LDAP Basics With Java

You can access LDAP through Python, but what about Java applications? As mentioned earlier, JNDI technology supports directory access from Java applications, and is part of the Java platform.

You are probably writing a web-facing application that sits in an application server like GlassFish. I wrote a quick a dirty web application (āžzipped here) that does authentication and searches in much the same way as the Python code. I had already installed OpenDS SE 2.0, and imported Example.ldif for the data. Here is the top page.

ready to authenticate

Using the hint, I authenticated as bjensen.

successful auth

Here's the relevant JSP code.

        <h2>LDAP Authentication Results</h2>
        <p>Return to <a href="index.jsp">top page</a>.</p><hr />
        <%
        String user = request.getParameter("user");
        String password = request.getParameter("password");

        String filter = "(|(uid=" + user + ")" + "(mail=" + user + "@\*))";
        String cliEquiv = "<tt>ldapsearch -h " + server + " -p " +
                port + " -b " + basedn + " \\"" + filter + "\\"</tt></p>";
        %>
        <p>Equivalent command line:<br /><%= cliEquiv%><hr />
        <%
        // Connect to the LDAP server.
        Hashtable env = new Hashtable(11);
        env.put(Context.INITIAL_CONTEXT_FACTORY,
                "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://" + server + ":" + port + "/");

        // Search and retrieve DN.
        try {
            LdapContext ldap = new InitialLdapContext(env, null);
            NamingEnumeration results = ldap.search(basedn, filter, null);
            String binddn = "None";
            while (results.hasMore()) {
                SearchResult sr = (SearchResult) results.next();
                binddn = sr.getName() + "," + basedn;
            }
        %>
        <p>Bind DN found: <%= binddn%><hr /></p>
        <%
            ldap.close();

            // Authenticate
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL, binddn);
            env.put(Context.SECURITY_CREDENTIALS, password);

            ldap = new InitialLdapContext(env, null);
        %>
        <p>Successful authentication for <%= user%>.</p>
        <%
        } catch (AuthenticationException ae) {
            ae.printStackTrace();
        %>
        <p>Failed authentication for <%= user%>.</p>
        <%
        } catch (NamingException e) {
            e.printStackTrace();
        }
        %>
        <hr /><p>Return to <a href="index.jsp">top page</a>.</p>

Searches are even simpler.

ready to search

This returns a page with all the users having jensen in their name.

search success

The relevant JSP code for this one follows.

        <h2>LDAP Search Results</h2>
        <p>Return to <a href="index.jsp">top page</a>.</p><hr />
        <%
        String name = request.getParameter("name");

        String filter = "(|(cn=\*" + name + "\*)" + "(sn=\*" + name + "\*))";
        String cliEquiv = "<tt>ldapsearch -h " + server + " -p " +
                port + " -b " + basedn + " \\"" + filter + "\\"</tt></p>";
        %>
        <p>Equivalent command line:<br /><%= cliEquiv%><hr />
        <%
        // Connect to the LDAP server.
        Hashtable env = new Hashtable(11);
        env.put(Context.INITIAL_CONTEXT_FACTORY,
                "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://" + server + ":" + port + "/");

        // Search for entries and display results.
        try {
            LdapContext ldap = new InitialLdapContext(env, null);
            NamingEnumeration results = ldap.search(basedn, filter, null);
        %>
        <pre>
        <%
            String noresult = "";
            if (!results.hasMoreElements()) noresult = "No results found.";
        %>
<%= noresult %><%
            while (results.hasMore()) {
                SearchResult sr = (SearchResult) results.next();
                Attributes attrs = sr.getAttributes();
                Attribute uid = attrs.get("uid");
                Attribute mail = attrs.get("uid");
        %>
DN   : <%= sr.getName() + "," + basedn%>
Uid  : <%= uid%>
Email: <%= mail%>
        <%
            }
            ldap.close();
        } catch (NamingException e) {
            e.printStackTrace();
        }
        %>
        </pre>
Comments:

Thanks. I saved the entire page by Greasemonkey. But the link to zipped web application is broken.

Posted by Katsumi INOUE on August 17, 2009 at 09:00 PM CEST #

Thank you for catching that.

It looks like Roller was converting spaces in the name to '+' instead of '%20'.

I fixed the link, which is http://blogs.sun.com/marginNotes/resource/java/LDAP%20Basics%20With%20Java.zip

Posted by Mark Craig on August 18, 2009 at 01:43 AM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Mark Craig writes about Directory Services products and technologies. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today