com.ibm.di.plugin.pwstore.ldap
Class IDIPasswordStore

java.lang.Object
  extended by com.ibm.di.plugin.pwstore.ldap.IDIPasswordStore

public class IDIPasswordStore
extends Object

IDIPasswordStore is the class that provides function to access LDAP servers for the purpose of updating a specified server with userid and password information. A properties file is read in when the object is constructed. Information in the properties file specifies the credentials for access to the server as well as other tailorable configuration information. This information includes location of keystore files for SSL access and asymmetric encryption using RSA of the password data (see the IDIPasswordCrypto class for decryption). The SSL connection processing assumes that the client keystore file which contains both client's certificate and servers signer certification. A simple usage would be as follows: When stowPassword(uid,userfullname,password) is invoked, the ibm-diPerson object defined in the LDAP DIT is modified to have the specified password. If the ibm-diPerson object for the specified uid does not exist, a new one is created.


Constructor Summary
IDIPasswordStore(PWSyncLog log)
          Construct and initialize an IDIPasswordStore object.
 
Method Summary
 boolean addPasswordValues(PasswordChange change)
          This method adds the password values specified, for specified uid.
 boolean addPasswordValues(String uid, Vector<String> newPasswords)
          Deprecated. 
 boolean deletePasswordValues(PasswordChange change)
          deletePasswordValues: removes the password values specified, for specified ui The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy.
 boolean deletePasswordValues(String uid, Vector<String> newPasswords)
          Deprecated. 
 boolean modifyPassword(PasswordChange change)
          stowPassword: Changes the password if the user id exists.
 boolean readyToSync()
          readyToSync: attempt initctx to see if LDAP server is available
 boolean setExtendedData(PasswordChange change)
          Write additional information about a user to the Password Store.
 boolean setExtendedData(String id, String extendedData)
          Deprecated. 
 boolean stowPassword(String uid, Vector<String> newPasswords)
          Deprecated. 
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

IDIPasswordStore

public IDIPasswordStore(PWSyncLog log)
                 throws IOException
Construct and initialize an IDIPasswordStore object. The initialization includes loading the properties file. The properties file: idipwsync.props must be located in a directory on the CLASSPATH environment setting. To generate a template properties file that encodes passwords for the keystore and ldap login use "java com.ibm.di.plugin.idipwsync.GenPropertiesFile". Refer to readme_idipwsync.html for details on setting up a properties file.

Parameters:
log - the place to log in
Throws:
IOException - Thrown when attempting to load properties file
Method Detail

addPasswordValues

public boolean addPasswordValues(PasswordChange change)
This method adds the password values specified, for specified uid. The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI AssemblyLine or other strategy. Null passwords will not be stored. Zero length passwords will be encoded and encrypted and will required decoding via IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP updates in asynchronous mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).

Parameters:
uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell.
newPasswords - A vector representing stored, decoded passwords, vector must have length > 0, null entries are not stored.
Returns:
boolean true if successful.

addPasswordValues

@Deprecated
public boolean addPasswordValues(String uid,
                                            Vector<String> newPasswords)
Deprecated. 


deletePasswordValues

public boolean deletePasswordValues(PasswordChange change)
deletePasswordValues: removes the password values specified, for specified ui The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Null passwords will not be processed. Zero length passwords will be encoded and encrypted for matching via the IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).

Parameters:
uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell
newPasswords - A vector representing decoded passwords to be removed, must have length > 0, null entries are not processed.
Returns:
boolean true if succesful

deletePasswordValues

@Deprecated
public boolean deletePasswordValues(String uid,
                                               Vector<String> newPasswords)
Deprecated. 


readyToSync

public boolean readyToSync()
readyToSync: attempt initctx to see if LDAP server is available

Returns:
boolean true if succesf

modifyPassword

public boolean modifyPassword(PasswordChange change)
stowPassword: Changes the password if the user id exists. If password vector specified is null or zero-length, password attribute will be removed from the object for specified uid. Otherwise, create a new entry. The clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Null passwords will not be stored. Zero length passwords will be encoded and encrypted and will required decodeing via IDIPasswordCrypto class. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).

Parameters:
uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell
newPasswords - A vector representing stored, decoded password, vector must have length > 0, null entries will not be stored.
Returns:
boolean true if successful

stowPassword

@Deprecated
public boolean stowPassword(String uid,
                                       Vector<String> newPasswords)
Deprecated. 


setExtendedData

public boolean setExtendedData(PasswordChange change)
Write additional information about a user to the Password Store.

Parameters:
id - The user identifier.
extendedData - The information.
Returns:
Whether the operation succeeded.

setExtendedData

@Deprecated
public boolean setExtendedData(String id,
                                          String extendedData)
Deprecated.