LDAP and Java Naming Services

38
1 LDAP and Java Naming Services Murali. M .Nagendranath

description

LDAP and Java Naming Services. Murali. M .Nagendranath. Contents. LDAP (Lightweight Directory Access Protocol) JNDI (Java Naming & Directory Interface) Demonstration. LDAP. What is LDAP? History of LDAP Directories in LDAP Use and purpose of LDAP. What is LDAP?. - PowerPoint PPT Presentation

Transcript of LDAP and Java Naming Services

Page 1: LDAP and Java Naming Services

1

LDAP and Java Naming Services

Murali. M .Nagendranath

Page 2: LDAP and Java Naming Services

2

Contents

1 LDAP (Lightweight Directory Access Protocol)

2 JNDI (Java Naming & Directory Interface)

3 Demonstration

Page 3: LDAP and Java Naming Services

3

LDAP

1 What is LDAP?2 History of LDAP4 Directories in LDAP5 Use and purpose of LDAP

Page 4: LDAP and Java Naming Services

4

What is LDAP?

• Protocol of standard and extensible directory.

• Protocol giving access the information contained in the directory.

• Model of Information – Type of data.• Functional Model – Acess to information.• Safety Model - How access is protected.• Model of duplication - Distribution of data.• Replication Service.

Page 5: LDAP and Java Naming Services

5

A Brief History

• LDAP was born from the necessary adaptation of protocol DAP for TCP/IP.

• Started at University of Michigan in 1993 in the same vision as that of X.500

• Latest version, v3, was made in 1997• Netscape is now the center of research

Page 6: LDAP and Java Naming Services

6

X.500 & LDAP

• LDAP is less secure• Still a large amount of

compatibility between them• LDAP’s ability to search across

servers is the most important advantage of LDAP.

Page 7: LDAP and Java Naming Services

7

Directories

• Often compared to a phone book• DNS is an example• Can be used locally or globally• The list of all the names in a

directory is it’s Name Space

Page 8: LDAP and Java Naming Services

8

Directories in LDAP

• Each entry has a unique distinguished name (DN) which is succession of attributes.

• An attribute describes the characteristic of objects.

• Normal attributes.• Operational attributes.• Characteristics of attributes• Name, mono/multi, limit of value.• DN’s are made up of the location of

something in the directory

Page 9: LDAP and Java Naming Services

9

Directories in LDAP: Examples

• c stands for the country, o stands for organization

• ou stands for organization units, cn is for individuals

• cn=john, ou=administration, o=ibm, c=usa• o=ibm, c=usa• These are distinguished names.• Together these combinations specify

something specific, although it need not be at the bottom level

Page 10: LDAP and Java Naming Services

10

Directories in LDAP: Picture

Page 11: LDAP and Java Naming Services

11

Directories in LDAP

• Although that is the most common structure in LDAP, it is possible to define your own directory structure like the flat tree structure.

• This can cause compatibility problems

Page 12: LDAP and Java Naming Services

12

Functions in LDAP

• 4 main commands in editing LDAP directories:– Add, delete, modify & modify DN

• Modify changes the whole directory entry, modify DN just changes name of the entry

Page 13: LDAP and Java Naming Services

13

Functions in LDAP: Modify DN example

• cn=Modify Me, o=University of Florida, c=US cn=The New Me

The command: ldapmodify -r -f /tmp/entrymods

will change the RDN of the "Modify Me" entry from "Modify Me" to "The New Me" and the old cn, "Modify Me" will be removed

Page 14: LDAP and Java Naming Services

14

Functions in LDAP:Delete Example

• ldapdelete "cn=Delete Me, o=University of Florida, c=US"

will attempt to delete the entry named with commonName "Delete Me" directly below the University of Florida organizational entry.

Page 15: LDAP and Java Naming Services

15

Functions in LDAP:Modify Example

• dn: cn=Modify Me, o=University of Florida, c=US changetype: modifyreplace: mailmail: Dr [email protected]: titletitle: Grand OCEANdelete: description

Page 16: LDAP and Java Naming Services

16

Functions in LDAP:Modify Example cont.

The above function will replace the contents of the "Modify Me" entry's mail attribute with the value “Dr [email protected]", add a title of "Grand OCEAN", and completely remove the

description attribute.

• The add function works almost the same as modify.

Page 17: LDAP and Java Naming Services

17

Referral Scheme

Page 18: LDAP and Java Naming Services

18

..Contd

1. Client requests information 2. Server 1 returns referral to server

2 3. Client resends request to server 2 4. Server 2 returns information to

client

Page 19: LDAP and Java Naming Services

19

LDIF & its Uses

•LDAP Data Interchange Format •Represents LDAP entries in text •Human readable format •Allows easy modification of data

• To make basic imports/exports.

