1 / 38

LDAP and Java Naming Services

LDAP and Java Naming Services. Murali. M .Nagendranath. Contents. LDAP (Lightweight Directory Access Protocol) JNDI (Java Naming & Directory Interface) Demonstration. LDAP. What is LDAP? History of LDAP Directories in LDAP Use and purpose of LDAP. What is LDAP?.

rajah-decker
Download Presentation

LDAP and Java Naming Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LDAP and Java Naming Services Murali. M .Nagendranath

  2. Contents • LDAP (Lightweight Directory Access Protocol) • JNDI (Java Naming & Directory Interface) • Demonstration

  3. LDAP • What is LDAP? • History of LDAP • Directories in LDAP • Use and purpose of LDAP

  4. What is LDAP? • Protocol of standard and extensible directory. • Protocol giving access the information contained in the directory. • Model of Information – Type of data. • Functional Model – Acess to information. • Safety Model - How access is protected. • Model of duplication - Distribution of data. • Replication Service.

  5. A Brief History • LDAP was born from the necessary adaptation of protocol DAP for TCP/IP. • Started at University of Michigan in 1993 in the same vision as that of X.500 • Latest version, v3, was made in 1997 • Netscape is now the center of research

  6. X.500 & LDAP • LDAP is less secure • Still a large amount of compatibility between them • LDAP’s ability to search across servers is the most important advantage of LDAP.

  7. Directories • Often compared to a phone book • DNS is an example • Can be used locally or globally • The list of all the names in a directory is it’s Name Space

  8. Directories in LDAP • Each entry has a unique distinguished name (DN) which is succession of attributes. • An attribute describes the characteristic of objects. • Normal attributes. • Operational attributes. • Characteristics of attributes • Name, mono/multi, limit of value. • DN’s are made up of the location of something in the directory

  9. Directories in LDAP: Examples • c stands for the country, o stands for organization • ou stands for organization units, cn is for individuals • cn=john, ou=administration, o=ibm, c=usa • o=ibm, c=usa • These are distinguished names. • Together these combinations specify something specific, although it need not be at the bottom level

  10. Directories in LDAP: Picture

  11. Directories in LDAP • Although that is the most common structure in LDAP, it is possible to define your own directory structure like the flat tree structure. • This can cause compatibility problems

  12. Functions in LDAP • 4 main commands in editing LDAP directories: • Add, delete, modify & modify DN • Modify changes the whole directory entry, modify DN just changes name of the entry

  13. Functions in LDAP: Modify DN example • cn=Modify Me, o=University of Florida, c=US cn=The New Me The command: ldapmodify -r -f /tmp/entrymods will change the RDN of the "Modify Me" entry from "Modify Me" to "The New Me" and the old cn, "Modify Me" will be removed

  14. Functions in LDAP:Delete Example • ldapdelete "cn=Delete Me, o=University of Florida, c=US" will attempt to delete the entry named with commonName "Delete Me" directly below the University of Florida organizational entry.

  15. Functions in LDAP:Modify Example • dn: cn=Modify Me, o=University of Florida, c=US changetype: modifyreplace: mailmail: Dr Frank@cise.ufl.eduadd: titletitle: Grand OCEANdelete: description

  16. Functions in LDAP:Modify Example cont. The above function will replace the contents of the "Modify Me" entry's mail attribute with the value “Dr Frank@cise.ufl.edu", add a title of "Grand OCEAN", and completely remove the description attribute. • The add function works almost the same as modify.

  17. Referral Scheme

  18. ..Contd • Client requests information • Server 1 returns referral to server 2 • Client resends request to server 2 • Server 2 returns information to client

  19. LDIF & its Uses • LDAP Data Interchange Format • Represents LDAP entries in text • Human readable format • Allows easy modification of data • To make basic imports/exports.

  20. SCHEMAS • Schema contains the following: • Required attributes • Allowed attributes • How to compare attributes • Limit what the attributes can store - ie, restrict to integer etc • Set of rules that describes what kind of data is stored • Helps maintain consistancy and quality of data • Reduces duplication of data

  21. Why is LDAP Important? • Provides a standard for finding people or resources • Much different then web searches, which are simply pattern matching • Quickly becoming popular with major companies ie: Netscape, Novell • Vendor independent open protocol

  22. What isn’t LDAP intended for? • Not useful as a local database • Not able to replace file systems • Not meant to replace DNS, but it can work in conjunction with DNS

  23. LDAP on the web • There are many web based LDAP servers that can be called in programs or searched directly via the web • Used behind the scenes at online shopping sites and other web sites • Used by Netscape for it’s email address book

  24. JNDI • What is JNDI? • Setup • Concepts & Classes

  25. What is JNDI? • Java Naming and Directory Interface API • Introduced in March, 1997 by Sun Microsystems • Purpose: to provide a common access to different types of directories

  26. What is JNDI?

  27. Packages • javax.naming • javax.naming.directory • javax.naming.event • javax.naming.ldap • javax.naming.spi

  28. Class: Context • Methods: • bind(String name, Object obj); • close(); • list(String name); • listBindings(String name); • lookup(String name); // most commonly used • rebind(String name, Object obj); • rename(String oldName, String newName); • unbind(String name);

  29. Class: DirContext • Extends Context • methods: • getAttributes(String name); • modifyAttributes(String name, ModificationItem[] mods); • search(String name, Attributes matchAttrs);

  30. Classes: InitialContext & InitialDirContext • All operations are performed relative to an initial context • set environment properties • Location of server (PROVIDER_URL) • How to create a context (INITIAL_CONTEXT_FACTORY) • instantiation may throw a NamingException

  31. Summary • LDAP is useful for finding people and/or resources over a network • Searches directories using distinguished names • JNDI provides a common access to directories of different types

  32. Demo • Retrieving an object’s attributes • Searching the directory by supplying a name

  33. 1. Retrieving an object’s attributes Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://directory.ufl.edu:389/o=ufl,c=us"); try { DirContext ctx = new InitialDirContext(env); // Get the attributes associated with the object bound to the name "ou=students" Attributes answer = ctx.getAttributes("ou=students");

  34. 1. Retrieving an object’s attributes (cont…) // Print out the attributes printIdAndValue(answer); System.out.println("-------------------------------------------"); ctx.close(); } catch (NamingException e) { System.err.println("Exception caught:" + e); }

  35. The print method NamingEnumeration enum = toPrint.getAll(); try { while (enum.hasMore()) { Attribute attr = (Attribute)enum.next(); // print out the attribute identifier System.out.println("attribute: " + attr.getID()); // print out each value for (NamingEnumeration valueEnum = attr.getAll(); valueEnum.hasMore(); System.out.println("value: " + valueEnum.next())); } } catch (NamingException e) { System.err.println("Exception caught: " + e); }

  36. 2. Name search DirContext ctx = new InitialDirContext(env); Attributes matchAttrs = new BasicAttributes(true); matchAttrs.put(new BasicAttribute("sn", "King")); /* The above code adds an attribute to the set; could also have done Attributes matchAttrs = new BasicAttributes("sn","King",true); Note: true = case insensitive; false = case sensitive */ // Note: a search returns an enumeration of SearchResult objects NamingEnumeration enum = ctx.search("ou=students", matchAttrs);

  37. 2. Name search (cont…) while (enum.hasMore()) { // Get the next SearchResult object & print out it's name SearchResult result = (SearchResult)enum.next(); System.out.println(">>>" + result.getName()); Attributes attrSet = result.getAttributes(); // attrSet is a set of attributes // print the attribute identifiers and values printIdAndValue(attrSet); }

  38. THANK YOU.

More Related