Lotus JAVA and Domino through the LDAP integration method __java

Source: Internet
Author: User
Tags ldap ldap protocol rfc



Lotus Java and Domino through the LDAP integration Method!



JAVA, DOMINO, Lotus, LDAP
Summary: LDAP is the standard Lightweight Directory Access Protocol (Lightweight Directory Access Protocol), through LDAP, you can access the user information in the directory for user authentication. DOMINOR5/6 supports the standard LDAP V3 directory service. This article describes how to take full advantage of the existing Domino directory resources in your organization by describing the process of accessing the Domino directory using Jndi. The method described in this article also applies to other directory servers that support LDAP v3.
Why directory services are so important
As the application in the enterprise increases, we have to face the growing variety of user data. These user data are distributed throughout the enterprise, causing great management and maintenance problems. To solve this problem, we usually need to build a standard directory infrastructure in the enterprise. At the same time, when implementing EAI (Enterprise application integration), we often encounter a situation where the user needs single sign-on (SSO), and the basis for successful SSO is that we have a good directory base.
At present, Domino based applications are implemented in many organizations, such as Office, Mail, approval, etc. As an excellent platform compatible with a variety of standards, Domino also provides good support for LDAP v3.
So what about the institutions that already have the domino infrastructure to consider getting more out of their existing investments? Below, we use two examples to learn how to make the most of these directory resources saved in Domino.
Preparatory work
1. Learn about Jndi
JNDI (Java naming and directory Interface) is a specification for accessing various naming and directory services in Java. It provides access to naming and directory services through a set of extended api:javax.naming.*.
Before using Jndi, you must make sure that you have Jndi.jar and include it in the current classpath. If you have not Jndi.jar, you can download it through the reference section.
2. Configure Domino server
Before using the following example, you must first start your Domino server (I use the R6 version) and enable the LDAP service.
Since we do not need to use any special options, we do not have to make any changes to Domino's LDAP configuration, just confirm that the LDAP service has been loaded (entered on the Domino console: Show tasks to see if the LDAP Service is loaded). If the LDAP service has not yet been loaded, you can load it by entering: Load LDAP on the Domino's server console.
Reading directory information
The following code reads the mail address of a given user from the directory.
Package net.eservice4you.ldap;
Import Javax.naming.Context;
Import Javax.naming.directory.InitialDirContext;
Import Javax.naming.directory.DirContext;
Import javax.naming.directory.Attributes;
Import javax.naming.NamingException;
Import java.util.Hashtable;
Class Getattr {
public static void Main (string[] args) {
Identify service provider to use
Put the initialized information in a Hashtable
Hashtable env = new Hashtable (11);
Env.put (Context.initial_context_factory,
"Com.sun.jndi.ldap.LdapCtxFactory");
Env.put (Context.provider_url, "LDAP://LOCALHOST:389/O=BJCHP ");
You need to change the localhost to the full name or IP of the Domino server, and change the o= to your Domino organization name
try {
Create the initial directory context
DirContext CTX = new InitialDirContext (env);
Ask for all attributes of the object
You need to change the Xinxibu to an existing registered user on the service.
Attributes attrs = ctx.getattributes ("Cn=xinxibu");
Find the mail address and print it
System.out.println ("Mail:" + attrs.get ("Mail"). get ());
Close the "context" when we do
Ctx.close ();
catch (Namingexception e) {
System.err.println ("Problem getting attribute:" + e);
}
}
}
From the code, we see the process of reading directory information:
1. Set the service Provider and service URI used in the Hashtable.
2. Initialization of a dircontext.
3. Use Context.getattributes to get all the property information for the specified user.
4. Use Attrs.get ("XXX") to obtain property information.
5. Close the context connection.
Note: Only partial user information is allowed to be found by default in the Domino LDAP directory. You can view the "Domino Directory/domino LDAP Service" section of Domino Administrator Help to add more attributes to the list.
Authenticating user identity
The following code verifies the identity of the user by requesting an LDAP user to log on.
Package net.eservice4you.ldap;
Import Javax.naming.Context;
Import Javax.naming.directory.InitialDirContext;
Import Javax.naming.directory.DirContext;
Import javax.naming.NamingException;
Import javax.naming.AuthenticationException;
Import java.util.Hashtable;
Class Authuser {
public static void Main (string[] args) {
Identify service provider to use
Hashtable env = new Hashtable (11);
Env.put (Context.initial_context_factory,
"Com.sun.jndi.ldap.LdapCtxFactory");
Env.put (Context.provider_url, "LDAP://LOCALHOST:389/O=BJCHP ");
You need to change the localhost to the full name or IP of the Domino server, and change the o= to your Domino organization name
Authenticate as Xinxibu and password "1234"
Env.put (Context.security_authentication, "simple");
Env.put (Context.security_principal, "CN=XINXIBU,O=BJCHP");
Env.put (context.security_credentials, "1234");
try {
Create the initial directory context
DirContext CTX = new InitialDirContext (env);
SYSTEM.OUT.PRINTLN ("Authentication ok!");
Ctx.close ();
}catch (Authenticationexception e) {
If Authenticationexception is caught, the validation fails
SYSTEM.ERR.PRINTLN ("Authentication Fail:" +e);
catch (Namingexception e) {
System.err.println ("nameing Exception:" + e);
}
}
}
We can see that to authenticate users, we need to do the following things:
1. Set the service Provider and URLs used in Hashtable.
2. Set the authentication mode, username and password (for simple).
3. Initialization of a dircontext. If a authenticationexception exception is caught, it indicates that the validation failed.
4. Close the context connection.
In addition to the simple method we just used, you can also use DIGEST-MD5, Kerberos V5, and X.509 to validate. You can check the resources to find out the specific details.
Summarize
If you have already used Domino in your organization, if you need to apply integration, it is time to consider LDAP.
The methods described in this article also apply to other directory servers, such as IBM directory Server and OpenLDAP. I tested the code with JDK 1.4.1+ Domino 6. You can also use Domino 5, which can also work very well.
Resources
* * Download Sample code: Jndiexample.jar
* * Access Java.sun.com/products/jndi can get an update on Jndi and download the Jndi API. You also look at the Jndi tutorial:java.sun.com/products/jndi/tutorial/index.html.
* * About LDAP, you can access the Ldapman RFC page to understand the LDAP RFC. In developer works, you can also find an instruction on how to build an LDAP address Book: Http://www-900.ibm.com/developer ... tutorial/index.html.













