IDIPasswordStore (IBM Tivoli Directory Integrator API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.di.plugin.idipwsync
Class IDIPasswordStore

java.lang.Object
  com.ibm.di.plugin.idipwsync.IDIPasswordStore

public class IDIPasswordStore
extends Object
extends Object

IDIPasswordStore is the class provides function to access LDAP servers for the purpose of updating a specified server with userid and password information. A properties file is read in when the object is constructed. Information in the properties file specifies the credentials for access to the server as well as other tailorable configuration information. This information includes location of keystore files for ssl access and asymetric encryption using RSA of the password data (see the IDIPasswordCrypto class for decryption). The ssl connection processing assumes that the client keystore file which contains both client's certificate and servers signer certification. A simple usage would be as follows: When stowPassword(uid,userfullname,password) is invoked, the ibm-diPerson object defined in the LDAP DIT is modified to have the specified password. If the ibm-diPerson object for the specified uid does not exist, a new one is created.

Constructor Summary
`IDIPasswordStore()` Construct and initialize an IDIPasswordStore object.

Method Summary
`boolean`	`addPasswordValues(String uid, Vector newPasswords)` addPasswordValues: adds the password values specified, for specified uid.
`boolean`	`deletePasswordValues(String uid, Vector newPasswords)` deletePasswordValues: removes the password values specified, for specified uid.
`void`	`finalize()` finalize: nullify properties
`static void`	`main(String[] argv)` Use this main to test functionality.
`boolean`	`readyToSync()` readyToSync: attempt initctx to see if LDAP server is available
`boolean`	`stowPassword(String uid, String newPassword)` stowPassword: Changes the password if the user id exists.
`boolean`	`stowPassword(String uid, String newPassword, String extendedData)` stowPassword: Changes the password if the user id exists.
`boolean`	`stowPassword(String uid, Vector newPasswords)` stowPassword: Changes the password if the user id exists.
`String`	`toString()` String value of important object data

Methods inherited from class java.lang.Object
`clone, equals, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Constructor Detail

IDIPasswordStore

public IDIPasswordStore()
                 throws IOException,
                        IDIPasswordStoreMissingPropertyException

Construct and initialize an IDIPasswordStore object. The initialization includes loading the properties file. The properties file: idipwsync.props must be located in a directory on the CLASSPATH environment setting. To generate a template properties file that encodes passwords for the keystore and ldap login use "java com.ibm.di.plugin.idipwsync.GenPropertiesFile". Refer to readme_idipwsync.html for details on setting up a properties file.

Throws:: IOException - Thrown when attempting to load properties file; IDIPasswordStoreMissingPropertyException - Thrown when attempting to load a required property

Method Detail

finalize

public void finalize()

finalize: nullify properties

Overrides:: finalize in class Object

addPasswordValues

public boolean addPasswordValues(String uid,
                                 Vector newPasswords)

addPasswordValues: adds the password values specified, for specified uid. Use of this method requires that the ibm-diextendedData attribute be used for the passwords since it is multivalued. See documentation on the properties file and property value schemaPasswordAttributeName. (eg. schemaPasswordAttributeName=ibm-diExtendedData) Default behavior uses ibm-diPassword attribute which does no support multiple values for passwords. The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Null passwords will not be stored. Zero length passwords will be encoded and encrypted and will required decodeing via IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).

Parameters:: uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell.; newPasswords - A vector representing stored, decoded passwords, vector must have length > 0, null entries are not stored.
Returns:: boolean true if succesful.

deletePasswordValues

public boolean deletePasswordValues(String uid,
                                    Vector newPasswords)

deletePasswordValues: removes the password values specified, for specified uid. Use of this method requires that the ibm-diextendedData attribute be used for the passwords since it is multivalued. See documentation on the properties file and property value schemaPasswordAttributeName. (eg. schemaPasswordAttributeName=ibm-diExtendedData) Default behavior uses ibm-diPassword attribute which does no support multiple values for passwords. The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Null passwords will not be processed. Zero length passwords will be encoded and encrypted for matching via the IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).

Parameters:: uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell; newPasswords - A vector representing decoded passwords to be removed, must have length > 0, null entries are not processed.
Returns:: boolean true if succesful

readyToSync

public boolean readyToSync()

readyToSync: attempt initctx to see if LDAP server is available

Returns:: boolean true if succesful

stowPassword

public boolean stowPassword(String uid,
                            String newPassword)

stowPassword: Changes the password if the user id exists. If password specified is null or zero-length, password attribute will be removed from the object for specified uid. Otherwise, create a new entry. Default behavior uses ibm-diPassword attribute on the ibm-diPerson object which allows the clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Null passwords will not be stored. Zero length passwords will be encoded and encrypted and will required decodeing via IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).

Parameters:: uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell; newPassword - A String representing decoded password. Null entries not stored.
Returns:: boolean true if succesful

stowPassword

public boolean stowPassword(String uid,
                            Vector newPasswords)

stowPassword: Changes the password if the user id exists. If password vector specified is null or zero-length, password attribute will be removed from the object for specified uid. Otherwise, create a new entry. Use of this method requires that the ibm-diextendedData attribute be used for the passwords since it is multivalued. See documentation on the properties file and property value schemaPasswordAttributeName. (eg. schemaPasswordAttributeName=ibm-diExtendedData) Default behavior uses ibm-diPassword attribute which does no support multiple values for passwords. The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Null passwords will not be stored. Zero length passwords will be encoded and encrypted and will required decodeing via IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).

Parameters:: uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell; newPasswords - A vector representing stored, decoded password, vector must have length > 0, null entries will not be stored.
Returns:: boolean true if succesful

stowPassword

public boolean stowPassword(String uid,
                            String newPassword,
                            String extendedData)

stowPassword: Changes the password if the user id exists. If password specified is null, password attribute will be removed from the object for specified uid. If extendedData specified is null, extendedData attribute will be removed from the object for specified uid. Otherwise, create a new entry. Default behavior uses ibm-diPassword attribute on the ibm-diPerson object which allows the clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Null passwords will not be stored. Zero length passwords will be encoded and encrypted and will required decodeing via IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).

Parameters:: uid - a String representing the stored uid, must have lenth > 0, eg. bcampbell; newPassword - a String representing stored, decoded password, must have length > 0, eg. secret, null entries not stored; extendedData - a String representing extra data (eg.the username as displayed by Windows NT, eg. Bob Campbell), null entries not stored
Returns:: boolean true if succesful

toString

public String toString()

String value of important object data

Overrides:: toString in class Object

Returns:: String representing values of instance variables

main

public static void main(String[] argv)

Use this main to test functionality. A properties file must be set up and placed in the Classpath. To set up a properties file use "com.ibm.di.plugin.idipwsync.GenPropertiesFile" It is also assumed that a sample directory setup has been made on the target LDAP server machine.

Parameters:: argv -

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.di.plugin.idipwsync Class IDIPasswordStore

IDIPasswordStore

finalize

addPasswordValues

deletePasswordValues

readyToSync

stowPassword

stowPassword

stowPassword

toString

main

com.ibm.di.plugin.idipwsync
Class IDIPasswordStore