LDAP

오픈소스 비즈니스 컨설팅
둘러보기로 가기 검색하러 가기

DBMS와 마찬가지로 웹에서 사용자 인증을 위해 많이 사용되는 LDAP을 정리 한다.

LDAP URLs

  • scope : base, one, sub
  • Escaping Unsafe Characters
space (%20), < (%3c), > (%3e), " (%22), # (%23)
$ (%25), { (%7b), } (%7d), | (%7c), \ (%5c)
^ (%5e), ~ (%7e), [ (%5b), ] (%5d), ` (%60)
  • Sample
ldap://localhost:389/ou=people,o=jopenbusiness.com??sub?objectclass=*
ldap://localhost:389/ou=People,o=jopenbusiness.com??sub?uid=admin
- Active Directory
  ldap://localhost:389/CN=산사랑,CN=Users,DC=jopenbusiness,DC=com??sub?uid=*

LDAP Java API 샘플

//--- scope : base, one, sub
ldap://<hostname>:<port>/<base_dn>?<attribute, attribute, . . .>?<scope>?<filter>

import  java.util.*;
import  netscape.ldap.*;

public class theLdap {
   public static void main(String[] args) {
       LDAPConnection ld = null;

       try {
           ld = new LDAPConnection();
           ld.connect("localhost", 389);
           ld.authenticate(3, "admin", "admin");           //--- Simple Authentication

           //--- Search
           LDAPSearchConstraints cons = ld.getSearchConstraints();
           cons.setOption(LDAPv2.SIZELIMIT, 1000);
           cons.setOption(LDAPv2.TIMELIMIT, 0);
           cons.setOption(LDAPv2.BATCHSIZE, 0);

           //--- scope  : LDAPv2.SCOPE_SUB, SCOPE_ONE, SCOPE_BASE
           //--- filter : =, >=, <=, ~= (sound), = * (all)
           //---          &. and, |. or, !. not
           //--- attrs  : null, LDAPv3.NO_ATTRS, LDAPv3.ALL_USER_ATTRS
           LDAPSearchResults res = ld.search(String base, int scope, String filter,
               Stirng attrs[], boolean attrsOnly = false, LDAPSearchConstraints cons);
           String[]  sortAttrs = ("~", "~");
           boolean[] ascending = {true, true};
           res.sort(new LDAPCompareAttrNames(sortAttrs, ascending));

           //--- Getting Entries
           while (res.hasMoreElements()) {
               LDAPEntry entry = null;
               try {
                   entry = res.next();
               } catch(LDAPRefferralException e) {
                   LDAPUrl refUrls[] = e.getURLs();
                   String url = refUrls[i].getURL();
                   continue;
               } catch (LDAPExecption e) {
                   continue;
               }
               String entryDN = entry.getDN();   //--- Getting Distinguished Names

               //--- Getting Atributes
               LDAPAttributeSet attrSet = entry.getAttributeSet();
               Enumeration enumAttrs = attrSet.getAttributes();
               while (enumAttrs.hasMoreElements()) {
                   LDAPAttribute attr = (LDAPAttribute)enumAttrs.nextElement();
                   //--- Get name and values
                   String attrName = attr.getName();
                   Enumeration enumVals = attr.getStringValues();
                   if (enumVals != null) {
                       while (enumVals.hasMoreElements()) {
                           String value = (String)enumVals.nextElement();
                           }
                       }
                   }
               }

           //--- Read
           String entryDN = "uid=honggildong, ou=People, o=daou.co.kr";
           LDAPEntry entry = ld.read(entryDN);

           //--- Getting Atributes
           LDAPAttributeSet attrSet = entry.getAttributeSet();
           Enumeration enumAttrs = attrSet.getAttributes();
           while (enumAttrs.hasMoreElements()) {
               LDAPAttribute attr = (LDAPAttribute)enumAttrs.nextElement();
               //--- Get name and values
               String attrName = attr.getName();
               Enumeration enumVals = attr.getStringValues();
               if (enumVals != null) {
                   while (enumVals.hasMoreElements()) {
                       String value = (String)enumVals.nextElement();
                       }
                   }
               }

           //--- Add
           //--- Create attribute
           Sting objectclasses[] = {"top", "person"};
           LDAPAttribute attr_1 = new LDAPAttribute("~", "~");
           LDAPAttribute attr_2 = new LDAPAttribute("objectclass", objectclases);
           //--- Create attribute set
           LDAPAttributeSet attrSet = new LDAPAttributeSet();
           attrSet.add(attr_1);
           attrSet.add(attr_2);
           //--- Creating entry
           String entryDN = "uid=honggildong, ou=People, o=daou.co.kr";
           LDAPEntry entry = new LDAPEntry(entryDN, attrSet);
           //--- Adding entry
           ld.add(entry);

           //--- Modify
           LDAPModificationSet mods = new LDAPModificationSet();
           LDAPAttribute attr = new LDAPAttribute("~", "~");
           LDAPAttribute attr = new LDAPAttribute("~");
           //--- LDAPModification  : ADD, DELETE, REPLACE
           mods.add(LDAPModification.ADD, attr);
           String entryDN = "uid=honggildong, ou=People, o=daou.co.kr";
           ld.modify(entryDN, mods);

           //--- Delete
           String entryDN = "uid=honggildong, ou=People, o=daou.co.kr";
           ld.delete(entryDN);

           //--- Rename
           String entryDN = "uid=honggildong, ou=People, o=daou.co.kr";
           ld.rename(entryDN, "uid=hello", deleteOldRDN = true);

           //--- Compare
           String entryDN = "uid=honggildong, ou=People, o=daou.co.kr";
           LDAPAttribute attr = new LDAPAttribute("~", "~");
           boolean ok = ld.compare(entryDN, attr);
       } catch(LDAPException e) {
           int resultCode   = e.getLDAPResultCode();
           String errorMsg  = e.getLDAPErrorMessage();
           String errorMsg1 = e.errorCodeToString(resultCode);
           System.exit(1);
       } finally {
           try {
               if ((ld != null) && (ld.isCinnected()))
                   ld.disconnect();
           } catch (LDAPExecption e) {}
       }
       System.exit(0);
   }
}

참고 문헌

원본 주소 "https://www.jopenbusiness.com/mediawiki/index.php?title=LDAP&oldid=760696"