explicitly specified by setSizeLimit.

See Also

setSizeLimit(int)

LDAP_DEFAULT_TIME_LIMIT

public static final int LDAP_DEFAULT_TIME_LIMIT

Indicates the default time limit to use, unless explicitly specified by setTimeLimit.

See Also

setTimeLimit(int)

LDAP_DEFAULT_BASE_DN_ATTRS

public static final String LDAP_DEFAULT_BASE_DN_ATTRS

Indicates the default base DN attributes to use, unless explicitly specified by setDNAttributes.

See Also

setBaseDNAttrs(java.lang.String)

LDAP_DEFAULT_SEARCH_FILTER_ATTRS

public static final String LDAP_DEFAULT_SEARCH_FILTER_ATTRS

Indicates the default search filter attributes to use, unless explicitly specified by setSearchFilterAttributes.

See Also

setSearchFilterAttrs(java.lang.String)

LDAP_DEFAULT_CERTIFICATE_ATTRS

public static final String LDAP_DEFAULT_CERTIFICATE_ATTRS

Indicates the default certificate attributes to use, unless explicitly specified by setCertificateAttrs.

See Also

setCertificateAttrs(java.lang.String)

LDAP_DEFAULT_CERTIFICATE_REVOCATION_ATTRS

public static final String LDAP_DEFAULT_CERTIFICATE_REVOCATION_ATTRS

Indicates the default certificate revocation attributes to use, unless explicitly specified by setCertificateRevocationAttrs.

See Also

setCertificateRevocationAttrs(java.lang.String)

LDAP_DEFAULT_SEARCH_PRIORITY

public static final int LDAP_DEFAULT_SEARCH_PRIORITY

Indicates the default search priority to use, unless explicitly specified by setSearchPriority.

See Also

setSearchPriority(int)

LDAP_DEFAULT_DISCONNECT_BEFORE_CONNECT

public static final boolean LDAP_DEFAULT_DISCONNECT_BEFORE_CONNECT

Indicates the default disconnect-before-connect boolean value, unless explicitly specified by setDisconnectBeforeConnect.

See Also

setDisconnectBeforeConnect(boolean)

Constructor Detail

LDAPConfiguration

public LDAPConfiguration(String descriptiveName,
                         InetAddress networkAddress,
                         int portNumber)

Constructs an LDAPConfiguration for an LDAP server using an identifying name, descriptiveName whose address and port number is given in networkAddress and portNumber respectively.

Parameters

	descriptiveName		A String that indicates a descriptive name for this LDAP server. The application can use this string to display the server name to the end-user.
	networkAddress		An InetAddress that indicates the network address for the LDAP host.
	portNumber		An int that indicates the TCP LDAP port number of the LDAP server.

LDAPConfiguration

public LDAPConfiguration(String hostname)
                  throws UnknownHostException

Constructs an LDAPConfiguration for an LDAP server using hostname with the default port number, LDAP_DEFAULT_PORT_NUMBER.

Parameters

hostname

A String that indicates the name of the LDAP host.

Throws

UnknownHostException - If the conversion from the host name to a network address failed.

Method Detail

getDescriptiveName

public String getDescriptiveName()

Returns the descriptive name of the LDAP server associated with this configuration.

Returns

A String that indicates the descriptive name of this LDAP server. The application can use this string to display the server name to the end-user.

getNetworkAddress

public InetAddress getNetworkAddress()

Returns the network address of the LDAP host.

Returns

An InetAddress that indicates the network address of this LDAP server.

getPortNumber

public int getPortNumber()

Returns the port number of the LDAP host.

Returns

An int that indicates the port number of this LDAP server.

getAuthType

public int getAuthType()

Returns the authorization type to be used to connect to this LDAP host. Possible values are:

LDAP_AUTH_NONE (0) - Indicates that no authorization is required.

LDAP_AUTH_SIMPLE (1) - Indicates that simple authorization, by a username and password that authenticate the user, is required.

Returns

An int that indicates the authorization type to be used to connect to this LDAP server.

setAuthType

public void setAuthType(int authType)

Sets the authorization type to be used for connection to this LDAP host to authType. Possible values are:

LDAP_AUTH_NONE (0) - Indicates that no authorization is required.

LDAP_AUTH_SIMPLE (1) - Indicates that simple authorization, by a username and password that authenticate the user, is required.

Parameters

authType

An int that indicates the authorization type to be used to connect to this LDAP server.

getSizeLimit

public int getSizeLimit()

Returns the limit on the number of entries to return from the search. A value of zero means no limit has been set.

Returns

An int that indicates the limit on the number of entries in the search results.

setSizeLimit

public void setSizeLimit(int sizeLimit)

Sets the the limit on the number of entries to return from the search to sizeLimit. If this value is set to 0, there are no limits on the number of entries returned.

Parameters

sizeLimit

An int that indicates the limit on the number of entries in the search results.

getTimeLimit

public int getTimeLimit()

Returns the limit on the number of seconds to spend on the search. A value of zero means no limit has been set.

Returns

An int that indicates the limit on the number of seconds to spend on the search.

setTimeLimit

public void setTimeLimit(int timeLimit)

Sets the limit on the number of seconds to spend on the search to timeLimit. If this value is set to 0, there are no limits on the search time.

