Ldap Programming With Java - Hardcover

About the Author

Rob Weltman is Director of the Directory Management Solutions Group at Netscape and is the designer of the Directory SDK for Java.

Tony Dahbura is a Lead Engineer at Netscape. He specializes in LDAP implementation and planning, as well as the use of the Java language to facilitate LDAP access and usage.

From the Back Cover

Lightweight Directory Access Protocol (LDAP) is now a staple of enterprise and Internet software environments. Anyone involved with Internet development, where Java^(TM) technology is prominent, or in enterprise information systems must understand how to use Java technology--especially the Directory SDK for Java--in order to unlock the power of LDAP.

Written by the designer of the Directory SDK for Java and by a leading implementor of directory-based solutions, LDAP Programming with Java^(TM) is the first accurate, concise, and complete guide on accessing LDAP from Java applications. Assuming familiarity with Java programming, the book provides a comprehensive discussion of LDAP, from basic directory concepts to the most advanced techniques. It collects in one convenient resource the many innovative and experience-based techniques and approaches programmers have discovered for using the Directory SDK to solve LDAP access challenges.

If you are new to LDAP, you will find helpful background information about the role of directories in today's software systems; LDAP methods of storing, accessing, searching, and updating data; and how the Directory SDK for Java helps applications gain access to an LDAP server. Once you have become proficient with the essential concepts and techniques, you can move on to detailed material about authentication, LDAP and JavaScript^(TM), working with JavaBeans^(TM) for reusable LDAP components, expressing data relationships in a directory, and other advanced LDAP subjects.

Specific topics covered include:

• The LDAP naming and information models
• The command-line tools of the SDK
• Authentication with a password, SSL, and SASL
• Configuring access control
• Writing LDAP applets for a browser
• Accessing the SDK from JavaScript
• Storing configuration and preferences in a directory
• Encapsulating LDAP functionality in a JavaBean
• Using LDAP in Java servlets
• LDAP URLs
• Multiple threads and multiple connections
• Referrals and replicated systems
• LDAP controls
• Synchronous and asynchronous operations
• Performance tips

LDAP Programming with Java^(TM) also presents numerous examples, from simple code snippets to complete components and applications.

From the Inside Flap

After a maturation phase in the early and mid-1990s, Lightweight Directory Access Protocol (LDAP) exploded into the mainstream of enterprise and Internet software environments. Just a few years ago, only researchers and a few brave souls doing pilot projects concerned themselves with the new protocol for sharing and accessing directory information. Today, one of the requirements of any major enterprise-level or Internet-oriented application is to be able to use an existing shared resource for user information, authentication, and authorization, and nowadays that resource in a great many cases is an LDAP directory.

Why LDAP and Java?
The impetus for LDAP Programming with Java was the mushrooming need for accurate, concise, and complete information on how to access this new key element of enterprise and Internet programming--LDAP. Programmers around the world have found innovative ways to use Directory SDK for Java to solve their LDAP access problems, and sometimes they have shared their questions and experiences on the newsgroups for LDAP, but there has been no authoritative guide.

This book is dedicated to the programmers and system administrators who are faced with LDAP-enabling their applications, tools, and systems.

There are various programming language interfaces to LDAP: C, Perl, Microsoft's ADSI. Java and LDAP are a particularly good fit, with all the options available today for deploying Java on servers--Java servlets, Java Server Pages (JSP), Enterprise JavaBeans (EJB), and server-side JavaScript--and in clients as Java applications, applets, or client-side JavaScript. The Netscape Navigator Web browser includes Directory SDK for Java, making it easy to deploy Web-based client applications that use LDAP to authenticate or to retrieve and store data.

In this book we've provided a very large number of examples for every aspect of programming with Directory SDK for Java, from simple code snippets to more than two dozen complete components and applications. You may be able to use some of them as starting points for your own projects. We do not discuss directory deployment scenarios or how to configure an LDAP server. Such topics are explored in detail in other books and in documentation provided by vendors of LDAP servers.

To Get the Most Out of This Book
We're assuming that readers of this book are somewhat familiar with programming in Java, so we will not introduce or explain standard Java constructs. There are many excellent books on Java programming in general, and on Java client-server programming in particular. However, we will start at ground zero when it comes to directories and LDAP.

How the Book Is Organized

Introduction to LDAP
Chapter 1 presents the role of directories in software systems today and describes how applications can benefit from using them, as well as presenting cases in which directories are not as good a fit as relational databases.

