Versions Compared

Old Version 6

changes.mady.by.user Martin Drápela

Saved on

compared with

New Version 7

changes.mady.by.user Martin Drápela

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: DOCU-2817

...

Include Page
_Maven is the easiest way to install
_Maven is the easiest way to install

Artifact maven dependencies snippet
groupIdinfo.magnolia
artifactIdmagnolia-ldap

...

Code Block
<dependency>
  <groupId>info.magnolia</groupId>
  <artifactId>magnolia-ldap</artifactId>
</dependency>

...

  • Artifact resource link
    groupIdinfo.magnolia
    artifactIdmagnolia-ldap
    label$artifactId.jar
    renderTypedownload_link
    resourceTypeJAR

Module configuration

Info

Since module version 1.9, the configuration of the following is done directly in the user manager:

  • allowPartialResults
  • ignoreGroupsWithIllegalName
  • pageSize
  • envPropertiesPredicate

...

Multiexcerpt
MultiExcerptNameUserManager properties
allowCrossRealmDuplicateNames

optional , default is false

Allows duplicate usernames in different realms. Only applicable to admin realm.

class

required

A class that implements the

Javadoc resource link
rangeHigherVersion5.7
classNameinfo.magnolia.cms.security.UserManager
renderTypeasynchronous
interface UserManager interface.

Implementations:

  • info.magnolia.cms.security.MgnlUserManager manages users stored in Magnolia.
  • info.magnolia.cms.security.ExternalUserManager manages JAAS users.
  • info.magnolia.cms.security.HierarchicalUserManager is a variation of MgnlUserManager that stores users hierarchically using the structure /<path>/<first letter of username>/<first two letters of username> such as /public/j/js/jsmith .
  • info.magnolia.cms.security.DelegatingUserManagerretrieves the user's ACLs.
  • info.magnolia.cms.security.SystemUserManager manages system users such as anonymous and superuser .
disableCache

optional , default is false

Allows to disable caching if set to true .

realmName

required

Realm name corresponding to JAAS login configuration.

allowPartialResults

optional, default is false

Indicates what methods are used to deal with the PartialResultException exception thrown by the LDAP service provider (c.f. java.naming.referral property).

  • true uses the hasMoreElements() and nextElement() methods.
  • false uses the hasMore() and next() methods.

connectionFactory

optional

A subnode which allows to specify a custom connectionFactory .

class

The class that implements the connectionFactory .

The default class used is info.magnolia.jaas.sp.ldap.connection.DefaultConnectionFactory .

Two additional implementations are available:

  • info.magnolia.jaas.sp.ldap.connection.JavaBeanBasedConnectionFactory
    This implementation supports defining properties securityPrincipal and securityCredentials . For usage please see Apache's Generic JavaBean Resources.
  • info.magnolia.jaas.sp.ldap.connection.JNDIResourceConnectionFactory
    This is a JNDI resource based factory. It can be used with com.sun.jndi.ldap.LdapCtxFactory or with info.magnolia.jaas.sp.ldap.connection.jndiresources.MagnoliaLdapContextFactory. For usage please see Apache's Adding Custom Resource Factories.

envPropertiesPredicate

optional

A subnode which specifies the envPropertiesPredicate .

If not defined explicitly then the predicate accepts anything within the following namespaces:

  • java.naming.*  (except credentials and principal)

  • com.sun.jndi.ldap.*

class

The class that implements the envPropertiesPredicate .

The default class is info.magnolia.jaas.sp.ldap.connection.EnvPropertiesDefaultPredicate .

passwordDecoder

optional

A subnode which defines the decoding method of the admin password used by the connectionFactory .

(warning) The decoder is available only with the DefaultConnectionFactory and JavaBeanBasedConnectionFactory connection classes. However, you can also write your own password decoder.

class

The decoder is available in three implementations:

  • info.magnolia.jaas.sp.ldap.connection.password.NoOpPasswordDecoder
    This implementation returns a password without any decoding.
  • info.magnolia.jaas.sp.ldap.connection.password.ActivationKeyBasedPasswordDecoder
    This implementation uses the same set of keys as activation. To gain an encoded password, use the SecurityUtil.encrypt("password") method.

  • info.magnolia.jaas.sp.ldap.connection.password.PasswordManagerBasedPasswordDecoder
    This implementation loads the admin's LDAP password from the Password Manager module.

pageSize

optional, default is 500

Specifies the number of objects to be returned in a single search result.

...