java.lang.Object
org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils

public final class LdapUtils extends Object
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final com.unboundid.ldap.sdk.Filter
     
  • Method Summary

    Modifier and Type
    Method
    Description
    static String[]
     
    static String[]
     
    static com.unboundid.ldap.sdk.Filter
    createFilter(String filterTemplate, String... arguments)
     
    static com.unboundid.ldap.sdk.DN
    dn(String dn)
     
    static String
     
    static void
    maybeForkThenBind(com.unboundid.ldap.sdk.LDAPConnection ldap, com.unboundid.ldap.sdk.BindRequest bind, boolean systemBind, ThreadPool threadPool, AbstractRunnable runnable)
    This method submits the bind request over the ldap connection.
    static void
    maybeForkThenBindAndRevert(com.unboundid.ldap.sdk.LDAPConnectionPool ldapPool, com.unboundid.ldap.sdk.BindRequest bind, ThreadPool threadPool, AbstractRunnable runnable)
    This method submits the bind request over one connection from the pool.
    static <T> T
    privilegedConnect(CheckedSupplier<T,com.unboundid.ldap.sdk.LDAPException> supplier)
     
    static String
    relativeName(com.unboundid.ldap.sdk.DN dn)
     
    static void
    search(com.unboundid.ldap.sdk.LDAPConnectionPool ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes)
    This method performs an asynchronous ldap search operation that could have multiple results
    static void
    search(com.unboundid.ldap.sdk.LDAPConnection ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes)
    This method performs an asynchronous ldap search operation that could have multiple results
    static void
    search(com.unboundid.ldap.sdk.LDAPInterface ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes)
    This method performs an asynchronous ldap search operation that could have multiple results
    static void
    searchForEntry(com.unboundid.ldap.sdk.LDAPConnectionPool ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes)
    This method performs an asynchronous ldap search operation that only expects at most one result.
    static void
    searchForEntry(com.unboundid.ldap.sdk.LDAPConnection ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes)
    This method performs an asynchronous ldap search operation that only expects at most one result.
    static void
    searchForEntry(com.unboundid.ldap.sdk.LDAPInterface ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes)
    This method performs an asynchronous ldap search operation that could have multiple results

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • OBJECT_CLASS_PRESENCE_FILTER

      public static final com.unboundid.ldap.sdk.Filter OBJECT_CLASS_PRESENCE_FILTER
  • Method Details

    • dn

      public static com.unboundid.ldap.sdk.DN dn(String dn)
    • privilegedConnect

      public static <T> T privilegedConnect(CheckedSupplier<T,com.unboundid.ldap.sdk.LDAPException> supplier) throws com.unboundid.ldap.sdk.LDAPException
      Throws:
      com.unboundid.ldap.sdk.LDAPException
    • relativeName

      public static String relativeName(com.unboundid.ldap.sdk.DN dn)
    • escapedRDNValue

      public static String escapedRDNValue(String rdn)
    • maybeForkThenBindAndRevert

      public static void maybeForkThenBindAndRevert(com.unboundid.ldap.sdk.LDAPConnectionPool ldapPool, com.unboundid.ldap.sdk.BindRequest bind, ThreadPool threadPool, AbstractRunnable runnable)
      This method submits the bind request over one connection from the pool. The bind authentication is then reverted and the connection is returned to the pool, so that the connection can be safely reused, see LDAPConnectionPool#bindAndRevertAuthentication. This validates the bind credentials. Bind calls are blocking and if a bind is executed on the LDAP Connection Reader thread (as returned by LdapUtils#isLdapConnectionThread), the thread will be blocked until it is interrupted by something else such as a timeout timer. Do not call bind outside this method or maybeForkThenBind(com.unboundid.ldap.sdk.LDAPConnection, com.unboundid.ldap.sdk.BindRequest, boolean, org.elasticsearch.threadpool.ThreadPool, org.elasticsearch.common.util.concurrent.AbstractRunnable)
      Parameters:
      ldapPool - The LDAP connection pool on which to submit the bind operation.
      bind - The request object of the bind operation.
      threadPool - The threads that will call the blocking bind operation, in case the calling thread is a connection reader, see: LdapUtils#isLdapConnectionThread.
      runnable - The runnable that continues the program flow after the bind operation. It is executed on the same thread as the prior bind.
    • maybeForkThenBind

