java.lang.Object
org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory
org.elasticsearch.xpack.security.authc.ldap.LdapSessionFactory
All Implemented Interfaces:
Closeable, AutoCloseable, ReloadableSecurityComponent

public class LdapSessionFactory extends SessionFactory
This factory creates LDAP connections via iterating through user templates. Note that even though there is a separate factory for Active Directory, this factory would work against AD. A template for each user context would need to be supplied.
  • Constructor Details

  • Method Details

    • session

      public void session(String username, SecureString password, ActionListener<LdapSession> listener)
      This iterates through the configured user templates attempting to open. If all attempts fail, the last exception is kept as the cause of the thrown exception
      Specified by:
      session in class SessionFactory
      Parameters:
      username - a relative name, Not a distinguished name, that will be inserted into the template.
      password - The password of the user
      listener - the listener to call on a failure or result
    • reload

      public void reload(Settings settings)
      Description copied from interface: ReloadableSecurityComponent
      Called when a reload security settings action is executed. The reload operation must be completed when this method returns. Strictly speaking, the settings argument should not be accessed outside of this method's call stack, as any values stored in the node's keystore (see SecureSetting) will not otherwise be retrievable.

      There is no guarantee that the secure setting's values have actually changed. Hence, it's up to implementor to detect if the actual internal reloading is necessary.

      Any failure during the reloading should be signaled by raising an exception.

      For additional info, see also: ReloadablePlugin.reload(Settings).

      Parameters:
      settings - Settings include the initial node's settings and all decrypted secure settings from the keystore. Absence of a particular secure setting may mean that the setting was either never configured or that it was simply removed.