Skip Navigation Links | |
Exit Print View | |
Oracle Java CAPS LDAP Binding Component User's Guide Java CAPS Documentation |
Understanding the LDAP Binding Component
About the LDAP Binding Component
Functional Architecture of the LDAP Binding Component
Supported Features in the LDAP Binding Component
Security for LDAP Transactions
Viewing the LDAP WSDL Document
Accessing the LDAP Binding Component Runtime Properties
To Access the LDAP Binding Component Runtime Properties
Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to access information directories. A directory service is a distributed database application designed to manage the entries and attributes in a directory. LDAP allows clients to access different directory services based on entries. These LDAP entries are available to users and other applications based on access controls. LDAP runs over TCP/IP.
The Lightweight Directory Access Protocol (LDAP) Binding Component (BC) is a comprehensive solution for interacting with an LDAP Directory running on an LDAP server. The design time component of the LDAP BC is a NetBeans module that allows configuration of the Binding Component. The runtime is based on Java EE and JBI. It implements all the necessary interfaces available in the JBI specification.
The following topics provide information about LDAP and the directory structure:
An LDAP directory has entries that contain information pertaining to entities. Each attribute has a name and one or more values. The names of the attributes are mnemonic strings, such as cn for common name, or mail for email address.
For example, a company may have an employee directory. Each entry in the employee directory represents an employee. The employee entry contains such information as the name, email address, and phone number, as shown in the following example:
cn: John Doe
mail: johndoe@oracle.com
mail: jdoe@stc.com
telephoneNumber: 471-6000 x.1234
Each part of the descriptive information, such as an employee's name, is known as an attribute. In the example above, the Common Name (cn) attribute, represents the name of the employee. The other attributes are mail and telephoneNumber. Each attribute can have one or more values. For example, an employee entry might contain a mail attribute whose values are johndoe@oracle.com and jdoe@stc.com. In the example above, the mail attribute contains two mail values.
The organization of a directory is a tree structure. The topmost entry in a directory is known as the root entry. This entry normally represents the organization that owns the directory. Entries at the higher level of hierarchy represent larger groupings or organizations. Entries under the larger organizations represent smaller organizations that make up the larger ones. The leaf nodes (or entries) of the tree structure represent the individuals or resources.
An entry is made up of a collection of attributes that have a unique identifier called a Distinguished Name (DN). A DN has a unique name that identifies the entry at the respective hierarchy. In the example above, John Doe and Jane Doe are different common names (cn) that identify different entries at that same level.
A DN is also a fully qualified path of names that trace the entry back to the root of the tree. For example, the distinguished name of the John Doe entry in the figure below is:
cn=John Doe, ou=People, dc=sun.com
A Relative Distinguished Name (RDN) is a component of the distinguished name. DNs describe the fully qualified path to an entry; RDNs describe the partial path to the entry relative to another entry in the tree. In the following figure, cn=John Doe, ou=People is a RDN relative to the root RDN dc=sun.com.
The following figure illustrates an example of an LDAP directory structure with distinguished names and relative distinguished names.
LDAP Directory Structure
A Directory Service is a distributed database application designed to manage the entries and attributes in a directory. A directory service also makes the entries and attributes available to users and other applications. OpenLDAP server is an example of a directory service. Other directory services include Oracle Internet Directory and Microsoft Active Directory.
A directory client uses the LDAP protocol to access a directory service. A directory client may use one of several client APIs available in order to access the directory service.
|