com.crystaldecisions.sdk.plugin.authentication.ldap
Interface IsecLDAPBase

All Known Subinterfaces:

IsecLDAP

public interface IsecLDAPBase

This class provides properties and methods that map LDAP principals (users and groups) to SAP BusinessObjects Enterprise, configure security options for network communication, and manage LDAP authentication.

Field Summary

static java.lang.String	KIND The Kind used to query for the secLDAP interface.
static java.lang.String	PROGID The ProgID for the secLDAP Class.
static java.lang.String	SSL_PROVIDER Specifies the Secure Socket Layer (SSL) provider.

Method Summary

int	getAttributeBindingPriority() Returns the plugin's priority to bind user attributes to external source.
int	getAuthType() Returns the security level for LDAP authentication.
int	getAvailability() Returns the availability of LDAP authentication.
java.lang.String	getBaseDN() Returns the distinguished name of the LDAP base node.
java.lang.String	getCertificateDBPath() Returns the path to the cert7.db database file on each machine that communicates with the secLDAP class.
java.lang.String	getClientCertificateNickName() Returns the nickname of the client certificate in the cert7.db file that clients want to send to the LDAP server.
java.lang.String	getDefaultGroupSearchAttribute() Returns the default group search attribute.
java.lang.String	getDefaultRealm() Returns the default Kerberosrealm used for user authentication This property is used to locate a user when only its name is specified during logon.
java.lang.String	getDefaultUserLicenseRestrictionCUID() Sets the default License Restriction for newly created users.
java.lang.String	getDefaultUserSearchAttribute() Returns the default user search attribute.
java.lang.String	getDynamicGroupObjectClass() Returns the object class that identifies a dynamic group entry.
java.lang.String	getGroupDescriptionAttribute() Returns the name of the attribute that holds the description of the group.
java.lang.String	getGroupMemberAttribute() Returns the name of the attribute that lists all group members in a static group.
java.lang.String	getGroupMemberUrlAttribute() Returns the name of the attribute that holds the dynamic group URL.
java.lang.String	getHostAndPort() Returns a space separated list of host names, including fail-over hosts.
java.lang.String	getKeyDBPassword() Returns the password to the key3.db database file.
java.lang.String	getKeyDBPath() Returns the path to the key3.db database file on each machine that communicates with this object.
java.lang.String	getMappedGroups() Returns a semi-colon separated string of distinguished names of LDAP groups that have been mapped to SAP BusinessObjects Enterprise.
int	getMaxEntriesPerOrQuery() Returns the maximum number of entries that can be requested by a query for user or group entries in the LDAP directory.
int	getMaxReferralHops() Returns the maximum number of hosts that should be contacted when following referrals.
java.lang.String	getObjectClassAttribute() Returns the value that determines the entry type.
java.lang.String	getReferralDN() Returns the distinguished name of the user or administrator account which is used for authentication to referred-to hosts when following referrals.
java.lang.String	getServerAdminDN() Returns the distinguished name that is used by the Central Management Server (CMS) to authenticate the LDAP host and failover hosts.
int	getServerAuthStrength() Returns the server-side security level.
java.lang.String	getServicePrincipalName() Returns the service principal name (SPN).
int	getSSOAccessMode() Returns the Policy Server access mode for single sign-on authentication.
java.lang.String	getSSOAgent() Returns the single sign-on (SSO) agent used with siteMinder.
java.lang.String	getSSOServersAndPorts() Returns the host name and the three port numbers for the Policy Server(s).
int	getSSOVendor() Returns the third-party vendor that is used for single sign-on authentication.
java.lang.String	getStaticGroupObjectClass() Returns the object class that defines a static group in the LDAP directory.
java.lang.String	getUserDescriptionAttribute() Returns the name of the attribute that holds the description of the user.
java.lang.String	getUserEmailAttribute() Returns the name of the attribute that holds the email address of the user.
java.lang.String	getUserFullNameAttribute() Returns the name of the attribute that holds the full name of the user.
java.lang.String	getUserNameAttribute() Returns the user name attribute.
java.lang.String	getUserObjectClass() Returns the object class of a user to determine if an entry is a user or not.
java.lang.String	getUserPrincipalNameAttribute() Returns the name of the attribute that holds the userPrincipalName, it is only applicable to Active Directory server.
boolean	isAliasAutoAdd() Returns a boolean that indicates whether to add a secLDAP alias to an existing SAP BusinessObjects Enterprise user.
boolean	isAttributeBindingEnabled() Returns a boolean that indicates whether the attribute binding is enabled.
boolean	isCacheSecurityContext() Returns a boolean that indicates whether the security context (session ticket) for Kerberos authentication is stored in the server's cache.
boolean	isCreateNamedUsers() Returns a boolean that indicates whether to create new users as named or concurrent.
boolean	isImportUsers() Returns a boolean that indicates whether user aliases should be imported when mapping LDAP groups.
boolean	isKerberosEnabled() Returns a boolean that indicates whether Kerberos single sign-on (SSO) authentication is enabled.
boolean	isSSOEnabled() Returns a value that indicates whether or not single sign-on (SSO) authentication is enabled.
