Accessing LDAP by a Java application.

Accessing LDAP requires a suitable client component. A standard JDK or JRE ships with a JNDI provider. The API however requires a lot of boilerplate code.

Ldaptive offers a promising client provider API. Start a Maven based Eclipse project which reads your own HdM LDAP data being provided by the MI replica server ldap1.mi.hdm-stuttgart.de.

This server allows for retrieving all attributes belonging to your personal records. Thus an authenticated bind using your HdM credentials is mandatory. Use TLS to prevent password sniffing!

Tip

  • Read the quick start guide and consult the Ldaptive API.

  • Using Ldaptive may be accomplished by adding the following Maven dependencies to your project's pom.xml file:

    <project xmlns="http://maven.apache.org/POM/4.0.0" ... >
    
      <properties>
        <slf4j.version>find my current version on Maven central</slf4j.version>
           ...
      </properties>
    
      <dependencies>
        <dependency>
          <groupId>org.ldaptive</groupId>
          <artifactId>ldaptive</artifactId>
          <version>find my current version on Maven central</version>
        </dependency>
    
        <dependency> <!-- required for ldaptive's internal logging -->
          <groupId>org.slf4j</groupId>
          <artifactId>slf4j-api</artifactId>
          <version>${slf4j.version}</version>
        </dependency>
    
        <dependency>
          <groupId>org.slf4j</groupId>
          <artifactId>slf4j-simple</artifactId>
          <version>${slf4j.version}</version>
        </dependency> ...

    Tip

    Follow How To Configure Simple Logger slf4j Log Levels avoiding unrelated Ldaptive logging info.

The expected output with respect to the given initial data should resemble:

ou=departments,dc=betrayer,dc=com
  ou: {departments}
  objectClass: {top, organizationalUnit}
  -------------------------------------------------------
    ou=software,ou=departments,dc=betrayer,dc=com
      ou: {software}
      objectClass: {top, organizationalUnit}
      -------------------------------------------------------
        ou=devel,ou=software,ou=departments,dc=betrayer,dc=com
          ou: {devel}
          objectClass: {top, organizationalUnit}
          -------------------------------------------------------
            uid=bean,ou=devel,ou=software,ou=departments,dc=betrayer,dc=com
              uid: {bean}
              mail: {bean@betrayer.com}
              givenName: {Jim}
              cn: {Jim Bean}
              sn: {Bean}
              objectClass: {top, person, organizationalPerson, inetOrgPerson, posixAccount}
              userPassword: {{smd5}aXJ/beVAvL4D6Oi0TKp8c3z/a6Pg0Wxp}
              gidNumber: 1000
              homeDirectory: /home/bean
              uidNumber: 1000
              -------------------------------------------------------
        ou=testing,ou=software,ou=departments,dc=betrayer,dc=com
          ou: {testing}
          objectClass: {top, organizationalUnit}
          -------------------------------------------------------
    ou=financial,ou=departments,dc=betrayer,dc=com
      ou: {financial}
      objectClass: {top, organizationalUnit}

...

Remarks:

  • Descend a given arbitrary LDAP tree recursively.

  • Indent according to each entries hierarchy level. In the above example ou=software,ou=departments,dc=betrayer,dc=com being a child of ou=departments,dc=betrayer,dc=com receives an extra indent.

  • Mind single and multi valuedness of attributes: In the above example mail: {bean@betrayer.com} is multivalued in contrast to homeDirectory: /home/bean. The brace pairs {...} denote attribute sets. The server's schema information is your friend. Consider the following hints:

    ConnectionFactory factory = DefaultConnectionFactory ... ;
    Schema schema = SchemaFactory.createSchema(factory);
    
    ... schema.getAttributeType(...).isSingleValued() ...