From centralized corporate phone books to the localized storage of user preferences, Internet directories have many useful features. LDAP Programming with Java
offers an excellent tutorial on Lightweight Directory Access Protocol (LDAP), a popular standard, and the Directory SDK for Java, which lets you program with LDAP efficiently. Written for the working developer, this book demonstrates not only the elements of this Java toolkit but also the strategies and techniques for creating good Internet directories.
There's a nice balance in this text among the background and theory of Internet directories and the many useful sample programs that show LDAP and Java in action. After outlining the development of the LDAP standard, this text gives you concise examples of using Internet directories for such applications as phone books, organizational charts, storing photo IDs centrally, and even providing "location transparency" for user preferences. (This capability allows users to access personalized settings from anywhere on a network.) Other standout material includes security and authentication, including some good detail on signing JAR files for both Netscape and Internet Explorer Web browsers.
After a maturation phase in the early and mid-1990s, Lightweight Directory Access Protocol (LDAP) exploded into the mainstream of enterprise and Internet software environments. Just a few years ago, only researchers and a few brave souls doing pilot projects concerned themselves with the new protocol for sharing and accessing directory information. Today, one of the requirements of any major enterprise-level or Internet-oriented application is to be able to use an existing shared resource for user information, authentication, and authorization, and nowadays that resource in a great many cases is an LDAP directory.
Why LDAP and Java?
The impetus for LDAP Programming with Java was the mushrooming need for accurate, concise, and complete information on how to access this new key element of enterprise and Internet programming--LDAP. Programmers around the world have found innovative ways to use Directory SDK for Java to solve their LDAP access problems, and sometimes they have shared their questions and experiences on the newsgroups for LDAP, but there has been no authoritative guide.
This book is dedicated to the programmers and system administrators who are faced with LDAP-enabling their applications, tools, and systems.
In this book we've provided a very large number of examples for every aspect of programming with Directory SDK for Java, from simple code snippets to more than two dozen complete components and applications. You may be able to use some of them as starting points for your own projects. We do not discuss directory deployment scenarios or how to configure an LDAP server. Such topics are explored in detail in other books and in documentation provided by vendors of LDAP servers.
To Get the Most Out of This Book
We're assuming that readers of this book are somewhat familiar with programming in Java, so we will not introduce or explain standard Java constructs. There are many excellent books on Java programming in general, and on Java client-server programming in particular. However, we will start at ground zero when it comes to directories and LDAP.
How the Book Is Organized
Introduction to LDAP
Chapter 1 presents the role of directories in software systems today and describes how applications can benefit from using them, as well as presenting cases in which directories are not as good a fit as relational databases.
Chapter 2 introduces the LDAP protocol against this background and presents the LDAP naming and information models that together define how data is stored and accessed in a directory.
After acquainting you with the basic LDAP concepts and terminology, in Chapter 3 we will look at how Directory SDK for Java can help a Java program, servlet, or applet gain access to an LDAP server. After installing the SDK, we will try a few simple searches with the SDK's command-line search tool to become familiar with how a client typically interacts with an LDAP server.
In Chapter 4 we will install an LDAP server for use in the remainder of the book. If you already have a directory installed that is compatible with version 3 of the LDAP protocol (LDAPv3), you need only add to the directory the sample database file that is provided on the CD-ROM that accompanies the book. The examples in the book do not generally assume any particular vendor's directory product; exceptions are indicated clearly.
With the SDK installed and a directory available, Chapter 5 dives into how to retrieve data from an LDAP server. Searching is the predominant LDAP operation in most programs, and we will cover all parameters that affect the results to be returned, as well as how to obtain optimal performance. Chapter 6 explores the add, modify, delete, and rename operations for updating data in a directory, along with how to use groups.
Authentication is touched on briefly in Chapter 6 because most directories are configured not to allow anonymous clients to update any data. Chapter 7, however, covers the topic thoroughly. Besides covering simple authentication with a distinguished name (DN) and password, it introduces authentication with Secure Sockets Layer (SSL) and Simple Authentication and Security Layer (SASL), and it explains how access control is configured and updated in Netscape Directory Server.
Down and Dirty
Chapter 8 discusses the special considerations for LDAP client code that is intended to run as an applet in a browser. The steps required to digitally sign an applet for use with Microsoft Internet Explorer, Netscape Navigator, and the Sun Java Plug-in Software are presented in detail.
Chapter 10 demonstrates how to encapsulate LDAP functionality in a JavaBean and provides full source for a directory tree browser JavaBean and a table JavaBean for listing the results of a search operation.
In Chapter 11 we take a detailed look at how an application can store configuration and preferences in a directory.
In a directory, data is stored as a tree. Chapter 12 illustrates how directory data can model relationships other than the physical tree relationships. A JavaBean is developed to extract reporting relationships from LDAP data and present the results as an organizational chart. Another JavaBean presents the contents of a directory entry. The chapter concludes by hooking up into simple applications the graphical JavaBeans that have been developed up to that point in the book.
Chapter 13 develops a complete server-side application: a corporate online "phone book." The application is a Java servlet that makes selected personal directory information, such as phone numbers and photographs, available to any user with a browser.
In Chapter 14 we summarize and discuss all the options and constraints that may be selected by an application for searching and other operations.
Beyond the Basics
Chapter 15 discusses various aspects of the SDK and of LDAP programming in general that are not discussed as often as the other topics in this book, such as LDAP URLs, the use of multiple threads and multiple connections, and performance tips.
Advanced topics, such as schema management, LDAP controls, and the asynchronous operation methods, are presented in Chapter 16.
The appendices contain important reference material for the SDK and for LDAP in general.
If You're in a Hurry
In general, the book contains a logical progression of information and examples, each chapter building on previous ones.
If you are familiar with the use of directories and with LDAP concepts, you may choose to skip over the first two chapters. If you already have an LDAP server available and the SDK is installed, you can go directly to Chapter 5.
The Companion CD-ROM
The CD-ROM includes reference documentation and source code for Directory SDK for Java, as well as for all the examples and programs mentioned in the book. The SDK and examples are also provided as precompiled class and JAR files so that you can run any program directly, without compiling or copying to a local hard disk. The full text of the book is also included, to allow you to view the contents in a browser and to search for any word.