6. LDAP Lightweight Directory Access Protocol

What is LDAP

  • Lightweight Directory Access Protocol
  • Based on X.500
  • Directory service (RFC1777)
  • Stores attribute based data
  • Data generallly read more than written to
    • No transactions
    • No rollback
  • Hierarchical data structure
    • Entries are in a tree-like structure called Directory Information Tree (DIT)

    Hierachical

    [Hierachial Directory Tree]

     

    Flat

    [Flat Directory Tree]

     

  • Client-server model
  • Consistant view of data
    • Answers request
    • Refer to server with answer

    Referrals

    • [ Referral ]
      1. Client requests information
      2. Server 1 returns referral to server 2
      3. Client resends request to server 2
      4. Server 2 returns information to client

    Global View

    [ Global Structure ]

    Based on entries

    • Collection of attributes
    • Has a distinguished name (DN) - like domain name

     

 

Acronyms

LDAP
Lightweight Directory Access Protocol
DN
Distinguish Name
RDN
Relative Distinuished Name
DIT
Directory Information Tree
LDIF
LDAP Data Interchange Format
OID
Object Identifier

LDIF

  • LDAP Data Interchange Format
    • Represents LDAP entries in text
    • Human readable format
    • Allows easy modification of data
  • ldbmcat converts ldbm database to ldif
  • ldif2ldbm converts ldif back to ldbm database
  • Example extract
    
    dn: uid=bmarshal,ou=People,dc=pisoftware,dc=com
    uid: bmarshal
    cn: Brad Marshall
    objectclass: account
    objectclass: posixAccount
    objectclass: top
    loginshell: /bin/bash
    uidnumber: 500
    gidnumber: 120
    homedirectory: /mnt/home/bmarshal
    gecos: Brad Marshall,,,,
    userpassword: {crypt}KDnOoUYN7Neac
    
              

Schema

  • Set of rules that describes what kind of data is stored
  • Helps maintain consistancy and quality of data
  • Reduces duplication of data
  • Object class attribute determines schema rules the entry must follow
  • Schema contains the following:
    • Required attributes
    • Allowed attributes
    • How to compare attributes
    • Limit what the attributes can store - ie, restrict to integer etc
    • Restrict what information is stored - ie, stops duplication etc

Attribute abbreviations

See RFC2256
uid
User id
cn
Common Name
sn
Surname
l
Location
ou
Organisational Unit
o
Organisation
dc
Domain Component
st
State
c
Country

Search Filters

  • Criteria for attributes that must be fulfilled for entry to be returned
  • Base dn = base object entry search is relative to
  • Prefix notation
  • Standards
    • RFC 1960: LDAP String Representation of Search Filters
    • RFC 2254: LDAPv3 Search Filters
  • Operators
    • & = and
    • | = or
    • ! = not
    • ~= = approx equal
    • >= = greater than or equal
    • <= = less than or equal
    • * = any
  • Eg
    • (objectclass=posixAccount)
    • (cn=Mickey M*)
    • (|(uid=fred)(uid=bill))
    • (&(|(uid=jack)(uid=jill))(objectclass=posixAccount))

 

Deploying LDAP

Servers

  • Slapd
    • University of Michigan
    • Openldap
  • Open Directory S
  • Netscape Directory Server
  • Microsoft Active Directory (AD)
  • Novell Directory Services (NDS)
  • Sun Directory Services (SDS)
  • Lucent's Internet Directory Server (IDS)

Openldap

LDAP Server architecture

  • LDAP daemon called slapd
    • Choice of databases
      • LDBM - high performance disk based db
      • SHELL - db interface to unix commands
      • PASSWORD - simple password file db
      • SQL - mapping sql to ldap (in OpenLDAP 2.x)
    • Multiple database instances
    • Access control
    • Threaded
    • Replication

    LDAP Architecture

    [ LDAP Architecture ]

     

  • Replication daemon called slurpd
    • Frees slapd from worrying about hosts being down etc
    • Communicates with slapd through text file

    Replication Architecture

    [ Replication Architecture ]

     

Replication

  • Increases:
    • Reliability - if one copy of the directory is down
    • Availability - more likely to find an available server
    • Performance - can use a server closer to you
    • Speed - can take more queries as replicas are added
  • Temporary inconsistances are ok
  • Having replicas close to clients is important - network going down is same as server going down
  • Removes single point of failure

