Module org.elasticsearch.security
Class LdapRealm
java.lang.Object
org.elasticsearch.xpack.core.security.authc.Realm
org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm
org.elasticsearch.xpack.security.authc.ldap.LdapRealm
- All Implemented Interfaces:
Comparable<Realm>,CachingRealm,ReloadableSecurityComponent
public final class LdapRealm
extends CachingUsernamePasswordRealm
implements ReloadableSecurityComponent
Authenticates username/password tokens against ldap, locates groups and maps them to roles.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.elasticsearch.xpack.core.security.authc.Realm
Realm.Factory -
Field Summary
-
Constructor Summary
ConstructorsConstructorDescriptionLdapRealm(RealmConfig config, SSLService sslService, ResourceWatcherService watcherService, UserRoleMapper userRoleMapper, ThreadPool threadPool) -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult<User>> listener) Given a username and password, open a connection to ldap, bind to authenticate, retrieve groups, map to roles and build the user.protected voiddoLookupUser(String username, ActionListener<User> userActionListener) protected voidhandleCachedAuthentication(User user, ActionListener<AuthenticationResult<User>> listener) handleCachedAuthenticationis called when aUseris retrieved from the cache.voidinitialize(Iterable<Realm> realms, XPackLicenseState licenseState) voidCalled when a reload security settings action is executed.voidusageStats(ActionListener<Map<String, Object>> listener) Methods inherited from class org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm
authenticate, expire, expireAll, getCacheSize, lookupUser, supports, tokenMethods inherited from class org.elasticsearch.xpack.core.security.authc.Realm
compareTo, getAuthenticationFailureHeaders, name, order, realmRef, setRealmRef, toString, typeMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.elasticsearch.xpack.core.security.authc.support.CachingRealm
name
-
Constructor Details
-
LdapRealm
public LdapRealm(RealmConfig config, SSLService sslService, ResourceWatcherService watcherService, UserRoleMapper userRoleMapper, ThreadPool threadPool) throws com.unboundid.ldap.sdk.LDAPException - Throws:
com.unboundid.ldap.sdk.LDAPException
-
-
Method Details
-
doAuthenticate
protected void doAuthenticate(UsernamePasswordToken token, ActionListener<AuthenticationResult<User>> listener) Given a username and password, open a connection to ldap, bind to authenticate, retrieve groups, map to roles and build the user. This user will then be passed to the listener- Specified by:
doAuthenticatein classCachingUsernamePasswordRealm
-
doLookupUser
- Specified by:
doLookupUserin classCachingUsernamePasswordRealm
-
initialize
- Overrides:
initializein classRealm
-
usageStats
- Overrides:
usageStatsin classCachingUsernamePasswordRealm
-
reload
Description copied from interface:ReloadableSecurityComponentCalled when a reload security settings action is executed. The reload operation must be completed when this method returns. Strictly speaking, thesettingsargument should not be accessed outside of this method's call stack, as any values stored in the node's keystore (seeSecureSetting) will not otherwise be retrievable.There is no guarantee that the secure setting's values have actually changed. Hence, it's up to implementor to detect if the actual internal reloading is necessary.
Any failure during the reloading should be signaled by raising an exception.
For additional info, see also:
ReloadablePlugin.reload(Settings).- Specified by:
reloadin interfaceReloadableSecurityComponent- Parameters:
settings- Settings include the initial node's settings and all decrypted secure settings from the keystore. Absence of a particular secure setting may mean that the setting was either never configured or that it was simply removed.
-
handleCachedAuthentication
protected void handleCachedAuthentication(User user, ActionListener<AuthenticationResult<User>> listener) Description copied from class:CachingUsernamePasswordRealmhandleCachedAuthenticationis called when aUseris retrieved from the cache. The firstuserparameter is the user object that was found in the cache. The default implementation returns asuccess resultwith the provided user, but sub-classes can return a differentUserobject, or an unsuccessful result.- Overrides:
handleCachedAuthenticationin classCachingUsernamePasswordRealm
-