test

About Communication Adapters

About Sun Adapter for LDAP

This topic provides conceptual information about LDAP and its Sun Java CAPS Adapter.

About LDAP

LDAP (Lightweight Directory Access Protocol), is an Internet protocol for accessing information directories. A directory service is a distributed database application designed to manage the entries and attributes in a directory. LDAP runs over TCP/IP.

LDAP allows clients to access different directory services based on entries. It makes the entries, along with their attributes and values, available to users and other applications, on a controlled-access basis.

The LDAP OTD provides access to the operations available via the LDAP protocol. To give you a better understanding of these operations and how they are implemented in the OTD, this section briefly summarizes how LDAP works.

Entries, Attributes, and Values

An LDAP directory has entries that contain information pertaining to some entity. Each of the entry’s attributes has a name and one or more values. The names of attributes are most often mnemonic strings, such as cn for common name, or mail for e-mail address.

For example, a company may have an employee directory. Each entry in the employee directory represents an employee. The employee entry contains such information as the name, e-mail address, and phone number, as shown in the following example:


   cn: John Doe
   mail: johndoe@sun.com
   mail: jdoe@stc.com
   telephoneNumber: 471-6000 x.1234

Each part of the descriptive information, such as an employee’s name, is known as an attribute. In the example above, the Common Name (cn) attribute, represents the name of the employee. The other attributes are mail and telephoneNumber.

Each attribute can have one or more values. For example, an employee entry may contain a mail attribute whose values are johndoe@sun.com and jdoe@stc.com. In the previous example, the mail attribute contains two mail values.

LDAP Directory Structure

The organization of a directory is a tree structure. The topmost entry in a directory is known as the root entry. This entry normally represents the organization that owns the directory.

Entries at the higher level of hierarchy, represent larger groupings or organizations. Entries under the larger organizations represent smaller organizations that make up the larger ones. The leaf nodes (or entries) of the tree structure represent the individual persons or resources.

Distinguished Names and Relative Distinguished Names

An entry is made up of a collection of attributes that have a unique identifier called a distinguished name (DN). A DN consists of a name that uniquely identifies the entry at that hierarchical level. In the example above, John Doe and Jane Doe are different common names (cn) that identify different entries at that same level.

A DN is also a fully qualified path of names that trace the entry back to the root of the tree. For example, the distinguished name of the John Doe entry is:


   cn=John Doe, ou=People, dc=sun.com

A relative distinguished name (RDN) is a component of the distinguished name. For example, cn=John Doe, ou=People is a RDN relative to the root RDN dc=sun.com. DNs are used to describe the fully qualified path to an entry while an RDN is used to describe the partial path to the entry relative to another entry in the tree.

Wherever necessary, the LDAP OTD mimics this same directory structure.

LDAP Service and LDAP Client

A directory service is a distributed database application designed to manage the entries and attributes in a directory. A directory service also makes the entries and attributes available to users and other applications. OpenLDAP server is an example of a directory service. Other directory services include Sun Active Directory Service (Sun Microsystems) and Microsoft Active Directory.

A directory client accesses a directory service using the LDAP protocol. A directory client may use one of several client APIs available in order to access the directory service.

Referrals

The native APIs developed for the LDAP Adapter query the results of a search based on specified criteria. The search results may consist of a number of referrals.

A referral is an entity that is used to redirect a client’s request to another server. A referral contains the names and locations of other objects. For example, an LDAP server sends a referral to the client to indicate that the information that the client has requested can be found at another location (or locations), possibly at another server or several servers.

The referral contains the URL of the LDAP server that holds the actual entry. The LDAP URL contains the server’s host/port and an object’s DN.

About the LDAP Adapter

This section describes the general information about the LDAP Adapter and its operation with Sun Java CAPS ESB.

Adapter General Operation

The LDAP Adapter enables Sun Java CAPS ESB to exchange data with an LDAP directory on an LDAP server. The Adapter consists of two components, an LDAP connector and an LDAP Object Type Definition (OTD). The OTD utilizes the connector to connect to a particular LDAP server.

By connecting to an LDAP server, the Adapter enables Sun Java CAPS ESB to search, compare, and modify an LDAP directory using the LDAP protocol. The Adapter utilizes the LDAP OTD to perform these functions. This OTD carries LDAP information through Sun Java CAPS ESB and allows the information to be processed by Sun Java CAPS ESB’s Java-based Collaborations.

In addition, the LDAP OTD exposes the application programming interface (API) for accessing the LDAP directory. The LDAP OTD enables you to create Java-based Collaboration Definitions that execute LDAP operations, for example, searching an LDAP directory, adding entries to the directory, and modifying entries in the directory.

A given instance of an LDAP OTD uses only one instance of an LDAP connector. You can use as many instances of the LDAP OTD in a single data-exchange scenario, as necessary.

Java Naming and Directory Interface

The LDAP Adapter uses Sun Microsystem’s Java Naming and Directory Interface (JNDI) LDAP provider. This set of APIs allows a Java program to store objects and look up objects using multiple naming services in a standard manner.

The JNDI is included in the Java 2 Software Developer’s Kit (SDK) version 1.4 installed as part of Sun Java CAPS ESB.

Third-Party License File Agreement

A disclaimer readme file is available for review when you install the LDAP Adapter. The disclaimer is applicable to the jCookie Library, a robust and easy to use library for client-side HTTP state management in Java applications.

After successful installation, you can view the following third-party file using any text file viewer:

LDAPeWay_THIRDPARTYLICENSEREADME.txt

Third-party license files are located at:


   \repository\ThirdPartyLicenses

where repository indicates the folder where the Sun Java CAPS ESB Repository is installed.