void	setAliasAutoAdd(boolean value) Sets a boolean that indicates whether to add a secLDAP alias to an existing SAP BusinessObjects Enterprise user.
void	setAttributeBindingEnabled(boolean isEnabled) Enables or diables the attribute binding.
void	setAttributeBindingPriority(int value) Sets the plugin's priority to bind user attributes to external source.
void	setAuthType(int type) Sets the security level for LDAP authentication.
void	setAvailability(int value) Sets the availability of LDAP authentication.
void	setBaseDN(java.lang.String value) Sets the distinguished name of the LDAP base node.
void	setCacheSecurityContext(boolean value) Sets a boolean that indicates whether the security context (session ticket) for Kerberos authentication is stored in the server's cache.
void	setCertificateDBPath(java.lang.String path) Sets the path to the cert7.db database file on each machine that communicates with the secLDAP class.
void	setClientCertificateNickName(java.lang.String nickname) Sets the the nickname of the client certificate in the cert7.db file that clients want to send to the LDAP server.
void	setCreateNamedUsers(boolean bCreateNamedUsers) Sets a boolean that indicates whether to create new users as named or concurrent.
void	setDefaultGroupSearchAttribute(java.lang.String value) Sets the default group search attribute.
void	setDefaultRealm(java.lang.String value) Sets the default Kerberos realm used to authenticate users This property is used to locate a user when only its name is specified during logon.
void	setDefaultUserLicenseRestrictionCUID(java.lang.String restrictionCuid) Sets the default License Restriction for newly created users.
void	setDefaultUserSearchAttribute(java.lang.String value) Sets the default user search attribute.
void	setDynamicGroupObjectClass(java.lang.String value) Sets the object class that identifies a dynamic group entry.
void	setGroupDescriptionAttribute(java.lang.String value) Sets the name of the attribute that holds the description of the group.
void	setGroupMemberAttribute(java.lang.String value) Sets the name of the attribute that lists all group members in a static group.
void	setGroupMemberUrlAttribute(java.lang.String value) Sets the name of the attribute that holds the dynamic group URL.
void	setHostAndPort(java.lang.String value) Sets a space separated list of host names, including fail-over hosts.
void	setImportUsers(boolean bImportUsers) Sets a boolean that indicates whether user aliases should be imported when mapping LDAP groups.
void	setKerberosEnabled(boolean value) Sets a boolean that indicates whether Kerberos single sign-on (SSO) authentication is enabled.
void	setKeyDBPassword(java.lang.String password) Sets the password to the key3.db database file.
void	setKeyDBPath(java.lang.String path) Sets the path to the key3.db database file on each machine that communicates with this object.
void	setMappedGroups(java.lang.String value) Sets a semi-colon separated string of distinguished names of LDAP groups that have been mapped to SAP BusinessObjects Enterprise.
void	setMaxEntriesPerOrQuery(int value) Sets the maximum number of entries that can be requested by a query for user or group entries in the LDAP directory.
void	setMaxReferralHops(int value) Sets the maximum number of hosts that should be contacted when following referrals.
void	setObjectClassAttribute(java.lang.String value) Sets the value that determines the entry type.
void	setReferralAdminPassword(java.lang.String password) Sets the password for the referral administrator account.
void	setReferralDN(java.lang.String value) Sets the distinguished name of the user or administrator account which is used for authentication to referred-to hosts when following referrals.
void	setServerAdminDN(java.lang.String value) Sets the distinguished name that is used by the Central Management Server (CMS) to authenticate the LDAP host and failover hosts.
void	setServerAdminPassword(java.lang.String password) Sets the password for the server administrator account.
void	setServerAuthStrength(int strength) Sets the server-side security level.
void	setServicePrincipalName(java.lang.String name) Sets the service principal name (SPN).
void	setSSOAccessMode(int value) Sets the Policy Server access mode for single sign-on authentication.
void	setSSOAgent(java.lang.String value) Sets the single sign-on (SSO) agent used with siteMinder.
void	setSSOEnabled(boolean value) Sets a value that indicates whether or not single sign-on (SSO) authentication is enabled.
void	setSSOServersAndPorts(java.lang.String value) Sets the host name and the three port numbers for the Policy Server(s).
void	setSSOSharedSecret(java.lang.String value) Sets the shared secret used for single sign-on (SSO) authentication.
void	setSSOVendor(int value) Sets the third-party vendor that is used for single sign-on authentication.
void	setStaticGroupObjectClass(java.lang.String value) Sets the object class that defines a static group in the LDAP directory.
void	setUserDescriptionAttribute(java.lang.String value) Sets the name of the attribute that holds the description of the user.
void	setUserEmailAttribute(java.lang.String value) Sets the name of the attribute that holds the email address of the user.
void	setUserFullNameAttribute(java.lang.String value) Sets the name of the attribute that holds the full name of the user.
void	setUserNameAttribute(java.lang.String value) Sets the user name attribute.
void	setUserObjectClass(java.lang.String value) Sets the object class of a user to determine if an entry is a user or not.
void	setUserPrincipalNameAttribute(java.lang.String value) Sets the name of the attribute that holds the userPrincipalName of the user, this is only applicable to Active Directory server The attribute is needed for Kerberos authencation to work

