Read an LDAP directory

Post any questions you have about using the Verj.io Studio, including client and server-side programming with Javascript or FPL, and integration with databases, web services etc.

Moderators: Jon, Steve, Ian, Dave

Post Reply
sjethwa
Ebase User
Posts: 9
Joined: Mon Oct 08, 2007 10:18 am

Read an LDAP directory

#1

Postby sjethwa » Fri Aug 22, 2008 5:02 pm

Question1
I want to write a function (ideally a WS) to allow a runtime user to supply a user-name so that I can use it to search an LDAP directory and return additonal attributes of the user, eg, the email address.

Has anyone done anything like this and can suggest ideas.

I have read the Help files in EBase and can see reading LDAP is possible to authenticate/authorise designers and/or runtime users, but my query is more a simple lookup/search on an LDAP directory.

Question2
I want to write a function (ideally a WS) to allow a runtime user to supply userid+password to authenticate to an LDAP directory. Can some one suggest way to do this, I have read the Help but I am new to this and can't see the solution although it may well be staring me in the face javascript:emoticon(':roll:')
Rolling Eyes


Thanks

Sanjay :roll:
0 x
User avatar
Wai
Moderator
Moderator
Posts: 165
Joined: Wed Sep 12, 2007 9:04 am
Location: Sandy, UK
Contact:
Contact Wai

#2

Postby Wai » Sun Aug 31, 2008 4:59 pm

RE: Question 1

You can write a java class which performs a basic LDAP search operation. This can be part of a custom function which takes the uid or full dn of the user and returns the user's attributes. You would need to authenticate to the LDAP server first before performing the search. This you can do by using an Administrator account set in UFSSetup.properties which you can read before doing the authentication.

RE: Question 2

Ebase has already written an LDAPLoginModule which will do this. It requires use of Ebase Authentication. When this is turned on, configure Ebase to use the LDAPLoginModule. This will perform user authentication against the supplied username and password against the LDAP directory.

You would also need to think about user roles - you can tell Ebase to use those defined in the Ebase repository (in which case, LDAP users will need to exist in the Ebase Security data as well), or use those defined in LDAP by defining the roles in an LDAP attribute and then telling Ebase which attribute contains that definition.

Which LDAP Directory are you using?

Please let me know if that helps or if you need more information.
0 x
sjethwa
Ebase User
Posts: 9
Joined: Mon Oct 08, 2007 10:18 am

#3

Postby sjethwa » Tue Sep 02, 2008 10:25 am

Thanks Wai for your suggestions.

I have managed to do a basic test whereby I authenticate to the Ebase Security system, and then read off other corresponding attributes (eg, email address, network address etc) from our Novell eDirectory LDAP server. This was relatively easy to do, and I now understand the security options in Ebase.

Unfortunately we don't have much java skills to develop solution 1, and what I am trying to achieve is a general purpose WS using Ebase to allow any system to read extended attributes of a user from an LDAP directory (eg, email address, line manager name etc). Any java experts out there to comment on how difficult this is to create a custom LDAP search function please? Once the custom function is in place, I can create a WS relatively easily in Ebase.

Thanks

Sanjay
0 x
User avatar
Wai
Moderator
Moderator
Posts: 165
Joined: Wed Sep 12, 2007 9:04 am
Location: Sandy, UK
Contact:
Contact Wai

#4

Postby Wai » Tue Sep 02, 2008 5:15 pm

I haven't had time to create a custom function with this yet, but the following java program is an example of how to connect to an LDAP directory and perform a search to return user's attributes.

Code: Select all

/**
 * LdapUserAttrSearch.java
 * 21 May 2008
 * 
  */
 
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.ResourceBundle;
import java.util.MissingResourceException;
import java.util.*;
 
public class LdapUserAttrSearch	{
	public static void main (String[] args)	{
	
		Hashtable env = new Hashtable();				
		String ldapUserName = "";
		String ldapUserPassword = "";
		String ldapHost = "";
		String ldapPort = "";	    
		
		String searchFilter = "";
		String searchBase = "";
		String[] returnedAtts = new String[100];
		
		// Create the default search controls
		SearchControls ctls = new SearchControls();
		
		try{			
			// Load resource properties
			ResourceBundle resources = ResourceBundle.getBundle("ldap");
			ldapUserName = resources.getString("ldap.ldapUserName");
			ldapUserPassword = resources.getString("ldap.ldapUserPassword");
			ldapHost = resources.getString("ldap.ldapHost");
			ldapPort = resources.getString("ldap.ldapPort");	    
		} catch (MissingResourceException mre) {
			mre.printStackTrace();
		}
		
		env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");	
		env.put(Context.PROVIDER_URL,"ldap://" + ldapHost + ":" + ldapPort);
		env.put(Context.SECURITY_AUTHENTICATION,"simple");
		env.put(Context.SECURITY_PRINCIPAL,ldapUserName);
		env.put(Context.SECURITY_CREDENTIALS,ldapUserPassword);
		
		try {
			//Create the initial directory context
			DirContext ctx = new InitialDirContext(env);
				
			//Specify the search scope
			ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
			//Specify the Base for the search
			searchBase = "DC=ebasetech,DC=com";
			
			// search a specific user
			searchFilter = "(&(objectClass=User)(CN=Wai Chung))";
			
			returnedAtts[0] = "name";
			returnedAtts[1] = "uid";
			returnedAtts[2] = "mail";
			returnedAtts[3] = "telephoneNumber";
			returnedAtts[4] = "description";
			returnedAtts[5] = "department";
		
			ctls.setReturningAttributes(returnedAtts);
		
			//Search for objects using the filter
			NamingEnumeration answer = ctx.search(searchBase, searchFilter, ctls);
 
			ArrayList users = new ArrayList();	
			
			//Loop through the search results
			while (answer.hasMoreElements()) {
				SearchResult sr = (SearchResult)answer.next();
 
				Attributes attrs = sr.getAttributes();
				if (attrs != null) {
 
					try {
						for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {							
							Attribute attr = (Attribute)ae.next();
							
							System.out.print(attr.getID() + ": ");
							
							for &#40;int i = 0; i<attr.size&#40;&#41;; i++&#41;&#123;
								System.out.println&#40;attr.get&#40;i&#41;&#41;;
								users.add&#40;attr.get&#40;i&#41;&#41;;
							&#125;
						&#125;
					&#125;	 
					catch &#40;NamingException e&#41;	&#123;
						System.err.println&#40;"Problem listing members&#58; " + e&#41;;
					&#125;
				&#125;
			&#125;
			ctx.close&#40;&#41;;
		&#125; 
		catch &#40;NamingException e&#41; &#123;
			System.err.println&#40;"Problem searching directory&#58; " + e&#41;;
           	&#125;
	&#125;
&#125;
0 x
sjethwa
Ebase User
Posts: 9
Joined: Mon Oct 08, 2007 10:18 am

#5

Postby sjethwa » Thu Sep 04, 2008 3:59 pm

Looks like the sort of thing we need .. any chance to create a custom resource from the code please?


Sanjay
0 x
Vircos
Ebase User
Posts: 97
Joined: Thu Sep 13, 2007 6:07 am
Location: The Netherlands

#6

Postby Vircos » Wed Oct 01, 2008 8:26 am

You can also automate this using Single Sign On.

Somewhere in this topic Wai describes howto.
0 x
What's the meaning of Justice...
Post Reply

Return to “Application Development”

Who is online

Users browsing this forum: No registered users and 112 guests