LDAP Client APIs
By mcraig on Aug 11, 2009
In the LDAP client-server model, directory servers make information about people, organizations, and resources accessible to LDAP client applications. LDAP defines operations that clients use to search and update the directory. An LDAP client can perform these operations, among others:
- Search for and retrieve entries from the directory
- Add new entries to the directory
- Update entries in the directory
- Delete entries from the directory
- Rename entries in the directory
For example, to update an entry, an LDAP client submits the distinguished name (DN) of the entry with updated attribute information to the LDAP server. The LDAP server uses the distinguished name to find the entry. The server then performs a modify operation to update the entry in the directory.
To perform any of these LDAP operations, an LDAP client needs
to establish a connection with an LDAP server. The LDAP protocol
the use of TCP/IP port number 389, although servers can listen on other
ports, such as 636 for LDAP/SSL for example.
The LDAP protocol also defines a simple method for authentication. LDAP servers can be set up to restrict permissions to the directory. Before an LDAP client can perform an operation on an LDAP server, the client must authenticate to the server. Clients typically authenticate by supplying a distinguished name and password. If the user identified by the distinguished name does not have permission to perform the operation, the server does not execute the operation.
On the web you can find free LDAP directory client software
development kits for creating your own LDAP clients.
- Java Naming and Directory Interface (JNDI) technology supports directory access through LDAP and DSML from Java applications, and is part of the Java platform. With JNDI, you can build powerful, portable, directory-enabled applications that do not depend on classes outside the Java platform. The upside is that you do not need to install additional client libraries. JNDI provides an abstract model that lets you access not only directories, but also naming services in general, including DNS, RMI, COS, and file systems. The downside is that even if you already know LDAP, you still have to learn JNDI. The JNDI Tutorial contains descriptions and examples of how to use JNDI. The tutorial is at http://java.sun.com/products/jndi/tutorial/.
- The Mozilla LDAP Java SDK offers an API that is more readily comprehensible than JNDI if you already know LDAP. The API was the subject of Internet-Draft work that did not result in a standard. The code is published in open source form as part of the Mozilla Directory SDK project. See http://www.mozilla.org/directory/.
- LDAP SDK for Java
from UnboundID provides a recent Java implementation of an LDAP API,
with additional features not available in older Java APIs. For more,
- LDAP Classes for Java follow the Internet-Draft work. Novell makes the LDAP Classes for Java available through their developer community. See http://developer.novell.com/wiki/index.php/LDAP_Classes_for_Java.
- The Mozilla LDAP C SDK, also based on the Internet-Draft work that did not become a standard, is available on a wide range of platforms. The Mozilla LDAP C SDK also provides support for core LDAP operations, and for LDAP v3 extensions and widely used controls. Sun Directory Server uses this API, as does the address book applications associated with Firefox. (Try a valid LDAP URL in your browser.) Mozilla LDAP C SDK code is published in open source form as part of the Mozilla Directory SDK project. See http://www.mozilla.org/directory/.
- OpenLDAP C API
Many GNU/Linux distributions
provide OpenLDAP support. The OpenLDAP C API is based on an
Internet-Draft for that never became a standard. The API closely
follows LDAPv3, providing support for core LDAP operations and for
LDAPv3 extensions and widely used controls. LDAP support for languages
such as PHP and Python is available through wrappers for OpenLDAP. For
an introduction to the OpenLDAP API,
see the LDAP(3)
- Solaris LDAP C API
The native LDAP library on Solaris systems provides nearly the
same API as the Mozilla C SDK. Many clients need only be
recompiled to work with Solaris libldap. The LDAP library on
Solaris systems is not however compatible with libldap from
OpenLDAP. For an introduction to the Solaris OS libldap
see the ldap(3LDAP)
page. (Thanks for reading my non-cross-platform plug. ;-)
- Perl Net::LDAP is the official collection of modules, written in pure Perl. For more, see http://ldap.perl.org/.
- PerLDAP is written in Perl and C. PerLDAP is part of the Mozilla Directory SDK project. See http://www.mozilla.org/directory/.