Ldap and java naming services
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

LDAP and Java Naming Services PowerPoint PPT Presentation


  • 131 Views
  • Uploaded on
  • Presentation posted in: General

LDAP and Java Naming Services. Murali. M .Nagendranath. Contents. LDAP (Lightweight Directory Access Protocol) JNDI (Java Naming & Directory Interface) Demonstration. LDAP. What is LDAP? History of LDAP Directories in LDAP Use and purpose of LDAP. What is LDAP?.

Download Presentation

LDAP and Java Naming Services

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


LDAP and Java Naming Services

Murali. M .Nagendranath


Contents

  • LDAP (Lightweight Directory Access Protocol)

  • JNDI (Java Naming & Directory Interface)

  • Demonstration


LDAP

  • What is LDAP?

  • History of LDAP

  • Directories in LDAP

  • Use and purpose of LDAP


What is LDAP?

  • Protocol of standard and extensible directory.

  • Protocol giving access the information contained in the directory.

  • Model of Information – Type of data.

  • Functional Model – Acess to information.

  • Safety Model - How access is protected.

  • Model of duplication - Distribution of data.

  • Replication Service.


A Brief History

  • LDAP was born from the necessary adaptation of protocol DAP for TCP/IP.

  • Started at University of Michigan in 1993 in the same vision as that of X.500

  • Latest version, v3, was made in 1997

  • Netscape is now the center of research


X.500 & LDAP

  • LDAP is less secure

  • Still a large amount of compatibility between them

  • LDAP’s ability to search across servers is the most important advantage of LDAP.


Directories

  • Often compared to a phone book

  • DNS is an example

  • Can be used locally or globally

  • The list of all the names in a directory is it’s Name Space


Directories in LDAP

  • Each entry has a unique distinguished name (DN) which is succession of attributes.

  • An attribute describes the characteristic of objects.

  • Normal attributes.

  • Operational attributes.

  • Characteristics of attributes

  • Name, mono/multi, limit of value.

  • DN’s are made up of the location of something in the directory


Directories in LDAP: Examples

  • c stands for the country, o stands for organization

  • ou stands for organization units, cn is for individuals

  • cn=john, ou=administration, o=ibm, c=usa

  • o=ibm, c=usa

  • These are distinguished names.

  • Together these combinations specify something specific, although it need not be at the bottom level


Directories in LDAP: Picture


Directories in LDAP

  • Although that is the most common structure in LDAP, it is possible to define your own directory structure like the flat tree structure.

  • This can cause compatibility problems


Functions in LDAP

  • 4 main commands in editing LDAP directories:

    • Add, delete, modify & modify DN

  • Modify changes the whole directory entry, modify DN just changes name of the entry


Functions in LDAP: Modify DN example

  • cn=Modify Me, o=University of Florida, c=US cn=The New Me

    The command: ldapmodify -r -f /tmp/entrymods

    will change the RDN of the "Modify Me" entry from "Modify Me" to "The New Me" and the old cn, "Modify Me" will be removed


Functions in LDAP:Delete Example

  • ldapdelete "cn=Delete Me, o=University of Florida, c=US"

    will attempt to delete the entry named with commonName "Delete Me" directly below the University of Florida organizational entry.


Functions in LDAP:Modify Example

  • dn: cn=Modify Me, o=University of Florida, c=US changetype: modifyreplace: mailmail: Dr [email protected]: titletitle: Grand OCEANdelete: description


Functions in LDAP:Modify Example cont.

The above function will replace the contents of the "Modify Me" entry's mail attribute with the value “Dr [email protected]", add a title of "Grand OCEAN", and completely remove the description attribute.

  • The add function works almost the same as modify.


Referral Scheme


..Contd

  • Client requests information

  • Server 1 returns referral to server 2

  • Client resends request to server 2

  • Server 2 returns information to client


LDIF & its Uses

  • LDAP Data Interchange Format

  • Represents LDAP entries in text

  • Human readable format

  • Allows easy modification of data

  • To make basic imports/exports.


  • SCHEMAS

    • Schema contains the following:

    • Required attributes

    • Allowed attributes

    • How to compare attributes

    • Limit what the attributes can store - ie, restrict to integer etc

    • Set of rules that describes what kind of data is stored

    • Helps maintain consistancy and quality of data

    • Reduces duplication of data


    Why is LDAP Important?

