Package com.strongdm.api

Class ActiveDirectoryEngine

java.lang.Object
com.strongdm.api.ActiveDirectoryEngine
All Implemented Interfaces:
SecretEngine
public class ActiveDirectoryEngine extends Object implements SecretEngine
ActiveDirectoryEngine is currently unstable, and its API may change, or it may be removed, without a major version bump.

  • Constructor Details

    • ActiveDirectoryEngine

      public ActiveDirectoryEngine()

  • Method Details

    • getAfterReadTtl

      public Duration getAfterReadTtl()
      The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.

    • setAfterReadTtl

      public void setAfterReadTtl(Duration in)
      The default time-to-live duration of the password after it's read. Once the ttl has passed, a password will be rotated.

    • getBinddn

      public String getBinddn()
      Distinguished name of object to bind when performing user and group search. Example: cn=vault,ou=Users,dc=example,dc=com

    • setBinddn

      public void setBinddn(String in)
      Distinguished name of object to bind when performing user and group search. Example: cn=vault,ou=Users,dc=example,dc=com

    • getBindpass

      public String getBindpass()
      Password to use along with binddn when performing user search.

    • setBindpass

      public void setBindpass(String in)
      Password to use along with binddn when performing user search.

    • getCertificate

      public String getCertificate()
      CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

    • setCertificate

      public void setCertificate(String in)
      CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded.

    • getConnectionTimeout

      public int getConnectionTimeout()
      Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.

    • setConnectionTimeout

      public void setConnectionTimeout(int in)
      Timeout, in seconds, when attempting to connect to the LDAP server before trying the next URL in the configuration.

    • getDoNotValidateTimestamps

      public boolean getDoNotValidateTimestamps()
      If set to true this will prevent password change timestamp validation in Active Directory when validating credentials

    • setDoNotValidateTimestamps

      public void setDoNotValidateTimestamps(boolean in)
      If set to true this will prevent password change timestamp validation in Active Directory when validating credentials

    • getId

      public String getId()
      Unique identifier of the Secret Engine.
      Specified by:
      getId in interface SecretEngine

    • setId

      public void setId(String in)
      Unique identifier of the Secret Engine.

    • getInsecureTls

      public boolean getInsecureTls()
      If true, skips LDAP server SSL certificate verification - insecure, use with caution!

    • setInsecureTls

      public void setInsecureTls(boolean in)
      If true, skips LDAP server SSL certificate verification - insecure, use with caution!

    • getKeyRotationIntervalDays

      public int getKeyRotationIntervalDays()
      An interval of public/private key rotation for secret engine in days

    • setKeyRotationIntervalDays

      public void setKeyRotationIntervalDays(int in)
      An interval of public/private key rotation for secret engine in days

    • getMaxBackoffDuration

      public Duration getMaxBackoffDuration()
      The maximum retry duration in case of automatic failure. On failed ttl rotation attempt it will be retried in an increasing intervals until it reaches max_backoff_duration

    • setMaxBackoffDuration

      public void setMaxBackoffDuration(Duration in)
      The maximum retry duration in case of automatic failure. On failed ttl rotation attempt it will be retried in an increasing intervals until it reaches max_backoff_duration

    • getName

      public String getName()
      Unique human-readable name of the Secret Engine.
      Specified by:
      getName in interface SecretEngine

    • setName

      public void setName(String in)
      Unique human-readable name of the Secret Engine.
      Specified by:
      setName in interface SecretEngine

    • getPolicy

      public SecretEnginePolicy getPolicy()
      Policy for password creation

    • setPolicy

      public void setPolicy(SecretEnginePolicy in)
      Policy for password creation

    • getPublicKey

      public byte[] getPublicKey()
      Public key linked with a secret engine
      Specified by:
      getPublicKey in interface SecretEngine

    • setPublicKey

      public void setPublicKey(byte[] in)
      Public key linked with a secret engine
      Specified by:
      setPublicKey in interface SecretEngine

    • getRequestTimeout

      public int getRequestTimeout()
      Timeout, in seconds, for the connection when making requests against the server before returning back an error.

    • setRequestTimeout

      public void setRequestTimeout(int in)
      Timeout, in seconds, for the connection when making requests against the server before returning back an error.

    • getSecretStoreId

      public String getSecretStoreId()
      Backing secret store identifier
      Specified by:
      getSecretStoreId in interface SecretEngine

    • setSecretStoreId

      public void setSecretStoreId(String in)
      Backing secret store identifier
      Specified by:
      setSecretStoreId in interface SecretEngine

    • getSecretStoreRootPath

      public String getSecretStoreRootPath()
      Backing Secret Store root path where managed secrets are going to be stored
      Specified by:
      getSecretStoreRootPath in interface SecretEngine

    • setSecretStoreRootPath

      public void setSecretStoreRootPath(String in)
      Backing Secret Store root path where managed secrets are going to be stored
      Specified by:
      setSecretStoreRootPath in interface SecretEngine

    • getStartTls

      public boolean getStartTls()
      If true, issues a StartTLS command after establishing an unencrypted connection.

    • setStartTls

      public void setStartTls(boolean in)
      If true, issues a StartTLS command after establishing an unencrypted connection.

    • getTags

      public Map<String,String> getTags()
      Tags is a map of key, value pairs.
      Specified by:
      getTags in interface SecretEngine

    • setTags

      public void setTags(Map<String,String> in)
      Tags is a map of key, value pairs.
      Specified by:
      setTags in interface SecretEngine

    • getTtl

      public Duration getTtl()
      The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.

    • setTtl

      public void setTtl(Duration in)
      The default password time-to-live duration. Once the ttl has passed, a password will be rotated the next time it's requested.

    • getUpndomain

      public String getUpndomain()
      The domain (userPrincipalDomain) used to construct a UPN string for authentication.

    • setUpndomain

      public void setUpndomain(String in)
      The domain (userPrincipalDomain) used to construct a UPN string for authentication.

    • getUrl

      public String getUrl()
      The LDAP server to connect to.

    • setUrl

      public void setUrl(String in)
      The LDAP server to connect to.

    • getUserdn

      public String getUserdn()
      Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com

    • setUserdn

      public void setUserdn(String in)
      Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com