The variety and the performance capabilities of LDAP client APIs is the subject that Mark Craig addresses in his blog of that title, which outlines the operations performed by an LDAP client.
These include the capability to:
- Search for and retrieve entries from the directory
- Add new entries to the directory
- Update entries in the directory
- Delete entries from the directory
- Rename entries in the directory
Craig describes the process that underlies these operations, writing, " ... to update an entry, an LDAP client submits the distinguished name (DN) of the entry with updated attribute information to the LDAP server. The LDAP server uses the distinguished name to find the entry. The server then performs a modify operation to update the entry in the directory."
He adds that, an LDAP client needs to establish a connection with an LDAP server in order to perform any of these LDAP operations. The LDAP protocol itself specifies the use of TCP/IP port number 389, although servers can listen on other ports, such as 636 for LDAP/SSL for example, he writes.
The LDAP protocol also defines a simple method for authentication, which involves setting up the LDAP servers to restrict permissions to the directory, Craig adds. Before an LDAP client can perform an operation on an LDAP server, the client must authenticate to the server, he explains, adding that clients typically authenticate by supplying a distinguished name and password. If the user identified by the distinguished name does not have permission to perform the operation, the server denies that user's request to perform the operation.
Links to free LDAP directory client software development kits for creating your own LDAP clients are provided.
- Java Naming and Directory Interface (JNDI) technology supports directory access through LDAP and DSML from Java applications, and is part of the Java platform, Craig writes. The JNDI Tutorial contains descriptions and examples of how to use JNDI. The tutorial is at http://java.sun.com/products/jndi/tutorial/.
- The Mozilla LDAP Java SDK offers an API that is more readily comprehensible than JNDI if you already know LDAP. The code is published in open source form as part of the Mozilla Directory SDK project. See http://www.mozilla.org/directory/.
- The Mozilla LDAP C SDK is available on a wide range of platforms. The Mozilla LDAP C SDK also provides support for core LDAP operations, and for LDAP v3 extensions and widely used controls. Sun Directory Server uses this API, as does the address book applications associated with Firefox. Mozilla LDAP C SDK code is published in open source form as part of the Mozilla Directory SDK project. See http://www.mozilla.org/directory/.
- OpenLDAP C API Many GNU/Linux distributions provide OpenLDAP support. The OpenLDAP C API is based on an Internet-Draft for that never became a standard. The API closely follows LDAPv3, providing support for core LDAP operations and for LDAPv3 extensions and widely used controls. LDAP support for languages such as PHP and Python is available through wrappers for OpenLDAP. For an introduction to the OpenLDAP API, see the LDAP(3) man page, Craig writes.
- Solaris LDAP C API The native LDAP library on Solaris systems provides nearly the same API as the Mozilla C SDK. Many clients need only be recompiled to work with Solaris libldap, the blog points out. The LDAP library on Solaris systems is not compatible with libldap from OpenLDAP, however. For an introduction to the Solaris OS libldap library, see the ldap(3LDAP) man page.
- Perl Net::LDAP is the official collection of modules, written in pure Perl. For more, see http://ldap.perl.org/.
- The python-ldap package wraps the OpenLDAP C implementation, with additional capabilities to handle LDIF, LDAP URLs, and so forth. See http://www.python-ldap.org/.
A number of other languages also provide LDAP support. Ruby has the Ruby/LDAP extension module. An Objective-C LDAP framework is available and so is LDAP support in C#. There are no doubt others, Craig concludes.
A Planning Guide for Moving to LDAP as Naming Service in the Solaris OS
Read More ...