LDAP
둘러보기로 가기
검색하러 가기
DBMS와 마찬가지로 웹에서 사용자 인증을 위해 많이 사용되는 LDAP을 정리 한다.
LDAP URLs
- http://docs.sun.com/source/816-6678-10/url.htm
- ldap[s]://<hostname>:<port>/<base_dn>?<attributes>?<scope>?<filter>
- scope : base, one, sub
- Escaping Unsafe Characters
- space (%20), < (%3c), > (%3e), " (%22), # (%23)
- $ (%25), { (%7b), } (%7d), | (%7c), \ (%5c)
- ^ (%5e), ~ (%7e), [ (%5b), ] (%5d), ` (%60)
- Sample
ldap://localhost:389/ou=people,o=jopenbusiness.com??sub?objectclass=* ldap://localhost:389/ou=People,o=jopenbusiness.com??sub?uid=admin - Active Directory ldap://localhost:389/CN=산사랑,CN=Users,DC=jopenbusiness,DC=com??sub?uid=*
LDAP Java API 샘플
//--- scope : base, one, sub ldap://<hostname>:<port>/<base_dn>?<attribute, attribute, . . .>?<scope>?<filter> import java.util.*; import netscape.ldap.*; public class theLdap { public static void main(String[] args) { LDAPConnection ld = null; try { ld = new LDAPConnection(); ld.connect("localhost", 389); ld.authenticate(3, "admin", "admin"); //--- Simple Authentication //--- Search LDAPSearchConstraints cons = ld.getSearchConstraints(); cons.setOption(LDAPv2.SIZELIMIT, 1000); cons.setOption(LDAPv2.TIMELIMIT, 0); cons.setOption(LDAPv2.BATCHSIZE, 0); //--- scope : LDAPv2.SCOPE_SUB, SCOPE_ONE, SCOPE_BASE //--- filter : =, >=, <=, ~= (sound), = * (all) //--- &. and, |. or, !. not //--- attrs : null, LDAPv3.NO_ATTRS, LDAPv3.ALL_USER_ATTRS LDAPSearchResults res = ld.search(String base, int scope, String filter, Stirng attrs[], boolean attrsOnly = false, LDAPSearchConstraints cons); String[] sortAttrs = ("~", "~"); boolean[] ascending = {true, true}; res.sort(new LDAPCompareAttrNames(sortAttrs, ascending)); //--- Getting Entries while (res.hasMoreElements()) { LDAPEntry entry = null; try { entry = res.next(); } catch(LDAPRefferralException e) { LDAPUrl refUrls[] = e.getURLs(); String url = refUrls[i].getURL(); continue; } catch (LDAPExecption e) { continue; } String entryDN = entry.getDN(); //--- Getting Distinguished Names //--- Getting Atributes LDAPAttributeSet attrSet = entry.getAttributeSet(); Enumeration enumAttrs = attrSet.getAttributes(); while (enumAttrs.hasMoreElements()) { LDAPAttribute attr = (LDAPAttribute)enumAttrs.nextElement(); //--- Get name and values String attrName = attr.getName(); Enumeration enumVals = attr.getStringValues(); if (enumVals != null) { while (enumVals.hasMoreElements()) { String value = (String)enumVals.nextElement(); } } } } //--- Read String entryDN = "uid=honggildong, ou=People, o=daou.co.kr"; LDAPEntry entry = ld.read(entryDN); //--- Getting Atributes LDAPAttributeSet attrSet = entry.getAttributeSet(); Enumeration enumAttrs = attrSet.getAttributes(); while (enumAttrs.hasMoreElements()) { LDAPAttribute attr = (LDAPAttribute)enumAttrs.nextElement(); //--- Get name and values String attrName = attr.getName(); Enumeration enumVals = attr.getStringValues(); if (enumVals != null) { while (enumVals.hasMoreElements()) { String value = (String)enumVals.nextElement(); } } } //--- Add //--- Create attribute Sting objectclasses[] = {"top", "person"}; LDAPAttribute attr_1 = new LDAPAttribute("~", "~"); LDAPAttribute attr_2 = new LDAPAttribute("objectclass", objectclases); //--- Create attribute set LDAPAttributeSet attrSet = new LDAPAttributeSet(); attrSet.add(attr_1); attrSet.add(attr_2); //--- Creating entry String entryDN = "uid=honggildong, ou=People, o=daou.co.kr"; LDAPEntry entry = new LDAPEntry(entryDN, attrSet); //--- Adding entry ld.add(entry); //--- Modify LDAPModificationSet mods = new LDAPModificationSet(); LDAPAttribute attr = new LDAPAttribute("~", "~"); LDAPAttribute attr = new LDAPAttribute("~"); //--- LDAPModification : ADD, DELETE, REPLACE mods.add(LDAPModification.ADD, attr); String entryDN = "uid=honggildong, ou=People, o=daou.co.kr"; ld.modify(entryDN, mods); //--- Delete String entryDN = "uid=honggildong, ou=People, o=daou.co.kr"; ld.delete(entryDN); //--- Rename String entryDN = "uid=honggildong, ou=People, o=daou.co.kr"; ld.rename(entryDN, "uid=hello", deleteOldRDN = true); //--- Compare String entryDN = "uid=honggildong, ou=People, o=daou.co.kr"; LDAPAttribute attr = new LDAPAttribute("~", "~"); boolean ok = ld.compare(entryDN, attr); } catch(LDAPException e) { int resultCode = e.getLDAPResultCode(); String errorMsg = e.getLDAPErrorMessage(); String errorMsg1 = e.errorCodeToString(resultCode); System.exit(1); } finally { try { if ((ld != null) && (ld.isCinnected())) ld.disconnect(); } catch (LDAPExecption e) {} } System.exit(0); } }