      public static void maybeForkThenBind(com.unboundid.ldap.sdk.LDAPConnection ldap, com.unboundid.ldap.sdk.BindRequest bind, boolean systemBind, ThreadPool threadPool, AbstractRunnable runnable)
      This method submits the bind request over the ldap connection. Its authentication status changes. The connection can be subsequently reused. This validates the bind credentials. Bind calls are blocking and if a bind is executed on the LDAP Connection Reader thread (as returned by LdapUtils#isLdapConnectionThread), the thread will be blocked until it is interrupted by something else such as a timeout timer. Do not call bind outside this method or maybeForkThenBindAndRevert(com.unboundid.ldap.sdk.LDAPConnectionPool, com.unboundid.ldap.sdk.BindRequest, org.elasticsearch.threadpool.ThreadPool, org.elasticsearch.common.util.concurrent.AbstractRunnable)
      Parameters:
      ldap - The LDAP connection on which to submit the bind operation.
      bind - The request object of the bind operation.
      systemBind - true if this bind is a "system" user, configured by an administrator (e.g. bind_dn / bind_password on a realm), false if the bind credentials are supplied by an end user (e.g. basic authentication username / password)
      threadPool - The threads that will call the blocking bind operation, in case the calling thread is a connection reader, see: LdapUtils#isLdapConnectionThread.
      runnable - The runnable that continues the program flow after the bind
    • searchForEntry

      public static void searchForEntry(com.unboundid.ldap.sdk.LDAPInterface ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes)
      This method performs an asynchronous ldap search operation that could have multiple results
    • searchForEntry

      public static void searchForEntry(com.unboundid.ldap.sdk.LDAPConnection ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes)
      This method performs an asynchronous ldap search operation that only expects at most one result. If more than one result is found then this is an error If no results are found, then null will be returned. If the LDAP server returns an error ResultCode then this is handled as a failure
    • searchForEntry

      public static void searchForEntry(com.unboundid.ldap.sdk.LDAPConnectionPool ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<com.unboundid.ldap.sdk.SearchResultEntry> listener, String... attributes)
      This method performs an asynchronous ldap search operation that only expects at most one result. If more than one result is found then this is an error. If no results are found, then null will be returned. If the LDAP server returns an error ResultCode then this is handled as a failure
    • search

      public static void search(com.unboundid.ldap.sdk.LDAPInterface ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes)
      This method performs an asynchronous ldap search operation that could have multiple results
    • search

      public static void search(com.unboundid.ldap.sdk.LDAPConnection ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes)
      This method performs an asynchronous ldap search operation that could have multiple results
    • search

      public static void search(com.unboundid.ldap.sdk.LDAPConnectionPool ldap, String baseDN, com.unboundid.ldap.sdk.SearchScope scope, com.unboundid.ldap.sdk.Filter filter, int timeLimitSeconds, boolean ignoreReferralErrors, ActionListener<List<com.unboundid.ldap.sdk.SearchResultEntry>> listener, String... attributes)
      This method performs an asynchronous ldap search operation that could have multiple results
    • createFilter

      public static com.unboundid.ldap.sdk.Filter createFilter(String filterTemplate, String... arguments) throws com.unboundid.ldap.sdk.LDAPException
      Throws:
      com.unboundid.ldap.sdk.LDAPException
    • attributesToSearchFor

      public static String[] attributesToSearchFor(String[] attributes)
    • attributesToSearchFor

      public static String[] attributesToSearchFor(String[]... args)