Replication Options

a. All modifications go to the master LDAP server

[ Replica A ]

b. Using referrals

[ Replica B ]
  1. Client sends modification to replica
  2. Replica returns referral to master
  3. Client resubmits modification to master
  4. Master returns results to client
  5. Master updates replica with change

c. Using chaining

[ Replica C ]
  1. Client sends modification to replica
  2. Replica forwards request to master
  3. Master returns result to replica
  4. Replica forwards result to client
  5. Master updates replica

Examples slapd.conf

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/slapd.at.conf
include         /etc/openldap/slapd.oc.conf
schemacheck     off

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

defaultaccess read

access to attr=userpassword
   by self write
   by * read

access to *
   by self write
   by dn=".+" read
   by * read
#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=pisoftware, dc=com"
rootdn          "cn=Manager, dc=pisoftware, dc=com"
rootpw          {crypt}lAn4J@KmNp9
replica host=cox.staff.plugged.com.au:389
    binddn="cn=Manager,dc=pisoftware,dc=com"
    bindmethod=simple credentials=secret
    replogfile /var/lib/openldap/replication.log
# cleartext passwords, especially for the rootdn, should
# be avoid.  See slapd.conf(5) for details.
directory       /var/lib/openldap/


          

 


Installing and Configuring LDAP



/etc/ldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /home/digital/local/etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
   # service AND an understanding of referrals.
   #referral ldap://root.openldap.org
pidfile /home/digital/local/var/run/slapd.pid
   argsfile /home/digital/local/var/run/slapd.args
# Load dynamic backend modules:
   # modulepath /home/digital/local/libexec/openldap
   # moduleload back_bdb.la
   # moduleload back_ldap.la
   # moduleload back_ldbm.la
   # moduleload back_passwd.la
   # moduleload back_shell.la
# Sample security restrictions
   # Require integrity protection (prevent hijacking)
   # Require 112-bit (3DES or better) encryption for updates
   # Require 63-bit encryption for simple bind
   # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
   # Root DSE: allow anyone to read it
   # Subschema (sub)entry DSE: allow anyone to read it
   # Other DSEs:
   # Allow self write access
   # Allow authenticated users read access
   # Allow anonymous users to authenticate
   # Directives needed to implement policy:
   # access to dn.base="" by * read
   # access to dn.base="cn=Subschema" by * read
   # access to *
   # by self write
   # by users read
   # by anonymous auth
   #
   # if no access controls are present, the default policy
   # allows anyone and everyone to read anything but restrict
   # updates to rootdn. (e.g., "access to * by * read")
   #
   # rootdn can always read and write EVERYTHING!
   #password-hash {MD5}
   #######################################################################
   # BDB database definitions
   #######################################################################
database bdb
   suffix "dc=midominio,dc=mx"
   rootdn "cn=Manager,dc=midominio,dc=mx"
   # Cleartext passwords, especially for the rootdn, should
   # be avoid. See slappasswd(8) and slapd.conf(5) for details.
   # Use of strong authentication encouraged.
   rootpw lolo
   # The database directory MUST exist prior to running slapd AND 
   # should only be accessible by the slapd and slap tools.
   # Mode 700 recommended.
   directory /home/digital/local/var/openldap-data
   # Indices to maintain
   index objectClass eq



Start

Manualmente:
>#slapd -h ldap://maquina.midominio.mx:9009/
o levantándolo como root en el puerto por default 389
># slapd 


La primera vez habra que inicializar el directorio:
Con los scripts de arranque:
/etc/init.d/slapd start


archivo: initial.ldif
dn: dc=midominio,dc=mx
objectclass: dcObject
objectclass: organization
o: Example Company
dc: midominio
dn: cn=Manager,dc=midominio,dc=mx
   objectclass: organizationalRole
   cn: Manager
 
 
      
