Question1
I want to write a function (ideally a WS) to allow a runtime user to supply a user-name so that I can use it to search an LDAP directory and return additonal attributes of the user, eg, the email address.
Has anyone done anything like this and can suggest ideas.
I have read the Help files in EBase and can see reading LDAP is possible to authenticate/authorise designers and/or runtime users, but my query is more a simple lookup/search on an LDAP directory.
Question2
I want to write a function (ideally a WS) to allow a runtime user to supply userid+password to authenticate to an LDAP directory. Can some one suggest way to do this, I have read the Help but I am new to this and can't see the solution although it may well be staring me in the face javascript:emoticon(':roll:')
Rolling Eyes
Thanks
Sanjay
Read an LDAP directory
Moderators: Jon, Steve, Ian, Dave
- Wai
- Moderator
- Posts: 165
- Joined: Wed Sep 12, 2007 9:04 am
- Location: Sandy, UK
- Contact:
RE: Question 1
You can write a java class which performs a basic LDAP search operation. This can be part of a custom function which takes the uid or full dn of the user and returns the user's attributes. You would need to authenticate to the LDAP server first before performing the search. This you can do by using an Administrator account set in UFSSetup.properties which you can read before doing the authentication.
RE: Question 2
Ebase has already written an LDAPLoginModule which will do this. It requires use of Ebase Authentication. When this is turned on, configure Ebase to use the LDAPLoginModule. This will perform user authentication against the supplied username and password against the LDAP directory.
You would also need to think about user roles - you can tell Ebase to use those defined in the Ebase repository (in which case, LDAP users will need to exist in the Ebase Security data as well), or use those defined in LDAP by defining the roles in an LDAP attribute and then telling Ebase which attribute contains that definition.
Which LDAP Directory are you using?
Please let me know if that helps or if you need more information.
You can write a java class which performs a basic LDAP search operation. This can be part of a custom function which takes the uid or full dn of the user and returns the user's attributes. You would need to authenticate to the LDAP server first before performing the search. This you can do by using an Administrator account set in UFSSetup.properties which you can read before doing the authentication.
RE: Question 2
Ebase has already written an LDAPLoginModule which will do this. It requires use of Ebase Authentication. When this is turned on, configure Ebase to use the LDAPLoginModule. This will perform user authentication against the supplied username and password against the LDAP directory.
You would also need to think about user roles - you can tell Ebase to use those defined in the Ebase repository (in which case, LDAP users will need to exist in the Ebase Security data as well), or use those defined in LDAP by defining the roles in an LDAP attribute and then telling Ebase which attribute contains that definition.
Which LDAP Directory are you using?
Please let me know if that helps or if you need more information.
0 x
-
- Ebase User
- Posts: 9
- Joined: Mon Oct 08, 2007 10:18 am
Thanks Wai for your suggestions.
I have managed to do a basic test whereby I authenticate to the Ebase Security system, and then read off other corresponding attributes (eg, email address, network address etc) from our Novell eDirectory LDAP server. This was relatively easy to do, and I now understand the security options in Ebase.
Unfortunately we don't have much java skills to develop solution 1, and what I am trying to achieve is a general purpose WS using Ebase to allow any system to read extended attributes of a user from an LDAP directory (eg, email address, line manager name etc). Any java experts out there to comment on how difficult this is to create a custom LDAP search function please? Once the custom function is in place, I can create a WS relatively easily in Ebase.
Thanks
Sanjay
I have managed to do a basic test whereby I authenticate to the Ebase Security system, and then read off other corresponding attributes (eg, email address, network address etc) from our Novell eDirectory LDAP server. This was relatively easy to do, and I now understand the security options in Ebase.
Unfortunately we don't have much java skills to develop solution 1, and what I am trying to achieve is a general purpose WS using Ebase to allow any system to read extended attributes of a user from an LDAP directory (eg, email address, line manager name etc). Any java experts out there to comment on how difficult this is to create a custom LDAP search function please? Once the custom function is in place, I can create a WS relatively easily in Ebase.
Thanks
Sanjay
0 x
- Wai
- Moderator
- Posts: 165
- Joined: Wed Sep 12, 2007 9:04 am
- Location: Sandy, UK
- Contact:
I haven't had time to create a custom function with this yet, but the following java program is an example of how to connect to an LDAP directory and perform a search to return user's attributes.
Code: Select all
/**
* LdapUserAttrSearch.java
* 21 May 2008
*
*/
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.ResourceBundle;
import java.util.MissingResourceException;
import java.util.*;
public class LdapUserAttrSearch {
public static void main (String[] args) {
Hashtable env = new Hashtable();
String ldapUserName = "";
String ldapUserPassword = "";
String ldapHost = "";
String ldapPort = "";
String searchFilter = "";
String searchBase = "";
String[] returnedAtts = new String[100];
// Create the default search controls
SearchControls ctls = new SearchControls();
try{
// Load resource properties
ResourceBundle resources = ResourceBundle.getBundle("ldap");
ldapUserName = resources.getString("ldap.ldapUserName");
ldapUserPassword = resources.getString("ldap.ldapUserPassword");
ldapHost = resources.getString("ldap.ldapHost");
ldapPort = resources.getString("ldap.ldapPort");
} catch (MissingResourceException mre) {
mre.printStackTrace();
}
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldap://" + ldapHost + ":" + ldapPort);
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,ldapUserName);
env.put(Context.SECURITY_CREDENTIALS,ldapUserPassword);
try {
//Create the initial directory context
DirContext ctx = new InitialDirContext(env);
//Specify the search scope
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//Specify the Base for the search
searchBase = "DC=ebasetech,DC=com";
// search a specific user
searchFilter = "(&(objectClass=User)(CN=Wai Chung))";
returnedAtts[0] = "name";
returnedAtts[1] = "uid";
returnedAtts[2] = "mail";
returnedAtts[3] = "telephoneNumber";
returnedAtts[4] = "description";
returnedAtts[5] = "department";
ctls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, ctls);
ArrayList users = new ArrayList();
//Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
Attribute attr = (Attribute)ae.next();
System.out.print(attr.getID() + ": ");
for (int i = 0; i<attr.size(); i++){
System.out.println(attr.get(i));
users.add(attr.get(i));
}
}
}
catch (NamingException e) {
System.err.println("Problem listing members: " + e);
}
}
}
ctx.close();
}
catch (NamingException e) {
System.err.println("Problem searching directory: " + e);
}
}
}
0 x
-
- Ebase User
- Posts: 9
- Joined: Mon Oct 08, 2007 10:18 am
-
- Ebase User
- Posts: 97
- Joined: Thu Sep 13, 2007 6:07 am
- Location: The Netherlands
Who is online
Users browsing this forum: No registered users and 111 guests