Package com.unboundid.directory.sdk.ds.scripting

Class ScriptedIdentityMapper

  • All Implemented Interfaces:
    Configurable, Reconfigurable<IdentityMapperConfig>
    @Extensible
@DirectoryServerExtension
@DirectoryProxyServerExtension(appliesToLocalContent=true,
                               appliesToRemoteContent=false)
@SynchronizationServerExtension(appliesToLocalContent=true,
                                appliesToSynchronizedContent=false)
@ThreadSafety(level=INTERFACE_THREADSAFE)
public abstract class ScriptedIdentityMapper
extends java.lang.Object
implements Reconfigurable<IdentityMapperConfig>
    This class defines an API that must be implemented by scripted extensions which attempt to map a username to a user defined in the server. This is generally used when processing an authorization ID, as might be provided when performing SASL authentication or in a control like the proxied authorization or intermediate client controls. In order for the mapping to be established, the identity mapper must locate exactly one entry in the server corresponding to the provided username. If no entries are found, or if multiple entries are found, then the mapping attempt must fail.

    Configuring Groovy-Scripted Identity Mappers

    In order to configure a scripted identity mapper based on this API and written in the Groovy scripting language, use a command like: 
          dsconfig create-identity-mapper \
           --mapper-name "{mapper-name}" \
           --type groovy-scripted \
           --set enabled:true \
           --set "script-class:{class-name}" \
           --set "script-argument:{name=value}"
    where "{mapper-name}" is the name to use for the identity mapper instance, "{class-name}" is the fully-qualified name of the Groovy class written using this API, and "{name=value}" represents name-value pairs for any arguments to provide to the identity mapper. If multiple arguments should be provided to the identity mapper, then the "--set script-argument:{name=value}" option should be provided multiple times.
    See Also:
    IdentityMapper

    • Constructor Detail

      • ScriptedIdentityMapper

        public ScriptedIdentityMapper()
        Creates a new instance of this identity mapper. All identity mapper implementations must include a default constructor, but any initialization should generally be done in the initializeIdentityMapper method.

    • Method Detail

      • defineConfigArguments

        public void defineConfigArguments​(ArgumentParser parser)
                           throws ArgumentException
        Updates the provided argument parser to define any configuration arguments which may be used by this extension. The argument parser may also be updated to define relationships between arguments (e.g., to specify required, exclusive, or dependent argument sets).
        Specified by:
        defineConfigArguments in interface Configurable
        Parameters:
        parser - The argument parser to be updated with the configuration arguments which may be used by this extension.
        Throws:
        ArgumentException - If a problem is encountered while updating the provided argument parser.

      • initializeIdentityMapper

        public void initializeIdentityMapper​(DirectoryServerContext serverContext,
                                     IdentityMapperConfig config,
                                     ArgumentParser parser)
                              throws LDAPException
        Initializes this identity mapper.
        Parameters:
        serverContext - A handle to the server context for the server in which this extension is running.
        config - The general configuration for this identity mapper.
        parser - The argument parser which has been initialized from the configuration for this identity mapper.
        Throws:
        LDAPException - If a problem occurs while initializing this identity mapper.

      • finalizeIdentityMapper

        public void finalizeIdentityMapper()
        Performs any cleanup which may be necessary when this identity mapper is to be taken out of service.

      • isConfigurationAcceptable

        public boolean isConfigurationAcceptable​(IdentityMapperConfig config,
                                         ArgumentParser parser,
                                         java.util.List<java.lang.String> unacceptableReasons)
        Indicates whether the configuration represented by the provided argument parser is acceptable for use by this extension. The parser will have been used to parse any configuration available for this extension, and any automatic validation will have been performed. This method may be used to perform any more complex validation which cannot be performed automatically by the argument parser.
        Specified by:
        isConfigurationAcceptable in interface Reconfigurable<IdentityMapperConfig>
        Parameters:
        config - The general configuration for this extension.
        parser - The argument parser that has been used to parse the proposed configuration for this extension.
        unacceptableReasons - A list to which messages may be added to provide additional information about why the provided configuration is not acceptable.
        Returns:
        true if the configuration in the provided argument parser appears to be acceptable, or false if not.

      • applyConfiguration

        public ResultCode applyConfiguration​(IdentityMapperConfig config,
                                     ArgumentParser parser,
                                     java.util.List<java.lang.String> adminActionsRequired,
                                     java.util.List<java.lang.String> messages)
        Attempts to apply the configuration from the provided argument parser to this extension.
        Specified by:
        applyConfiguration in interface Reconfigurable<IdentityMapperConfig>
        Parameters:
        config - The general configuration for this extension.
        parser - The argument parser that has been used to parse the new configuration for this extension.
        adminActionsRequired - A list to which messages may be added to provide additional information about any additional administrative actions that may be required to apply some of the configuration changes.
        messages - A list to which messages may be added to provide additional information about the processing performed by this method.
        Returns:
        A result code providing information about the result of applying the configuration change. A result of SUCCESS should be used to indicate that all processing completed successfully. Any other result will indicate that a problem occurred during processing.

      • mapUsername

        public abstract java.lang.String mapUsername​(java.lang.String username)
                                      throws LDAPException
        Performs any processing which may be necessary to map the provided username to a user within the server.
        Parameters:
        username - The username to be mapped to a user within the server.
        Returns:
        The DN of the user within the server to which the provided username corresponds.
        Throws:
        LDAPException - If the provided username cannot be mapped to exactly one user in the server.