Traditionally directories excel at serving read requests. This chapter covers the read (search and compare) capabilities that OpenDJ LDAP Java SDK provides. The data used in examples here is available online.
An LDAP search looks up entries based on the following parameters.
A filter that indicates which attribute values to match
A base DN that specifies where in the directory information tree to look for matches
A scope that defines how far to go under the base DN
A list of attributes to fetch for an entry when a match is found
For example, imagine you must write an application where users login
using their email address and a password. After the user logs in, your
application displays the user's full name so it is obvious who is logged in.
Your application is supposed to go to the user directory both for
authentication, and also to read user profile information. You are told the
user directory stores user profile entries under base DN
ou=People,dc=example,dc=com
, that email addresses are
stored on the standard mail
attribute, and full names are
store on the standard cn
attribute.
You figure out how to authenticate from the chapter on authentication, in which you learn you need a bind DN and a password to do simple authentication. But how do you find the bind DN given the email? How do you get the full name?
The answer to both questions is that you do an LDAP search for the
user's entry, which has the DN that you use to bind, and you have the server
fetch the cn
attribute in the results. Your search uses
the following parameters.
The filter is
(mail=
, where
emailAddress
)emailAddress
is the email address the user
provided.
The base DN is the one given to you,
ou=People,dc=example,dc=com
.
For the scope, you figure the user entry is somewhere under the base DN, so you opt to search the whole subtree.
The attribute to fetch is cn
.
The following code excerpt demonstrates how this might be done in a minimal command-line program.
// Prompt for mail and password. Console c = System.console(); if (c == null) { System.err.println("No console."); System.exit(1); } String mail = c.readLine("Email address: "); char[] password = c.readPassword("Password: "); // Search using mail address, and then bind with the DN and password. final LDAPConnectionFactory factory = new LDAPConnectionFactory(host, port); Connection connection = null; try { connection = factory.getConnection(); // No explicit bind yet so we remain anonymous for now. SearchResultEntry entry = connection.searchSingleEntry(baseDN, SearchScope.WHOLE_SUBTREE, "(mail=" + mail + ")", "cn"); DN bindDN = entry.getName(); connection.bind(bindDN.toString(), password); String cn = entry.getAttribute("cn").firstValueAsString(); System.out.println("Hello, " + cn + "!"); } catch (final ErrorResultException e) { System.err.println("Failed to bind."); System.exit(e.getResult().getResultCode().intValue()); return; } finally { if (connection != null) { connection.close(); } }
For a complete example in context, see SearchBind.java, one of the OpenDJ LDAP SDK examples.