Complete Contents
Preface
Chapter 1 Understanding LDAP
Chapter 2 Using the Netscape Directory SDK for Java
Chapter 3 Quick Start
Chapter 4 Writing an LDAP Client
Chapter 5 Using the LDAP Java Classes
Chapter 6 Searching the Directory
Chapter 7 Using Filter Configuration Files
Chapter 8 Adding, Updating, and Deleting Entries
Chapter 9 Comparing Values in Entries
Chapter 10 Working with LDAP URLs
Chapter 11 Getting Server Information
Chapter 12 Connecting Over SSL
Chapter 13 Working with LDAP Controls
Chapter 14 Using SASL Authentication
Chapter 15 Using Netscape's JNDI Service Provider
Chapter 16 Working with Extended Operations
Chapter 17 Using the Asynchronous Interface
Glossary
Directory SDK for Java 4.0 Programmer's Guide: Getting Server Information
Previous Next Contents Index


Chapter 11 Getting Server Information

This chapter explains how to access and modify information about your LDAP server over the LDAP protocol.

The chapter includes the following sections:


Understanding DSEs
A DSE is a DSA-specific entry in the directory. (A DSA is a directory system agent, which is an X.500 term for a directory server.) A DSE contains information specific to the server.

In a directory tree, the root of the tree is the root DSE. It is not part of any naming context (for example, it is above "o=Airius.com" in the directory tree).

(Note that the root DSE is specified as part of the LDAP v3 protocol. LDAP v2 servers do not necessarily have a root DSE.)

The root DSE can contain the following information:


Getting the Root DSE
The root DSE for an LDAP server specifies information about the server. The following table lists the types of information available in different attributes of the root DSE.

Table 11.1 Information available in the root DSE
Attribute Name
Description of Values
namingContexts
The values of this attribute are the naming contexts supported by this server (for example, "o=Airius.com").
altServer
The values of this attribute are LDAP URLs that identify other servers that can be contacted if this server is unavailable.
supportedExtension
The values of this attribute are the object identifiers (OIDs) of the LDAP v3 extended operations supported by this server.
If this attribute is not in the root DSE, the server does not support any extended operations.
supportedControl
The values of this attribute are the object identifiers (OIDs) of the LDAP v3 controls supported by this server.
If this attribute is not in the root DSE, the server does not support any LDAP v3 controls.
supportedSASLMechanisms
The values of this attribute are the names of the SASL mechanisms supported by the server.
If this attribute is not in the root DSE, the server does not support any SASL mechanisms.
supportedLDAPVersion
The values of this attribute are the versions of the LDAP protocol supported by this server (for example, 2 and 3).

To get the root DSE for an LDAP server, do the following:

  1. Turn off automatic referral handling and connect to the LDAP server (see "Creating a Connection and Setting Preferences", "Connecting to the LDAP Server", and "Enabling or Disabling Referral Handling" for details).

  2. Search the directory using the following criteria:
The following section of code gets the root DSE for a server and prints out its attributes. 

...

import netscape.ldap.*;

import java.util.*;

...

/* Create a new connection. */

LDAPConnection ld = new LDAPConnection();

String hostname = "localhost";

int portnumber = LDAPv2.DEFAULT_PORT;



try {

   /* Connect to the LDAP server. */

   ld.connect( 3, hostname, portnumber );



   /* Get the root DSE by doing a search where:

         - The scope is SCOPE_BASE

         - The base is ""

         - The search filter is "(objectclass=*)"

   */

   int MY_SCOPE = LDAPv2.SCOPE_BASE;

   String MY_FILTER = "(objectclass=*)";

   String MY_SEARCHBASE = "";

   LDAPSearchResults res = ld.search( MY_SEARCHBASE,

      MY_SCOPE, MY_FILTER, null, false );



   /* There should be only one entry in the results (the root DSE). */

   while ( res.hasMoreElements() ) {

      LDAPEntry findEntry = (LDAPEntry)res.nextElement();



      /* Get the attributes of the root DSE. */

      LDAPAttributeSet findAttrs = findEntry.getAttributeSet();

      Enumeration enumAttrs = findAttrs.getAttributes();



      /* Iterate through each attribute. */

      while ( enumAttrs.hasMoreElements() ) {

         LDAPAttribute anAttr = (LDAPAttribute)enumAttrs.nextElement();



         /* Get and print the attribute name. */

         String attrName = anAttr.getName();

         System.out.println( attrName );



         /* Get the values of the attribute. */

         Enumeration enumVals = anAttr.getStringValues();



         /* Get and print each value. */

         if ( enumVals == null ) {

            System.out.println( "\tNo values found." );

            continue;

         }

         while ( enumVals.hasMoreElements() ) {

            String aVal = ( String )enumVals.nextElement();

            System.out.println( "\t" + aVal );

         }

      }

   }

}

catch( LDAPException e ) {

   System.out.println( "Error: " + e.toString() );

}

...

