Package com.ibm.di.plugin.pwstore.ldap

Class IDIPasswordStore

  • public class IDIPasswordStore
extends java.lang.Object
    IDIPasswordStore is the class that provides function to access LDAP servers for the purpose of updating a specified server with userid and password information. A properties file is read in when the object is constructed. Information in the properties file specifies the credentials for access to the server as well as other tailorable configuration information. This information includes location of keystore files for SSL access and asymmetric encryption using RSA of the password data (see the IDIPasswordCrypto class for decryption). The SSL connection processing assumes that the client keystore file which contains both client's certificate and servers signer certification. A simple usage would be as follows: When stowPassword(uid,userfullname,password) is invoked, the ibm-diPerson object defined in the LDAP DIT is modified to have the specified password. If the ibm-diPerson object for the specified uid does not exist, a new one is created.

    • Constructor Summary

      Constructors 
      Constructor Description
      IDIPasswordStore​(PWSyncLog log)
      Construct and initialize an IDIPasswordStore object.

    • Method Summary

      All Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      boolean addPasswordValues​(PasswordChange change)
      This method adds the password values specified, for specified uid.
      boolean addPasswordValues​(java.lang.String uid, java.util.Vector<java.lang.String> newPasswords)
      Deprecated.
      boolean deletePasswordValues​(PasswordChange change)
      deletePasswordValues: removes the password values specified, for specified ui The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy.
      boolean deletePasswordValues​(java.lang.String uid, java.util.Vector<java.lang.String> newPasswords)
      Deprecated.
      boolean modifyPassword​(PasswordChange change)
      stowPassword: Changes the password if the user id exists.
      boolean readyToSync()
      readyToSync: attempt initctx to see if LDAP server is available
      boolean setExtendedData​(PasswordChange change)
      Write additional information about a user to the Password Store.
      boolean setExtendedData​(java.lang.String id, java.lang.String extendedData)
      Deprecated.
      boolean stowPassword​(java.lang.String uid, java.util.Vector<java.lang.String> newPasswords)
      Deprecated.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • IDIPasswordStore

        public IDIPasswordStore​(PWSyncLog log)
                 throws java.io.IOException
        Construct and initialize an IDIPasswordStore object. The initialization includes loading the properties file. The properties file: idipwsync.props must be located in a directory on the CLASSPATH environment setting. To generate a template properties file that encodes passwords for the keystore and ldap login use "java com.ibm.di.plugin.idipwsync.GenPropertiesFile". Refer to readme_idipwsync.html for details on setting up a properties file.
        Parameters:
        log - the place to log in
        Throws:
        java.io.IOException - Thrown when attempting to load properties file

    • Method Detail

      • addPasswordValues

        public boolean addPasswordValues​(PasswordChange change)
        This method adds the password values specified, for specified uid. The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI AssemblyLine or other strategy. Null passwords will not be stored. Zero length passwords will be encoded and encrypted and will required decoding via IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP updates in asynchronous mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).
        Parameters:
        uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell.
        newPasswords - A vector representing stored, decoded passwords, vector must have length > 0, null entries are not stored.
        Returns:
        boolean true if successful.

      • addPasswordValues

        @Deprecated
public boolean addPasswordValues​(java.lang.String uid,
                                 java.util.Vector<java.lang.String> newPasswords)
        Deprecated.

      • deletePasswordValues

        public boolean deletePasswordValues​(PasswordChange change)
        deletePasswordValues: removes the password values specified, for specified ui The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Null passwords will not be processed. Zero length passwords will be encoded and encrypted for matching via the IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).
        Parameters:
        uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell
        newPasswords - A vector representing decoded passwords to be removed, must have length > 0, null entries are not processed.
        Returns:
        boolean true if succesful

      • deletePasswordValues

        @Deprecated
public boolean deletePasswordValues​(java.lang.String uid,
                                    java.util.Vector<java.lang.String> newPasswords)
        Deprecated.

      • readyToSync

        public boolean readyToSync()
        readyToSync: attempt initctx to see if LDAP server is available
        Returns:
        boolean true if succesf

      • modifyPassword

        public boolean modifyPassword​(PasswordChange change)
        stowPassword: Changes the password if the user id exists. If password vector specified is null or zero-length, password attribute will be removed from the object for specified uid. Otherwise, create a new entry. The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Null passwords will not be stored. Zero length passwords will be encoded and encrypted and will required decodeing via IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).
        Parameters:
        uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell
        newPasswords - A vector representing stored, decoded password, vector must have length > 0, null entries will not be stored.
        Returns:
        boolean true if successful

      • stowPassword

        @Deprecated
public boolean stowPassword​(java.lang.String uid,
                            java.util.Vector<java.lang.String> newPasswords)
        Deprecated.

      • setExtendedData

        public boolean setExtendedData​(PasswordChange change)
        Write additional information about a user to the Password Store.
        Parameters:
        id - The user identifier.
        extendedData - The information.
        Returns:
        Whether the operation succeeded.

      • setExtendedData

        @Deprecated
public boolean setExtendedData​(java.lang.String id,
                               java.lang.String extendedData)
        Deprecated.