Package net.sf.michaelo.tomcat.realm.mapper

Class SamAccountNameRfc2247Mapper

  • All Implemented Interfaces:
    UsernameSearchMapper
    public class SamAccountNameRfc2247Mapper
extends SamAccountNameMapper
    A mapper for the AD attribute sAMAccountName and the realm. This mapper splits the GSS name in the primary and realm component. The instance component is completely ignored. The primary component is assigned to the sAMAccountName and the realm is transformed to a search base according to RFC 2247. Moreover, this implementation mimics DsCrackNames with formatOffered set to DS_USER_PRINCIPAL_NAME and formatDesired set to DS_FQDN_1779_NAME. Verified against Samba's implementation of DsCrackNames.

    Note: This mapper requires to operate from the RootDSE of a domain controller or better yet, a GC. No root DN normalization (stripping DC components) happens here (yet).

    • Field Detail

      • KRB5_NT_PRINCIPAL

        protected static final Oid KRB5_NT_PRINCIPAL

    • Constructor Detail

      • SamAccountNameRfc2247Mapper

        public SamAccountNameRfc2247Mapper()

    • Method Detail

      • getSupportedStringNameTypes

        public Oid[] getSupportedStringNameTypes()
        Description copied from interface: UsernameSearchMapper
        Returns an array of name type OIDs which a mapper is able to map into AD search space.
        Returns:
        supported string name type OIDs

      • supportsGssName

        public boolean supportsGssName​(GSSName gssName)
        Description copied from interface: UsernameSearchMapper
        Determines whether a mapper is able to map a given GSS name into AD search space.
        Parameters:
        gssName - the gssName to test
        Returns:
        if this mapper is able to map a name, false otherwise

      • map

        public UsernameSearchMapper.MappedValues map​(DirContext context,
                                             GSSName gssName)
                                      throws NamingException
        Description copied from interface: UsernameSearchMapper
        Maps a GSS name to AD search space parameters. A mapper implementation must assure that the user can be found in the given context when an approriate GSS name is presented. The implementor must be aware that the returned search base might need to be relativized to the root DN of the context.
        Parameters:
        context - the search context
        gssName - the GSS name to be mapped
        Returns:
        mapped values for user retrieval
        Throws:
        NamingException - if a context-related error has occured