To issue a DSML request you can bind to the directory as a specified user or anonymously. To bind as a specified user, the request must include an HTTP authorization header containing a UID and a password that are mapped to a DN, as shown in Example 10–3.
POST /dsml HTTP/1.1 content-length: 578 content-Type: text/xml; charset="utf-8" HOST: hostname Authorization: Basic ZWFzdGVyOmVnZw== SOAPAction: "" Connection: close <?xml version=’1.0’ encoding=’UTF-8’?\> <soap-env:Envelope xmlns:xsd=’http://www.w3.org/2001/XMLSchema’ xmlns:xsi=’http://www.w3.org/2001/XMLSchema-instance’ xmlns:soap-env=’http://schemas.xmlsoap.org/soap/envelope/’\> <soap-env:Body\> <batchRequest xmlns=’urn:oasis:names:tc:DSML:2:0:core’\> <extendedRequest\> <requestName\>1.3.6.1.4.1.4203.1.11.3</requestName\> </extendedRequest\> </batchRequest\> </soap-env:Body\> </soap-env:Envelope\>
In this example the HTTP authorization header transports the user ID easter and the password egg, which, in clear, appears as easter:egg, and encoded in base64 as Authorization: Basic ZWFzdGVyOmVnZw==.
The <extendedRequest\> tag is used to specify an LDAP Extended Operation. The <requestName\> tag is used to specify the OID of the extended operation. In this example, the OID 1.3.6.1.4.1.4203.1.11.3 identifies the whoami extended operation.
The response to the DSML extended operation shows the DN of the user that made the bind request. In Example 10–4, the whoami response, which contains the DN, is shown in the response line.
<response\>dn:uid=easter,ou=people,dc=example,dc=com</response\>
HTTP/1.1 200 OK Cache-control: no-cache Connection: close Date: Fri, 15 Dec 2006 09:15:09 GMT Accept-Ranges: none Server: Sun-Java(tm)-System-Directory/6.2 Content-Type: text/xml; charset="utf-8" Content-Length: 697 <?xml version=’1.0’ encoding=’UTF-8’ ?\> <soap-env:Envelope xmlns:xsd=’http://www.w3.org/2001/XMLSchema’ xmlns:xsi=’http://www.w3.org/2001/XMLSchema-instance’ xmlns:soap-env=’http://schemas.xmlsoap.org/soap/envelope/’ \> <soap-env:Body\> <batchResponse xmlns:xsd=’http://www.w3.org/2001/XMLSchema’ xmlns:xsi=’http://www.w3.org/2001/XMLSchema-instance’ xmlns=’urn:oasis:names:tc:DSML:2:0:core’ \> <extendedResponse\> <resultCode code=’0’ descr=’success’/\> <responseName\>1.3.6.1.4.1.4203.1.11.3</responseName\> <response\>dn:uid=easter,ou=people,dc=example,dc=com</response\> </extendedResponse\> </batchResponse\> </soap-env:Body\> </soap-env:Envelope\>
For anonymous access, no HTTP authorization header is required, although anonymous access is often subject to strict access controls, and possibly to data access restrictions. Similarly, you can issue DSML requests to perform LDAP operations by LDAP proxy.
Because DSML requests are managed on a batch basis, if you issue requests by LDAP proxy, the required DSML proxy authorization request must be the first in a given batch of requests.