Chapter 2 introduces the LDAP protocol against this background and presents the LDAP naming and information models that together define how data is stored and accessed in a directory.

After acquainting you with the basic LDAP concepts and terminology, in Chapter 3 we will look at how Directory SDK for Java can help a Java program, servlet, or applet gain access to an LDAP server. After installing the SDK, we will try a few simple searches with the SDK's command-line search tool to become familiar with how a client typically interacts with an LDAP server.

Getting Started
In Chapter 4 we will install an LDAP server for use in the remainder of the book. If you already have a directory installed that is compatible with version 3 of the LDAP protocol (LDAPv3), you need only add to the directory the sample database file that is provided on the CD-ROM that accompanies the book. The examples in the book do not generally assume any particular vendor's directory product; exceptions are indicated clearly.

With the SDK installed and a directory available, Chapter 5 dives into how to retrieve data from an LDAP server. Searching is the predominant LDAP operation in most programs, and we will cover all parameters that affect the results to be returned, as well as how to obtain optimal performance. Chapter 6 explores the add, modify, delete, and rename operations for updating data in a directory, along with how to use groups.

Authentication is touched on briefly in Chapter 6 because most directories are configured not to allow anonymous clients to update any data. Chapter 7, however, covers the topic thoroughly. Besides covering simple authentication with a distinguished name (DN) and password, it introduces authentication with Secure Sockets Layer (SSL) and Simple Authentication and Security Layer (SASL), and it explains how access control is configured and updated in Netscape Directory Server.

Down and Dirty
Chapter 8 discusses the special considerations for LDAP client code that is intended to run as an applet in a browser. The steps required to digitally sign an applet for use with Microsoft Internet Explorer, Netscape Navigator, and the Sun Java Plug-in Software are presented in detail.

In Chapter 9 we investigate how to access the SDK from JavaScript in a browser.

Chapter 10 demonstrates how to encapsulate LDAP functionality in a JavaBean and provides full source for a directory tree browser JavaBean and a table JavaBean for listing the results of a search operation.

In Chapter 11 we take a detailed look at how an application can store configuration and preferences in a directory.

In a directory, data is stored as a tree. Chapter 12 illustrates how directory data can model relationships other than the physical tree relationships. A JavaBean is developed to extract reporting relationships from LDAP data and present the results as an organizational chart. Another JavaBean presents the contents of a directory entry. The chapter concludes by hooking up into simple applications the graphical JavaBeans that have been developed up to that point in the book.

Chapter 13 develops a complete server-side application: a corporate online "phone book." The application is a Java servlet that makes selected personal directory information, such as phone numbers and photographs, available to any user with a browser.

In Chapter 14 we summarize and discuss all the options and constraints that may be selected by an application for searching and other operations.

Beyond the Basics
Chapter 15 discusses various aspects of the SDK and of LDAP programming in general that are not discussed as often as the other topics in this book, such as LDAP URLs, the use of multiple threads and multiple connections, and performance tips.

Advanced topics, such as schema management, LDAP controls, and the asynchronous operation methods, are presented in Chapter 16.

The appendices contain important reference material for the SDK and for LDAP in general.

If You're in a Hurry
In general, the book contains a logical progression of information and examples, each chapter building on previous ones.

If you are familiar with the use of directories and with LDAP concepts, you may choose to skip over the first two chapters. If you already have an LDAP server available and the SDK is installed, you can go directly to Chapter 5.

If you are not interested in writing applets or JavaScript applications that use LDAP, you can safely skip over Chapters 8 and 9. Similarly, if you do not need to know how to write a Java servlet that uses LDAP, you may choose to skip over Chapter 13.

The Companion CD-ROM
The CD-ROM includes reference documentation and source code for Directory SDK for Java, as well as for all the examples and programs mentioned in the book. The SDK and examples are also provided as precompiled class and JAR files so that you can run any program directly, without compiling or copying to a local hard disk. The full text of the book is also included, to allow you to view the contents in a browser and to search for any word.

0201657589P04062001

Excerpt. © Reprinted by permission. All rights reserved.

Preface After a maturation phase in the early and mid-1990s, Lightweight Directory Access Protocol (LDAP) exploded into the mainstream of enterprise and Internet software environments. Just a few years ago, only researchers and a few brave souls doing pilot projects concerned themselves with the new protocol for sharing and accessing directory information. Today, one of the requirements of any major enterprise-level or Internet-oriented application is to be able to use an existing shared resource for user information, authentication, and authorization, and nowadays that resource in a great many cases is an LDAP directory.