:># ldapadd -x -D "cn=Manager,dc=midominio,dc=mx" -W -h maquina.midominio.mx -p 9009 -f initial.ldif
Enter LDAP Password:
adding new entry "dc=midominio,dc=mx"
adding new entry "cn=Manager,dc=midominio,dc=mx"
:># ldapsearch -x -b 'cn=Manager,dc=midominio,dc=mx' -h    maquina.midominio.mx -p 9009 '(objectclass=*)'
   # extended LDIF
   #
   # LDAPv3
   # base <cn=Manager,dc=midominio,dc=mx> with scope sub
   # filter: (objectclass=*)
   # requesting: ALL
   #
# Manager, midominio.mx
   dn: cn=Manager,dc=midominio,dc=mx
   objectClass: organizationalRole
   cn: Manager
# search result
   search: 2
   result: 0 Success
# numResponses: 2
   # numEntries: 1
 
Stop
kill -INT `cat /var/run/slapd/slapd.pid`
o en Solaris
kill  `cat /var/run/slapd/slapd.pid`
Con los scripts de arranque:
/etc/init.d/slapd stop
      

LDAP Applications

Application Architecture

[ Applications Architecture ]


Using Multiple Applications

[ LDAP Applications ]

 

LDAP Browsers

Phpldapadmin

http://phpldapadmin.sourceforge.net/

 

JXPLORER

http://pegacat.com/jxplorer/

LDAPBrowser

http://www-unix.mcs.anl.gov/~gawor/ldap/

 

GQ

http://biot.com/gq/

 

Programas ejemplo con el API de Novell

   1:import com.novell.ldap.LDAPAttribute;
   2:import com.novell.ldap.LDAPAttributeSet;
   3:import com.novell.ldap.LDAPEntry;
   4:import com.novell.ldap.LDAPConnection;
   5:import com.novell.ldap.LDAPException;
   6:import java.io.UnsupportedEncodingException;
   7:
   8:public class AddEntry
   9:{
  10:    public static void main( String[] args )
  11:    {
  12:        if (args.length != 4) {
  13:            System.err.println("Usage:   java AddEntry <host name> <login dn>"
  14:                                                + " <password> <container>");
  15:            System.err.println("Example: java AddEntry Acme.com"
  16:                        + " \"cn=admin,o=Acme\" secret \"ou=Sales,o=Acme\"");
  17:            System.exit(1);
  18:        }
  19:                
  20:        int ldapPort = LDAPConnection.DEFAULT_PORT;
  21:        int ldapVersion  = LDAPConnection.LDAP_V3;
  22:        String ldapHost       = args[0];
  23:        String loginDN        = args[1];
  24:        String password       = args[2];
  25:        String containerName  = args[3];
  26:        LDAPConnection lc = new LDAPConnection();
  27:        LDAPAttribute  attribute = null;
  28:        LDAPAttributeSet attributeSet = new LDAPAttributeSet();
  29:
  30:     
  31:        /* To Add an entry to the directory,
  32:         *  - Create the attributes of the entry and add them to an attribute set
  33:         *  - Specify the DN of the entry to be created
  34:         *  - Create an LDAPEntry object with the DN and the attribute set
  35:         *  - Call the LDAPConnection add method to add it to the directory
  36:         */                   
  37:        attributeSet.add( new LDAPAttribute( 
  38:                             "objectclass", new String("organizationalPerson")));                
  39:        attributeSet.add( new LDAPAttribute("cn", 
  40:                new String[]{"James Smith", "Jim Smith", "Jimmy Smith"}));               
  41:               
  42:        attributeSet.add( new LDAPAttribute("sn", new String("Smith")));        
  43:        attributeSet.add( new LDAPAttribute("telephonenumber",
  44:                                            new String("1 801 555 1212")));                                                     
  45:       
  46:        attributeSet.add( new LDAPAttribute("userpassword", 
  47:                                               new String("newpassword")));                                           
  48:                                               
  49:        String  dn  = "cn=Jim Smith," + containerName;      
  50:        LDAPEntry newEntry = new LDAPEntry( dn, attributeSet );
  51:
  52:        try {
  53:            // connect to the server
  54:            lc.connect( ldapHost, ldapPort );
  55:            // authenticate to the server
  56:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  57:
  58:            lc.add( newEntry );
  59:            System.out.println( "\nAdded object: " + dn + " successfully." );
  60:
  61:            // disconnect with the server
  62:            lc.disconnect();
  63:        }
  64:        catch( LDAPException e ) {
  65:            System.out.println( "Error:  " + e.toString());
  66:        }
  67:        catch( UnsupportedEncodingException e ) {
  68:            System.out.println( "Error: " + e.toString() );
  69:        }                                   
  70:        System.exit(0);
  71:    }
  72:}
      
 
digital@localhost:~/ldapsample> java AddEntry localhost "cn=Manager,dc=midominio,dc=mx"        lolo "dc=midominio,dc=mx"       
Added object: cn=Jim Smith,dc=midominio,dc=mx successfully.

