β Scribed by Rob Weltman, Tony Dahbura
No coin nor oath required. For personal study only.
Lightweight Directory Access Protocol (LDAP) is now a staple of enterprise and Internet software environments. Those involved in Internet development where Java(tm) technology is prominent or in Enterprise Information Systems, will need to understand how to use Java technology - and in particular the Directory SDK for Java - to unlock the power of LDAP.
Written by the designer of the Directory SDK for Java and by a leading implementor of directory-based solutions, LDAP Programming with Java(tm) is the first accurate, concise, and complete guide on how to access LDAP from Java applications. Assuming familiarity with Java programming, the book provides a comprehensive discussion on LDAP, from basic directory concepts through the most advanced techniques. It collects in one convenient resource the many innovative and experienced-based techniques and approaches programmers have discovered to use the Directory SDK to solve LDAP Access challenges.
If you are new to LDAP, you will find helpful background on the role of directories in today's software systems; LDAP methods of storing, accessing, searching, and updating data; and how the Directory SDK for Java helps applications gain access to an LDAP server. Once you have become proficient with the essential concepts and techniques, you can read in depth about authentication, LDAP and JavaScript, working with JavaBeans(tm) for reusable LDAP components, expressing data relationships in a directory, and other advanced LDAP subjects.
Specific topics covered include:
* The LDAP naming and information models * The command-line tools of the SDK * Authentication with a DN password, Secure Sockets Layer (SSL), and Simple Authentication and Security Layer (SASL) * Configuring access control * Writing LDAP applets for a browser * Accessing the SDK from JavaScript * Storing Configuration and preferences in a directory * Encapsulating LDAP functionality in a JavaBean * Using LDAP in Java servlets * LDAP URLs * Multiple threads and multiple connections * Referrals and replicated systems * LDAP controls * Synchronous and asynchronous operations * Performance tips
The book also presents numerous examples, from simple code snippets to complete components and applications. The companion CD contains the entire book in searchable format, source code for the Directory SDK, and all of the examples from the book.
Preface......Page 17
Acknowledgments......Page 21
PART I INTRODUCTION......Page 23
C H A P T E R 1 What Can You
Find in a
Directory?......Page 25
What Is a Directory?......Page 26
Whatβs That Phone Number?......Page 28
Directory Clients for an Online Phone Book......Page 29
Is He Really Who He Says He Is?......Page 32
Working Together......Page 36
Computers, Printers, Toasters . . .......Page 38
I Heard It through the Grapevine......Page 41
Directories for a Single Network: Proprietary Solutions......Page 42
X.500: The βHeavyweightβ Directory Service......Page 43
From Humble Beginnings......Page 44
Future Directions for LDAP......Page 46
The LDAP Information Model......Page 48
The LDAP Naming Model......Page 52
LDAP Spoken Here......Page 53
Directory SDK for C......Page 54
Directory SDK for Java......Page 55
Java Naming and Directory Interface......Page 57
Freedom from Protocol Handling......Page 59
Full Access to All LDAP Services......Page 60
A Platform for Directory-Enabled Applications......Page 61
Dynamic Organizational Chart......Page 62
Directory-Linking Tool......Page 63
Access Control for Existing or New Applications......Page 65
Installing the SDK......Page 67
Conclusion......Page 70
PART II GETTING
STARTED......Page 71
Before You Download and Install the Software......Page 73
Installing Netscape Directory Server......Page 74
Setting Up the Sample Database......Page 77
Finding Entries with LDAPSearch......Page 79
Adding Entries to the Directory......Page 81
Understanding LDIF: How to Describe a Directory Entry......Page 82
Object Classes: Determining What Information
Makes Up an Entry......Page 85
Examples of Defining and Adding Entries......Page 86
