JAVA LDAP Dima Ionut Daniel. Contents What is LDAP? LDAP Operations Directory Service JNDI as LDAP API Pooling Spring LDAP UnboundId LDAP SDK JAVA LDAP.

Slides:

Advertisements

Similar presentations

Message Passing Vs Distributed Objects

Advertisements

Welcome to Middleware Joseph Amrithraj

Java Network Programming Vishnuvardhan.M. Dept. of Computer Science - SSBN Java Overview Object-oriented Developed with the network in mind Built-in exception.

JNDI Java Naming Directory Interface JNDI is an API specified in Java that provides naming and directory functionality to applications written in Java.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group ( Provides a set of tools and.

Java Naming and Directory Interface JNDI. v001025JNDI2 Topics Naming and Directory Services JNDI Overview Features and Code Samples JNDI Providers References.

Comparison of the RMI and the socket APIs

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

Directory & Naming Services CS-328 Dick Steflik. A Directory.

Faculty of Information Technology © Copyright UTS Faculty of Information Technology - JNDIJNDI-1 Advanced Java Programming JNDI v2 Chris Wong

Basics of JNDI Alessio Bechini June Naming and Directory Services: Rationale A fundamental element in every application is the capability to find.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

2 Systems Architecture, Fifth Edition Chapter Goals Describe client/server and multi-tier application architecture and discuss their advantages compared.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

Object and component “wiring” standards This presentation reviews the features of software component wiring and the emerging world of XML-based standards.

Corso di Formazione Sodalia “Enterprise Java Beans” JNDI Java Naming and Directory Interface.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.

By Lecturer / Aisha Dawood 1.  You can control the number of dispatcher processes in the instance. Unlike the number of shared servers, the number of.

9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

Topic : JNDI Kaster Nurmukan. JNDI2(c)CDAC(Formerly NCST) What is JNDI? Naming and Directory Services Naming Concepts Issues JNDI Architecture Programming.

Advanced Programming Rabie A. Ramadan 7.

Java Naming and Directory Interfaces. A naming service is an entity that performs the following tasks:  It associates names with objects. Similar to.

XML Registries Source: Java TM API for XML Registries Specification.

Comparing JavaBeans and OSGi Towards an Integration of Two Complementary Component Models HUMBERTO CERVANTES JEAN-MARIE FAVRE 09/02.

Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

Spring/2002 Distributed Software Engineering C:\unocourses\4350\slides\DefiningThreads 1 RMI.

Client Call Back Client Call Back is useful for multiple clients to keep up to date about changes on the server Example: One auction server and several.

CORBA Common Object Request Broker Architecture. Basic Architecture A distributed objects architecture. Logically, an object client makes method calls.

CS 501: Software Engineering Fall 1999 Lecture 12 System Architecture III Distributed Objects.

Chapter 6 Introduction to Defining Classes. Objectives: Design and implement a simple class from user requirements. Organize a program in terms of a view.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.

CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, written in Java code, that.

1 Chapter 38 RPC and Middleware. 2 Middleware  Tools to help programmers  Makes client-server programming  Easier  Faster  Makes resulting software.

REST By: Vishwanath Vineet.

Copyright 2007 SpringSource. Copying, publishing or distributing without express written permission is prohibited. Introduction to Data Access with Spring.

Java Network Programming Network Programming Spring 2000 Jeffrey E. Care

LDAP- Protocol and Applications. Role of LDAP Allow clients to access a directory service Directories hold hierarchical structured information Clients.

Spring LDAP Dima Ionut Daniel.

G.v. Bochmann, revised Jan Comm Systems Arch 1 Different system architectures Object-oriented architecture (only objects, no particular structure)

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Remote Method Invocation A Client Server Approach.

Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.