Field Detail

KIND

static final java.lang.String KIND

The Kind used to query for the secLDAP interface.

See Also:

Constant Field Values

PROGID

static final java.lang.String PROGID

The ProgID for the secLDAP Class.

ProgID	CrystalEnterprise.SEC_LDAP
Query Category	CI_SYSTEMOBJECTS
Associated Interface	com.crystaldecisions.sdk.plugin.authentication.ldap.IsecLDAP

Query syntax:

SELECT
	See the additional properties table below
FROM
	CI_SYSTEMOBJECTS
WHERE
	SI_NAME='secLDAP'

Authentication plugins are static and non-creatable. This means that only the plugin itself exists and no instances. As there is only one secLDAP object, and not multiple versions with the same ProgID, the CrystalEnterprise.SEC_LDAP plugin must be retrieved using the SI_NAME property.

The CePropertyIDs that can be used in the SELECT statement are additional secLDAP plugin properties that are not accessed through the IsecLDAP interface. These properties must be set through an InfoObject's Properties collection. A brief description of each property can be found in the table below.

Example:

  IInfoObjects results= infoStore.query("Select SI_ALIAS_AUTOADD From CI_SYSTEMOBJECTS"
       + " Where SI_NAME='secLDAP'");
  IInfoObject result = (IInfoObject) results.get(0);
  IProperty secLDAPProperty = result.properties().getProperty("SI_ALIAS_AUTOADD");

Additional properties:

Property	Description
CePropertyID.SI_ALIAS_AUTOADD	Determines if an alias should be added to an existing Enterprise user with the same name, or if a new entry should be created for this alias.
CePropertyID.SI_APS_ADMIN_DN	The distinguished name of the server administrator for authentication to the primary host.
CePropertyID.SI_AVAIL	Indicates whether or not LDAP authentication is available.
CePropertyID.SI_BASE_DN	The distinguished name of the LDAP base.
CePropertyID.SI_DEFAULT_GROUP_SEARCH_ATTR	Constructs the search filter for a group if only the group name, and not the distinguished name, was specified during group mapping.
CePropertyID.SI_DEFAULT_USER_SEARCH_ATTR	Constructs the search filter for a user if only the user name, and not the distinguished name, was specified during user mapping.
CePropertyID.SI_DYNAMIC_GROUP_ATTR	The object class of dynamic groups. This parameter is required only for Netscape's iPlanet server, and remains empty for all other hosts.
CePropertyID.SI_DYNAMIC_GROUP_URL_ATTR	The name of the attribute that holds the dynamic group URL. This parameter is required only for Netscape's iPlanet server, and remains empty for all other hosts.
CePropertyID.SI_GROUP_DESC_ATTR	The name of the attribute that holds the description of the group.
CePropertyID.SI_HOST_AND_PORT	A space separated list of host names, starting with fail-over hosts.
CePropertyID.SI_MAPPED_GROUPS	A semi-colon separated string of LDAP distinguished names.
CePropertyID.SI_MAX_REFERRAL_HOPS	The maximum number of hosts that should be contacted when following referrals.
CePropertyID.SI_OBJECT_CLASS_ATTR	A value that determines the type of the entry.
CePropertyID.SI_REFERRAL_DN	The distinguished name to be used for authentication to referred-to hosts when following referrals.
CePropertyID.SI_STATIC_GROUP_ATTR	The object class of static groups.
CePropertyID.SI_STATIC_GROUP_MEMBER_ATTR	The name of the attribute that holds group members by their distinguished names.
CePropertyID.SI_USER_ATTR	The object class of a user to determine if an entry is a user or not.
CePropertyID.SI_USER_DESC_ATTR	The name of the attribute that holds the description of the user.

See Also:

Constant Field Values

SSL_PROVIDER

static final java.lang.String SSL_PROVIDER

Specifies the Secure Socket Layer (SSL) provider.

See Also:

Constant Field Values

Method Detail

setServerAdminPassword

void setServerAdminPassword(java.lang.String password)

Sets the password for the server administrator account.

Parameters:

password - A String specifying the administrator password.

setReferralAdminPassword

void setReferralAdminPassword(java.lang.String password)

Sets the password for the referral administrator account.

Parameters:

password - A String specifying the referral administrator password.

setImportUsers

void setImportUsers(boolean bImportUsers)

Sets a boolean that indicates whether user aliases should be imported when mapping LDAP groups. This method allows you to set the value for SI_IMPORT_USERS.

If set to true, aliases will be added on update. If set to false, new users will be created at logon time.

Parameters:

bImportUsers - A boolean that indicates whether user aliases should be imported when mapping LDAP groups.

isImportUsers

boolean isImportUsers()
                      throws SDKException

Returns a boolean that indicates whether user aliases should be imported when mapping LDAP groups. This method returns the value for SI_IMPORT_USERS.

Returns:

true if aliases will be added on update. false if new users will be created at logon time.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_IMPORT_USERS

setCreateNamedUsers

void setCreateNamedUsers(boolean bCreateNamedUsers)

Sets a boolean that indicates whether to create new users as named or concurrent. This method sets the value for SI_CREATE_NAMEDUSERS property.

If set to true, new users with LDAP aliases will be created as named users. If set to false new users with LDAP aliases will be created as concurrent users.

Parameters:

bCreateNamedUsers - A boolean that specifies whether to create new users as named or concurrent.

isCreateNamedUsers

boolean isCreateNamedUsers()
                           throws SDKException

Returns a boolean that indicates whether to create new users as named or concurrent. This method returns the value for SI_CREATE_NAMEDUSERS property.

Returns:

true if new users are created as named users, and false if new users are created as concurrent.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_CREATE_NAMEDUSERS

getAuthType

int getAuthType()
                throws SDKException

Returns the security level for LDAP authentication.

The type of secure socket layer (SSL) authentication used between the LDAP server and SAP BusinessObjects Enterprise are: ceBasic, ceSSL, and ceCCA_SSL.

• ceBasic: indicates that no SSL authentication is needed.
• ceSSL: indicates that certificate based server SSL authentication is needed.
• ceCCA_SSL: indicates that certificate based mutual SSL authentication is needed.

Returns:

An int that specifies authentication type.

Throws:

SDKException - This is thrown if the process is unsuccessful.

See Also:

ISecLDAP.CeAuthType

InfoObject properties to query for:

SI_AUTH_TYPE

setAuthType

void setAuthType(int type)

Sets the security level for LDAP authentication.

Allows you to choose the type of secure socket layer (SSL) authentication used between the LDAP server and SAP BusinessObjects Enterprise: ceBasic, ceSSL, and ceCCA_SSL.

• ceBasic: indicates that no SSL authentication is needed.
• ceSSL: indicates that certificate based server SSL authentication is needed.
• ceCCA_SSL: indicates that certificate based mutual SSL authentication is needed.

Parameters:

type - An int that specifies the authentication type.

See Also:

ISecLDAP.CeAuthType

getClientCertificateNickName

java.lang.String getClientCertificateNickName()
                                              throws SDKException

Returns the nickname of the client certificate in the cert7.db file that clients want to send to the LDAP server.

