BzLdapLoginDataProvider
The BzLdapLoginDataProvider is used to authenticate to Windows domains through Active Directory and to LDAP servers. For more information on configuring LDAP servers, refer to [tomcat-url]/BlueZone/ldap.bz.
The BzLdapLoginDataProvider is defined in applicationContext.xml. The default definition is:
<bean id="bzLdapLoginDataProvider"
      class="com.bluezone.w2h.data.BzLdapLoginDataProvider">
      <property name="anonymousBind" value="false" />
      <property name="connectionTimeoutInMilliseconds" value="1000" />
      <property name="bzUserIdFilterArgKey" value="BzUserId" />
      <property name="bzUserPasswordFilterArgKey" value="BzUserPassword" />
      <property name="filter" value="(objectClass=*)" />
      <property name="filterArgs">
          <list>
              <value>BzUserId</value>
              <value>BzUserPassword</value>
          </list>
      </property>
      <property name="providerUrl" value="" />
      <property name="searchBase" value="" />
      <property name="searchControls" ref="ldapSearchControls" />
      <property name="securityAuthentication">
          <null />
      </property>
      <property name="securityPrincipal">
          <null />
      </property>
      <property name="securityCredential">
          <null />
      </property>
</bean>
BzLdapLoginDataProvider properties lists the available properties and their use.
Table 6: BzLdapLoginDataProvider properties
Property Usage
anonymousBind
False by default.
The switch to determine if getData(userId) or getData(userId,Password) is used is set in LoginController.setPasswordRequired(boolean). Modify the setting in dispatcher-servlet.xml.
To lookup all users with no authentication:
If getData(userId) is called and AnonymousBind is true, then no security credentials are used when initializing the LDAP context, this is known as anonymous bind.
To lookup all users with a single admin login:
If getData(userId) is called and AnonmymousBind is false, then the values of getSecurityPrincipal and getSecurityCredential are used to initialize the LDAP context.
To authenticate with values passed into getData(userId, Password):
If getData(userId,Password) is called, then the value of AnonymousBind is ignored and the passed values are always used to authenticate.
connectionTimeoutInMilliseconds The length of time until the connection attempt times out.
bzUserIdFilterArgKey If this key is listed in filterArgs, then it will be replaced with the user ID passed into getData(UserId,Pass).
bzUserPasswordFilterArgKey If this key is listed in filterArgs, then it will be replaced with the password passed into getData(UserId,Pass).
filter
See LDAP filter query references for structure of this filter string. This filter can contain replaceable values, of the form {0}, {1}, etc. The string {0} will be replaced with filterArgs[0] and so on.
See javax.naming.directory.DirContext.search() for the exact rules of the replacement. This allows for the passing of binary data and so on.
filterArgs The list of arguments to the filter to replace the placeholders: {0}, {1}, and so on.
providerUrl
The URL of the ldap server including port. For example, ldap://ldap.virginia.edu:389
searchBase
The base DN to search.
For example, o=University of Virginia,c=US
searchControls The SearchControls object reference.
securityAuthentication
The type/mode of authentication. See javax.naming.Context.SECURITY_AUTHENTICATION for values, "none", "simple", "strong".
Use <null /> for default behavior.
Default behavior:
•  If AnonymousBind is true, then no authentication is passed and the Context.SECURITY_AUTHENTICATION="none".
•  If AnonymousBind is false then either the SecurityPrincipal and SecurityCredential, or the BzUserId and BzUserPassword, are passed and the Context.SECURITY_AUTHENTICATION="simple".
securityPrincipal A user ID. Used with AnonymousBind.
securityCredential A password. Used with AnonymousBind.
Related Links
User data providers (Parent Topic)