1 LDAP and Java Naming Services Murali. M.Nagendranath

2 Contents 1LDAP (Lightweight Directory Access Protocol) 2JNDI (Java Naming & Directory Interface) 3Demonstration

3 LDAP 1What is LDAP? 2History of LDAP 4Directories in LDAP 5Use and purpose of LDAP

4 What is LDAP? Protocol of standard and extensible directory. Protocol giving access the information contained in the directory. Model of Information – Type of data. Functional Model – Acess to information. Safety Model - How access is protected. Model of duplication - Distribution of data. Replication Service.

5 A Brief History LDAP was born from the necessary adaptation of protocol DAP for TCP/IP. Started at University of Michigan in 1993 in the same vision as that of X.500 Latest version, v3, was made in 1997 Netscape is now the center of research

6 X.500 & LDAP LDAP is less secure Still a large amount of compatibility between them LDAP’s ability to search across servers is the most important advantage of LDAP.

7 Directories Often compared to a phone book DNS is an example Can be used locally or globally The list of all the names in a directory is it’s Name Space

8 Directories in LDAP Each entry has a unique distinguished name (DN) which is succession of attributes. An attribute describes the characteristic of objects. Normal attributes. Operational attributes. Characteristics of attributes Name, mono/multi, limit of value. DN’s are made up of the location of something in the directory

9 Directories in LDAP: Examples c stands for the country, o stands for organization ou stands for organization units, cn is for individuals cn=john, ou=administration, o=ibm, c=usa o=ibm, c=usa These are distinguished names. Together these combinations specify something specific, although it need not be at the bottom level

10 Directories in LDAP: Picture

11 Directories in LDAP Although that is the most common structure in LDAP, it is possible to define your own directory structure like the flat tree structure. This can cause compatibility problems

12 Functions in LDAP 4 main commands in editing LDAP directories: –Add, delete, modify & modify DN Modify changes the whole directory entry, modify DN just changes name of the entry

13 Functions in LDAP: Modify DN example cn=Modify Me, o=University of Florida, c=US cn=The New Me The command: ldapmodify -r -f /tmp/entrymods will change the RDN of the "Modify Me" entry from "Modify Me" to "The New Me" and the old cn, "Modify Me" will be removed

14 Functions in LDAP:Delete Example ldapdelete "cn=Delete Me, o=University of Florida, c=US" will attempt to delete the entry named with commonName "Delete Me" directly below the University of Florida organizational entry.

15 Functions in LDAP:Modify Example dn: cn=Modify Me, o=University of Florida, c=US changetype: modify replace: mail mail: Dr add: title title: Grand OCEAN delete: description

16 Functions in LDAP:Modify Example cont. The above function will replace the contents of the "Modify Me" entry's mail attribute with the value “Dr add a title of "Grand OCEAN", and completely remove the description attribute. The add function works almost the same as modify.

17 Referral Scheme

18..Contd 1.Client requests information 2.Server 1 returns referral to server 2 3.Client resends request to server 2 4.Server 2 returns information to client

19 LDIF & its Uses LDAP Data Interchange Format Represents LDAP entries in text Human readable format Allows easy modification of data To make basic imports/exports.

20 SCHEMAS Schema contains the following: Required attributes Allowed attributes How to compare attributes Limit what the attributes can store - ie, restrict to integer etc Set of rules that describes what kind of data is stored Helps maintain consistancy and quality of data Reduces duplication of data

21 Why is LDAP Important? Provides a standard for finding people or resources Much different then web searches, which are simply pattern matching Quickly becoming popular with major companies ie: Netscape, Novell Vendor independent open protocol

22 What isn’t LDAP intended for? Not useful as a local database Not able to replace file systems Not meant to replace DNS, but it can work in conjunction with DNS

23 LDAP on the web There are many web based LDAP servers that can be called in programs or searched directly via the web Used behind the scenes at online shopping sites and other web sites Used by Netscape for it’s address book

24 JNDI 1What is JNDI? 2Setup 3Concepts & Classes

25 What is JNDI? Java Naming and Directory Interface API Introduced in March, 1997 by Sun Microsystems Purpose: to provide a common access to different types of directories

26 What is JNDI?

27 Packages javax.naming javax.naming.directory javax.naming.event javax.naming.ldap javax.naming.spi

28 Class: Context Methods: –bind(String name, Object obj); –close(); –list(String name); –listBindings(String name); –lookup(String name); // most commonly used –rebind(String name, Object obj); –rename(String oldName, String newName); –unbind(String name);

29 Class: DirContext Extends Context methods: –getAttributes(String name); –modifyAttributes(String name, ModificationItem[] mods); –search(String name, Attributes matchAttrs);

30 Classes: InitialContext & InitialDirContext All operations are performed relative to an initial context set environment properties –Location of server (PROVIDER_URL) –How to create a context (INITIAL_CONTEXT_FACTORY) instantiation may throw a NamingException

31 Summary LDAP is useful for finding people and/or resources over a network Searches directories using distinguished names JNDI provides a common access to directories of different types

32 Demo 1Retrieving an object’s attributes 2Searching the directory by supplying a name

33 1. Retrieving an object’s attributes Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://directory.ufl.edu:389/o=ufl,c=us"); try { DirContext ctx = new InitialDirContext(env); // Get the attributes associated with the object bound to the name "ou=students" Attributes answer = ctx.getAttributes("ou=students");

34 1. Retrieving an object’s attributes (cont…) // Print out the attributes printIdAndValue(answer); System.out.println(" "); ctx.close(); } catch (NamingException e) { System.err.println("Exception caught:" + e); }

35 The print method NamingEnumeration enum = toPrint.getAll(); try { while (enum.hasMore()) { Attribute attr = (Attribute)enum.next(); // print out the attribute identifier System.out.println("attribute: " + attr.getID()); // print out each value for (NamingEnumeration valueEnum = attr.getAll(); valueEnum.hasMore(); System.out.println("value: " + valueEnum.next())); } } catch (NamingException e) { System.err.println("Exception caught: " + e); }

36 2. Name search DirContext ctx = new InitialDirContext(env); Attributes matchAttrs = new BasicAttributes(true); matchAttrs.put(new BasicAttribute("sn", "King")); /* The above code adds an attribute to the set; could also have done Attributes matchAttrs = new BasicAttributes("sn","King",true); Note: true = case insensitive; false = case sensitive */ // Note: a search returns an enumeration of SearchResult objects NamingEnumeration enum = ctx.search("ou=students", matchAttrs);

37 2. Name search (cont…) while (enum.hasMore()) { // Get the next SearchResult object & print out it's name SearchResult result = (SearchResult)enum.next(); System.out.println(">>>" + result.getName()); Attributes attrSet = result.getAttributes(); // attrSet is a set of attributes // print the attribute identifiers and values printIdAndValue(attrSet); }

38 THANK YOU.