Package com.jalios.ldap

Class LDAPUtil

  • public class LDAPUtil
extends java.lang.Object
    Utilily methods to perform miscelleanous operation related to LDAP.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  LDAPUtil.SRVRecord
      SRV record entry

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String ENTRY_UUID_ATTR
      entryUUID Operational Attribute name.
      static java.lang.String OBJECT_CLASS_ATTR
      "objectClass"
      static java.lang.String OBJECT_GUID_ATTR
      The Active Directory unique identifier for an object.
      static java.lang.String OBJECT_SID_ATTR
      The Active Directory security identifier (SID) of a user.
      The SID is a unique value used to identify the user as a security principal.

    • Constructor Summary

      Constructors 
      Constructor Description
      LDAPUtil()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean checkConnect​(java.lang.String hostname, java.lang.String port, java.lang.String isSSL, java.lang.String bindDN, java.lang.String bindPassword)
      Try a LDAP connection using the given host information and credential.
      static java.lang.String escapeDN​(java.lang.String name)
      Escape certain meta-characters in LDAP DN.
      static java.lang.String escapeLDAPSearchFilter​(java.lang.String filter)
      Escape certain meta-characters of a name for use in LDAP search filter.
      static java.lang.String extractSAMAccountName​(java.lang.String login)
      Retrieve the sAMAccountName from the specified login (if possible).
      static java.lang.String getFirstDomainControllerHostname​(java.lang.String domain)
      Retrieve the first domain controler available for query for the specified windows domain.
      static LDAPUtil.SRVRecord getFirstSrvRecord​(java.lang.String srvRecordName)
      Retrieve the first SRV record value for the specified SRV record name.
      static java.lang.String getGUID​(com.unboundid.ldap.sdk.Attribute objectGUIDAttribute)
      Retrieve a string representation of the specified objectGUID LDAP attribute which contains a globally unique identifier assigned by Active Directory Domain Services when the object instance is created.
      A GUID is a 128-bit number guaranteed to be unique in space and time.
      static byte[] getGUID​(java.lang.String guidStr)
      Retrieve a byte array of the specified 16-byte string representation of a GUID.
      static java.lang.String getGUIDByteString​(java.lang.String guidStr)
      Retrieve a LDAP byte string representation of a GUID, such as \xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx.
      static java.lang.String getSid​(com.unboundid.ldap.sdk.Attribute objectSidAttribute)
      Retrieve a string representation of the specified objectSid LDAP attribute which contains a value that specifies the security identifier (SID) of the user.
      The SID is a unique value used to identify the user as a security principal.
      static java.util.List<LDAPUtil.SRVRecord> getSrvRecords​(java.lang.String srvRecordName)
      Retrieve all SRV record values for the specified SRV record name.
      static java.lang.String getString​(com.unboundid.ldap.sdk.Attribute attribute, java.lang.String defaultValue)
      Return first available value of Attribute attr, or defaultValue if not available.
      static boolean isDescendant​(java.lang.String parentDN, java.lang.String dn)
      Check if the specified DN is a descendant (or the same) as the specified parent DN.
      static boolean isGroupEntry​(com.unboundid.ldap.sdk.SearchResultEntry entry, LDAPConfiguration conf)
      Determines if the given SearchResultEntry is a group entry according to parameters specified by the given LDAPConfiguration object.
      static boolean isUserEntry​(com.unboundid.ldap.sdk.SearchResultEntry entry, LDAPConfiguration conf)
      Determines if the given SearchResultEntry is a user entry according to parameters specified by the given LDAPConfiguration object.
      static boolean isUUID​(java.lang.String str)
      Check if the specified string is a 16-byte string representation of a UUID.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • LDAPUtil

        public LDAPUtil()

    • Method Detail

      • getString

        public static java.lang.String getString​(com.unboundid.ldap.sdk.Attribute attribute,
                                         java.lang.String defaultValue)
        Return first available value of Attribute attr, or defaultValue if not available.
        Parameters:
        attribute - Attribute from which to retrieve value.
        defaultValue - the default value to use if none could be read
        Returns:
        a the first value of attr or defaultValue (never return null unless defaultValue is null).

      • isGroupEntry

        public static boolean isGroupEntry​(com.unboundid.ldap.sdk.SearchResultEntry entry,
                                   LDAPConfiguration conf)
        Determines if the given SearchResultEntry is a group entry according to parameters specified by the given LDAPConfiguration object.
        Parameters:
        entry - the SearchResultEntry to check
        conf - the LDAPConfiguration to use, MUST NOT be null
        Returns:
        true if the entry is a group, false otherwise
        Since:
        jcms-5.7

      • isUserEntry

        public static boolean isUserEntry​(com.unboundid.ldap.sdk.SearchResultEntry entry,
                                  LDAPConfiguration conf)
        Determines if the given SearchResultEntry is a user entry according to parameters specified by the given LDAPConfiguration object.
        Parameters:
        entry - the SearchResultEntry to check
        conf - the LDAPConfiguration to use, MUST NOT be null
        Returns:
        true if the entry is a user, false otherwise
        Since:
        jcms-5.7

