The JAVA System and DOMINO are integrated through LDAP

Source: Internet
Author: User
Tags ldap rfc

LDAP is a standard Lightweight Directory Access Protocol (Lightweight Directory Access Protocol). With LDAP, you can Access user information in the Directory for user authentication. DominoR5/6 supports standard LDAP v3 directory service. This article describes how to use JNDI to access the Domino Directory and describes how to make full use of the existing Domino Directory resources in the organization. The method described in this article also applies to other directory servers that support LDAP v3.
Why is directory service so important?
As enterprise applications increase, we have to deal with increasing user data. These user data is distributed across the enterprise, causing a lot of trouble in management and maintenance. To solve this problem, we usually need to build Standard Directory infrastructure in the enterprise. At the same time, when implementing EAI (Enterprise Application Integration), we often encounter situations where users need single-point Logon (SSO, the foundation for the successful implementation of SSO is that we have a good directory base.
Currently, Domino-based applications have been implemented in many organizations, such as office, email, and approval. As an excellent platform compatible with various standards, Domino also provides good support for LDAP v3.
So, do organizations that have established Domino infrastructure consider getting more returns from their existing investments? Below, we use two examples to learn how to make full use of these directory resources stored in Domino.

Preparations
1. Learn more about JNDI
JNDI (Java Naming And Directory Interface) is a standard for accessing various Naming And Directory services in Java. It provides access to naming and directory services through a set of extended APIs: javax. naming.
Before using JNDI, make sure that you have jndi. jar and include it in the current ClassPath. If you do not have jndi. jar, you can download it from references.

2. Configure the Domino server
Before using the following example, you must start your Domino server (I am using R6) and enable the LDAP service.
Since we do not need to use any special options, we do not need to make any modifications to the Domino LDAP configuration. We only need to confirm that the LDAP service has been loaded (input on the Domino Console: show tasks to check whether the LDAP service is loaded ). If the LDAP service has not been loaded, you can load it by entering load ldap on the Domino server console.

Read directory information
The following code reads the email address of a given user from the directory.

Package net. eservice4you. ldap;

Import javax. naming. Context;
Import javax. naming. directory. InitialDirContext;
Import javax. naming. directory. DirContext;
Import javax. naming. directory. Attributes;
Import javax. naming. NamingException;
Import java. util. Hashtable;
Class Getattr {
Public static void main (String [] args ){
// Identify service provider to use
// Put the initialization information in a hashtable
Hashtable env = new Hashtable (11 );
Env. put (Context. INITIAL_CONTEXT_FACTORY,
"Com. sun. jndi. ldap. LdapCtxFactory ");
Env. put (Context. PROVIDER_URL, "ldap: // localhost: 389/o = BJCHP ");
// Change localhost to the full name or IP address of the domino server, and change O = to the name of your Domino organization.
Try {
// Create the initial directory context
DirContext ctx = new InitialDirContext (env );
// Ask for all attributes of the object
// You need to change xinxibu to an existing registered user on the service
Attributes attrs = ctx. getAttributes ("cn = xinxibu ");
// Find the mail address and print it
System. out. println ("Mail:" + attrs. get ("mail"). get ());
// Close the context when we're re done
Ctx. close ();
} Catch (NamingException e ){
System. err. println ("Problem getting attribute:" + e );
}
}
}
From the code, we can see the process of reading directory information:
1. Set the Service Provider and Service URI used to Hashtable.
2. initialize a DirContext.
3. Use Context. getAttributes to obtain all attributes of a specified user.
4. Use attrs. get ("xxx") to obtain the attribute information.
5. Close the Context connection.
Note: by default, only some user information can be searched in the Domino LDAP directory. You can view the "Domino Directory/Domino LDAP Service" section in the Domino Administrator Help and add more attributes to the list.

Verify user identity
The following code verifies the identity of an LDAP user by requesting the LDAP user to log on.

Package net. eservice4you. ldap;

Import javax. naming. Context;
Import javax. naming. directory. InitialDirContext;
Import javax. naming. directory. DirContext;
Import javax. naming. NamingException;
Import javax. naming. AuthenticationException;
Import java. util. Hashtable;

Class AuthUser {
Public static void main (String [] args ){
// Identify service provider to use
Hashtable env = new Hashtable (11 );
Env. put (Context. INITIAL_CONTEXT_FACTORY,
"Com. sun. jndi. ldap. LdapCtxFactory ");
Env. put (Context. PROVIDER_URL, "ldap: // localhost: 389/o = BJCHP ");
// Change localhost to the full name or IP address of the domino server, and change O = to the name of your Domino organization.
// Authenticate as xinxibu and password "1234"
Env. put (Context. SECURITY_AUTHENTICATION, "simple ");
Env. put (Context. SECURITY_PRINCIPAL, "cn = xinxibu, o = BJCHP ");
Env. put (Context. SECURITY_CREDENTIALS, "1234 ");
Try {
// Create the initial directory context
DirContext ctx = new InitialDirContext (env );
System. out. println ("Authentication OK! ");
Ctx. close ();
} Catch (AuthenticationException e ){
// If AuthenticationException is caught, verification fails.
System. err. println ("Authentication Fail:" + e );
} Catch (NamingException e ){
System. err. println ("Nameing Exception:" + e );
}
}
}

We can see that to verify users, we need to do the following:
1. Set the Service Provider and URL used to Hashtable.
2. Set the authentication method, user name, and password (for simple ).
3. initialize a DirContext. If an exception occurs when an AuthenticationException is caught, verification fails.
4. Close the Context connection.
In addition to the simple method we just used, we can also use Digest-MD5, Kerberos V5, X.509 and other methods to verify. You can view references to learn more.

Summary
If Domino is already used in your organization, consider LDAP if you need application integration!
The method described in this article is also applicable to other Directory servers such as IBM Directory Server and OpenLDAP. I tested the code under JDK 1.4.1 + Domino 6. You can also use Domino 5, which also works well.

References

Download Sample Code: jndiExample. jar
Visit java.sun.com/products/jndito understand the latest situation about jndi. download the jndi api. Take a look at the JNDI Tutorial: java.sun.com/products/jndi/tutorial/index.html.
For LDAP, you can visit the LDAPman RFC page to learn about the ldap rfc.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.