This value needs to be set for each machine communicating with a secLDAP plugin.

Returns:

A Stringthat identifies the nickname of the client certificate.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_CLIENT_CERT_NICKNAME

setClientCertificateNickName

void setClientCertificateNickName(java.lang.String nickname)

Sets the the nickname of the client certificate in the cert7.db file that clients want to send to the LDAP server.

This value needs to be set for each machine communicating with a secLDAP plugin.

Parameters:

nickname - A String that specifies the nickname of the client certificate.

getServerAuthStrength

int getServerAuthStrength()
                          throws SDKException

Returns the server-side security level.

The security options available are: ceWEAK, ceCert, ceCNCHECK, and ceNONE.

• ceWeak: indicates that the client trust the LDAP server's certificate authority (CA). Therefore, no configuration is needed for the cert7.db.
• ceCert: indicates that the client must trust the CA that signed the LDAP server's certificate. This requires that the CA that signed the LDAP server's certificate is added to the cert7.db database and marked as 'trusted'.
• ceCNCHECK: indicates that the the client must trust the CA that signed the LDAP server's certificate, and the CN attribute of the LDAP server's certificate matches its DNS hostname. In order to accomplish this, the CA that signed the LDAP server's certificate must be added to the cert7.db and marked as 'trusted'. Furthermore, the 'host' part of the value of the HostAndPort property must exactly match the CN attribute of the LDAP server's certificate. Using failover hosts is not supported when using ceCNCHECK.
• CeNone: indicates that no SSL authentication is being used.

Returns:

An int that indicates the server-side security level.

Throws:

SDKException

See Also:

ISecLDAP.CeServerSSLStrength

InfoObject properties to query for:

SI_SSL_SERVER_AUTH_STRENGTH

setServerAuthStrength

void setServerAuthStrength(int strength)
                           throws SDKException

Sets the server-side security level.

The security options available are: ceWEAK, ceCert, ceCNCHECK, and ceNONE.

• ceWeak: indicates that the client trust the LDAP server's certificate authority (CA). Therefore, no configuration is needed for the cert7.db.
• ceCert: indicates that the client must trust the CA that signed the LDAP server's certificate. This requires that the CA that signed the LDAP server's certificate is added to the cert7.db database and marked as 'trusted'.
• ceCNCHECK: indicates that the the client must trust the CA that signed the LDAP server's certificate, and the CN attribute of the LDAP server's certificate matches its DNS hostname. In order to accomplish this, the CA that signed the LDAP server's certificate must be added to the cert7.db and marked as 'trusted'. Furthermore, the 'host' part of the value of the HostAndPort property must exactly match the CN attribute of the LDAP server's certificate. Using failover hosts is not supported when using ceCNCHECK.
• CeNone: indicates that no SSL authentication is being used.

Parameters:

strength - An int that indicates the server-side security level.

Throws:

SDKException - This is thrown if the process is unsuccessful.

See Also:

com.crystaldecisions.sdk.plugin.authentication.ldap.ISecLDAP#CeServerSSLStrength

getCertificateDBPath

java.lang.String getCertificateDBPath()
                                      throws SDKException

Returns the path to the cert7.db database file on each machine that communicates with the secLDAP class.

Returns:

A String that identifies the path to the cert7.db database file on each machine that communicates with the secLDAP class.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_CERTIFICATE_DB_PATH

setCertificateDBPath

void setCertificateDBPath(java.lang.String path)

Sets the path to the cert7.db database file on each machine that communicates with the secLDAP class.

Parameters:

A - String that specifies the path to the cert7.db database file on each machine that communicates with the secLDAP class.

getKeyDBPath

java.lang.String getKeyDBPath()
                              throws SDKException

Returns the path to the key3.db database file on each machine that communicates with this object.

Returns:

A String that identifies the path to the key3.db database file on each machine that communicates with this class.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_KEY_DB_PATH

setKeyDBPath

void setKeyDBPath(java.lang.String path)

Sets the path to the key3.db database file on each machine that communicates with this object.

Parameters:

path - A String that identifies the path to the key3.db database file on each machine that communicates with this class.

getKeyDBPassword

java.lang.String getKeyDBPassword()
                                  throws SDKException

Returns the password to the key3.db database file.

Returns:

A String that identifies the password to the key3.db database file.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_KEY_DB_PWD

setKeyDBPassword

void setKeyDBPassword(java.lang.String password)
                      throws SDKException

Sets the password to the key3.db database file.

Parameters:

password - A String that identifies the password to the key3.db database file.

Throws:

SDKException

getAvailability

int getAvailability()
                    throws SDKException

Returns the availability of LDAP authentication.

The following are possible return values for this method:

• A value of 1 indicates that LDAP authentication is enabled and available.
• A value of 0 indicates that LDAP authentication is disabled and not available.
• A value of -1 indicates that LDAP authentication has been unloaded. All LDAP aliases have been removed from SAP BusinessObjects Enterprise and are no longer available. Note: For users with only an LDAP alias, this will result in deletion of the user, as well as the associated user folder.

Returns:

An int that indicates the type of LDAP authentication that is available.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_AVAIL

setAvailability

void setAvailability(int value)
                     throws SDKException

Sets the availability of LDAP authentication.

The following are possible values for this method:

• A value of 1 indicates that LDAP authentication is enabled and available.
• A value of 0 indicates that LDAP authentication is disabled and not available.
• A value of -1 indicates that LDAP authentication has been unloaded. All LDAP aliases have been removed from SAP BusinessObjects Enterprise and are no longer available. Note: For users with only an LDAP alias, this will result in deletion of the user, as well as the associated user folder.

Parameters:

value - An int that indicates the type of LDAP authentication that is available.

Throws:

SDKException

getHostAndPort

java.lang.String getHostAndPort()
                                throws SDKException

Returns a space separated list of host names, including fail-over hosts.