Conclusion......Page 88
Our First Search......Page 89
Scope......Page 90
Filter......Page 92
Attributes......Page 93
Search Preferences......Page 95
Our First Search Program......Page 96
Using Search Filters......Page 100
Handling Results......Page 102
Attributes in Detail......Page 105
I Want Only One Record and I Have the DN......Page 107
Searching and Comparing......Page 109
More on Filters......Page 110
Sorting......Page 122
Authenticating for Searches......Page 124
Improving Directory Search Performance......Page 125
Retrieve Only Attributes You Need......Page 126
Conclusion......Page 127
Before We Can Update: Authentication Basics......Page 129
Summary of Steps to Add a New Entry......Page 133
Inserting Records from a Data File......Page 135
Adding an Organizational Unit......Page 138
Modifying an Existing Entry......Page 139
Modifying an Attribute......Page 140
Removing an Attribute......Page 141
Updating Multivalued Attributes......Page 142
Storing Binary Data......Page 143
Storing Preferences and State......Page 157
Deleting an Entry......Page 169
Renaming an Entry: Modifying the RDN......Page 173
Managing Groups......Page 180
Removing a User from a Group......Page 183
Using the LDAPIsMember Bean......Page 184
Conclusion......Page 185
No Standards for Access Control......Page 187
Setting Up an Access Control List......Page 188
Viewing Access Control Lists through LDAP......Page 194
Modifying Access Control Lists through LDAP......Page 197
Authenticating to the Directory......Page 198
Using Password-Based Authentication......Page 199
Communicating over Secure Sockets Layer......Page 200
Using Certificate-Based Authentication......Page 203
Using SASL Authentication......Page 204
Authenticating with SASL in LDAP......Page 205
Callbacks in SASL......Page 206
The SASL Framework Classes......Page 208
Preparing to Use an Existing Mechanism......Page 211
Your Own SaslClient and ClientFactory......Page 212
Conclusion......Page 218
PART I I I GETTING DOWN
AND DIRTY......Page 219
Whatβs So Different about an Applet?......Page 221
Certificates and Signed Applets......Page 222
Requesting Connection Privileges......Page 226
Generating a Test Certificate......Page 231
Signing Your Code......Page 232
Testing Your Applet......Page 236
Writing LDAP Applets for Microsoft Internet Explorer......Page 237
Requesting Connection Privileges......Page 238
Packaging Your Applet......Page 239
Signing Your Code......Page 240
Writing LDAP Applets for Java Plug-In Software......Page 243
Generating a Key Pair and Self-signed Certificate......Page 244
Signing Your Code......Page 245
Setting Up the End Userβs System......Page 247
A Simple Example for Java Plug-In Software......Page 251
Conclusion......Page 263
Accessing Java Applets from JavaScript......Page 265
Accessing Java Objects from JavaScript......Page 272
JavaScript Gotchas......Page 276
Handling Java Exceptions in JavaScript......Page 278
Requesting Privileges and Signing Your JavaScript Code......Page 284
Conclusion......Page 287
Invisible LDAP JavaBeans......Page 289
LDAPBasePropertySupport......Page 291
LDAPSimpleAuth......Page 296
LDAPGetEntries......Page 300
Directory-Based Authentication in JavaScript......Page 309
Using PropertyChangeEvent Notifications......Page 311
A Directory Browser......Page 314
A Directory Lister......Page 354
Conclusion......Page 362
C H A P T E R 1 1 Make Your
Application
Location-Independent......Page 363
The Teex JavaBean......Page 364
A Class for User Preferences......Page 366
Storing Preferences as Attributes in User Entries......Page 375
Saving Preferences as an Object in the Directory......Page 387
Using Directory Structure to Model Attributes......Page 391
Conclusion......Page 397
Mirroring an Organizational Structure......Page 399
Attributes as Pointers......Page 400
Parsing the Reporting Relationships in a Directory......Page 402
An Alternative Strategy for Management Parsing......Page 414
An Organizational Chart Tree Component......Page 418
A More Traditional Organizational Chart Component......Page 426
Inspecting Properties of an Entry......Page 430