JNDI (Java naming and directory Interface,java naming and catalog interfaces) is a unified API for Java programs to access naming services and directory services.





Naming service, to be blunt is to provide a name for the management of key value pairs, that is, Key-value, key represents a resource name, value represents the real address of the resource, naming service allows you to find the corresponding object or resource through a unique name. The program needs to know the name of a resource, and you can access it through Jndi, without having to know the actual physical address of the resource. This is somewhat similar to the DNS service, which resolves a domain name to an IP address, so that you can access the site only by entering the site's unique name (the domain name) in the browser without having to remember the actual IP address of the site.





Directory service, which provides a management service for public resources. Directory service is a special type of database, which organizes and preserves various public resources according to certain data structure, such as tree structure. The difference between this special database and the traditional relational database is that it optimizes the query, and its data structure allows you to quickly find the resources you want, that is, a quick lookup, but this design also sacrifices other aspects of efficiency, such as its update efficiency will be much lower.





Name-key-value pairs are managed in directory services, but their key values are hierarchical, like a tree, where you can navigate to a subtree, not just an attribute, by a name or a hierarchical name. This shows that directory services further extend the concept of naming services to provide a hierarchical repository of information. A directory service usually has a naming service, but a naming service does not have to have a directory service.





At present, there are many different vendors providing directory services products such as NIS, NDS, Active directory, or full LDAP directory services, similar to the database products of different database vendors, the implementation of these directory services products is not the same, each has its own characteristics. But their front-end access supports the LDAP protocol.





LDAP (Lightweight Directory Access Protocol) was developed as a standard directory protocol in the early the 1990s. It is currently the most popular directory protocol, with vendors, the specific platform independent. LDAP defines how to access content in a directory service in a uniform way, such as adding, modifying, and deleting an entry. Each specific directory service vendor will provide an interface to the external LDAP protocol to access this product, so we need to unify our concerns about how to use the LDAP protocol.





Jndi is the API used in Java to access LDAP, and developers use Jndi to complete communication with the LDAP server, using Jndi to access LDAP without having to deal with specific directory service product features. This allows Java programs to access directory services in a platform-independent way through an LDAP, Jndi two-level abstraction.





The JNDI API is the standard API in J2SE and is a generic API. The JNDI includes 5 packages: Javax.naming,javax.naming.directory,javax.naming.event,javax.naming.ldap,javax.naming.spi.





Common Jndi operations are: bind,unbind,lookup,rename,namingenumeration listbindings,namingenumeration list.





Use Jndi to access the naming service or directory service, as follows:





1. Establish a Hashtable containing the attributes of the Jndi service you wish to use, the IP address and port of the LDAP server you want to connect to;





2. Add any information related to the authenticated user login to the hash list;





3, create the initial context object. If you access the naming service, use the InitialContext class and use the InitialDirContext class if you are accessing the directory service;





4. Use the context object you just obtained to perform the required actions, such as adding a new entry or search entry;





5. Close the context object after completing the operation.










The following code is available for measurement:










Import java.util.Hashtable;
Import Javax.naming.Context;
Import javax.naming.NamingException;
Import javax.naming.NamingEnumeration;
Import javax.naming.directory.*;





public class Findusebindobj {





public static void Main (String[]args) {





Create Hashtable to store the environment variables that JNDI will use to connect to the directory service
Hashtable hs = new Hashtable ();





Set up an implementation factory to connect to LDAP
Hs.put (Context.initial_context_factory,





"Com.sun.jndi.ldap.LdapCtxFactory");





Specifies that the LDAP server IP address is native and the port number is 389
Hs.put (Context.provider_url, "ldap://testoa.dgoa.cn:389");





try {





Get a reference to the initial directory environment
DirContext CTX = new InitialDirContext (HS);





Use lookup lookup to return an entry object for a specified DN
Persons pers = (persons) ctx.lookup ("Cn= Hui, o= Dongguan");





Call the remote method with the remote object to return the value of the age variable
String age = Pers.getage ();





Call the remote method with the remote object to return the value of the name variable
String name = Pers.getname ();





The value of the output name
System.out.println ("name is:" + name);





/* finds all of its properties based on the DN of the node, and then gets all the values from the attribute, noting that an attribute can be
To have multiple values * *
Attributes attrs=ctx.getattributes ("Cn= Hui, o= Dongguan");





Loops to get and output all the property values for this property
for (Namingenumeration AE = Attrs.getall (); Ae.hasmore ();) {





Get a property
Attribute attr = (attribute) ae.next ();
System.out.println ("Attribute:" + Attr.getid ());





Loop gets all the property values for this property
for (Namingenumeration ve = Attr.getall (); Ve.hasmore ();) {
System.out.println ("Value:" + ve.next ());
}





}
Print a message successfully
System.out.println ("Find object Success");





Call the object's function
Pers.tostring ();





Turn off the initial directory environment
Ctx.close ();





catch (Namingexception ex) {
System.err.println (Ex.tostring ());
}





}






Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.