Package org.forgerock.opendj.ldap.messages

Record Class BindRequest

java.lang.Object
java.lang.Record
org.forgerock.opendj.ldap.messages.BindRequest
Record Components:
version - the version of the protocol to be used at the LDAP message layer. There is no version negotiation. The client sets this field to the version it desires. If the server does not support the specified version then it will respond with a result whose error code is ResultCode.PROTOCOL_ERROR.

LDAP version 3 is the most recent LDAP version and the one recommended for all client applications. Furthermore, OpenDJ only has partial support for LDAPv2.

name - the name of the Directory object that the client wishes to bind as. The name may be empty (but never null) when used for anonymous binds, or when using SASL authentication. The server shall not dereference any aliases in locating the named object.

The LDAP protocol defines the Bind name to be a distinguished name, however some LDAP implementations have relaxed this constraint and allow other identities to be used, such as the user's email address.

authenticationType - the authentication mechanism identifier for this bind request as defined by the LDAP protocol. Note that the value AUTHENTICATION_TYPE_SIMPLE (0x80) is reserved for simple authentication and the value AUTHENTICATION_TYPE_SASL (0xA3) is reserved for SASL authentication.
authenticationValue - the encoded authentication value for this bind request as defined by the LDAP protocol. For simple authentication the authentication value is the byte representation of the password. For SASL authentication the authentication value is an ASN.1 encoded sequence comprising the SASL mechanism name and the optional SASL mechanism specific credentials.
saslMechanism - the name of the SASL mechanism, e.g. SASL_MECHANISM_NAME_PLAIN, or null if the authentication type is not AUTHENTICATION_TYPE_SASL.
saslCredentials - the optional SASL credentials, or null if the authentication type is not AUTHENTICATION_TYPE_SASL or if the SASL credentials are not present.
saslClient - the SaslClient that will be responsible for continuing the SASL challenge-response sequence, as well as potentially installing a SASL security layer once the bind sequence completes, or null if none has been provided.

A SaslClient is only required if the application is performing SASL authentication and wishes the network layer to drive the complete challenge-response sequence. An application may choose to drive the SASL bind sequence itself, but the application:

  1. will not be able to control where bind requests are sent if load-balancing is active,
  2. nor will it be able to install a security layer upon completion of the bind sequence.
controls - the List containing the controls.
All Implemented Interfaces:
ProtocolOp, Request
public record BindRequest(int version, Dn name, byte authenticationType, ByteString authenticationValue, String saslMechanism, ByteString saslCredentials, SaslClient saslClient, List<Control> controls) extends Record implements Request
The Bind operation allows authentication information to be exchanged between the client and server. The Bind operation should be thought of as the "authenticate" operation.

  • Field Details

    • AUTHENTICATION_TYPE_SIMPLE

      public static final byte AUTHENTICATION_TYPE_SIMPLE
      The authentication type value (0x80) reserved for simple authentication.
      See Also:

    • AUTHENTICATION_TYPE_SASL

      public static final byte AUTHENTICATION_TYPE_SASL
      The authentication type value (0xA3) reserved for SASL authentication.
      See Also:

    • SASL_MECHANISM_NAME_ANONYMOUS

      public static final String SASL_MECHANISM_NAME_ANONYMOUS
      The name of the SASL mechanism that uses anonymous access and having the name "ANONYMOUS".
      See Also:

    • SASL_MECHANISM_NAME_CRAM_MD5

      public static final String SASL_MECHANISM_NAME_CRAM_MD5
      The name of the SASL mechanism that uses CRAM-MD5 authentication and having the name "CRAM-MD5".
      See Also:

    • SASL_MECHANISM_NAME_DIGEST_MD5

      public static final String SASL_MECHANISM_NAME_DIGEST_MD5
      The name of the SASL mechanism that uses DIGEST-MD5 authentication and having the name "DIGEST-MD5".
      See Also:

    • SASL_MECHANISM_NAME_PLAIN

      public static final String SASL_MECHANISM_NAME_PLAIN
      The name of the SASL mechanism that uses PLAIN authentication and having the name "PLAIN".
      See Also:

    • SASL_MECHANISM_NAME_EXTERNAL

      public static final String SASL_MECHANISM_NAME_EXTERNAL
      The name of the SASL mechanism that uses external authentication and having the name "EXTERNAL".
      See Also:

    • SASL_MECHANISM_NAME_GSSAPI

      public static final String SASL_MECHANISM_NAME_GSSAPI
      The name of the SASL mechanism that uses GSS-API authentication and having the name "GSSAPI".
      See Also:

    • SASL_MECHANISM_NAME_SCRAM_SHA_256

      public static final String SASL_MECHANISM_NAME_SCRAM_SHA_256
      The name of the SASL mechanism that uses SCRAM-SHA-256 authentication and having the name "SCRAM-SHA-256".
      See Also:

    • SASL_MECHANISM_NAME_SCRAM_SHA_512

      public static final String SASL_MECHANISM_NAME_SCRAM_SHA_512
      The name of the SASL mechanism that uses SCRAM-SHA-512 authentication and having the name "SCRAM-SHA-512".
      See Also:

