"LDAP's basic structure is based on a simple information tree metaphor called a directory information tree (DIT). Each leaf in the tree is an entry; the first or top-level entry is the root entry. An entry includes a distinguished name (DN) and any number of attribute/value pairs. The DN, which is the name of an entry, must be unique. It shows the relationship between the entry and the rest of the DIT in a manner similar to the way in which a file's full path name shows its relationship with the rest of the files in a filesystem. While a path to a file reads left to right, a DN, in contrast, reads from right to left. Here is an example of an DN:"
"The Lightweight Directory Access Protocol is an essential component of most large-scale enterprise application deployments today. LDAP is primarily used to store information related to user identity, such as a user's username, password, and e-mail address. It is also used in security implementations where it is necessary to store user access rights for authentication and authorization purposes."
"A software project is like a journey, and in this article I want to bring you along as a passenger. Foremost, I intend to describe the process of writing an application using my own LDAPHttp framework and gateway, a set of Java classes based on the Netscape/Mozilla LDAP SDK that provide simple MVC abstraction to use directory database back ends through Java servlets. The suggested app involves reading news and weblog feeds to create new data, so I will also get to touch on parsing RSS. Although the actual functionality of this little example may seem limited (and the overall approach unorthodox), hopefully when I'm done, the question of why will seem as unimportant as the general idea of combining XML with LDAP-driven models seems natural. This is not a how-to for LDAPHttp. A developer's guide will be forthcoming, I promise, but here I plan to skip the details in favor of the flavor."
"This article is loosely based on prototyping a number of J2EE applications constructs, such as servlets, EJB, MDB (Message-driven Beans) and JSP implemented using LDAP (Lightweight Directory Access Protocol) for application authorization. The applications were built in order to understand standard J2EE security and IBM WebSphere extensions. The article identifies key interfaces within WebSphere Application Server Version 5.x (WAS) or any J2EE compliant application server that need to be configured in order to build secure applications."
"LdapTemplate is a framework for simpler LDAP programming in Java, built on the same principles as the JdbcTemplate in Spring JDBC. It completely eliminates the need to worry about creating and closing DirContext and looping through NamingEnumeration. It also provides a more comprehensive unchecked exception hierarchy, built on Spring's DataAccessException. As a bonus, it also contains classes for dynamically building LDAP filters and distinguished names. An LDAP filter corresponds somewhat to the WHERE clause in a SQL SELECT statement. A distinguished name (dn) can be seen as a handle or the path to a specific object in the LDAP database. If the dn is available, an object can be looked up directly, rather than having to be searched for."
"The Java Naming and Directory Interface (JNDI) is used to access an LDAP server. A DirContext object is the conduit for your java program to attach to LDAP. Using the DirContext is simple. You construct a Properties object with the URL of the LDAP server, the root user name and password and several java housekeeping items (context factory, security principal and referral). This Properties object is passed into the constructor for the DirContext."
"DSML is most useful in applications that are already XML enabled. These include most modern application servers. DSML is especially useful in cases where direct access to the directory would normally not be permitted. For example, consider a situation in which a firewall is blocking all traffic except HTTP. To get around this limitation, a DSML encoding of a directory entry can be transmitted over the HTTP protocol for interpretation and presentation. Such a situation is shown in figure 1.17. Emerging standards like Simple Object Access Protocol (SOAP) make it clear that LDAP will not be the only standard for sharing directory information in the future."
"This article gives an introduction to configuring security on JBoss and implementing an LDAP-based user information repository. The sample application described here demonstrates using LDAP with the JBoss Security Extension (JBossSX), and describes a simple API for managing users, roles, and groups in LDAP. In addition, this article demonstrates the use of the Abstract Factory pattern to implement pluggable persistence."
"In this article, I focus mostly on the server side as I continue to look at the general area of virtualization using VMWare and Linux along with LDAP. It might be helpful to have a look at my article about virtualization."