Java Naming and Directory Interface. Contents Naming and directory services JNDI RMI Conclusion.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

1 CEG 2400 Fall 2012 Directory Services Directory Services eDirLDAP Active Directory.

Google Code Libraries Dima Ionut Daniel. Contents What is Google Code? LDAPBeans Object-ldap-mapping Ldap-ODM Bug4j jOOR Rapa jongo Conclusion Bibliography.

Apache Solr Dima Ionut Daniel. Contents What is Apache Solr? Architecture Features Core Solr Concepts Configuration Conclusions Bibliography.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

Internet and Distributed Application Services

Java Distributed Object System

Introduction to LDAP Frank A. Kuse.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 2 Database System Concepts and Architecture.

Knowledge Byte In this section, you will learn about:

Distributed Systems Bina Ramamurthy 11/30/2018 B.Ramamurthy.

Chapter 40 Remote Method Invocation

Bina Ramamurthy Chapter 9

Architecture Competency Group

Bina Ramamurthy Chapter 9

Chapter 46 Remote Method Invocation

Chapter 46 Remote Method Invocation

J2EE Lecture 13: JMS and WebSocket

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL

Chengyu Sun California State University, Los Angeles

Exceptions and networking

Plug-In Architecture Pattern

Presentation transcript:

JAVA LDAP Dima Ionut Daniel

Contents What is LDAP? LDAP Operations Directory Service JNDI as LDAP API Pooling Spring LDAP UnboundId LDAP SDK JAVA LDAP frameworks Conclusion Bibliography

What is LDAP? LDAP(The Lightweight Directory Access Protocol) is an Internet standard protocol used by applications to access information in a directory. It runs directly over TCP, and can be used to access a standalone LDAP directory service. LDAP is based on a client-server model. LDAP is defined in terms of ASN.1 and transmitted using BER. Abstract Syntax Notation One (ASN.1) is a standard and flexible notation that describes rules and structures for representing, encoding, transmitting, and decoding data in telecommunications and computer networking. The Basic Encoding Rules (BER) is one of the encoding formats defined as part of the ASN.1 standard specified by the International Telecommunication Union (ITU )in X.690. The LDAP directory service model is based on entries. An entry is a collection of attributes that describing it. Each attribute has a name, type and one or more values. In LDAP, directory entries are arranged in a hierarchical tree-like structure, starting at a root and then branching down into individual entries. Each entry is uniquely identified by a distinguished name. A distinguished name consists of a name that uniquely identifies the entry at that hierarchical level.

What is LDAP? Request for Comments (RFC) is a memorandum published by the Internet Engineering Task Force (IETF) describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected system. Useful LDAP RFCs: RFC 2251: "Lightweight Directory Access Protocol (v3)“  This is the main RFC for LDAPv3, which defines the protocol operations, data representation, and data organization. RFC 2252: "Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions“  defines the standard attribute type representations and specifies how attribute values are compared for each standard type during a search operation. RFC 2253: "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names“  defines the syntax and structure of DN names. RFC 2254: "The String Representation of LDAP Search Filters“. RFC 2255: "The LDAP URL Format"  defines the URL format for expressing an LDAP search. We can enter an LDAP URL in many browsers to perform an LDAP search. RFC 2589: "LDAPv3 Extensions for Dynamic Directory Services”  defines extended operations to support dynamic (short-lived) directory data storage.

LDAP Operations LDAP is based on a client-server model. An LDAP client can perform these operations, among others: - searching and retrieving entries from the directory - adding new entries in the directory - updating entries in the directory - deleting entries in the directory - renaming entries in the directory - performing extended requests To perform any of these LDAP operations, an LDAP client needs to establish a connection with an LDAP server. The LDAP protocol specifies the use of TCP/IP port number 389, although servers may run on other ports. The LDAP protocol also defines a simple method for authentication. LDAP servers can be set up to restrict permissions to the directory. Before an LDAP client can perform an operation on an LDAP server, the client must authenticate itself to the server by supplying a distinguished name and password. If the user identified by the distinguished name does not have permission to perform the operation, the server does not execute the operation.