      • checkConnect

        public static boolean checkConnect​(java.lang.String hostname,
                                   java.lang.String port,
                                   java.lang.String isSSL,
                                   java.lang.String bindDN,
                                   java.lang.String bindPassword)
        Try a LDAP connection using the given host information and credential.
        Parameters:
        hostname - the hostname of the ldap server to connect to.
        port - the port of the ldap server to connect to.
        isSSL - whether the connection should be made using SSL.
        bindDN - the Distinguished Name to use to bind to the ldap server to connect to.
        bindPassword - the password to use to bind to the ldap server to connect to.
        Returns:
        true if the connection was successful, false if an error occured
        Since:
        jcms-5.7

      • escapeDN

        public static java.lang.String escapeDN​(java.lang.String name)
        Escape certain meta-characters in LDAP DN.
        Parameters:
        name - the name to escape
        Returns:
        the escaped name

      • escapeLDAPSearchFilter

        public static final java.lang.String escapeLDAPSearchFilter​(java.lang.String filter)
        Escape certain meta-characters of a name for use in LDAP search filter.
        Parameters:
        filter - the filter to escape
        Returns:
        the escaped filter

      • extractSAMAccountName

        public static java.lang.String extractSAMAccountName​(java.lang.String login)
        Retrieve the sAMAccountName from the specified login (if possible).

        Support login in Down-Level logon name formats (eg DOMAIN\sAMAccountName).

        Parameters:
        login - a user login
        Returns:
        the extracted sAMAccountName or the original login, never return null.

      • getSid

        public static java.lang.String getSid​(com.unboundid.ldap.sdk.Attribute objectSidAttribute)
        Retrieve a string representation of the specified objectSid LDAP attribute which contains a value that specifies the security identifier (SID) of the user.
        The SID is a unique value used to identify the user as a security principal.
        Parameters:
        objectSidAttribute - the objectSid as retrieved from
        Returns:
        a SID string such as "S-1-5-21-2029357233-986718560-1400240716-2155", or null if it could not be extracted

      • getFirstDomainControllerHostname

        public static java.lang.String getFirstDomainControllerHostname​(java.lang.String domain)
        Retrieve the first domain controler available for query for the specified windows domain.

        This methods looks for all SRV record "_ldap._tcp.dc._msdcs.{domain}" and return the first one as defined by priority and weight in all records.

        Parameters:
        domain - a windows domain name
        Returns:
        the hostname of the first domain controler available, or null if it could not be found
        Since:
        jcms-8.0.1

      • getFirstSrvRecord

        public static LDAPUtil.SRVRecord getFirstSrvRecord​(java.lang.String srvRecordName)
        Retrieve the first SRV record value for the specified SRV record name.
        Parameters:
        srvRecordName - the name of the SRV record to query, ie "_sip._tcp.example.com."
        Returns:
        the first SRVRecord in the order of the priority and weight defined in all srv results, or null if none could not be found
        Since:
        jcms-8.0.1

      • getSrvRecords

        public static java.util.List<LDAPUtil.SRVRecord> getSrvRecords​(java.lang.String srvRecordName)
        Retrieve all SRV record values for the specified SRV record name.
        Parameters:
        srvRecordName - the name of the SRV record to query, ie "_sip._tcp.example.com."
        Returns:
        a SortedSet of all SRVRecord, in the order of the priority and weight defined in all srv results, never return null
        Since:
        jcms-8.0.1

      • getGUID

        public static java.lang.String getGUID​(com.unboundid.ldap.sdk.Attribute objectGUIDAttribute)
        Retrieve a string representation of the specified objectGUID LDAP attribute which contains a globally unique identifier assigned by Active Directory Domain Services when the object instance is created.
        A GUID is a 128-bit number guaranteed to be unique in space and time.
        sing objectGUID to Bind to an Object
        Parameters:
        objectGUIDAttribute - the objectGUID as retrieved from AD
        Returns:
        a GUID string such as "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", or null if it could not be extracted

      • isUUID

        public static boolean isUUID​(java.lang.String str)
        Check if the specified string is a 16-byte string representation of a UUID.

        Parameters:
        str - any value to check
        Returns:
        true if specified string is a UUID, false otherwise

      • getGUID

        public static byte[] getGUID​(java.lang.String guidStr)
        Retrieve a byte array of the specified 16-byte string representation of a GUID.
        Parameters:
        guidStr - 16-byte string representation of a GUID such as "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
        Returns:
        a byte array of the GUID or null if it could not be extracted

      • getGUIDByteString

        public static java.lang.String getGUIDByteString​(java.lang.String guidStr)
        Retrieve a LDAP byte string representation of a GUID, such as \xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx\xx.
        Parameters:
        guidStr - 16-byte string representation of a GUID such as "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
        Returns:
        a byte array of the GUID or null if it could not be extracted

      • isDescendant

        public static boolean isDescendant​(java.lang.String parentDN,
                                   java.lang.String dn)
        Check if the specified DN is a descendant (or the same) as the specified parent DN.
        Parameters:
        parentDN - the DN used as possible ancestor, must not be null or empty
        dn - the DN verified to be a descendant (or the same) of the first one, must not be null or empty
        Returns:
        true if specified DN is a descendant of specified parent, false if dn is NOT a descendant of the specified parent DN
        Since:
        10.0.3 - JCMS-7453