Determining If the Server Supports LDAP v3
You can determine what version an LDAP server supports by getting the supportedLDAPVersion attribute from the root DSE. This attribute should contain the value 3. (It may also contain other values, such as 2, so you may want to check through the values of this attribute.)

Note that you do not need to authenticate or bind (see "Binding and Authenticating to an LDAP Server" for details) before searching the directory. Unlike the LDAP v2 protocol, the LDAP v3 protocol states that clients do not need to bind to the server before performing LDAP operations.

The following section of code connects to an LDAP server and determines whether or not that server supports the LDAP v3 protocol. 

...

import netscape.ldap.*;

import java.util.*;

...

/* Create a new connection. */

LDAPConnection ld = new LDAPConnection();

String hostname = "localhost";

int portnumber = LDAPv2.DEFAULT_PORT;

boolean supportsV3 = false;



try {

   /* Connect to the LDAP server. */

   ld.connect( 3, hostname, portnumber );



   /* Get the root DSE by doing a search where:

         - The scope is SCOPE_BASE

         - The base is ""

         - The search filter is "(objectclass=*)"

   */

   int MY_SCOPE = LDAPv2.SCOPE_BASE;

   String MY_FILTER = "(objectclass=*)";

   String MY_SEARCHBASE = "";

   LDAPSearchResults res = ld.search( MY_SEARCHBASE,

      MY_SCOPE, MY_FILTER, null, false );



   /* There should be only one entry in the results (the root DSE). */

   while ( res.hasMoreElements() ) {

      LDAPEntry findEntry = (LDAPEntry)res.nextElement();



      /* Get the supportedLDAPVersion attribute. */

      LDAPAttribute versionAttr = 

         findEntry.getAttribute( "supportedLDAPVersion" );



      /* Check if "3" is one of the supported LDAP versions. */

      Enumeration enumVals = versionAttr.getStringValues();

      if ( enumVals == null ) {

         System.out.println( "\tNo values found." );

         continue;

      }

      while ( enumVals.hasMoreElements() ) {

         String aVal = ( String )enumVals.nextElement();

         if ( aVal.equalsIgnoreCase( "3" ) ) { 

            supportsV3 = true; 

            break; 

         }

      }

   }

}

catch( LDAPException e ) {

   System.out.println( "Error: " + e.toString() );

}

if ( supportsV3 ) {

   System.out.println( "This server supports LDAP v3." );

} else {

   System.out.println( "This server does not support LDAP v3." );

}

...

Getting Schema Information
In the LDAP v3 protocol, you can get and modify the schema for an LDAP server over the LDAP protocol. This section discusses the classes and methods that you can use to do this.

Overview: Schema Over LDAP
An entry can specify the schema that defines the object classes, attributes, and matching rules used by the directory. This entry is called the subschema entry.

To find the DN of the subschema entry, get the subschemaSubentry operational attribute from the root DSE or from any entry. (See "Specifying the Attributes to Retrieve" for details.) For example, in the root DSE for the Netscape Directory Server 4.1, the subschemaSubentry attribute specifies the location of the subschema entry.

The subschema entry itself can have the following attributes:

In the Netscape Directory SDK for Java, the schema and elements in the schema (object classes, attribute types, matching rules, and the use of matching rules) are represented by classes in the netscape.ldap package. The following table lists these classes.

Table 11.2 Classes that represent the schema and schema elements
Class Name
Description
LDAPSchema
The schema used by an LDAP server.
LDAPSchemaElement
Base class that represents a generic element in the schema.
LDAPObjectClassSchema
An object class description in the schema.
LDAPAttributeSchema
An attribute type description in the schema.
LDAPMatchingRuleSchema
A matching rule or matching rule use description in the schema.

Internally, these classes and their methods get and manipulate the subschema entry using standard LDAP operations, such as search and modify.

Getting the Schema for an LDAP Server
To get the schema for an LDAP v3 server, construct a new LDAPSchema object. Then, invoke the fetchSchema method passing in an LDAPConnection object.

For example: 

...

import netscape.ldap.*;

...

LDAPConnection ld = new LDAPConnection();



/* Construct a new LDAPSchema object to hold

   the schema that you want to retrieve. */

LDAPSchema dirSchema = new LDAPSchema();

try {

   ld.connect( hostname, portnumber, bindDN, bindPW );

   /* Get the schema from the Directory. Anonymous access okay. */

   dirSchema.fetchSchema( ld );

   ...

} catch ( Exception e ) {

   System.err.println( e.toString() );

}

...
Working with Object Class Descriptions
In the LDAP Java classes, the object class descriptions in a schema are represented by objects of the LDAPObjectClassSchema class.

To get the object class descriptions from the schema, you can invoke one of the following methods:

An object class description consists of the following information, which you can retrieve by invoking methods of the LDAPObjectClassSchema object:

To add an object class description to the schema, construct a new LDAPObjectClassSchema object. You can specify the pieces of information in the object as individual arguments or in a description formatted according to RFC 2252, Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions (http://www.ietf.org/rfc/rfc2252.txt).

