Bind Operation

Authenticates to the LDAP and if successful, changes the authentication context of the connection. Further LDAP operations will be performed as the authenticated principal. Typically it’s desirable to configure bind properties for all connections rather than on a connection-by-connection basis. The ConnectionConfig object contains properties such that the appropriate bind operation is automatically performed when a connection is opened. See the connection documentation. If you need to support changing the authenticated principal after a connection has been opened, the following operations are available:

Simple Bind

SingleConnectionFactory cf = new SingleConnectionFactory("ldap://directory.ldaptive.org");
cf.initialize();
BindOperation bind = new BindOperation(cf);
BindResponse res = bind.execute(SimpleBindRequest.builder()
  .dn("uid=dfisher,ou=people,dc=ldaptive,dc=org")
  .password("password")
  .build());
if (res.isSuccess()) {
  // bind succeeded
} else {
  // bind failed
}
// use the connection factory to perform operations as uid=dfisher
cf.close();

Note that the DefaultConnectionFactory implementation will close the connection when the operation is complete and may not be a suitable choice depending on your use case.

Anonymous Bind

SingleConnectionFactory cf = new SingleConnectionFactory("ldap://directory.ldaptive.org");
cf.initialize();
BindOperation bind = new BindOperation(cf);
BindResponse res = bind.execute(new AnonymousBindRequest());
if (res.isSuccess()) {
  // bind succeeded
} else {
  // bind failed
}
// use the connection factory to perform anonymous operations
cf.close();

External Bind

SingleConnectionFactory cf = new SingleConnectionFactory("ldap://directory.ldaptive.org");
cf.initialize();
BindOperation bind = new BindOperation(cf);
BindResponse res = bind.execute(new SaslBindRequest("EXTERNAL"));
if (res.isSuccess()) {
  // bind succeeded
} else {
  // bind failed
}
cf.close();

BindConnectionInitializer

It is often desirable to bind as a specific principal immediately after a connection is opened. A BindConnectionInitializer is configured on a ConnectionConfig and can be used for this purpose.

Simple Bind initializer

PooledConnectionFactory cf = PooledConnectionFactory.builder()
  .config(ConnectionConfig.builder()
    .url("ldap://directory.ldaptive.org")
    .connectionInitializers(BindConnectionInitializer.builder()
      .dn("uid=service,ou=services,dc=ldaptive,dc=org")
      .credential("service-password")
      .build())
    .build())
  .min(3)
  .max(6)
  .build();
cf.initialize();
// search operation performed as the service user
SearchOperation search = new SearchOperation(cf, "dc=ldaptive,dc=org");
SearchResponse response = search.execute("(uid=dfisher)");
LdapEntry entry = response.getEntry();
cf.close();

External Bind initializer

PooledConnectionFactory cf = PooledConnectionFactory.builder()
  .config(ConnectionConfig.builder()
    .url("ldap://directory.ldaptive.org")
    .useStartTLS(true)
    .sslConfig(SslConfig.builder()
      .credentialConfig(X509CredentialConfig.builder()
        .trustCertificates("file:/tmp/certs.pem")
        .authenticationCertificate("file:/tmp/mycert.pem")
        .authenticationKey("file:/tmp/mykey.pkcs8")
        .build())
      .build())
    .connectionInitializers(BindConnectionInitializer.builder()
      .saslConfig(SaslConfig.builder()
        .mechanism(Mechanism.EXTERNAL)
        .build())
      .build())
    .build())
  .min(3)
  .max(6)
  .build();
cf.initialize();
// search operation performed as the external user
SearchOperation search = new SearchOperation(cf, "dc=ldaptive,dc=org");
SearchResponse response = search.execute("(uid=dfisher)");
LdapEntry entry = response.getEntry();
cf.close();

GSSAPI Bind initializer

Note that arbitrary SASL properties can be passed into the SaslConfig object. In addition, properties that are prefixed with org.ldaptive.sasl.gssapi.jaas. are passed to the JAAS module for GSSAPI.

PooledConnectionFactory cf = PooledConnectionFactory.builder()
  .config(ConnectionConfig.builder()
    .url("ldap://directory.ldaptive.org")
    .useStartTLS(true)
    .connectionInitializers(BindConnectionInitializer.builder()
      .saslConfig(SaslConfig.builder()
        .mechanism(Mechanism.GSSAPI)
        .qualityOfProtection(QualityOfProtection.AUTH_INT)
        .property("org.ldaptive.sasl.gssapi.jaas.principal", "test-principal")
        .property("org.ldaptive.sasl.gssapi.jaas.useKeyTab", "true")
        .property("org.ldaptive.sasl.gssapi.jaas.keyTab", "/etc/krb5.keytab")
        .build())
      .build())
    .build())
  .min(3)
  .max(6)
  .build();
cf.initialize();
// search operation performed as the test-principal user
SearchOperation search = new SearchOperation(cf, "dc=ldaptive,dc=org");
SearchResponse response = search.execute("(uid=dfisher)");
LdapEntry entry = response.getEntry();
cf.close();