What is LDAP ?
LDAP is a directory access protocol. You can consider LDAP as a hierarchical object oriented database where data is stored in tree structure. LDAP is widely used to store contact informations of users under different categories. LDAP is mainly used in authentication and other lookup services where it may receive large number of look up requests per minute.
Why using LDAP when there are relational databases ?
- LDAP is optimized for large number data look up requests per minute.
- LDAP is standard protocol and many implementations are available for this.
- Since its a standard protocol, you can switch your LDAP server without changing your application code.
- LDAP runs on direct TCP/IP and SSL
- All programming languages have built in support for LDAP. For example in Java you can access LDAP using JNDI ( Java Native Directory Interface ).
How data is organized in LDAP ?
In LDAP data is organized as hierarchical order. Below image is a screen shot from LDAP browser.
'com' is the root node. Node 'maxcrc' is the child of 'com'. 'Manager', 'People' and 'Roles' are the children of 'maxcrc'. Each node in the tree is identified using a Distinguished Name, which is a coma separated string of nodes appearing along the path to that node from the root.
For example Distinguished Name ( used as DN ) of node 'Manager' is 'cn=Manager,dc=maxcrc,dc=com'
Each of the node in an LDAP tree has a predefined structure, like a class definition for an object. This structure is known as schema. Each node added to the tree should conform to the schema defined for the hierarchy. When you are adding a node to LDAP tree you should specify a parameter called 'objectClass' that should match a schema name, and the corresponding object should have all the mandatory attributes defined in the schema. For example, the "Manager" node, value of attribute "objectClass" is "organizationalRole". So the 'Manager' node should have all the mandatory attributes defined in the schema "organizational Role" ( which will be defined in one of the schema files of LDAP server).
These are some of the basic details of LDAP. You can search internet for detailed information.
Now we will discuss the step by step procedure for basic level access to LDAP using Java and JNDI.
Currently there are many implementations of LDAP Server - Active Directory of Microsoft, OpenLDAP etc.
We will be using OpenLDAP throughout this tutorial.
Download OpenLDAP from Download http://www.openldap.org/software/download/. You can download the executable according to your platform. Once the installation is complete, open file slapd.conf in your installation directory. This file contains the complete configuration for OpenLDAP.
Below is a sample configuration of the file, in which you can see the rootdn ( DN of root user ) and associated credentials.
To run OpenLDAP, open command prompt and change your directory to OpenLDAP installation folder.
Then execute the following command slapd -d 1.