| Name | LDAP Util |
|---|---|
| Product Versions | Confluence v2.x to v2.5,6,7,8.x |
| Author(s) | Andy Brook |
| Homepage | here |
| Price | Free |
| License | BSD |
| Source | SVN, Fisheye |
| Download | latest stable version 1.0.10 jar |
Description/Features
A library that provides a simplified interface to LDAP user lookups that make use of pre-existing LDAP configuration in atlassian-user.xml and (deprecated) osuser.xml.
Install
In order to do this you need to have LDAP authentication setup and working. See LDAP User Management for more details.
Get the dependant JAR's
This plugin has one dependency on commons-digester, providing XML parser support used to process the Confluence atlassian-user.xml file. For JIRA, no such library is required. There are two use cases:
System referenced code (eg the NTLM authenticator for confluence)
In which case, the dependent JAR need to go into WEB-INF/lib, but confluence already comes with a digester jar so there is nothing to do in this scenario.
Confluence plugin (eg the Custom Space User Management plugin)
In which case, the dependant JAR need to be marked as 'compile' dependency of the plugins POM.
| Using ldaputil in confluence plugins If you want to make use of the LDAP util library, you need to have a 'compile' dependency for commons-digester (an earlier version is already bundled with confluence) as its needed for atlassian-user parsing, the additions to your pom should be: <!-- ldap util compile dependency so it gets bundled with the plugin -->
<dependency>
<groupId>com.dolby.confluence.net</groupId>
<artifactId>ldaputil</artifactId>
<version>1.0.10</version>
</dependency>
<!-- atlassian-user.xml parser -->
<dependency>
<groupId>commons-digester</groupId>
<artifactId>commons-digester</artifactId>
<version>1.8</version>
<scope>compile</scope>
</dependency>
|
Release Notes
| Version | Notes |
|---|---|
| 1.0.10 |
|
LDAP Util configuration
Although you don't have to specify any LDAP configuration, some choices are available, if you want to change anything you need to unpack the ldaputil jar and edit ldaputils.properties, or provide it programatically at the point of use.
Common configuration
These could be changed if needed
| Key | Default | Valid Values | Description |
|---|---|---|---|
| ldaputil.providerType | atlassian-user | osuser,atlassian-user | use Atlassian user config |
| ldaputil.ldap.narrowingFilterExpression |
(objectclass=user) | any | this can be used to restrict the LDAP lookup |
| ldaputil.ldap.fullNameFormat | 0 | 0,1 | 0= Lastname, Firstname , 1 = Firstname Lastname (no comma) |
| ldaputil.ldap.forceUserIDCase | 2 | 0,1,2 | 0=force lower, 1=force upper, 2=use reflect stored value |
| ldaputil.ldap.subtreeScope | 2 | 0,1,2 | 0=object scope, 1=one-level scope, 2=subtree scope |
| ldaputil.ldap.emailAliasesLdapAttribute | proxyAddresses | any ldap attribute | 'proxyAddresses' is the Active Directory attribute that houses email aliases |
| ldaputil.ldap.emailAliasesLdapAttributeSearchPrefix | n/a | comma separated values | This prefix will be used to optionally 'pull out email address' from LDAP, I see in Active Directory many entries such as 'smtp:user@company.co.uk'. The values are case sensitive as the comparison is done in Java not LDAP filters, for example 'smtp:,SMTP:' |
| ldaputil.ldap.emailAliasesLdapAttributeParser | n/a | implementer of my ILDAPEmailAliasProcessor, eg LDAPUtilsActiveDirectoryEmailAliasExtractor | If specified, this class handles the extraction of email aliases from an LDAP lookup NamingEnumeration |
Denotes optional field.
Configuration based on 'atlassian-user'
If you are using 'atlassian-user' no changes are required.
