The project used to create the plug-in must include the NAMCommon.jar file shipped with Access Manager. This JAR file is located in the following directory:
Linux: /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib
Windows: C:\Program Files (x86)\Novell\Tomcat\webapps\nidp\WEB-INF\lib
To create an LDAP Server plug-in, you need to create a public class that extends the abstract the com.novell.nam.common.ldap.jndi.LDAPStorePlugin class.
In your public class, you need to implement the following methods:
|
Method |
Description |
|---|---|
|
getDirectoryName() |
Needs to return the name you want displayed for your directory type. For eDirectory, this method returns “Novell eDirectory” for this string. |
|
getGUIDAttributeName() |
Needs to return the name of the globally unique ID attribute that uniquely identifies all objects in this type of directory. For eDirectory, this is the GUID attribute. |
|
getMemberAttributeName() |
Needs to return the name of the attribute that is used to identity an object as a member of a group. For eDirectory, this is the member attribute. |
|
getUserClassName() |
Needs to return the name of the class that is used to create users. For eDirectory, this is the User class. |
|
getUserNameNamingAttrName() |
Needs to return the name of the attribute that is used to name users. For eDirectory, this in the cn attribute. |
|
preUserAccountCreation() |
Needs to return an attributes object that contains an array of attributes, with each member contain the name of an attribute and its value. This attributes object needs to contain all the attributes that are required to create a user in the LDAP directory. This usually consists of the name of the object class, the naming attribute, and a password. For eDirectory, this also includes the sn attribute. |
The following methods can be implemented, and might be required for your LDAP directory:
|
Method |
Description |
|---|---|
|
postUserAccountCreation() |
Modifies a user’s attributes after the user has been created. Some LDAP directories do not let you set a password until after the user account has been created. The method contains a strCorrelationId parameter that you can use to match the user with the user in the preUserAccountCreation() method. |
|
onCreateConnection() |
Allows the plug-in to check the connection creation parameters and modify them, if needed. This method is called just before a connection is created with the LDAP directory. |
|
onCreateConnectionException() |
Allows you to customize the exception that is thrown when the process to create an LDAP connection fails and throws an authentication exception. This method is overloaded and requires an AuthenticationException parameter. |
|
onCreateConnectionException() |
Allows you to customize the exception that is thrown when the process to create an LDAP connection fails and throws a connection exception. This method is overloaded and requires an OperationNotSupportedException parameter. |
For details about the LDAPStorePlugin class and methods, see the Javadoc API Reference.
For an example plug-in that extends the LDAPStorePlugin class and implements the required methods and some of the optional methods, see Section 3.3, eDirectory Plug-In.