1 / 60

Lecture 21 XML, SOAP, LDAP

Lecture 21 XML, SOAP, LDAP. CPE 401 / 601 Computer Network Systems. slides are modified from Dave Hollinger. XML: Extensible Markup Language. Markup Language. HTML is also a markup language but it's not extensible! XML allows you to make up your own tags. Document Type Definition Schema.

mieko
Download Presentation

Lecture 21 XML, SOAP, LDAP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 21XML, SOAP, LDAP CPE 401 / 601Computer Network Systems slides are modified from Dave Hollinger

  2. XML:Extensible Markup Language • Markup Language. • HTML is also a markup language • but it's not extensible! • XML allows you to make up your own tags. • Document Type Definition • Schema XML

  3. Sample XML <?xml version="1.0"?> <student> <rid>660012345</rid> <first>Joe</first> <middle>X.</middle> <last>Smith</last> <courses semester="fall02"> <course> <name>Exploiting the Information World</name> <crn>12345</crn> <num>ITEC-2110</num> </course> </courses> <address>123 main street</address> <phone>555-2929</phone> </student> XML

  4. So What ? • XML generation is simple • XML Parsing is also pretty simple • there are lots of parsers available! • Browsers understand XML (somewhat). • CSS style sheets • XSL: Extensible Stylesheet Language • XML can be used for document storage and transfer. XML

  5. XML messaging • RPC: XML is used to encode procedure calls and responses. • EDI: Electronic Document Interchange • transfer documents between applications across a network • purchase orders, financial transactions, etc. XML

  6. XML-RPC • Use XML to encode requests • procedure name • parameter values • Response is also an XML document • return value(s) • errors (faults) • Both are well defined document types • tag names are defined in the XML-RPC specification document. XML

  7. Uses HTTP POST • Use existing protocol • and software! • Avoid firewall issues • everyone allows HTTP traffic • XML-RPC Request is the body of an HTTP POST. • XML-RPC Response is the body (content) of the HTTP response. XML

  8. Example Request(swiped from xml-rpc.com) POST /RPC2 HTTP/1.0 Host: betty.userland.com User-Agent: Frontier/5.1.2 (WinNT) Content-Type: text/xml Content-length: 181 <?xml version="1.0"?> <methodCall> <methodName>examples.getStateName</methodName> <params> <param> <value><i4>41</i4></value> </param> </params> </methodCall> XML

  9. Sample Response HTTP/1.1 200 OK Connection: close Content-Length: 158 Content-Type: text/xml Date: Fri, 17 Jul 1998 19:55:08 GMT Server: UserLand Frontier/5.1.2-WinNT<p> <xml version="1.0"?> <methodResponse> <params> <param> <value> <string>South Dakota</string> </value> </param> </params> </methodResponse> XML

  10. XML-RPC Data Types • <int> or <i4> • <boolean> • <string> • <double> • <dateTime.iso8601> • <struct> • <array> XML

  11. XML-RPC struct <struct> <member> <name>Hostname</name> <value> <string>monte.cs.rpi.edu</string> </value> </member> <member> <name>IPAddress</name> <value> <string>128.213.7.32</string> </value> </member> </struct> XML

  12. XML-RPC array <array> <data> <value><i4>12</i4></value> <value><string>Egypt</string></value> <value><boolean>0</boolean></value> <value><i4>-31</i4></value> </data> </array> XML

  13. XML-RPC Programming • Need to be able to generate HTTP requests (client) and responses(server) • Need to generate XML documents • Need to parse XML documents and extract specific items • Need to handle faults (errors) XML

  14. SOAP: Simple Object Access Protocol • Same general idea as XML-RPC, but more features: • enumerations • Polymorphism (type determined at run time) • user defined data types SOAP

  15. SOAP • Documents are more complex • use namespaces • formal "envelope" • Soap Header • Soap Body SOAP

  16. SOAP Request Example POST /StockQuote HTTP/1.1 Host: www.stockquoteserver.com Content-Type: text/xml; charset="utf-8" Content-Length: nnnn SOAPAction: "Some-URI" <SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/ SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <m:GetLastTradePrice xmlns:m="Some-URI">      <symbol>DIS</symbol>  </m:GetLastTradePrice></SOAP-ENV:Body> </SOAP-ENV:Envelope> SOAP

  17. XML-RPC vs. SOAP • XML-RPC is much simpler • There are lots of web services based on XML-RPC. • SOAP makes it easier to exchange more complex documents. • SOAP runs over many protocols: • HTTP, SMTP, FTP, … SOAP

  18. LDAP: Lightweight Directory Access Protocol • A "directory" service is a network accessible database • Small amount of information in each request/reply. • Limited functionality • as compared to a complete database system • Updates (changes) are much less frequent than queries. LDAP

  19. Directories • Some typical examples include: • telephone directories • lists of addresses (email, network, P.O., etc) • Each record is referenced by a unique key: • given a name, look up a phone number • given a name, look up an email address LDAP

  20. Applications • Some applications simply provide a front-end to a directory service. • Electronic phone book. • Some applications use a directory service to store • configuration information, • auxiliary databases, LDAP

  21. Information Structure • Typically, the information in a directory is structured hierarchically • but it doesn't have to be • The structure of the data (the hierarchy) is • often useful in finding data • provides some (minimal) relationship between records. LDAP