Returns:

A String that identifies a space separated list of host names, including fail-over hosts.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_HOST_AND_PORT

setHostAndPort

void setHostAndPort(java.lang.String value)

Sets a space separated list of host names, including fail-over hosts.

Parameters:

value - A String that identifies a space separated list of host names, including fail-over hosts.

getBaseDN

java.lang.String getBaseDN()
                           throws SDKException

Returns the distinguished name of the LDAP base node.

The LDAP base node is the top level of the LDAP directory tree under which searches will be performed for entries whose distinguished name is not known (only an attribute value is known).

Returns:

A String that identifies the distinguished name of the LDAP base node.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_BASE_DN

setBaseDN

void setBaseDN(java.lang.String value)

Sets the distinguished name of the LDAP base node.

The LDAP base node is the top level of the LDAP directory tree under which searches will be performed for entries whose distinguished name is not known (only an attribute value is known).

Parameters:

value - A String that identifies the distinguished name of the LDAP base node.

getMappedGroups

java.lang.String getMappedGroups()
                                 throws SDKException

Returns a semi-colon separated string of distinguished names of LDAP groups that have been mapped to SAP BusinessObjects Enterprise.

Returns:

A String that specifies the LDAP groups that have been mapped to SAP BusinessObjects Enterprise.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_MAPPED_GROUPS

setMappedGroups

void setMappedGroups(java.lang.String value)

Sets a semi-colon separated string of distinguished names of LDAP groups that have been mapped to SAP BusinessObjects Enterprise.

Parameters:

value - A String that specifies the LDAP groups that have been mapped to SAP BusinessObjects Enterprise.

getReferralDN

java.lang.String getReferralDN()
                               throws SDKException

Returns the distinguished name of the user or administrator account which is used for authentication to referred-to hosts when following referrals.

Returns:

A String that identifies the the distinguished name of the user or administrator account which is used for authentication to referred-to hosts when following referrals.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_REFERRAL_DN

setReferralDN

void setReferralDN(java.lang.String value)

Sets the distinguished name of the user or administrator account which is used for authentication to referred-to hosts when following referrals.

Parameters:

value - A String that identifies the the distinguished name of the user or administrator account which is used for authentication to referred-to hosts when following referrals.

getServerAdminDN

java.lang.String getServerAdminDN()
                                  throws SDKException

Returns the distinguished name that is used by the Central Management Server (CMS) to authenticate the LDAP host and failover hosts.

Returns:

A String that identifies the distinguished name that is used by the Central Management Server (CMS) to authenticate the LDAP host and failover hosts.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_APS_ADMIN_DN

setServerAdminDN

void setServerAdminDN(java.lang.String value)

Sets the distinguished name that is used by the Central Management Server (CMS) to authenticate the LDAP host and failover hosts.

Parameters:

value - A String that identifies the distinguished name that is used by the Central Management Server (CMS) to authenticate the LDAP host and failover hosts.

getMaxReferralHops

int getMaxReferralHops()
                       throws SDKException

Returns the maximum number of hosts that should be contacted when following referrals.

Returns:

An int that indicates the number of hosts.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_MAX_REFERRAL_HOPS

setMaxReferralHops

void setMaxReferralHops(int value)

Sets the maximum number of hosts that should be contacted when following referrals.

Parameters:

value - An int that indicates the number of hosts.

getUserObjectClass

java.lang.String getUserObjectClass()
                                    throws SDKException

Returns the object class of a user to determine if an entry is a user or not.

The default user object class is inetOrgPerson. This is a well defined class supported by all LDAP server types. It contains general information common to directory services deployed over a network. An example of a inetOrgPerson attribute is an email user account.

Returns:

A String that identifies the object class.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_USER_ATTR

setUserObjectClass

void setUserObjectClass(java.lang.String value)

Sets the object class of a user to determine if an entry is a user or not.

The default user object class is inetOrgPerson. This is a well defined class supported by all LDAP server types. It contains general information common to directory services deployed over a network. An example of a inetOrgPerson attribute is an email user account.

Parameters:

value - A String that specifies the object class.

getStaticGroupObjectClass

java.lang.String getStaticGroupObjectClass()
                                           throws SDKException

Returns the object class that defines a static group in the LDAP directory.

Static groups are defined by their multi-valued membership attribute.

Returns:

A String that identifies the object class that defines a static group in the LDAP directory.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_STATIC_GROUP_ATTR

setStaticGroupObjectClass

void setStaticGroupObjectClass(java.lang.String value)

Sets the object class that defines a static group in the LDAP directory.

Static groups are defined by their multi-valued membership attribute.

Parameters:

value - A String that identifies the object class that defines a static group in the LDAP directory.

getDynamicGroupObjectClass

java.lang.String getDynamicGroupObjectClass()
                                            throws SDKException

Returns the object class that identifies a dynamic group entry.

The dynamic group attribute is used to search for dynamic group members. The value of the dynamic group attribute is the LDAP url that defines the member objects.

Returns:

A String that identifies the object class.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_DYNAMIC_GROUP_ATTR

setDynamicGroupObjectClass

void setDynamicGroupObjectClass(java.lang.String value)

Sets the object class that identifies a dynamic group entry.

The dynamic group attribute is used to search for dynamic group members. The value of the dynamic group attribute is the LDAP url that defines the member objects.

Parameters:

value - A String that identifies the object class.

getGroupMemberAttribute

java.lang.String getGroupMemberAttribute()
                                         throws SDKException

Returns the name of the attribute that lists all group members in a static group.

Returns:

A String that identifies the attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_STATIC_GROUP_MEMBER_ATTR

setGroupMemberAttribute

void setGroupMemberAttribute(java.lang.String value)

Sets the name of the attribute that lists all group members in a static group.

