Module org.elasticsearch.security
Class LdapUtils
java.lang.Object
org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final com.unboundid.ldap.sdk.Filter -
Method Summary
Modifier and TypeMethodDescriptionstatic String[]attributesToSearchFor(String[] attributes) static String[]attributesToSearchFor(String[]... args) static com.unboundid.ldap.sdk.FiltercreateFilter(String filterTemplate, String... arguments) static com.unboundid.ldap.sdk.DNstatic StringescapedRDNValue(String rdn) static voidmaybeForkThenBind(com.unboundid.ldap.sdk.LDAPConnection ldap, com.unboundid.ldap.sdk.BindRequest bind, boolean systemBind, ThreadPool threadPool, AbstractRunnable runnable) This method submits thebindrequest over the ldap connection.static voidmaybeForkThenBindAndRevert(com.unboundid.ldap.sdk.LDAPConnectionPool ldapPool, com.unboundid.ldap.sdk.BindRequest bind, ThreadPool threadPool, AbstractRunnable runnable) This method submits thebindrequest over one connection from the pool.static <T> TprivilegedConnect(CheckedSupplier<T, com.unboundid.ldap.sdk.LDAPException> supplier) static StringrelativeName(com.unboundid.ldap.sdk.DN dn) static voidsearch(com.unboundid.ldap.sdk.LDAPConnectionPool ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes) This method performs an asynchronous ldap search operation that could have multiple resultsstatic voidsearch(com.unboundid.ldap.sdk.LDAPConnection ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes) This method performs an asynchronous ldap search operation that could have multiple resultsstatic voidsearch(com.unboundid.ldap.sdk.LDAPInterface ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes) This method performs an asynchronous ldap search operation that could have multiple resultsstatic voidsearchForEntry(com.unboundid.ldap.sdk.LDAPConnectionPool ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes) This method performs an asynchronous ldap search operation that only expects at most one result.static voidsearchForEntry(com.unboundid.ldap.sdk.LDAPConnection ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes) This method performs an asynchronous ldap search operation that only expects at most one result.static voidsearchForEntry(com.unboundid.ldap.sdk.LDAPInterface ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes) This method performs an asynchronous ldap search operation that could have multiple results
-
Field Details
-
OBJECT_CLASS_PRESENCE_FILTER
public static final com.unboundid.ldap.sdk.Filter OBJECT_CLASS_PRESENCE_FILTER
-
-
Method Details
-
dn
-
privilegedConnect
public static <T> T privilegedConnect(CheckedSupplier<T, com.unboundid.ldap.sdk.LDAPException> supplier) throws com.unboundid.ldap.sdk.LDAPException- Throws:
com.unboundid.ldap.sdk.LDAPException
-
relativeName
-
escapedRDNValue
-
maybeForkThenBindAndRevert
public static void maybeForkThenBindAndRevert(com.unboundid.ldap.sdk.LDAPConnectionPool ldapPool, com.unboundid.ldap.sdk.BindRequest bind, ThreadPool threadPool, AbstractRunnable runnable) This method submits thebindrequest over one connection from the pool. The bind authentication is then reverted and the connection is returned to the pool, so that the connection can be safely reused, seeLDAPConnectionPool#bindAndRevertAuthentication. This validates the bind credentials. Bind calls are blocking and if a bind is executed on the LDAP Connection Reader thread (as returned byLdapUtils#isLdapConnectionThread), the thread will be blocked until it is interrupted by something else such as a timeout timer. Do not call bind outside this method ormaybeForkThenBind(com.unboundid.ldap.sdk.LDAPConnection, com.unboundid.ldap.sdk.BindRequest, boolean, org.elasticsearch.threadpool.ThreadPool, org.elasticsearch.common.util.concurrent.AbstractRunnable)- Parameters:
ldapPool- The LDAP connection pool on which to submit the bind operation.bind- The request object of the bind operation.threadPool- The threads that will call the blocking bind operation, in case the calling thread is a connection reader, see:LdapUtils#isLdapConnectionThread.runnable- The runnable that continues the program flow after the bind operation. It is executed on the same thread as the prior bind.
-
maybeForkThenBind
public static void maybeForkThenBind(com.unboundid.ldap.sdk.LDAPConnection ldap, com.unboundid.ldap.sdk.BindRequest bind, boolean systemBind, ThreadPool threadPool, AbstractRunnable runnable) This method submits thebindrequest over the ldap connection. Its authentication status changes. The connection can be subsequently reused. This validates the bind credentials. Bind calls are blocking and if a bind is executed on the LDAP Connection Reader thread (as returned byLdapUtils#isLdapConnectionThread), the thread will be blocked until it is interrupted by something else such as a timeout timer. Do not call bind outside this method ormaybeForkThenBindAndRevert(com.unboundid.ldap.sdk.LDAPConnectionPool, com.unboundid.ldap.sdk.BindRequest, org.elasticsearch.threadpool.ThreadPool, org.elasticsearch.common.util.concurrent.AbstractRunnable)- Parameters:
ldap- The LDAP connection on which to submit the bind operation.bind- The request object of the bind operation.systemBind-trueif this bind is a "system" user, configured by an administrator (e.g. bind_dn / bind_password on a realm),falseif the bind credentials are supplied by an end user (e.g. basic authentication username / password)threadPool- The threads that will call the blocking bind operation, in case the calling thread is a connection reader, see:LdapUtils#isLdapConnectionThread.runnable- The runnable that continues the program flow after the bind
-
searchForEntry
public static void searchForEntry(com.unboundid.ldap.sdk.LDAPInterface ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes) This method performs an asynchronous ldap search operation that could have multiple results -
searchForEntry
public static void searchForEntry(com.unboundid.ldap.sdk.LDAPConnection ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes) This method performs an asynchronous ldap search operation that only expects at most one result. If more than one result is found then this is an error If no results are found, thennullwill be returned. If the LDAP server returns an errorResultCodethen this is handled as afailure -
searchForEntry
public static void searchForEntry(com.unboundid.ldap.sdk.LDAPConnectionPool ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes) This method performs an asynchronous ldap search operation that only expects at most one result. If more than one result is found then this is an error. If no results are found, thennullwill be returned. If the LDAP server returns an errorResultCodethen this is handled as afailure -
search
public static void search(com.unboundid.ldap.sdk.LDAPInterface ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes) This method performs an asynchronous ldap search operation that could have multiple results -
search
public static void search(com.unboundid.ldap.sdk.LDAPConnection ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes) This method performs an asynchronous ldap search operation that could have multiple results -
search
public static void search(com.unboundid.ldap.sdk.LDAPConnectionPool ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes) This method performs an asynchronous ldap search operation that could have multiple results -
createFilter
public static com.unboundid.ldap.sdk.Filter createFilter(String filterTemplate, String... arguments) throws com.unboundid.ldap.sdk.LDAPException - Throws:
com.unboundid.ldap.sdk.LDAPException
-
attributesToSearchFor
-
attributesToSearchFor
-