You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2014/05/17 18:39:24 UTC
svn commit: r909093 - in /websites/staging/directory/trunk/content: ./
api/user-guide/2.10-ldap-connection-template.html
Author: buildbot
Date: Sat May 17 16:39:24 2014
New Revision: 909093
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/api/user-guide/2.10-ldap-connection-template.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat May 17 16:39:24 2014
@@ -1 +1 @@
-1595495
+1595506
Modified: websites/staging/directory/trunk/content/api/user-guide/2.10-ldap-connection-template.html
==============================================================================
--- websites/staging/directory/trunk/content/api/user-guide/2.10-ldap-connection-template.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide/2.10-ldap-connection-template.html Sat May 17 16:39:24 2014
@@ -316,6 +316,39 @@
<h2 id="providing-simplified-password-policy-aware-authenticationpassword-modification-methods">Providing Simplified, Password Policy Aware, Authentication/Password Modification Methods</h2>
+<p>One of the most common uses of LDAP is as an identity provider. As such, the most common operation is authentication, and password management. If your LDAP server supports the <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">password policy control</a> then the authenticate method is very handy:</p>
+<div class="codehilite"><pre><span class="c1">// throws PasswordException if authentication fails</span>
+<span class="n">PasswordWarning</span> <span class="n">warning</span> <span class="o">=</span> <span class="n">ldapConnectionTemplate</span><span class="o">.</span><span class="na">authenticate</span><span class="o">(</span>
+ <span class="n">ldapConnectionTemplate</span><span class="o">.</span><span class="na">newDn</span><span class="o">(</span> <span class="s">"uid="</span> <span class="o">+</span> <span class="n">uid</span> <span class="o">+</span> <span class="s">", ou=people, dc=example, dc=com"</span> <span class="o">),</span>
+ <span class="n">password</span> <span class="o">);</span>
+
+<span class="c1">// or if you authenticate using an attrubute not in the dn</span>
+<span class="n">PasswordWarning</span> <span class="n">warning</span> <span class="o">=</span> <span class="n">ldapConnectionTemplate</span><span class="o">.</span><span class="na">authenticate</span><span class="o">(</span>
+ <span class="s">"ou=people,dc=example,dc=com"</span><span class="o">,</span>
+ <span class="s">"(mail=kermitthefrog@muppets.com)"</span><span class="o">,</span>
+ <span class="n">SearchScope</span><span class="o">.</span><span class="na">ONELEVEL</span><span class="o">,</span>
+ <span class="s">"set4now"</span><span class="o">.</span><span class="na">toCharArray</span><span class="o">()</span> <span class="o">);</span>
+</pre></div>
+
+
+<p>In this case, if authentication failed, a PasswordException is thrown. If authentication was successful, any warnings will be returned in the PasswordWarning object, or null will be returned if there are no warnings.</p>
+<p>Modifying a password is just as simple:</p>
+<div class="codehilite"><pre><span class="c1">// using administrator account to modify a users password</span>
+<span class="n">ldapConnectionTemplate</span><span class="o">.</span><span class="na">modifyPassword</span><span class="o">(</span> <span class="n">userDn</span><span class="o">,</span> <span class="n">password</span> <span class="o">);</span>
+
+<span class="c1">// or user account modifying their own password</span>
+<span class="n">ldapConnectionTemplate</span><span class="o">.</span><span class="na">modifyPassword</span><span class="o">(</span> <span class="n">userDn</span><span class="o">,</span> <span class="n">oldPassword</span><span class="o">,</span> <span class="n">password</span> <span class="o">);</span>
+
+<span class="c1">// or if you want want more control</span>
+<span class="n">ldapConnectionTemplate</span><span class="o">.</span><span class="na">modifyPassword</span><span class="o">(</span>
+ <span class="n">userDn</span><span class="o">,</span>
+ <span class="n">oldPassword</span><span class="o">,</span>
+ <span class="n">password</span><span class="o">,</span>
+ <span class="n">asAdmin</span> <span class="o">);</span>
+</pre></div>
+
+
+<p>If you modify the password as an administrator, then the oldPassword is not required, and if your password policy is set to, the password reset flag will be set causing a PasswordWarning to be returned the next time authenticate was called for that user.</p>
<h2 id="other-useful-methods">Other Useful Methods</h2>
<p>The template provides a method that will check the response and throw an exception if the request was not successful. It was designed to be chained:</p>
<div class="codehilite"><pre><span class="c1">// using DN only</span>