Parameters

timeLimit

An int that indicates the limit on the number of seconds to spend on the search.

getBaseDNAttrs

public String getBaseDNAttrs()

Returns the base DN attributes string. This string consists of a comma-separated list of DN attributes. For example: o,c. Spaces may follow the commas, but are optional.

Returns

A String that indicates the base DN attributes to be used for LDAP searches.

setBaseDNAttrs

public void setBaseDNAttrs(String baseDNAttrs)

Sets the base DN attributes string to baseDNAttrs. It is a string consisting of a comma-separated list of DN attributes. Example: o,c. Spaces may follow the commas, but are optional.

Parameters

baseDNAttrs

A String that indicates the base DN attributes to be used for LDAP searches.

getSearchRoot

public String getSearchRoot()

Returns the search root string. If a search using the given subject name or given base DN has failed, this string is used as the base DN from which a new search should start.

Returns

A String that indicates the search root string to be used for LDAP searches.

setSearchRoot

public void setSearchRoot(String searchRoot)

Sets the search root string to searchRoot. If a search using the given subject name or given base DN has failed, this string is used as the base DN from which a search should start.

Parameters

searchRoot

A String that indicates the search root string to be used for LDAP searches.

getSearchFilterAttrs

public String getSearchFilterAttrs()

Returns the filter attributes string. The string is used as the search filter when retrieving a certificate by subject name. It follows the same syntax as a baseDNAttrs string.

Returns

A String that indicates the search filter attributes string to be used for LDAP searches.

setSearchFilterAttrs

public void setSearchFilterAttrs(String searchFilterAttrs)

Sets the search filter attributes string to searchFilterAttrs. This string is used as the search filter when retrieving a certificate or CRL by subject name. It follows the same syntax as a baseDNAttrs string.

Parameters

searchFilterAttrs

A String that indicates the search filter attributes string to be used for LDAP searches.

getCertificateAttrs

public String getCertificateAttrs()

Returns the certificate attributes string of directory attributes that can have certificates as their values. It should include both end-entity and CA certificate attributes; for example, userCertificate;binary, cACertificate;binary. In many LDAP schemas, both of these entry attributes can have a certificate as their value. This string follows the same syntax as a baseDNAttrs string.

Returns

A String that indicates the certificate attributes string to be used for LDAP searches.

setCertificateAttrs

public void setCertificateAttrs(String certificateAttrs)

Sets the certificate attributes string to certificateAttrs. This string indicates directory attribute(s) that can have certificates as their values. It should include both end-entity and CA certificate attributes, for example; userCertificate;binary, cACertificate;binary. In many LDAP schemas, both of these directory attributes can have a certificate as their value. This string follows the same syntax as a baseDNAttrs string.

Parameters

certificateAttrs

A String that indicates the certificate attributes string to be used for LDAP searches.

getCertificateRevocationAttrs

public String getCertificateRevocationAttrs()

Returns the certificate revocation attributes string of directory attributes that have CRLs as their values. It should include both end-entity and CA CRL attributes; for example, authorityRevocationList;binary, certificateRevocationList;binary. In many LDAP schemas, both of these entry attributes can have a CRL as their value. This string follows the same syntax as a baseDNAttrs string.

Returns

A String that indicates the certificate revocation attributes string to be used for LDAP searches.

setCertificateRevocationAttrs

public void setCertificateRevocationAttrs(String certificateRevocationAttrs)

Sets the certificate revocation attributes string to certificateRevocationAttrs. This string indicates directory attribute(s) which that can have CRLs as their values. It should include both end-entity and CA CRL attributes, for example, authorityRevocationList;binary, certificateRevocationList;binary. In many LDAP schemas, both of these directory attributes can have a CRL as their value. This string follows the same syntax as a baseDNAttrs string.

Parameters

certificateRevocationAttrs

A String that indicates the certificate revocation attributes string to be used for LDAP searches.

getSearchPriority

public int getSearchPriority()

Returns the search priority value that determines the order in which the provider searches multiple LDAP sources. Sources with the same priority are searched in arbitrary order. The highest priority is 0.

Returns

An int that indicates the search priority value.

setSearchPriority

public void setSearchPriority(int searchPriority)

Sets the search priority value to searchPriority. The value determines the order in which the provider searches multiple LDAP sources. Sources with the same priority are searched in arbitrary order. The highest priority is 0.

Parameters

searchPriority

An int that indicates the search priority value.

getDisconnectBeforeConnect

public boolean getDisconnectBeforeConnect()

Returns a boolean that indicates whether the LDAP source requires the client to disconnect before performing another operation.

• If the disconnection is required, the value is true.
• If more than one operation can be performed with the same LDAP connection, the value is false.

Returns

A boolean that indicates whether the LDAP source requires the client to disconnect before performing another operation.

setDisconnectBeforeConnect

public void setDisconnectBeforeConnect(boolean disconnectBeforeConnect)

Sets the disconnect-before-connect value to disconnectBeforeConnect. This value indicates whether the LDAP source requires the client to disconnect before performing another operation. If disconnection is required, set the value to true; if more than one operation can be performed with the same LDAP connection, set this value to false to enhance performance.

Parameters

disconnectBeforeConnect

A boolean that indicates whether the LDAP source requires the client to disconnect before performing another operation.