• Loading
    • LDAP Connection Using Java

      Overview Of The LDAP Repository

      In the apache directory studio, the LDAP Browser appears in the following manner

      In order to search a parameter in LDAP, we can right click on the search base
      'dc=vsnlinternational,dc=co,dc=in' and click on 'new search'. The search window
      opens as follows:

      We can see that the attributes for search include:
      1. Searchbase
      2. Filter
      3. Returning Attributes

      All these attributes need to be included while searching LDAP using JAVA.

      Property File Creation

      Create a property file called LDAP.properties with the following attributes:

      INITCTX: Contains the context root for LDAP Search.
      MY_HOST: Contains the LDAP Server Host Name
      MGR_DN: Contains the security authentication for login user name
      MGR_PW: Contains the security authentication for login password
      MY_SEARCHBASE: Specifies the search base in LDAP where operations are to be

      Place this property fie in the src folder of your project or place it in a shared library

      APIs used in JAVA for LDAP Connectivity

      The API used for LDAP Connectivity is JNDI.

      Each LDAP entry can be seen as a JNDI DirContext. Each LDAP entry contains a
      name and a set of attributes, as well as an optional set of child entries. For example,
      the LDAP entry "o=T4FU " may have as its attributes "objectclass" and "o", and it may
      have as its children "ou=Groups" and "ou=People".

      For Example: In the JNDI, the LDAP entry "o=T4FU" is represented as a context
      with the name "o=T4FU" that has two subcontexts, named: "ou=groups" and
      "ou=organizations". An LDAP entry's attributes are represented by the Attrbutes
      interface, whereas individual attributes are represented by the Attribute interface.

      The LDAP defines a set of operations requests. In the JNDI, these map to
      operations on the DirContext and LDAPContext interfaces (which are sub interfaces
      of Context(). For example, when a caller invokes a DirContext method, the LDAP
      service provider implements the method by sending LDAP requests to the
      LDAP server.Some of the operations are as follows:

      1. The bind operation in LDAP : The corresponding way of creating an initial
      connection to the LDAP server in the JNDI is the creation of an InitialDirContext.

      2. To search an entry in LDAP: The corresponding method in the JNDI is the
      overloading of DirContext.search() that accepts a search filter.

      In addition to specifying a search using a set of attributes, you can specify a
      search in the form of a search filter. A search filter is a search query expressed
      in the form of a logical expression.

      The following search filter specifies that the qualifying entries must have an "cn"
      attribute with a value of "martin" and a "uid" attribute with any value:

      The following code creates a filter and default SearchControls, and uses them to
      perform a search.

      For Example:/* Create the default search controls*/
      SearchControls ctls = new SearchControls();
      /* Specify the search filter to match*/
      /* Ask for objects that have the attribute "sn" == "Martin"*/
      /* and the "uid" attribute*/
      String filter = "(&(sn=Martin)(mail=*))";
      /*Search for objects using the filter*/
      NamingEnumeration results= ctx.search("ou=TF4U", filter, ctls);

      • Returning Selected Attributes:The previous example returned all attributes
      associated with the entries that satisfy the specified filter. You can select the
      attributes to return by setting the search controls argument.You create an array
      of attribute identifiers that you want to include in the result and pass it to

      For Example: /* Specify the ids of the attributes to return*/
      String[] attrIDs = {"cn ","uid"};
      SearchControls ctls = new SearchControls();

      • Result CountSometimes, a query might produce too many answers and you
      want to limit the number of answers returned. You can do this by using the count
      limit search control. By default, a search does not have a count limit--it will return
      all answers that it finds.To set the count limit of a search, pass the number to

      For Example: // Set the search controls to limit the count to 1
      SearchControls ctls = new SearchControls();

      3. To modify an entry in LDAP: The corresponding method in the JNDI is the
      overloading.DirContext.modifyAttributes() that accepts an array of
      DirContext.ModificationItems. Modifications are applied in the order in which
      they appear in the list. Either all of the modifications are executed, or none are.

      The following code creates a list of modifications. It replaces the "businessEmail"
      attribute's value with a value of "martin@tf4u.com", adds an additional value to the
      "address" attribute,and removes the "status" attribute.
      // Specify the changes to make 
      ModificationItem[] mods = new ModificationItem[3]; 
      // Replace the "businessEmail" attribute with a new value 
      mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, 
          new BasicAttribute("businessEmail", "martin@tf4u.com")); 
      // Add an additional value to "address" 
      mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, 
          new BasicAttribute("address", "+vikroli")); 
      // Remove the "status" attribute 
      mods[2] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, 
          new BasicAttribute("status"));
      4. To delete an entry in LDAP: The corresponding methods in the JNDI are
      Context.unbind() and Context.destroySubContext() . You can use either to
      remove an LDAP entry.

    Disclaimer: Users of techforum4u.com are responsible for ensuring that any material they post (article, blog posts, images or other mulitimedia content) does not violate or infringe upon the copyright, patent, trademark, or any personal or proprietary rights of any third party, and is posted with the permission of the owner of such rights.Anyone who violates these rules may have their access privileges removed without warning.