 

   1:import com.novell.ldap.*;
   2:import java.io.UnsupportedEncodingException;
   3:
   4:public class AddUserToGroup 
   5:{
   6:    public static void main( String[] args ) 
   7:    {
   8:                        
   9:        if (args.length != 5) {
  10:            usage();
  11:            System.exit(1);
  12:        }
  13:
  14:        int ldapPort      = LDAPConnection.DEFAULT_PORT;
  15:        int ldapVersion   = LDAPConnection.LDAP_V3;
  16:        boolean status    = false;
  17:        LDAPConnection lc = new LDAPConnection();
  18:        String   ldapHost = args[0];
  19:        String   loginDN  = args[1];
  20:        String   password = args[2];
  21:        String   userDN   = args[3];
  22:        String   groupDN  = args[4];
  23:        
  24:        try {
  25:            // connect to the server
  26:            lc.connect( ldapHost, ldapPort);
  27:            // bind to the server
  28:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  29:            
  30:            // call _AddUseToGroup() to add the user to the group
  31:            status = _AddUserToGroup( lc, userDN, groupDN );
  32:            
  33:            if ( status )
  34:                System.out.println(
  35:                  "User: " + userDN + " was enrolled in group: " + groupDN);
  36:            else
  37:                System.out.println( "User: " + userDN + 
  38:                             " could not be enrolled in group: " + groupDN);
  39:
  40:            // disconnect with the server
  41:            lc.disconnect();
  42:        }
  43:        catch( LDAPException e ) { 
  44:            System.out.println( "Error: " + e.toString() );
  45:        }
  46:        catch( UnsupportedEncodingException e ) {
  47:            System.out.println( "Error: " + e.toString() );
  48:        }
  49:        System.exit(0);
  50:    }
  51:    
  52:    public static void usage() {
  53:            System.err.println("Usage:   java AddUserToGroup <ldap host>"
  54:                        + " <login dn> <password> <user dn >\n" 
  55:                        +"              <group dn>");
  56:            System.err.println("Example: java AddUserToGroup Acme.com" 
  57:                               + " \"cn=Admin,o=Acme\" secret\n" 
  58:                               + "              \"cn=James,ou=Sales,o=Acme\""
  59:                               + " \"cn=salesGroup,ou=Sales,o=Acme\"");
  60:    }
  61:    
  62:    public static boolean _AddUserToGroup( LDAPConnection lc,
  63:                                           String userdn, 
  64:                                           String groupdn ) {
  65:
  66:        // modifications for group and user
  67:        LDAPModification[]  modGroup = new LDAPModification[1];
  68:       
  69:        // Add modifications to modGroup
  70:        LDAPAttribute member = new LDAPAttribute("member", userdn);
  71:        modGroup[0] = new LDAPModification( LDAPModification.ADD, member);
  72:       
  73:        try {
  74:            // Modify the group's attributes
  75:            lc.modify( groupdn, modGroup);
  76:            System.out.println("Modified the group's attribute.");
  77:        }
  78:        catch( LDAPException e ) {
  79:            System.out.println(
  80:                "Failed to modify group's attributes: " + e.toString() );
  81:            
  82:            return false;
  83:        }
  84:        return true;
  85:    }
  86:
  87:    
  88:}
      
 
:> java AddUserToGroup localhost "cn=Manager,dc=midominio,dc=mx"        lolo "cn=Carlos Proal,ou=usuarios,dc=midominio,dc=mx" "cn=amigos,dc=midominio,dc=mx"
       Modified the group's attribute.
       User: cn=Carlos Proal,ou=usuarios,dc=midominio,dc=mx was enrolled in group:        cn=amigos,dc=midominio,dc=mx

 