Connecting the Property Table and the Directory Viewers......Page 437
Conclusion......Page 443
Overview of Servlets......Page 445
Uses of LDAP in Servlets......Page 446
Designing the LDAP Servlet......Page 447
Location of Files......Page 448
Accessibility with a Simple Browser......Page 449
User Self-administration......Page 450
Connection-Pooling Class......Page 451
Servlet Request-Response Model......Page 461
Setting Up and Using the Servlet......Page 506
Conclusion......Page 508
PART IV BEYOND
THE BASICS......Page 509
How Do They Affect Me?......Page 511
A View into Options......Page 512
TimeLimit......Page 513
HopLimit......Page 514
Constraints for Searching......Page 515
ServerTimeLimit......Page 517
MaxResults......Page 519
Conclusion......Page 520
An IETF Standard......Page 521
Using LDAP URLs in Java......Page 523
Not Your Average URL......Page 524
A Rose by Any Other Name . . .......Page 525
When What You Read Is Not What You Wrote......Page 527
Sometimes One Thread Is Not Enough......Page 529
Donβt Step on My Settings......Page 532
A Cloned Connection Is a Safe Connection......Page 534
Pool the Connections......Page 536
To Cache or Not to Cache......Page 538
Conclusion......Page 540
Programmatic Access through the Schema Classes......Page 541
A Pretty Printer for Schema Contents......Page 546
Controls: An Essential Extension......Page 556
Too Much Data: A Virtual List View......Page 557
Call Me When Youβre Ready: Persistent Search......Page 576
Password Expiration Notification......Page 579
Trust Me: The Proxied Authorization Control......Page 581
Your Very Own Controls: Using the BER Package......Page 583
Catching and Processing Referral Exceptions......Page 594
Automatic Referrals: Anonymous or under Client Control......Page 595
LDAPBind for Complete Client Control......Page 597
And Now for Something Completely
Different: Extended Operations......Page 598
Aiming for 247: Failover and Reconnecting......Page 601
Controlling the Result Queue: The Connection Backlog......Page 602
Down to the Wire: Using the Asynchronous Interface......Page 603
Conclusion......Page 609
PART V APPENDICES......Page 611
Where to Get RFCs and Internet Drafts......Page 613
LDAP RFCs......Page 614
LDAP Internet Drafts......Page 616
X.500 Documents......Page 620
X.500......Page 623
LDAP Client SDKs......Page 624
Add-On Products for LDAP Directories......Page 625
Miscellaneous......Page 626
LDAP in Your Inbox......Page 627
LDAP Servers at Your Disposal......Page 628
LDAPConnection and Connection Management......Page 629
Basic LDAP Message and Data Encapsulation......Page 634
Handling Messages from the Server......Page 640
Authentication and Reauthentication......Page 641
Exceptions......Page 642
Controls......Page 643
Caching......Page 648
Client-Side Sorting......Page 649
Schema Representation......Page 650
Miscellaneous Utility Classes......Page 653
DNs and RDNs......Page 655
LDIF Reader Classes......Page 656
Connection Pool......Page 659
The table Package......Page 661
The util Package......Page 667
Object Classes......Page 679
Structural Object Classes......Page 680
Auxiliary Object Classes......Page 683
Attribute Syntaxes......Page 684
Attribute Types......Page 685
A P P E N D I X E LDAP Error
Codes......Page 691
Index......Page 695
π SIMILAR VOLUMES
Unlike the description on the web site, this book came in a smaller size as a thick paperback novel, fine print. Very strange and uncomfortable to read. Covers a good amount of details of Sun LDAP JDK, but little on JNDI. I think it's starting to show its age now.
In this book, the creators of the Directory SDK for Java show how it can be used to build powerful, standards-based directory applications that leverage LDAP directory information on intranets, the Internet, even in E-commerce applications. Start by reviewing what Directories are, what directory-ena
SOAP (Simple Object Access protocol) is an XML-based messaging protocol for creating distributed Web applications. In plain English: it solves a basic business problem, which is creating Web applications that have to talk with servers that are running on different platforms (Windows, Unix, Linux and