  22. Example: DNS • The Domain Name System is an example of a directory: • hierarchical structure • for each item there is a unique key (the hostname) and a number of attributes: • IP address • Mail exchanger • Host information • etc... LDAP

  23. X.500 • X.500 is a Directory Service that has been used for a while: • Based on O.S.I. Protocol Stack • requires upper layers (above transport) of the OSI Stack • Heavyweight service (protocol). • A number of lightweight front-ends to X.500 have been developed • The most recent is LDAP LDAP

  24. LDAP • Lightweight Directory Access Protocol • Based on TCP • but can be mapped to other protocols • RFC 1777: data representation scheme • defines operations and mapping to requests/response protocol • RFC 1823: API • has become a standard • no sockets programming required! LDAP

  25. LDAP Data Representation • Each record has a unique key called a distinguished name • dn for short • A distinguished name is meant to be used by humans • not just computers • Each dn is a sequence of components. • Each component is a string containing an attribute=value pair. LDAP

  26. Example DN CN=Mehmet Gunes, OU=Computer Science, O=University of Nevada Reno, C=US Typically written all on one line. LDAP

  27. Hierarchy • Like Domain Names, the name can be interpreted as part of a hierarchy. • The last component of the dnis at the highest level in the hierarchy. CN=Cansin Yaman, OU=EBME, O=UNR, C=US LDAP

  28. O=RPI O=UNR OU=EBME OU=Computer Science Sample Hierarchy C=US CN=Mehmet Gunes LDAP

  29. Component Names • The components can be anything, but a standard hierarchy is used • for a global LDAP namespace C country name O organization name OU organizational unit CNcommon name Llocality name STstate or province STREETstreet address LDAP

  30. Relative DNs • Relative Distinguished Names are the individual components of a Distinguished Name • interpreted as relative to some position in the hierarchy • For example, the RDN "ou=EBME" falls in the hierarchy below "o=UNR, c=US". LDAP

  31. DN usage • A distinguished name is a key used to access a record. • Each record can contain multiple attribute/value pairs. • Examples of attributes: phone number email address title home page public key project 3 grade LDAP

  32. ObjectClass • A commonly used attribute is "objectClass“ • Each record represents an object, • Attributes associated with each object are defined according to it's objectClass • The value of the objectClass attribute • Examples of objectClass: • organization (needs a name and address) • person (needs name, email, phone & address) • course (needs a number, instructor, room) LDAP

  33. Defining ObjectClass types • You can define what attributes are required for objects with a specific value for the objectclass attribute • You can also define what attributes are allowed • New records must adhere to these settings! LDAP

  34. Multiple Values • Each attribute can have multiple values. • For example, we could have the following record: DN: cn=Mehmet Gunes, O=UNR, C=US CN: Mehmet Hadi Gunes CN: Mehmet H. Gunes Email: mgunes@unr.edu Email: mgunes@cse.unr.edu LDAP

  35. LDAP Services • Add, Delete, Change entry • Change entry name (dn) • Searching (the primary operation) • Search some portion of the directory for entries that match some criteria LDAP

  36. Authentication • LDAP authentication can be based on • simple passwords (cleartext) or • Kerberos • LDAP V3 includes support for other techniques including public keys LDAP

  37. LDAP Requests • bind/unbind • authentication • search • modify • add • delete • compare LDAP

  38. LDAP Protocol Definition • The protocol is defined in RFC 1777 using • ASN.1 (abstract syntax notation) • BER (Basic Encoding Rules) • All requests/responses are • packaged in an "envelope“ • headers • include a messageID field LDAP

  39. Example - LDAP bind request Bind request must be the first request BindRequest = [Application 0] SEQUENCE { version INTEGER (1…127), name LDAPDN, authentication CHOICE { simple [0] OCTET STRING, krbv42LDAP [1] OCTET STRING, krbv42DSA [2] OCTET STRING } } LDAP

  40. Other Requests • Search/modify/delete/change requests can include maximum time limits • and size limits in the case of search • There can be multiple pending requests • each with unique messageID • Asynchronous replies • each includes messageID of request LDAP

  41. Search Request Parameters base scope size time attributes attrsonly search_filter LDAP

  42. Search Parameter: Base • The base is the DN of root of the search • A server typically serves only below some subtree of the global DN namespace. • You can ask the server to restrict the search to a subtree of what it serves. LDAP

  43. Search Parameter: Scope • base • search only the base element • onelevel • search all elements that are children of the base • subtree • search everything in the subtree base LDAP

  44. Search Parameter: Time • Limit on number of seconds the search can take. • Value of 0 means “no limit”. LDAP

  45. Search Parameter: Size • Limit on the number of entries to return from the search. • A value of 0 means no limit. Netprog: LDAP

  46. Search Parameter: Attributes • A list of attributes that should be returned for each matched entry. • NULL mean “all attributes” • Attribute names are strings. LDAP

  47. Search Parameter: Attrsonly • A flag that indicates whether values should be returned • TRUE: return both attributes and values • FALSE: return just list of attributes LDAP

  48. Search Parameter: Filter • A search filter defines the conditions that constitute a match • Filters are text strings • RFC 1558 describes the syntax of LDAP filters LDAP

  49. Search Filters • Restrict the search to those records • that have specific attributes, or • those whose attributes have restricted values "objectclass=*” match all records "cn=*mehmet*“ matches any record with “mehmet" in the value of cn LDAP

More Related