   1:import com.novell.ldap.LDAPAttribute;
   2:import com.novell.ldap.LDAPAttributeSet;
   3:import com.novell.ldap.LDAPConnection;
   4:import com.novell.ldap.LDAPEntry;
   5:import com.novell.ldap.LDAPException;
   6:import com.novell.ldap.LDAPSearchResults;
   7:import com.novell.ldap.util.Base64;
   8:import java.util.Enumeration;
   9:import java.util.Iterator;
  10:import java.io.UnsupportedEncodingException;
  11:
  12:public class Read
  13:{
  14:    public static void main( String[] args )
  15:    {
  16:        if (args.length != 4) {
  17:           System.out.println("Usage:   java Search <host name> <login dn>"
  18:                              + " <password> <user dn>");
  19:                              
  20:           System.out.println("Example: java Search Acme.com"
  21:                                    + " \"cn=admin,o=Acme\""
  22:                                    + " secret \"cn= John Smith, ou=sales,o=Acme\"");
  23:                                    
  24:           System.exit(0);
  25:        }
  26:
  27:        int ldapPort = LDAPConnection.DEFAULT_PORT;
  28:        int ldapVersion  = LDAPConnection.LDAP_V3;
  29:        String ldapHost = args[0];
  30:        String loginDN  = args[1];
  31:        String password = args[2];
  32:        String userDN = args[3];
  33:        
  34:        LDAPConnection lc = new LDAPConnection();
  35:
  36:        try {
  37:            // connect to the server
  38:            lc.connect( ldapHost, ldapPort );
  39:            // bind to the server
  40:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  41:
  42:            LDAPEntry resultEntry =
  43:                lc.read(  userDN );
  44:
  45:            /* To print out the search results,
  46:             *   -- The first while loop goes through all the attributes
  47:             *   -- The second while loop goes through all the attribute values
  48:             */
  49:            
  50:                System.out.println("\n" + resultEntry.getDN());
  51:                System.out.println("  Attributes: ");
  52:
  53:                LDAPAttributeSet attributeSet = resultEntry.getAttributeSet();
  54:                Iterator allAttributes = attributeSet.iterator();
  55:
  56:                while(allAttributes.hasNext()) {
  57:                    LDAPAttribute attribute =
  58:                                (LDAPAttribute)allAttributes.next();
  59:                    String attributeName = attribute.getName();
  60:
  61:                    System.out.println("    " + attributeName);
  62:
  63:                    Enumeration allValues = attribute.getStringValues();
  64:
  65:                    if( allValues != null) {
  66:                        while(allValues.hasMoreElements()) {
  67:                            String Value = (String) allValues.nextElement();
  68:                            if (Base64.isLDIFSafe(Value)) {
  69:                                // is printable
  70:                                System.out.println("      " + Value);
  71:                            }
  72:                            else {
  73:                                // base64 encode and then print out
  74:                                Value = Base64.encode(Value.getBytes());
  75:                                System.out.println("      " + Value);
  76:                            }
  77:                        }
  78:                    }
  79:                }
  80:            
  81:            // disconnect with the server
  82:            lc.disconnect();
  83:        }
  84:        catch( LDAPException e ) {
  85:            System.out.println( "Error: " + e.toString() );
  86:        }
  87:        catch( UnsupportedEncodingException e ) {
  88:            System.out.println( "Error: " + e.toString() );
  89:        }
  90:        System.exit(0);
  91:    }
  92:}
      
 
:> java Read localhost "cn=Jim Smith,dc=midominio,dc=mx" newpassword "cn=Jim Smith,dc=midominio,dc=mx"
cn=Jim Smith,dc=midominio,dc=mx Attributes: sn Smith cn James Smith Jim Smith Jimmy Smith objectClass organizationalPerson userPassword newpassword telephoneNumber 1 801 555 1212

:> java Read localhost "cn=Carlos Proal,ou=usuarios,dc=midominio,dc=mx" lele "cn=Hermelinda Linda,ou=usuarios,dc=midominio,dc=mx"
cn=Hermelinda Linda,ou=usuarios,dc=midominio,dc=mx
         Attributes:
         sn
         Linda
         cn
         Hermelinda Linda
         objectClass
         organizationalPerson
         person
         top
         userPassword
         feya
        

 