Parameters:

value - A String that specifies the attribute.

getGroupMemberUrlAttribute

java.lang.String getGroupMemberUrlAttribute()
                                            throws SDKException

Returns the name of the attribute that holds the dynamic group URL.

This parameter is required only for Netscape's iPlanet server, and remains empty for all other hosts.

Returns:

A String that identifies the name of the attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_DYNAMIC_GROUP_URL_ATTR

setGroupMemberUrlAttribute

void setGroupMemberUrlAttribute(java.lang.String value)

Sets the name of the attribute that holds the dynamic group URL.

This parameter is required only for Netscape's iPlanet server, and remains empty for all other hosts.

Parameters:

value - A String that specifies the name of the attribute.

getDefaultUserSearchAttribute

java.lang.String getDefaultUserSearchAttribute()
                                               throws SDKException

Returns the default user search attribute.

This attribute constructs the search filter for a user if only the group name, and not the distinguished name, was specified during mapping.

Note: The default user search attribute is user ID (uid) except for the IBM Secureway LDAP server which uses the common name (cn) attribute. For example, the search query would look for an entry with attribute 'uid=jsmith', if the user name specified at logon was 'jsmith'.

Returns:

A String that identifies the default user search attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_DEFAULT_USER_SEARCH_ATTR

setDefaultUserSearchAttribute

void setDefaultUserSearchAttribute(java.lang.String value)

Sets the default user search attribute.

This attribute constructs the search filter for a user if only the group name, and not the distinguished name, was specified during mapping.

Note: The default user search attribute is user ID (uid) except for the IBM Secureway LDAP server which uses the common name (cn) attribute. For example, the search query would look for an entry with attribute 'uid=jsmith', if the user name specified at logon was 'jsmith'.

Parameters:

value - A String that specifies the default user search attribute.

getDefaultGroupSearchAttribute

java.lang.String getDefaultGroupSearchAttribute()
                                                throws SDKException

Returns the default group search attribute.

This attribute constructs the search filter for a group if only the group name, and not the distinguished name, was specified during mapping. The default group search attribute is common name (cn).

Returns:

A String that identifies the default group search attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_DEFAULT_GROUP_SEARCH_ATTR

setDefaultGroupSearchAttribute

void setDefaultGroupSearchAttribute(java.lang.String value)

Sets the default group search attribute.

This attribute constructs the search filter for a group if only the group name, and not the distinguished name, was specified during mapping. The default group search attribute is common name (cn).

Parameters:

value - A String that specifies the default group search attribute.

getUserDescriptionAttribute

java.lang.String getUserDescriptionAttribute()
                                             throws SDKException

Returns the name of the attribute that holds the description of the user.

Returns:

A String that identifies the name of the attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_USER_DESC_ATTR

setUserDescriptionAttribute

void setUserDescriptionAttribute(java.lang.String value)

Sets the name of the attribute that holds the description of the user.

Parameters:

value - A String that specifies the name of the attribute.

getGroupDescriptionAttribute

java.lang.String getGroupDescriptionAttribute()
                                              throws SDKException

Returns the name of the attribute that holds the description of the group.

Returns:

A String that identifies the name of the attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_GROUP_DESC_ATTR

setGroupDescriptionAttribute

void setGroupDescriptionAttribute(java.lang.String value)

Sets the name of the attribute that holds the description of the group.

Parameters:

value - A String that specifies the name of the attribute.

getObjectClassAttribute

java.lang.String getObjectClassAttribute()
                                         throws SDKException

Returns the value that determines the entry type.

Returns:

A String that identifies the object class attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_OBJECT_CLASS_ATTR

setObjectClassAttribute

void setObjectClassAttribute(java.lang.String value)

Sets the value that determines the entry type.

Parameters:

value - A String that specifies the object class attribute.

getMaxEntriesPerOrQuery

int getMaxEntriesPerOrQuery()
                            throws SDKException

Returns the maximum number of entries that can be requested by a query for user or group entries in the LDAP directory.

Returns:

An int that indicates the maximum number of entries that can be requested by a query for user or group entries in the LDAP directory.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_MAX_ENTRIES_PER_OR_QUERY

setMaxEntriesPerOrQuery

void setMaxEntriesPerOrQuery(int value)

Sets the maximum number of entries that can be requested by a query for user or group entries in the LDAP directory.

Parameters:

value - An int that indicates the maximum number of entries that can be requested by a query for user or group entries in the LDAP directory.

isAliasAutoAdd

boolean isAliasAutoAdd()
                       throws SDKException

Returns a boolean that indicates whether to add a secLDAP alias to an existing SAP BusinessObjects Enterprise user.

Returns:

true if an LDAP alias is assigned to the existing SAP BusinessObjects Enterprise user account. However, the user accounts for SAP BusinessObjects Enterprise and LDAP must be identified by the same name. false if a new user account will be created for all users in the LDAP group that are mapped to SAP BusinessObjects Enterprise.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_ALIAS_AUTOADD

setAliasAutoAdd

void setAliasAutoAdd(boolean value)

Sets a boolean that indicates whether to add a secLDAP alias to an existing SAP BusinessObjects Enterprise user.

If set to true, a LDAP alias is assigned to the existing SAP BusinessObjects Enterprise user account. However, the user accounts for SAP BusinessObjects Enterprise and LDAP must be identified by the same name. Note: If the mapped LDAP user does not have an associated SAP BusinessObjects Enterprise account (with the same name) and this property is set to true, then a new SAP BusinessObjects Enterprise user account will be created for this user.

If set to false, a new user account will be created for all users in the LDAP group that are mapped to SAP BusinessObjects Enterprise. Note: The new user account will be assigned a LDAP alias.

