You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Avneet Singh <fo...@gmail.com> on 2006/11/28 04:05:10 UTC
Groups in LDAP
Hello
I'm new to LDAP, need to access group info for a given user from
a professional J2EE application.
Had few questions reg that
- What are the standard ways to implement groups in LDAP (Apache DS or other
DS)?
- How can we find which groups a user belongs to, any standard APIs or
algorithms?
- Any good links for such info.
--
Regds
Avneet Singh
781-492-4449
Re: Groups in LDAP
Posted by Stefan Zoerner <st...@labeo.de>.
Hi Avneet!
Avneet Singh wrote:
> Thanks ..It was a great article, some general questions though-
>
> 1. The article was written a while back, are there any
> additions/updations to it somewhere on the Internet or does it still
> holds good.
I know (and like) this article as well, it still holds true for many
directories which use these object classes. We have also adopted some
algorithms successfully to Active Directory, which uses other object
classes, but comparable concepts ...
> 2. Is there no Java API to do simple group search rather than a
> developer going into the complexities of several different possibilities
> of groups?
> 3. Actually ours is a java app which uses authentication from customers
> ldap server. Till now we did not have concept of groups but we need to
> support that now. Since our customers can have any kind of pre-existing
> LDAP schema(and thus any kind of groups), I need to be able to support
> all kind of possibilities in groups. So I was trying to find some Java
> API which hides the complexity of so many different possibles, how can I
> achieve that?
One option is to make the search filters used in the algorithm
configurable (as Tomcat in its JNDI Realm does, for instance).
If you use JNDI, another option is to use object and/or state factories
to translate between directory entries for groups and Java objects,
which represent groups. Learn more about these (widely unknown) JNDI
feature here:
http://java.sun.com/products/jndi/tutorial/objects/factory/index.html
http://java.sun.com/products/jndi/tutorial/objects/state/index.html
The LDAP Booster Pack for JNDI already provides object and state
factories for RFC style groups. They may help (I am not certain, because
I do not know your requirements in detail -- for instance they do not
work with Active Directory, afaik).
You can download these classes here
http://java.sun.com/products/jndi/
Perhaps two valid ideas, how to abstract from schema details.
I hope this helps, Greetings from Frankfurt,
Stefan
Re: Groups in LDAP
Posted by Avneet Singh <fo...@gmail.com>.
Thanks ..It was a great article, some general questions though-
1. The article was written a while back, are there any additions/updations
to it somewhere on the Internet or does it still holds good.
2. Is there no Java API to do simple group search rather than a developer
going into the complexities of several different possibilities of groups?
3. Actually ours is a java app which uses authentication from customers ldap
server. Till now we did not have concept of groups but we need to support
that now. Since our customers can have any kind of pre-existing LDAP
schema(and thus any kind of groups), I need to be able to support all kind
of possibilities in groups. So I was trying to find some Java API which
hides the complexity of so many different possibles, how can I achieve that?
On 11/27/06, Ersin Er <er...@gmail.com> wrote:
>
> Hi Avneet,
>
> On 11/28/06, Avneet Singh <fo...@gmail.com> wrote:
> > Hello
> >
> > I'm new to LDAP, need to access group info for a given user from a
> > professional J2EE application.
> > Had few questions reg that
> > - What are the standard ways to implement groups in LDAP (Apache DS or
> other
> > DS)?
> > - How can we find which groups a user belongs to, any standard APIs or
> > algorithms?- Any good links for such info.
>
> I think you can master the subject with the following:
>
>
> http://middleware.internet2.edu/dir/groups/docs/internet2-mace-dir-groups-best-practices-200210.htm
>
> > --
> > Regds
> > Avneet Singh
> > 781-492-4449
>
> HTH,
> --
> Ersin
>
--
Regds
Avneet Singh
781-492-4449
Re: Groups in LDAP
Posted by Ersin Er <er...@gmail.com>.
Hi Avneet,
On 11/28/06, Avneet Singh <fo...@gmail.com> wrote:
> Hello
>
> I'm new to LDAP, need to access group info for a given user from a
> professional J2EE application.
> Had few questions reg that
> - What are the standard ways to implement groups in LDAP (Apache DS or other
> DS)?
> - How can we find which groups a user belongs to, any standard APIs or
> algorithms?- Any good links for such info.
I think you can master the subject with the following:
http://middleware.internet2.edu/dir/groups/docs/internet2-mace-dir-groups-best-practices-200210.htm
> --
> Regds
> Avneet Singh
> 781-492-4449
HTH,
--
Ersin