Date post: | 31-Dec-2015 |
Category: |
Documents |
Upload: | rajah-decker |
View: | 58 times |
Download: | 1 times |
1
LDAP and Java Naming Services
Murali. M .Nagendranath
2
Contents
1 LDAP (Lightweight Directory Access Protocol)
2 JNDI (Java Naming & Directory Interface)
3 Demonstration
3
LDAP
1 What is LDAP?2 History of LDAP4 Directories in LDAP5 Use and purpose of LDAP
4
What is LDAP?
• Protocol of standard and extensible directory.
• Protocol giving access the information contained in the directory.
• Model of Information – Type of data.• Functional Model – Acess to information.• Safety Model - How access is protected.• Model of duplication - Distribution of data.• Replication Service.
5
A Brief History
• LDAP was born from the necessary adaptation of protocol DAP for TCP/IP.
• Started at University of Michigan in 1993 in the same vision as that of X.500
• Latest version, v3, was made in 1997• Netscape is now the center of research
6
X.500 & LDAP
• LDAP is less secure• Still a large amount of
compatibility between them• LDAP’s ability to search across
servers is the most important advantage of LDAP.
7
Directories
• Often compared to a phone book• DNS is an example• Can be used locally or globally• The list of all the names in a
directory is it’s Name Space
8
Directories in LDAP
• Each entry has a unique distinguished name (DN) which is succession of attributes.
• An attribute describes the characteristic of objects.
• Normal attributes.• Operational attributes.• Characteristics of attributes• Name, mono/multi, limit of value.• DN’s are made up of the location of
something in the directory
9
Directories in LDAP: Examples
• c stands for the country, o stands for organization
• ou stands for organization units, cn is for individuals
• cn=john, ou=administration, o=ibm, c=usa• o=ibm, c=usa• These are distinguished names.• Together these combinations specify
something specific, although it need not be at the bottom level
10
Directories in LDAP: Picture
11
Directories in LDAP
• Although that is the most common structure in LDAP, it is possible to define your own directory structure like the flat tree structure.
• This can cause compatibility problems
12
Functions in LDAP
• 4 main commands in editing LDAP directories:– Add, delete, modify & modify DN
• Modify changes the whole directory entry, modify DN just changes name of the entry
13
Functions in LDAP: Modify DN example
• cn=Modify Me, o=University of Florida, c=US cn=The New Me
The command: ldapmodify -r -f /tmp/entrymods
will change the RDN of the "Modify Me" entry from "Modify Me" to "The New Me" and the old cn, "Modify Me" will be removed
14
Functions in LDAP:Delete Example
• ldapdelete "cn=Delete Me, o=University of Florida, c=US"
will attempt to delete the entry named with commonName "Delete Me" directly below the University of Florida organizational entry.
15
Functions in LDAP:Modify Example
• dn: cn=Modify Me, o=University of Florida, c=US changetype: modifyreplace: mailmail: Dr [email protected]: titletitle: Grand OCEANdelete: description
16
Functions in LDAP:Modify Example cont.
The above function will replace the contents of the "Modify Me" entry's mail attribute with the value “Dr [email protected]", add a title of "Grand OCEAN", and completely remove the
description attribute.
• The add function works almost the same as modify.
17
Referral Scheme
18
..Contd
1. Client requests information 2. Server 1 returns referral to server
2 3. Client resends request to server 2 4. Server 2 returns information to
client
19
LDIF & its Uses
•LDAP Data Interchange Format •Represents LDAP entries in text •Human readable format •Allows easy modification of data
• To make basic imports/exports.
20
SCHEMAS
• Schema contains the following: • Required attributes • Allowed attributes • How to compare attributes • Limit what the attributes can store - ie, restrict
to integer etc • Set of rules that describes what kind of data is
stored • Helps maintain consistancy and quality of data • Reduces duplication of data
21
Why is LDAP Important?
• Provides a standard for finding people or resources
• Much different then web searches, which are simply pattern matching
• Quickly becoming popular with major companies ie: Netscape, Novell
• Vendor independent open protocol
22
What isn’t LDAP intended for?
• Not useful as a local database• Not able to replace file systems• Not meant to replace DNS, but it
can work in conjunction with DNS
23
LDAP on the web
• There are many web based LDAP servers that can be called in programs or searched directly via the web
• Used behind the scenes at online shopping sites and other web sites
• Used by Netscape for it’s email address book
24
JNDI
1 What is JNDI?2 Setup3 Concepts & Classes
25
What is JNDI?
• Java Naming and Directory Interface API
• Introduced in March, 1997 by Sun Microsystems
• Purpose: to provide a common access to different types of directories
26
What is JNDI?
27
Packages
• javax.naming• javax.naming.directory• javax.naming.event• javax.naming.ldap• javax.naming.spi
28
Class: Context
• Methods:– bind(String name, Object obj);– close();– list(String name);– listBindings(String name);– lookup(String name); // most
commonly used– rebind(String name, Object obj);– rename(String oldName, String newName);– unbind(String name);
29
Class: DirContext
• Extends Context• methods:
– getAttributes(String name);– modifyAttributes(String name,
ModificationItem[] mods);– search(String name, Attributes matchAttrs);
30
Classes: InitialContext &
InitialDirContext• All operations are performed
relative to an initial context• set environment properties
– Location of server (PROVIDER_URL)– How to create a context
(INITIAL_CONTEXT_FACTORY)
• instantiation may throw a NamingException
31
Summary
• LDAP is useful for finding people and/or resources over a network
• Searches directories using distinguished names
• JNDI provides a common access to directories of different types
32
Demo
1 Retrieving an object’s attributes2 Searching the directory by
supplying a name
33
1. Retrieving an object’s attributes
Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL,
"ldap://directory.ufl.edu:389/o=ufl,c=us");
try { DirContext ctx = new InitialDirContext(env);
// Get the attributes associated with the object
bound to the name "ou=students" Attributes answer =
ctx.getAttributes("ou=students");
34
1. Retrieving an object’s attributes (cont…)// Print out the attributes
printIdAndValue(answer);
System.out.println("-------------------------------------------");
ctx.close();
} catch (NamingException e) {
System.err.println("Exception caught:" + e); }
35
The print method
NamingEnumeration enum = toPrint.getAll();
try {
while (enum.hasMore()) {
Attribute attr = (Attribute)enum.next();
// print out the attribute identifier
System.out.println("attribute: " + attr.getID());
// print out each value
for (NamingEnumeration valueEnum = attr.getAll(); valueEnum.hasMore(); System.out.println("value: " + valueEnum.next()));
}
} catch (NamingException e) {
System.err.println("Exception caught: " + e);
}
36
2. Name search
DirContext ctx = new InitialDirContext(env);
Attributes matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute("sn", "King"));/* The above code adds an attribute to the set; could also have
done
Attributes matchAttrs = new BasicAttributes("sn","King",true);
Note: true = case insensitive; false = case sensitive */
// Note: a search returns an enumeration of SearchResult objects
NamingEnumeration enum = ctx.search("ou=students", matchAttrs);
37
2. Name search (cont…)
while (enum.hasMore()) {
// Get the next SearchResult object & print out it's name
SearchResult result = (SearchResult)enum.next();
System.out.println(">>>" + result.getName());
Attributes attrSet = result.getAttributes(); // attrSet is a set of attributes
// print the attribute identifiers and values
printIdAndValue(attrSet);
}
38
THANK YOU.