Directory Service A directory service is the software system that stores, organizes and provides access to information in a directory. It allows the lookup of values given a name, similar to a dictionary. As a word in a dictionary may have multiple definitions, in a directory, a name may be associated with multiple, different pieces of information. Open Source implementations: – OpenDS – 389 Directory Server – ApacheDS – OpenLDAP Commercial implementations: – Red Hat Directory Server – UnboundID Directory Server – IBM Tivoli Directory Server – Oracle Internet Directory

JNDI as LDAP API JNDI(Java Naming and Directory Interface) an API to access the directory and naming services. The association of a name with an object is called a binding. An LDAP name is bound to an LDAP entry. A context is a set of name-to-object bindings. A name in one context object can be bound to another context object (called a subcontext) that has the same naming convention. The JNDI architecture consists of an API and a Service Provider Interface (SPI). The SPI enables a variety of naming and directory services to be plugged in transparently.

JNDI as LDAP API JNDI is included in the Java SE Platform. The JDK includes service providers for the following naming/directory services: -Lightweight Directory Access Protocol (LDAP) - Common Object Request Broker Architecture (CORBA) Common Object Services (COS) nameservice -Java Remote Method Invocation (RMI) Registry -Domain Name Service (DNS) The JNDI is divided into five packages: -javax.naming -javax.naming.directory -javax.naming.ldap -javax.naming.event -javax.naming.spi

JNDI as LDAP API JNDI useful classes for working with LDAP: javax.naming.InitialContext  starting context for performing naming operations. javax.naming.ldap.LdapContext  context in which we can perform operations with LDAPv3 and also perform LDAP extended operations. javax.naming.directory.DirContext  contains methods for examining and updating attributes associated with objects and for searching the directory. javax.naming.directory.SearchControls  encapsulates information for performing search operation javax.naming.directory.SearchResult  result returned from dap search operation. javax.naming.directory.Attribute  atribut asociat unui obiect JNDI javax.naming.directory.Attributes  collection of attributes javax.naming.Context  reprezinta un context de binding-uri.

JNDI as LDAP API

This example shows how search from the Directory Server attributes that have multiple values.

JNDI as LDAP API This example shows how to create an entry into the Directory Server using JNDI.

JNDI as LDAP API This example shows how to modify an entry from the Directory Server using JNDI. This example shows how to delete an entry from the Directory Server using JNDI.

Pooling Connection pooling is configured and maintained per Java runtime. To use connection pooling, no configuration is required. We configure connection pooling by using a number of system properties at program startup time. These are system properties, not environment properties and that they affect all connection pooling requests. System properties for configuring connection pooling: com.sun.jndi.ldap.connect.pool.authentication  a list of space-separated authentication types of connections that may be pooled. Valid types are "none", "simple", and "DIGEST-MD5". com.sun.jndi.ldap.connect.pool.debug  debug levels: "fine" (trace connection creation and removal) and "all" (all debugging information). com.sun.jndi.ldap.connect.pool.initsize  the number of connections per connection identity to create when initially creating a connection for the identity. com.sun.jndi.ldap.connect.pool.maxsize  the maximum number of connections per connection identity that can be maintained concurrently. com.sun.jndi.ldap.connect.pool.prefsize  the preferred number of connections per connection identity that should be maintained concurrently. com.sun.jndi.ldap.connect.pool.protocol  protocol types of connections that may be pooled. Valid types are "plain" and "ssl". com.sun.jndi.ldap.connect.pool.timeout  the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool. com.sun.jndi.ldap.connect.pool  enables connection pooling

Pooling When we request a Context instance the connection that is used might of might not be pooled based on the "com.sun.jndi.ldap.connect.pool" environment property. The LDAP provider needs to determine whether the request can be satisfied by an existing pooled connection. There are three sizes that affect the management of each pool. These sizes are global and affect all pools. By default, the initial pool size is 1 and can be changed by using the system property "com.sun.jndi.ldap.connect.pool.initsize". When the pool size reaches the maximum and all of the connections in the pool are in use, the application's request for a connection from that pool is blocked until a connection in the pool either becomes idle or is removed. A maximum pool size of 0 means that there is no maximum size. A request for a pooled connection will use an existing pooled idle connection or a newly created pooled connection. By default, idle connections remain in the pool indefinitely until they are garbage-collected. If the "com.sun.jndi.ldap.connect.pool.timeout" system property has been set, the LDAP provider will automatically close and remove pooled connections that have been idle for more than the specified period.