Then, you can either invoke the add methodof this object (inherited from the LDAPSchemaElement base class) or the addObjectClass methodof the LDAPSchema object.

To remove an object class description, you can invoke the remove methodof this object (inherited from the LDAPSchemaElement base class).

Working with Attribute Type Descriptions
In the LDAP Java classes, the attribute type descriptions in a schema are represented by objects of the LDAPAttributeSchema class.

To get the attribute type descriptions from the schema, you can invoke one of the following methods:

An attribute type description consists of the following information, which you can retrieve by invoking methods of the LDAPAttributeSchema object:

To add an attribute type description to the schema, construct a new LDAPAttributeSchema object. You can specify the pieces of information in the object as individual arguments or in a description formatted according to RFC 2252, Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions (http://www.ietf.org/rfc/rfc2252.txt).

Then, you can either invoke the add method of this object (inherited from the LDAPSchemaElement base class) or the addAttribute methodof the LDAPSchema object.

To remove an attribute type description, you can invoke the remove methodof this object (inherited from the LDAPSchemaElement base class).

Working with Matching Rule Descriptions
In the LDAP Java classes, the matching rule descriptions and matching rule "use" descriptions in a schema are represented by objects of the LDAPMatchingRuleSchema class.

To get the matching rule descriptions from the schema, you can invoke one of the following methods:

A matching rule description consists of the following information, which you can retrieve by invoking methods of the LDAPMatchingRuleSchema object:

To add a matching rule description to the schema, construct a new LDAPMatchingRuleSchema object. You can specify the pieces of information in the object as individual arguments or in a description formatted according to RFC 2252, Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions (http://www.ietf.org/rfc/rfc2252.txt).

Then, you can either invoke the add methodof this object (inherited from the LDAPSchemaElement base class) or the addMatchingRule methodof the LDAPSchema object.

To remove a matching rule description, you can invoke the remove methodof this object (inherited from the LDAPSchemaElement base class).

Example of Working with the Schema
The following section of code illustrates how to get the schema and how to add object classes and attribute types. 

...

import netscape.ldap.*;

import java.util.*;

...

public class GetSchema {

   public static void main( String[] args ) {

      LDAPConnection ld = new LDAPConnection();

      String hostname = "localhost";

      int portnumber = LDAPv2.DEFAULT_PORT;

      String bindDN = "cn=Directory Manager";

      String bindPW = "23skidoo";



      /* Construct a new LDAPSchema object to hold

         the schema that you want to retrieve. */

      LDAPSchema dirSchema = new LDAPSchema();

      try {

         ld.connect( hostname, portnumber, bindDN, bindPW );



         /* Get the schema from the Directory. Anonymous access okay. */

         dirSchema.fetchSchema( ld );



         /* Get and print the def. of the inetOrgPerson object class. */

         LDAPObjectClassSchema objClass = 

            dirSchema.getObjectClass( "inetOrgPerson" );

         if ( objClass != null ) 

            System.out.println( "inetOrgPerson := " + 

               objClass.toString() );



         /* Get and print the def. of the userPassword attribute. */

         LDAPAttributeSchema attrType = 

            dirSchema.getAttribute( "userpassword" );

         if ( attrType != null ) 

            System.out.println( "userPassword := " + 

               attrType.toString() );



         /* Add a new object class. */

         String[] requiredAttrs = {"cn", "mail"};

         String[] optionalAttrs = {"sn", "phoneNumber"};

         LDAPObjectClassSchema newObjClass = new LDAPObjectClassSchema(

            "newInetOrgPerson", "1.2.3.4.5.6.7", "top", "Experiment",

            requiredAttrs, optionalAttrs );



         /* Add the new object class to the schema. */

         newObjClass.add( ld );



         /* Create a new attribute type "hairColor". */

         LDAPAttributeSchema newAttrType = new LDAPAttributeSchema(

            "hairColor", "1.2.3.4.5.4.3.2.1", "Blonde, red, etc",

            LDAPAttributeSchema.cis, false );



         /* Add the new attribute type to the schema. */

         newAttrType.add( ld );



         /* Fetch schema again from the server to verify that the

            changes were made. */

         dirSchema.fetchSchema( ld );



         /* Get and print the new attribute type. */

         newAttrType = dirSchema.getAttribute( "hairColor" );

         if ( newAttrType != null )

            System.out.println( "hairColor := " + 

               newAttrType.toString() );



         /* Get and print the new object class. */

         newObjClass = dirSchema.getObjectClass( "newInetOrgPerson" );

         if ( newObjClass != null )

            System.out.println( "newInetOrgPerson := " + 

               newObjClass.toString() );



         ld.disconnect();

      } catch ( Exception e ) {

         System.err.println( e.toString() );

         System.exit( 1 );

      }

      System.exit( 0 );

   }

}

...

 

© Copyright 1999 Netscape Communications Corporation. All rights reserved.