Page 20: LDAP and Java Naming Services

20

SCHEMAS

• Schema contains the following: • Required attributes • Allowed attributes • How to compare attributes • Limit what the attributes can store - ie, restrict

to integer etc • Set of rules that describes what kind of data is

stored • Helps maintain consistancy and quality of data • Reduces duplication of data

Page 21: LDAP and Java Naming Services

21

Why is LDAP Important?

• Provides a standard for finding people or resources

• Much different then web searches, which are simply pattern matching

• Quickly becoming popular with major companies ie: Netscape, Novell

• Vendor independent open protocol

Page 22: LDAP and Java Naming Services

22

What isn’t LDAP intended for?

• Not useful as a local database• Not able to replace file systems• Not meant to replace DNS, but it

can work in conjunction with DNS

Page 23: LDAP and Java Naming Services

23

LDAP on the web

• There are many web based LDAP servers that can be called in programs or searched directly via the web

• Used behind the scenes at online shopping sites and other web sites

• Used by Netscape for it’s email address book

Page 24: LDAP and Java Naming Services

24

JNDI

1 What is JNDI?2 Setup3 Concepts & Classes

Page 25: LDAP and Java Naming Services

25

What is JNDI?

• Java Naming and Directory Interface API

• Introduced in March, 1997 by Sun Microsystems

• Purpose: to provide a common access to different types of directories

Page 26: LDAP and Java Naming Services

26

What is JNDI?

Page 27: LDAP and Java Naming Services

27

Packages

• javax.naming• javax.naming.directory• javax.naming.event• javax.naming.ldap• javax.naming.spi

Page 28: LDAP and Java Naming Services

28

Class: Context

• Methods:– bind(String name, Object obj);– close();– list(String name);– listBindings(String name);– lookup(String name); // most

commonly used– rebind(String name, Object obj);– rename(String oldName, String newName);– unbind(String name);

Page 29: LDAP and Java Naming Services

29

Class: DirContext

• Extends Context• methods:

– getAttributes(String name);– modifyAttributes(String name,

ModificationItem[] mods);– search(String name, Attributes matchAttrs);

Page 30: LDAP and Java Naming Services

30

Classes: InitialContext &

InitialDirContext• All operations are performed

relative to an initial context• set environment properties

– Location of server (PROVIDER_URL)– How to create a context

(INITIAL_CONTEXT_FACTORY)

• instantiation may throw a NamingException

Page 31: LDAP and Java Naming Services

31

Summary

• LDAP is useful for finding people and/or resources over a network

• Searches directories using distinguished names

• JNDI provides a common access to directories of different types

Page 32: LDAP and Java Naming Services

32

Demo

1 Retrieving an object’s attributes2 Searching the directory by

supplying a name

Page 33: LDAP and Java Naming Services

33

1. Retrieving an object’s attributes

Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY,

"com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL,

"ldap://directory.ufl.edu:389/o=ufl,c=us");

try { DirContext ctx = new InitialDirContext(env);

// Get the attributes associated with the object

bound to the name "ou=students" Attributes answer =

ctx.getAttributes("ou=students");

Page 34: LDAP and Java Naming Services

34

1. Retrieving an object’s attributes (cont…)// Print out the attributes

printIdAndValue(answer);

System.out.println("-------------------------------------------");

ctx.close();

} catch (NamingException e) {

System.err.println("Exception caught:" + e); }

Page 35: LDAP and Java Naming Services

35

The print method

NamingEnumeration enum = toPrint.getAll();

try {

while (enum.hasMore()) {

Attribute attr = (Attribute)enum.next();

// print out the attribute identifier

System.out.println("attribute: " + attr.getID());

// print out each value

for (NamingEnumeration valueEnum = attr.getAll(); valueEnum.hasMore(); System.out.println("value: " + valueEnum.next()));

}

} catch (NamingException e) {

System.err.println("Exception caught: " + e);

}

Page 36: LDAP and Java Naming Services

36

2. Name search

DirContext ctx = new InitialDirContext(env);

Attributes matchAttrs = new BasicAttributes(true);

matchAttrs.put(new BasicAttribute("sn", "King"));/* The above code adds an attribute to the set; could also have

done

Attributes matchAttrs = new BasicAttributes("sn","King",true);

Note: true = case insensitive; false = case sensitive */

// Note: a search returns an enumeration of SearchResult objects

NamingEnumeration enum = ctx.search("ou=students", matchAttrs);

Page 37: LDAP and Java Naming Services

37

2. Name search (cont…)

while (enum.hasMore()) {

// Get the next SearchResult object & print out it's name

SearchResult result = (SearchResult)enum.next();

System.out.println(">>>" + result.getName());

Attributes attrSet = result.getAttributes(); // attrSet is a set of attributes

// print the attribute identifiers and values

printIdAndValue(attrSet);

}

Page 38: LDAP and Java Naming Services

38

THANK YOU.