Parameters:

value - A boolean that specifies whether to add a secLDAP alias to an existing SAP BusinessObjects Enterprise user.

isSSOEnabled

boolean isSSOEnabled()
                     throws SDKException

Returns a value that indicates whether or not single sign-on (SSO) authentication is enabled.

This property is applicable only if you are using SiteMinder as an authentication tool.

Returns:

true if SSO authentication is enabled, and false otherwise.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_SSO_ENABLED

setSSOEnabled

void setSSOEnabled(boolean value)

Sets a value that indicates whether or not single sign-on (SSO) authentication is enabled.

This property is applicable only if you are using SiteMinder as an authentication tool.

Parameters:

value - A boolean that indicates whether SSO authentication is enabled.

getSSOVendor

int getSSOVendor()
                 throws SDKException

Returns the third-party vendor that is used for single sign-on authentication.

Note: The only vendor option available for this property is SiteMinder.

Returns:

An int that indicates the SSO vendor.

Throws:

SDKException - This is thrown if the process is unsuccessful.

See Also:

com.crystaldecisions.sdk.plugin.authentication.ldap.ISecLDAP#CeSSOVendor

InfoObject properties to query for:

SI_SSO_VENDOR

setSSOVendor

void setSSOVendor(int value)
                  throws SDKException

Sets the third-party vendor that is used for single sign-on authentication.

Note: The only vendor option available for this property is SiteMinder.

Parameters:

value - An int that specifies the SSO vendor.

Throws:

SDKException - This is thrown if the process is unsuccessful.

See Also:

com.crystaldecisions.sdk.plugin.authentication.ldap.ISecLDAP#CeSSOVendor

getSSOServersAndPorts

java.lang.String getSSOServersAndPorts()
                                       throws SDKException

Returns the host name and the three port numbers for the Policy Server(s).

The information represented in the string is formatted in the following manner: hostname:authentication port number:authorization port number:auditing port number.

For example:

testHost:44443:44442:44441

testHost:44443:44442:44441 testHost2:44443:44442:44441

Returns:

A String that identifies the host name and port numbers.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_SSO_SERVERS_AND_PORTS

setSSOServersAndPorts

void setSSOServersAndPorts(java.lang.String value)

Sets the host name and the three port numbers for the Policy Server(s).

The information represented in the string is formatted in the following manner: hostname:authentication port number:authorization port number:auditing port number.

For example:

testHost:44443:44442:44441

testHost:44443:44442:44441 testHost2:44443:44442:44441

Parameters:

value - A String that identifies the host name and port numbers.

setSSOSharedSecret

void setSSOSharedSecret(java.lang.String value)

Sets the shared secret used for single sign-on (SSO) authentication.

Parameters:

value - A String that specifies the shared secret.

getSSOAgent

java.lang.String getSSOAgent()
                             throws SDKException

Returns the single sign-on (SSO) agent used with siteMinder.

The agent communicates with the Policy Server to enforce rules for user access to protected resources.

Returns:

A String that identifies the agent.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_SSO_AGENT

setSSOAgent

void setSSOAgent(java.lang.String value)

Sets the single sign-on (SSO) agent used with siteMinder.

The agent communicates with the Policy Server to enforce rules for user access to protected resources.

Parameters:

value - A String that identifies the agent.

getSSOAccessMode

int getSSOAccessMode()
                     throws SDKException

Returns the Policy Server access mode for single sign-on authentication.

Policy server access modes:

• ceNo_SSO Indicates that no single sign-on authentication has been selected for your SAP BusinessObjects Enterprise System. This constant is equal to 0.
• ceRoundRobin Indicates that the policy server uses load balancing to manage increased requests. This constant is equal to 1.
• ceFailover Indicates that the policy server uses failover strategy to manage system failure. This constant is equal to 2.

Returns:

An int that indicates the access mode.

Throws:

SDKException - This is thrown if the process is unsuccessful.

See Also:

ISecLDAP.CeSSOAccessMode

InfoObject properties to query for:

SI_SSO_ACCESS_MODE

setSSOAccessMode

void setSSOAccessMode(int value)
                      throws SDKException

Sets the Policy Server access mode for single sign-on authentication.

Policy server access modes:

• ceNo_SSO Indicates that no single sign-on authentication has been selected for your SAP BusinessObjects Enterprise System. This constant is equal to 0.
• ceRoundRobin Indicates that the policy server uses load balancing to manage increased requests. This constant is equal to 1.
• ceFailover Indicates that the policy server uses failover strategy to manage system failure. This constant is equal to 2.

Parameters:

value - An int that specifies the access mode.

Throws:

SDKException - This is thrown if the process is unsuccessful.

See Also:

ISecLDAP.CeSSOAccessMode

getUserNameAttribute

java.lang.String getUserNameAttribute()
                                      throws SDKException

Returns the user name attribute.

Returns:

A String that indicates the user name attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_USER_NAME_ATTR

setUserNameAttribute

void setUserNameAttribute(java.lang.String value)
                          throws SDKException

Sets the user name attribute.

Parameters:

value - A String that specifies the user name attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

getUserFullNameAttribute

java.lang.String getUserFullNameAttribute()
                                          throws SDKException

Returns the name of the attribute that holds the full name of the user.

Returns:

A String that identifies the name of the attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_USER_FULL_NAME_ATTR

setUserFullNameAttribute

void setUserFullNameAttribute(java.lang.String value)

Sets the name of the attribute that holds the full name of the user.

Parameters:

value - A String that specifies the name of the attribute.

getUserEmailAttribute

java.lang.String getUserEmailAttribute()
                                       throws SDKException

Returns the name of the attribute that holds the email address of the user.

Returns:

A String that identifies the name of the attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_USER_EMAIL_ATTR

setUserEmailAttribute

void setUserEmailAttribute(java.lang.String value)

Sets the name of the attribute that holds the email address of the user.