Configuration based on 'osuser'
The ldap attribute keys need configuring in the property file (unpack the jar, edit, repack), the existing values are suited to Active Directory - configure as appropriate, and/or comment here for my info. all keys are required.
| Key | Default | Valid Values | Description |
|---|---|---|---|
| ldaputil.osuser.providerClass | com.opensymphony.user.provider.ldap.LDAPCredentialsProvider | any | the provider class containing the ldap configuration in osuser.xml |
| ldaputil.ldap.emailLdapAttribute | any | Mail, this is AD specific, configure as appropriate | |
| ldaputil.ldap.userIdLdapAttribute | sAMAccountName | any | User account ID, this is AD specific, configure as appropriate |
| ldaputil.ldap.firstNameAttribute | givenName | any | First Name, this is AD specific, configure as appropriate |
| ldaputil.ldap.lastNameAttribute | sn | any | Surname, this is AD specific, configure as appropriate |

Comments (9)
Sep 26, 2007
Andy Brook says:
1.0.7 fixes multithreaded access to getUser...1.0.7 fixes multi-threaded access to getUser...
Dec 18, 2007
David Peterson says:
Hey Andy, Just noticed that this library is GPL3. GPL in general is incompatibl...Hey Andy,
Just noticed that this library is GPL-3. GPL in general is incompatible with being included in a commercial product, or a plugin for a commercial product...
I believe that LGPL is compatible, otherwise it may be worth considering an alternate license.
Dec 18, 2007
Andy Brook says:
I'm not sure I see how this could be used in a commercial product, its geared to...I'm not sure I see how this could be used in a commercial product, its geared totally at parsing the atlassian-user and osuser config files, and is equally tied to confluence. Unless someone is reselling confluence I can't see how this could be used commercially!
Heck its only a sax parser and a XML digester! And it wont work with crowd (yet), so applications are limited.
However, I'll read the LGPL and if there isn't anything that I disagree with I'll release a new rev under that license.
Dec 18, 2007
David Peterson says:
Confluence is a commercial product! :) Essentially, the GPL requires that anyth...Confluence is a commercial product!
Essentially, the GPL requires that anything which a GPL'd library is used in must also be released under the GPL, unless a specific exemption is allowed for a given application. The NTLM Authenticator for Confluence does exactly that, for exactly that reason. Kind of a pain, since I've had to avoid many a very good 3rd-party library purely because they were GPL'd...
Dec 18, 2007
Andy Brook says:
I don't think atlassian will ever use this, it's not an issue for Confluence is ...I don't think atlassian will ever use this, it's not an issue for Confluence is it? I see end-users using this, possibly combined with CSUM for instance which is a different kettle of fish. Give me time to get round to it...
Dec 18, 2007
David Peterson says:
It's an issue if anyone else uses it in a plugin. But no rush just noticed it wh...It's an issue if anyone else uses it in a plugin. But no rush - just noticed it when I was checking out some LDAP stuff.
May 15
Andy Brook says:
Next rev will be a BSD, I pretty much picked the license without thinking much. ...Next rev will be a BSD, I pretty much picked the license without thinking much. This version will also work with a mod I have in the pipes for the Jira AbstractMessageHandler class to do some intelligent determination of userID from emailAddress.
Jun 01
Neil Crow says:
Hi Andy, I was trying to get the JIRAEXT:Admin facilitation activities (afa plug...Hi Andy,
I was trying to get the Admin facilitation activities (afa plugin) working for jira, and was battling with the ldap connection.
So I ended up changing a copy of that source to use your library.
However in order to do this I needed a change in your library too, LDAPLookupUtil.searchFor needed to return a list instead of a single user.
I have attached the changed version to this page LDAPLookupUtil.java.
The changes that I made are as follows:
I hope you will incorporate my changes into your next version, I will making a similar posting to the afa-plugin page shortly, and if my changes are accepted there, then they'll be depending on this.
Cheers,
Neil Crow.
Jun 09
Andy Brook says:
Fine by me! code looks ok, checked into trunk, will build as/when. cheers, andy.Fine by me! code looks ok, checked into trunk, will build as/when.
cheers,
andy.