    • Provides a standard for finding people or resources

    • Much different then web searches, which are simply pattern matching

    • Quickly becoming popular with major companies ie: Netscape, Novell

    • Vendor independent open protocol


    What isn’t LDAP intended for?

    • Not useful as a local database

    • Not able to replace file systems

    • Not meant to replace DNS, but it can work in conjunction with DNS


    LDAP on the web

    • There are many web based LDAP servers that can be called in programs or searched directly via the web

    • Used behind the scenes at online shopping sites and other web sites

    • Used by Netscape for it’s email address book


    JNDI

    • What is JNDI?

    • Setup

    • Concepts & Classes


    What is JNDI?

    • Java Naming and Directory Interface API

    • Introduced in March, 1997 by Sun Microsystems

    • Purpose: to provide a common access to different types of directories


    What is JNDI?


    Packages

    • javax.naming

    • javax.naming.directory

    • javax.naming.event

    • javax.naming.ldap

    • javax.naming.spi


    Class: Context

    • Methods:

      • bind(String name, Object obj);

      • close();

      • list(String name);

      • listBindings(String name);

      • lookup(String name); // most commonly used

      • rebind(String name, Object obj);

      • rename(String oldName, String newName);

      • unbind(String name);


    Class: DirContext

    • Extends Context

    • methods:

      • getAttributes(String name);

      • modifyAttributes(String name, ModificationItem[] mods);

      • search(String name, Attributes matchAttrs);


    Classes: InitialContext & InitialDirContext

    • All operations are performed relative to an initial context

    • set environment properties

      • Location of server (PROVIDER_URL)

      • How to create a context (INITIAL_CONTEXT_FACTORY)

    • instantiation may throw a NamingException


    Summary

    • LDAP is useful for finding people and/or resources over a network

    • Searches directories using distinguished names

    • JNDI provides a common access to directories of different types


    Demo

    • Retrieving an object’s attributes

    • Searching the directory by supplying a name


    1. Retrieving an object’s attributes

    Hashtable env = new Hashtable();

    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

    env.put(Context.PROVIDER_URL, "ldap://directory.ufl.edu:389/o=ufl,c=us");

    try {

    DirContext ctx = new InitialDirContext(env);

    // Get the attributes associated with the object bound to the name "ou=students"

    Attributes answer = ctx.getAttributes("ou=students");


    1. Retrieving an object’s attributes (cont…)

    // Print out the attributes

    printIdAndValue(answer);

    System.out.println("-------------------------------------------");

    ctx.close();

    } catch (NamingException e) {

    System.err.println("Exception caught:" + e); }


    The print method

    NamingEnumeration enum = toPrint.getAll();

    try {

    while (enum.hasMore()) {

    Attribute attr = (Attribute)enum.next();

    // print out the attribute identifier

    System.out.println("attribute: " + attr.getID());

    // print out each value

    for (NamingEnumeration valueEnum = attr.getAll(); valueEnum.hasMore(); System.out.println("value: " + valueEnum.next()));

    }

    } catch (NamingException e) {

    System.err.println("Exception caught: " + e);

    }


    2. Name search

    DirContext ctx = new InitialDirContext(env);

    Attributes matchAttrs = new BasicAttributes(true);

    matchAttrs.put(new BasicAttribute("sn", "King"));

    /* The above code adds an attribute to the set; could also have done

    Attributes matchAttrs = new BasicAttributes("sn","King",true);

    Note: true = case insensitive; false = case sensitive */

    // Note: a search returns an enumeration of SearchResult objects

    NamingEnumeration enum = ctx.search("ou=students", matchAttrs);


    2. Name search (cont…)

    while (enum.hasMore()) {

    // Get the next SearchResult object & print out it's name

    SearchResult result = (SearchResult)enum.next();

    System.out.println(">>>" + result.getName());

    Attributes attrSet = result.getAttributes(); // attrSet is a set of attributes

    // print the attribute identifiers and values

    printIdAndValue(attrSet);

    }


    THANK YOU.


  • Login