  • Constructor Details

  • Method Details

    • accept

      public <R, P, E extends Exception> R accept(RequestVisitor<R,P,E> v, P p) throws E
      Description copied from interface: Request
      Applies a RequestVisitor to this Request.
      Specified by:
      accept in interface Request
      Type Parameters:
      R - The return type of the visitor's methods.
      P - The type of the additional parameters to the visitor's methods.
      E - The type of the exception thrown by the visitor method if it fails, or NeverThrowsException if the visitor cannot fail.
      Parameters:
      v - The request visitor.
      p - Optional additional visitor parameter.
      Returns:
      A result as specified by the visitor.
      Throws:
      E - If the visitor failed.

    • simplePassword

      public ByteString simplePassword()
      Returns the simple bind password, or null if the authentication type is not AUTHENTICATION_TYPE_SIMPLE.
      Returns:
      the simple bind password, or null if the authentication type is not AUTHENTICATION_TYPE_SIMPLE.

    • isSimpleBindRequest

      public boolean isSimpleBindRequest()
      Return true if this bind request's authentication type is AUTHENTICATION_TYPE_SIMPLE.
      Returns:
      true if this bind request's authentication type is AUTHENTICATION_TYPE_SIMPLE.

    • isSaslBindRequest

      public boolean isSaslBindRequest()
      Return true if this bind request's authentication type is AUTHENTICATION_TYPE_SASL.
      Returns:
      true if this bind request's authentication type is AUTHENTICATION_TYPE_SASL.

    • evaluateSaslChallenge

      public BindRequest evaluateSaslChallenge(ByteString saslServerCredentials) throws SaslException
      Evaluates the provided SASL credentials (challenge) returned by the server and creates the next SASL bind request that should be sent to the server in order to continue or complete the SASL authentication sequence. This method may only be called if this request has been configured to use a SaslClient.
      Parameters:
      saslServerCredentials - The non-null SASL challenge sent from the server, which may be empty.
      Returns:
      The next SASL bind request to be sent to the server, or null if the SASL bind sequence has completed.
      Throws:
      SaslException - If an error occurred while evaluating the challenge or generating a response.
      IllegalStateException - If this bind request has not been configured to use a SaslClient.
      NullPointerException - If saslServerCredentials was null.

    • hasNegotiatedSaslQop

      public boolean hasNegotiatedSaslQop()
      Returns true if the SASL bind sequence has negotiated a SASL security layer using Quality of Protection (QOP). This method may only be called if this request has been configured to use a SaslClient and the SASL bind sequence has completed (the previous call to evaluateSaslChallenge(ByteString) returned null).
      Returns:
      true if the SASL bind sequence has negotiated a SASL security layer (QOP).
      Throws:
      IllegalStateException - If this bind request has not been configured to use a SaslClient or the SASL bind sequence has not completed.

    • getType

      public Request.RequestType getType()
      Description copied from interface: Request
      Returns the type of this request to avoid expensive instanceof checks.
      Specified by:
      getType in interface Request
      Returns:
      the type of this request

    • toString

      public String toString()
      Returns a string representation of this record class. The representation contains the name of the class, followed by the name and value of each of the record components.
      Specified by:
      toString in class Record
      Returns:
      a string representation of this object

    • hashCode

      public final int hashCode()
      Returns a hash code value for this object. The value is derived from the hash code of each of the record components.
      Specified by:
      hashCode in class Record
      Returns:
      a hash code value for this object

    • equals

      public final boolean equals(Object o)
      Indicates whether some other object is "equal to" this one. The objects are equal if the other object is of the same class and if all the record components are equal. Reference components are compared with Objects::equals(Object,Object); primitive components are compared with '=='.
      Specified by:
      equals in class Record
      Parameters:
      o - the object with which to compare
      Returns:
      true if this object is the same as the o argument; false otherwise.

    • version

      public int version()
      Returns the value of the version record component.
      Returns:
      the value of the version record component

    • name

      public Dn name()
      Returns the value of the name record component.
      Returns:
      the value of the name record component

    • authenticationType

      public byte authenticationType()
      Returns the value of the authenticationType record component.
      Returns:
      the value of the authenticationType record component

    • authenticationValue

      public ByteString authenticationValue()
      Returns the value of the authenticationValue record component.
      Returns:
      the value of the authenticationValue record component

    • saslMechanism

      public String saslMechanism()
      Returns the value of the saslMechanism record component.
      Returns:
      the value of the saslMechanism record component

    • saslCredentials

      public ByteString saslCredentials()
      Returns the value of the saslCredentials record component.
      Returns:
      the value of the saslCredentials record component

    • saslClient

      public SaslClient saslClient()
      Returns the value of the saslClient record component.
      Returns:
      the value of the saslClient record component

    • controls

      public List<Control> controls()
      Returns the value of the controls record component.
      Specified by:
      controls in interface ProtocolOp
      Returns:
      the value of the controls record component