Chapter 2 Using the Netscape Directory SDK for Java

This chapter describes the Lightweight Directory Access Protocol (LDAP) Java classes and the Netscape Directory SDK for Java.

• "Understanding the LDAP Java Classes"
• "Getting Started with the Netscape Directory SDK for Java"

• netscape.ldap contains the main LDAP Java classes, including classes that allow you to connect to an LDAP server, manipulate entries and attributes, and retrieve search results.
• netscape.ldap.beans contains the LDAP JavaBeans. You can use these Beans in a development environment such as Sun's Bean Development Kit (BDK).
• netscape.ldap.ber.stream contains the LDAP Java classes that implement the Basic Encoding Rules (BER) for transfer syntax. For more information on BER, see ISO/IEC 8825 at http://www.iso.ch/.
• netscape.ldap.controls contains the LDAP Java classes that implement specific LDAP v3 controls. These include controls to request server-side sorting and persistent searches.
• netscape.ldap.util contains utility classes, such as classes to parse LDIF data and filters that allow regular expression matching.
• com.netscape.sasl contains the interfaces and classes that you can use to enable your client to authenticate by using a SASL mechanism.
• com.netscape.jndi contains Netscape's LDAP service provider and its dependent classes. This JNDI implementation is discussed further in Chapter 15, "Using the JNDI Service Provider."

• Getting and Installing the SDK
• Exploring the SDK
• Preparing to Use the SDK
• Writing Applets with the SDK
• Checking the Version of Classes from an Applet
• Working with the LDAP JavaBeans
• Using the Classes in JavaScript

Expand the file (it contains a number of subdirectories).

Exploring the SDK
The Netscape Directory SDK for Java contains the following directories:

• beans

This directory contains the LDAP JavaBean class files, which are part of the netscape.ldap.beans package.

Note that these classes are not included with Netscape Communicator. If you are writing applications or applets that use these classes, make sure to provide these classes to your users.

This directory also contains a makejars.bat file and a makejars.sh shell script. You can use these to create JAR files for the LDAP JavaBeans.

• examples

This directory contains sample source code for LDAP applications in Java. The examples are organized in different subdirectories:

• java contains examples of the standard LDAP operations, such as adding an entry and searching for entries. This directory also contains examples using LDAP controls.
• java/beans contains examples of using the LDAP JavaBeans.
• java/ldapfilt contains an example of using an LDAP filter configuration file with the LDAP filter classes. (Note that the LDAP filter classes are not included with Netscape Communicator.)
• js contains an example of using LiveConnect to create and manipulate LDAP Java objects from JavaScript. (LiveConnect is Netscape's technology for enabling communication in a single page between a variety of elements including JavaScript, HTML, plug-ins and Java applets.)

• packages

This directory contains the following JAR files:

• ldapjdk.jar - This JAR file contains the classes in the netscape.ldap, netscape.ldap.controls, netscape.ldap.util, and com.netscape.sasl packages.
• ldapfilt.jar- This JAR file contains the filter classes in the netscape.ldap.util package and the com.oroinc.text.regex package.

com.oroinc.text.regex is the OROMatcher regular expression package from ORO Java Software. If you want to use the OROMatcher package separately (not through the Netscape Directory SDK for Java classes), you must obtain a license to use the OROMatcher package from ORO Java Software. (You can also obtain the OROMatcher documentation directly from ORO.)

• tools

This directory contains Java classes that are similar to the command-line utilities provided with the Netscape Directory Server 4.0 and the Netscape Directory C SDK. (Note that the Java tools do not support all of the command-line arguments available with these other utilities.)

• the packages/ldapjdk.jar file, which contains the main LDAP Java classes
• the packages/ldapfilt.jar file, if you plan to use any of the LDAP Java filter classes
• the classes directory, if you plan to use any of the LDAP JavaBean classes

1. Get a certificate from your organization's certificate authority (if your organization issues certificates internally) or from a third-party certificate authority, such as RSA, Verisign, or ATT.

Users should have the certificate from the certificate authority in the Communicator certificate database.

1. Create a JAR file with your classes and have them signed.

To do this, you can use the JAR file management tools, which are available at:

http://developer.netscape.com/software/

Additional documentation on Netscape Object Signing technology is available at:

http://developer.netscape.com/docs/manuals/signedobj/

1. Add the following line to your applet code in the thread where you invoke LDAPConnection.connect:

   PrivilegeManager.enablePrivilege("UniversalConnect"); 

At this point in the code, the user of your applet will be prompted with a dialog box identifying the author of the signed class and asking permission to grant the right to access the LDAP server. The user can either allow access for this time only or forever.

user_pref("signed.applets.codebase_principal_support", true); 

...

Float sdkVersion = ( Float )myConn.getProperty( myConn.LDAP_PROPERTY_SDK 
);

System.out.println( "LDAP Java Classes version: " + sdkVersion );

... 

• The LDAPGetEntries Bean allows you to search the directory and get an array of the DNs found by the search. You can use the properties of this Bean to specify the search criteria. The getEntries method performs the search and sets the Result property to the array of DNs found.
• The LDAPGetProperty Bean allows you to find an entry in the directory and get the values of a specified attribute in that entry. You can use the properties of this Bean to specify the search criteria. The getProperty method performs the search and sets the Result property to the array of the string values of the specified attribute.
• The LDAPIsMember Bean determines is a user is a member of a group (the user and group can be specified as properties of this Bean). The isMember method sets the Result property to the string "Y" or "N" to indicate if the user is a member.
• The LDAPSimpleAuth Bean authenticates to an LDAP server. The authenticate method performs the authentication and sets the Result property to the string "Y" or "N" to indicate whether or not authentication was successful.

• The LDAPBasePropertySupport class is a base class that the other Bean classes extend. This class specifies accessor methods that are inherited by the other Bean classes.
• The DisplayString class extends the java.awt.TextArea class and is provided to help you display the results of some of the Beans.

• If you are using Sun Microsystems BeanBox utility, make sure that in the run.bat file, the makefile, or the current shell or console window, the CLASSPATH environment variable includes the path to the ldapjdk.jar file. For example:

• If you are using Symantec Visual Cafe 2.x, make sure that in the VisualCafe\bin\sc.ini file, the CLASSPATH entry includes the path to the ldapjdk.jar file. For example:

• If you are using the BeanBox utility, copy the JAR files to the BDK/jars directory. When you start up the BeanBox, the LDAP JavaBeans should be loaded in automatically.
• If you are using Visual Cafe, choose the View | Component Library menu command to display the Component Library window. After making sure that you have a project currently open, choose the Insert | Component Into Library menu command and select a JAR file containing an LDAP JavaBean. This should add the Bean to your component library.