Parameters:

value - A String that specifies the name of the attribute.

isAttributeBindingEnabled

boolean isAttributeBindingEnabled()
                                  throws SDKException

Returns a boolean that indicates whether the attribute binding is enabled.

Returns:

true if the binding is enabled, false otherwise.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_ENABLE_ATTR_BINDING

setAttributeBindingEnabled

void setAttributeBindingEnabled(boolean isEnabled)

Enables or diables the attribute binding.

Parameters:

isEnabled - true to enable the binding, false to disable the binding.

getAttributeBindingPriority

int getAttributeBindingPriority()
                                throws SDKException

Returns the plugin's priority to bind user attributes to external source.

Returns:

A int that indicates the priority.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_ATTR_BINDING_PRIORITY

setAttributeBindingPriority

void setAttributeBindingPriority(int value)

Sets the plugin's priority to bind user attributes to external source.

Parameters:

value - A int that indicates the priority.

getDefaultUserLicenseRestrictionCUID

java.lang.String getDefaultUserLicenseRestrictionCUID()

Sets the default License Restriction for newly created users.

Set to true to enable SSO.

Returns:

The CUID of the License Restriction this plugin is set to.

See Also:

CeSecurityCUID.LicenseRestriction}

InfoObject properties to query for:

SI_DEFAULT_THIRDPARTY_USER_LICENSE

setDefaultUserLicenseRestrictionCUID

void setDefaultUserLicenseRestrictionCUID(java.lang.String restrictionCuid)

Sets the default License Restriction for newly created users.

Parameters:

restrictionCuid - The CUID of the appropriate License Restriction.

See Also:

CeSecurityCUID.LicenseRestriction}

isKerberosEnabled

boolean isKerberosEnabled()
                          throws SDKException

Returns a boolean that indicates whether Kerberos single sign-on (SSO) authentication is enabled.

To grant AD users Kerberos single sign-on (SSO) privileges ensure that the following steps have been completed.

• Set the setAvailability(int value) method to 1.
• Set the setKerberosEnabled(boolean value) to true.
• Set the setCacheSecurityContext(boolean value) to true.
• Set the setServicePrincipalName(String name) to the appropriate service account.

Returns:

true if Kerberos SSO authentication is enabled, and false otherwise.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_KERBEROS_ENABLED

setKerberosEnabled

void setKerberosEnabled(boolean value)

Sets a boolean that indicates whether Kerberos single sign-on (SSO) authentication is enabled.

To grant AD users Kerberos single sign-on (SSO) privileges ensure that the following steps have been completed.

• Set the setAvailability(int value) method to 1.
• Set the setKerberosEnabled(boolean value) to true.
• Set the setCacheSecurityContext(boolean value) to true.
• Set the setServicePrincipalName(String name) to the appropriate service account.

Parameters:

value - A boolean that indicates whether Kerberos SSO authentication is enabled.

isCacheSecurityContext

boolean isCacheSecurityContext()
                               throws SDKException

Returns a boolean that indicates whether the security context (session ticket) for Kerberos authentication is stored in the server's cache.

Returns:

true if the security context for Kerberos authentication is stored in the server's cache, and false otherwise.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_CACHE_SECCONTEXT

setCacheSecurityContext

void setCacheSecurityContext(boolean value)

Sets a boolean that indicates whether the security context (session ticket) for Kerberos authentication is stored in the server's cache.

Parameters:

value - A boolean that specifies whether the security context is stored in server's cache.

getServicePrincipalName

java.lang.String getServicePrincipalName()
                                         throws SDKException

Returns the service principal name (SPN).

The service principal name is associated with the principal (user or groups) and the security context (logon ticket or kerberos ticket) that the service or application uses to run a process. For SAP BusinessObjects Enterprise to accept Kerberos tickets, the SPN must be equivalent to the account used to control the SAP BusinessObjects Enterprise servers.

Returns:

A String that contains the SPN.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_SERVER_SSPI_SPN

setServicePrincipalName

void setServicePrincipalName(java.lang.String name)

Sets the service principal name (SPN).

The service principal name is associated with the principal (user or groups) and the security context (logon ticket or kerberos ticket) that the service or application uses to run a process. For SAP BusinessObjects Enterprise to accept Kerberos tickets, the SPN must be equivalent to the account used to control the SAP BusinessObjects Enterprise servers.

Note:This method sets the value for the SI_SERVER_SSPI_SPN property.

Parameters:

name - A String that specifies the SPN.

getDefaultRealm

java.lang.String getDefaultRealm()
                                 throws SDKException

Returns the default Kerberosrealm used for user authentication

This property is used to locate a user when only its name is specified during logon. For example, if the default realm is set to TESTREALM, then a user who logs on as jdoe, is logged on as jdoe@TESTREALM.

Returns:

A String that identifies the default realm.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_DEFAULT_REALM

setDefaultRealm

void setDefaultRealm(java.lang.String value)

Sets the default Kerberos realm used to authenticate users

This property is used to locate a user when only its name is specified during logon. For example, if the default realm is set to TESTREALM, then a user who logs on as jdoe, is logged on as jdoe@TESTREALM.

Parameters:

value - A String that specifies the default realm.

getUserPrincipalNameAttribute

java.lang.String getUserPrincipalNameAttribute()
                                               throws SDKException

Returns the name of the attribute that holds the userPrincipalName, it is only applicable to Active Directory server.

Returns:

A String that identifies the name of the attribute.

Throws:

SDKException - This is thrown if the process is unsuccessful.

InfoObject properties to query for:

SI_USER_PRINCIPAL_NAME_ATTR

setUserPrincipalNameAttribute

void setUserPrincipalNameAttribute(java.lang.String value)

Sets the name of the attribute that holds the userPrincipalName of the user, this is only applicable to Active Directory server The attribute is needed for Kerberos authencation to work

Parameters:

value - A String that specifies the name of the attribute.