Complete Contents
Preface
Chapter 1 Understanding LDAP
Chapter 2 Using the Netscape Directory SDK for Java
Chapter 3 Quick Start
Chapter 4 Writing an LDAP Client
Chapter 5 Using the LDAP Java Classes
Chapter 6 Searching the Directory
Chapter 7 Using Filter Configuration Files
Chapter 8 Adding, Updating, and Deleting Entries
Chapter 9 Comparing Values in Entries
Chapter 10 Working with LDAP URLs
Chapter 11 Getting Server Information
Chapter 12 Connecting Over SSL
Chapter 13 Working with LDAP Controls
Chapter 14 Using SASL Authentication
Chapter 15 Using Netscape's JNDI Service Provider
Chapter 16 Working with Extended Operations
Chapter 17 Using the Asynchronous Interface
Glossary
Directory SDK for Java 4.0 Programmer's Guide: Writing an LDAP Client
Previous Next Contents Index


Chapter 4 Writing an LDAP Client

This chapter describes the general process of writing an LDAP client. The chapter covers the procedures for connecting to an LDAP server, authenticating, requesting operations, and disconnecting from the server.

The chapter includes the following sections:

The next chapter, "Using the LDAP Java Classes," also includes important information on using the LDAP Java classes to write an LDAP client.


Overview: Designing an LDAP Client
With the Netscape Directory SDK for Java, you can write an application or applet that can interact with an LDAP server. The following procedure outlines the typical process of communicating with an LDAP server. Follow these steps when writing your LDAP client:

  1. Create a new LDAPConnection object, and set any preferences that you want applied to all LDAP operations. (See "Creating a Connection and Setting Preferences" for details.)

  2. Connect to an LDAP server. (See "Connecting to the LDAP Server" for details.)

  3. If necessary, bind to the LDAP server. If you intend to use any of the LDAP v3 features (such as controls or extended operations), specify the version of LDAP supported by your client. (See "Binding and Authenticating to an LDAP Server" for details.)

  4. Perform the operations (for example, search the directory or modify entries in the directory). (See "Performing LDAP Operations" for details.)

  5. When you are done, disconnect from the LDAP server. (See "Closing the Connection to the Server" for details.)
The following is a simple example of an LDAP client that follows the steps listed above to search a directory. The client connects to the LDAP server running on the local machine at port 389, authenticates as the DN "uid=bjensen,ou=People,o=Airius.com", searches the directory for entries with the last name "Jensen" ("sn=Jensen"), and prints out the DNs of any matching entries. 

import netscape.ldap.*;

import java.util.*;

public class SimpleExample {

   public static void main( String[] args )

   {

      /* Step 1: Create a new connection. */

      LDAPConnection ld = new LDAPConnection();



      try {

         /* Step 2: Connect to an LDAP server. */

         ld.connect( "localhost", LDAPv2.DEFAULT_PORT );



         /* Step 3: Authenticate to the server. 

            If you do not specify a version number, 

            this method authenticates your client 

            as an LDAP v2 client (not LDAP v3). */

         ld.authenticate( "uid=bjensen,ou=People,o=Airius.com",

            "hifalutin" );



         /* Step 4: Perform your LDAP operations. */

         /* Search for all entries with the last name "Jensen". */

         LDAPSearchResults results = ld.search( "o=Airius.com",

            LDAPv2.SCOPE_SUB, "(sn=Jensen)", null, false );

         /* Print the DNs of the matching entries. */

         while ( results.hasMoreElements() ) {

            LDAPEntry entry = null;

            try {

               entry = results.next();

               System.out.println( entry.getDN() );

            } catch ( LDAPReferralException e ) {

               System.out.println( "Search references: " );

               LDAPUrl refUrls[] = e.getURLs();

               for ( int i=0; i < refUrls.length; i++ ) {

                  System.out.println( "\t" + refUrls[i].getURL() );

               }

               continue;

            } catch ( LDAPException e ) {

               System.out.println( "Error: " + e.toString() );

               continue;

            }

         }

      } catch( LDAPException e ) {

         System.out.println( "Error: " + e.toString() );

      }



      /* Step 5: Disconnect from the server when done. */

      try {

         ld.disconnect();

      } catch( LDAPException e ) {

         System.out.println( "Error: " + e.toString() );

         System.exit(1);

      }

      System.exit(0);

   }

}
The rest of this chapter explains how to connect to the server, bind to the server, perform LDAP operations, and disconnect from the server.


Creating a Connection and Setting Preferences
The first step in writing an LDAP client is creating an LDAPConnection object. This object represents the connection to an LDAP server.

For example: 

LDAPConnection ld = new LDAPConnection();
Note. If you plan to connect to the LDAP server over a Secure Sockets Layer (SSL), you need to specify a class that implements SSL sockets. For details, see Chapter 12, "Connecting Over SSL".

In addition, the object also contains preferences for the LDAP session (for example, whether or not referrals are automatically followed).

To get or set the value of a preference, invoke the getOption method or the setOption method. In both of these methods, you can use the option parameter to specify the preference that you want to work with.

For a complete list of the preferences that you can get and set, see the documentation on the getOption methodor the setOption method.