Spring LDAP The Spring Framework is an open source application framework and Inversion of Control container for the Java platform. Inversion of Control (IoC) is a programming design pattern that specifies a layer of abstraction between components. Components link together through public interfaces in a plug-in architecture, they are then stitched together in a factory. Because the control over object instantiation and linking is external, this is termed “Inversion of Control”. Spring LDAP ( is a library for simpler LDAP programming in Java. It completely eliminates the need to worry about creating and closing LdapContext and looping through NamingEnumeration. It provides classes for dynamically building LDAP filters and DNs (Distinguished Names), LDAP attribute management, and client-side LDAP transaction management.

Spring LDAP

This example shows how search from the Directory Server using Spring LDAP.

Spring LDAP This example shows how to create and delete an entry into the Directory Server using Spring LDAP.

Spring LDAP

UnboundId LDAP SDK The UnboundID LDAP SDK is a pure Java 100% implementation, with no dependencies. It provides support for synchronous and asynchronous operations, with pooling features, load balancing, etc. The LDAP SDK source code is marked with annotations that help developers understand how it is intended to LDAP also offers: ASN.1 encoding / decoding, Connect and disconnect, LDIF reading and writing, LDAP communication, Directory Server monitor data access, Exceptions caught. This example shows how search from the Apache Directory Server.

UnboundId LDAP SDK This examples shows the add, modify and delete operations.

UnboundId LDAP SDK The UnboundID LDA SDK provides easy use of LDAP extended requests. The Extended Operation is a generic LDAP operation that can define new operations that were not part of the original protocol specification. Common extended operations: StartTLS, Abandon, Modify Password, Who am I? Open DS support for extended requests Apache DS support for extended requests

JAVA LDAP frameworks The LDAPBeans project provided mapping between java interfaces and LDAP attributes. LDAPBeans is a tool that allows easy access to LDAP objects throw Java interfaces. We declare java interfaces describing LDAP objects without having to write the implementation of our beans. Features:  Primitive type mapping  Complex mapping using regular expressions  Mapping to other LdapBean object  LDAP directory access cache

JAVA LDAP frameworks LdapBeanManager is used as utility class that can create java proxy objects based on the interface declared. It’s also responsible for working with the internal ldap connection pool and doing the cleanup process.

JAVA LDAP frameworks The object-ldap-mapping Project provides a mapping between java POJO classes and LDAP attributes in a JPA similar way. Annotations used from the library: LdapObject, DnPrefix, LdapAttribute. It depends on Spring Ldap library.

JAVA LDAP frameworks Beans.xml spring context file needed for creating a LdapManager object.

JAVA LDAP frameworks LDAP-ODM is a framework for mapping LDAP directory entries to Java objects. It uses Spring 2.0, Spring- Ldap 1.1 and CGLib 2.0 to provide object-oriented access to LDAP directory entries. Features:  LDAP metadata at class-level annotations  Caching of mapped objects  Collections support  Loading objects by DN and query via standard LDAP query.

JAVA LDAP frameworks The entry point for working with LDAP entry object-oriented is the SessionFactory class.

JAVA LDAP frameworks After obtaining the Session object we can create, modify, find ldap entries.

Conclusion The advantage of using JAVA with LDAP is that is fast, powerful. LDAP is used for authentication, very fast data retrieval. LDAP is hierarchical, simplier.

Bibliography JDK API