|
|
DeveloperNet
University Home > Online Courses > Novell eCommerce Beans
|
|
|
LDAP Beans
LDAP beans provide read and write access to any LDAP Directory as well as authentication and rights assignments. All of this can be done over an encrypted channel using SSL. The following table lists several commonly used LDAP command beans and their functions.
| LDAP Command Bean | Function |
|---|---|
| AuthenticateLdap
|
To Authenticate to an LDAP Directory.
|
| LdapConnection
|
To provide a communication channel between Web
application and the Directory. Use anytime you intend to
do more in the Directory besides Authenticate.
|
| ContextlessLoginLdap
|
To login specifying the user's fully distinguished name.
You can also set a filter to search and login by a user's
specific attribute such email address.
|
| CreateLdapEntry
|
Create an entry in an LDAP Directory.
|
| DeleteLdapEntry
|
Delete an entry from the Directory.
|
| ListLdapEntry
|
Lists the entries in the Directory at a specified context.
|
| ModifyLdapEntry
|
Used to modify the attributes of a entry in the Directory.
You can add a new attribute to the object, replace
an attribute, or delete one as well as modify the rights
of an entry.
|
| ChangePasswordLdapEntry
|
To change the password of an entry in the Directory.
|
| SetPasswordLdapEntry
|
Sets the password for an entry.
|
| ReadLdapEntry
|
To read the attributes of an LDAP entry.
|
| SearchLdapEntry
|
Searches through the Directory to find the entry with a
specified property value.
|
| UnauthenticateLdap
|
Unauthenticates from the Directory.
|
Develop with LDAP Beans
The following six steps will be the basic form for an application using LDAP beans.
- Instantiate an LdapConnection object if you are going to perform any operation on the Directory.
- Instantiate an AuthenticateLdap bean and set its required properties. Naturally, you must authenticate into eDirectory before you can perform any operations on it. If you authenticate without specifying a user, you will be authenticated as a member of the [Public] group, which only has sufficient rights to view the objects in the Directory tree. Any operation attempted will fail because of insufficient rights.
- Execute the AuthenticateLdap bean and catch any exceptions that may occur.
- Grab the connection you created by assigning the connection to the LdapConnection bean you instantiated. This is done by the statement by calling the AuthenticateLdap bean's getLdapConnection() method and assigning it to the LdapConnection bean you created earlier.
- Now that you have the LdapConnection object, you can use this object as an input property to any other LDAP bean you want to instantiate.
- Unauthenicate from eDirectory using the UnauthenticateLdap bean with the LdapConnection object as a parameter.
Simple Authentication Example
Here is a basic servlet demonstrating standard authentication into eDirectory:
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
import com.novell.ecb.*;
import com.novell.ecb.ldap.*;
public class BasicAuth extends HttpServlet
{
private static final String CONTENT_TYPE = "text/html";
//Initialize global variables
public void init() throws ServletException
{
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType(CONTENT_TYPE);
PrintWriter out = response.getWriter();
out.println("<font color=\"green\">");
LdapConnection lc = new LdapConnection();
try
{
AuthenticateLdap auth = new AuthenticateLdap();
auth.setURL("ldap://edu-qc.provo.novell.com");
auth.setDN("cn=jnovell, o=novell");
auth.setPassword("novell");
auth.execute();
lc = auth.getLdapConnection();
out.println("<h1>Welcome to this Basic Authentication Site</h1>");
}
catch(CommandException e)
{
e.printStackTrace(out);
}
out.println("</font>");
}
public void destroy()
{
}
}
Notice I followed the steps outlined previously. Now, if I want to perform any other operations in eDirectory, I have an LdapConnection object with which I can do that. I simply use that as my parameter to another LDAP bean.
Common Exceptions You Should Handle
The following table lists the common exceptions you should consider handling in your application and the cause of the exception.
| Common Exceptions | Cause of the Exception |
|---|---|
| LdapAuthenticationException
|
Occurs when a login fails because the password was mis-typed.
|
| CommandException
|
General exception thrown by a Command Bean. This will probably be
the last exception you catch.
|
| LdapException
|
This is a generic LDAP exception.
|
| LdapCommunicationException
|
Thrown when the client is unable to communicate via LDAP.
|
| LdapAttributeInUseException
|
Thrown when an attribute already exists.
|
| LdapInvalidAttributeIdentifier
|
Thrown when an invalid attribute identifier is used to name an
attribute.
|
| LdapInvalidAttributesException
|
Thrown when an attribute set has been specified incorrectly.
|
| LdapInvalidAttributeValue
|
Thrown when an attribute value conflicts with the Directory schema.
|
| LdapInvalidNameException
|
Thrown when the object name is not in correct LDAP form.
|
| LdapInvalidSearchFilter
|
Thrown when the search filter is incorrect.
|
| LdapNameNotFound
|
Thrown when the object name cannot be found in the Directory tree.
|
| LdapNoPermissionException
|
Thrown when the client does not have the necessary rights to perform
the operation.
|
| LdapNoSuchAttributeDefinition
|
Thrown when the attribute does not exist in the schema.
|
|
|
|
|
|
|