Connecting to the LDAP Server
To connect to an LDAP server, use the connect method of the LDAPConnection object. For example: 

LDAPConnection ld = new LDAPConnection();

ld.connect( "ldap.airius.com", LDAPv2.DEFAULT_PORT );
DEFAULT_PORT specifies the default LDAP port, port 389.

You can also specify a list of LDAP servers to attempt to connect to. If the first LDAP server in the list does not respond, the client will attempt to connect to the next server in the list.

Use a space-delimited list of the host names as the first argument of the connect method. If the server is not using the default LDAP port (port 389), specify the port number in hostname:portnumber format. For example: 

LDAPConnection ld = new LDAPConnection();

ld.connect( "ldap1.airius.com ldap2.airus.com:3890 

   ldap3.airius.com:39000", LDAPv2.DEFAULT_PORT );

Binding and Authenticating to an LDAP Server
When connecting to the LDAP server, your client may need to send a bind operation request to the server. This is also called binding to the server.

An LDAP bind request contains the following information:

Your client should send a bind request to the server in the following situations:

LDAP clients can also bind as an anonymous clients to the server (for example, the LDAP server may not require authentication if your client is just searching the directory).

This chapter explains how to set up your client to bind to an LDAP server. Topics covered here include:

Understanding Authentication Methods
When binding to an LDAP server, you can authenticate your client using one of three methods: Simple authentication, Certificate-based client authentication (over SSL), and the Simple Authentication and Security Layer (SASL). This section will discuss the differences between these methods.

Simple Authentication
With simple authentication, your clients provides the distinguished name of the user and the user's password to the LDAP server.

For more information on simple authentication, see "Using Simple Authentication".

You can also use this method to bind as an anonymous client by providing null values as the user's distinguished name and password (as described in "Binding Anonymously").

Certificate-Based Client Authentication (over SSL)
With certificate-based client authentication, your client sends its certificate to the LDAP server. The certificate identifies your LDAP client.

For more information on using certificate-based client authentication, see Chapter 12, "Connecting Over SSL".

Simple Authentication and Security Layer (SASL)
SASL is described in RFC 2222. Some LDAP v3 servers (including the Netscape Directory Server 3.0 and later) support authentication through SASL.

For more information on using SASL mechanisms for authentication, see Chapter 14, "Using SASL Authentication".

Using Simple Authentication
If you plan to use simple authentication, use the authenticate method of the LDAPConnection object. For example: 

LDAPConnection ld = new LDAPConnection();

ld.connect( "ldap.airius.com", LDAPv2.DEFAULT_PORT ); 

ld.authenticate( "uid=bjensen,ou=People,o=Airius.com", "hifalutin" );
If you are binding to the Netscape Directory Server 3.0 or later, the server may send back special controls to indicate that your password has expired or will expire in the near future. For more information on these controls, see "Using Password Policy Controls".

Binding Anonymously
In some cases, you may not need to authenticate to the LDAP server. For example, if you are writing a client to search the directory (and if users don't need special access permissions to search), you might not need to authenticate before performing the search operation.

However, in the LDAP v2 protocol, the server still expects the client to send a bind request, even if the operation does not require the client to authenticate itself. (In the LDAP v3 protocol, the server no longer expects the client to send a bind request in this type of situation.)

In this kind of situation, use the authenticate method and specify null for the DN and password. For example: 

LDAPConnection ld = new LDAPConnection();

ld.connect( "ldap.airius.com", LDAPv2.DEFAULT_PORT ); 

ld.authenticate( null, null );
Specifying the LDAP Version
As part of the bind request sent to the server, the client includes the version of the LDAP protocol that it supports. By default, clients built with the Netscape Directory SDK for Java identify themselves as LDAP v2 clients.

If you want to use any of the LDAP v3 features (such as controls or extended operations), you need to identify your client as an LDAP v3 client.

(Before you set up your client to use LDAP v3 or request any LDAP v3 features, you should first verify that the server supports LDAP v3.)

To identify your client as an LDAP v3 client, do one of the following:

Authenticating with the connect Method
The connect method of the LDAPConnection object has a signature that allows you to authenticate and specify the LDAP version supported by your client.

You can specify all of this information using one method, rather than invoking several methods. For example: 

LDAPConnection ld = new LDAPConnection();

ld.connect( 3, "ldap.airius.com", DEFAULT_PORT, 

   "uid=bjensen,ou=People,o=Airius.com", "hifalutin" );

Performing LDAP Operations
Once you initialize a session with an LDAP server and complete the authentication process, you can perform LDAP operations (such as searching the directory, adding new entries, updating existing entries, and removing entries), provided that the server's access control allows you to request these operations.

To perform LDAP operations, invoke these methods of the LDAPConnection object:


Closing the Connection to the Server
When you have finished performing all necessary LDAP operations, you need to close the connection to the LDAP server.

Use the disconnect method of the LDAPConnection object to disconnect from the LDAP server. For example: 

LDAPConnection ld = new LDAPConnection();

ld.connect( "ldap.airius.com", LDAPv2.DEFAULT_PORT ); 

...

/* Authenticate and perform LDAP operations on the server. */

...

ld.disconnect();
 

© Copyright 1999 Netscape Communications Corporation. All rights reserved.