   1:import com.novell.ldap.LDAPAttribute;
   2:import com.novell.ldap.LDAPAttributeSet;
   3:import com.novell.ldap.LDAPConnection;
   4:import com.novell.ldap.LDAPEntry;
   5:import com.novell.ldap.LDAPException;
   6:import com.novell.ldap.LDAPSearchResults;
   7:import com.novell.ldap.util.Base64;
   8:import java.util.Enumeration;
   9:import java.util.Iterator;
  10:import java.io.UnsupportedEncodingException;
  11:
  12:public class Search
  13:{
  14:    public static void main( String[] args )
  15:    {
  16:        if (args.length != 5) {
  17:           System.out.println("Usage:   java Search <host name> <login dn>"
  18:                              + " <password> <search base>\n"
  19:                              + "         <search filter>");
  20:           System.out.println("Example: java Search Acme.com"
  21:                                    + " \"cn=admin,o=Acme\""
  22:                                    + " secret \"ou=sales,o=Acme\"\n"
  23:                                    + "         \"(objectclass=*)\"");
  24:           System.exit(0);
  25:        }
  26:
  27:        int ldapPort = LDAPConnection.DEFAULT_PORT;
  28:        int searchScope = LDAPConnection.SCOPE_ONE;
  29:        int ldapVersion  = LDAPConnection.LDAP_V3;
  30:        String ldapHost = args[0];
  31:        String loginDN  = args[1];
  32:        String password = args[2];
  33:        String searchBase = args[3];
  34:        String searchFilter = args[4];
  35:        LDAPConnection lc = new LDAPConnection();
  36:
  37:        try {
  38:            // connect to the server
  39:            lc.connect( ldapHost, ldapPort );
  40:            // bind to the server
  41:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  42:
  43:            LDAPSearchResults searchResults =
  44:                lc.search(  searchBase,
  45:                            searchScope,
  46:                            searchFilter,
  47:                            null,          // return all attributes
  48:                            false);        // return attrs and values
  49:
  50:            /* To print out the search results,
  51:             *   -- The first while loop goes through all the entries
  52:             *   -- The second while loop goes through all the attributes
  53:             *   -- The third while loop goes through all the attribute values
  54:             */
  55:            while ( searchResults.hasMore()) {
  56:                LDAPEntry nextEntry = null;
  57:                try {
  58:                    nextEntry = searchResults.next();
  59:                }
  60:                catch(LDAPException e) {
  61:                    System.out.println("Error: " + e.toString());
  62:
  63:                    // Exception is thrown, go for next entry
  64:
  65:                    continue;
  66:                }
  67:
  68:                System.out.println("\n" + nextEntry.getDN());
  69:                System.out.println("  Attributes: ");
  70:
  71:                LDAPAttributeSet attributeSet = nextEntry.getAttributeSet();
  72:                Iterator allAttributes = attributeSet.iterator();
  73:
  74:                while(allAttributes.hasNext()) {
  75:                    LDAPAttribute attribute =
  76:                                (LDAPAttribute)allAttributes.next();
  77:                    String attributeName = attribute.getName();
  78:
  79:                    System.out.println("    " + attributeName);
  80:
  81:                    Enumeration allValues = attribute.getStringValues();
  82:
  83:                    if( allValues != null) {
  84:                        while(allValues.hasMoreElements()) {
  85:                            String Value = (String) allValues.nextElement();
  86:                            if (Base64.isLDIFSafe(Value)) {
  87:                                // is printable
  88:                                System.out.println("      " + Value);
  89:                            }
  90:                            else {
  91:                                // base64 encode and then print out
  92:                                Value = Base64.encode(Value.getBytes());
  93:                                System.out.println("      " + Value);
  94:                            }
  95:                        }
  96:                    }
  97:                }
  98:            }
  99:            // disconnect with the server
 100:            lc.disconnect();
 101:        }
 102:        catch( LDAPException e ) {
 103:            System.out.println( "Error: " + e.toString() );
 104:        }
 105:        catch( UnsupportedEncodingException e ) {
 106:            System.out.println( "Error: " + e.toString() );
 107:        }
 108:        System.exit(0);
 109:    }
 110:}
      
 
:> java Search localhost "cn=Jim        Smith,dc=midominio,dc=mx" newpassword "dc=midominio,dc=mx" "(objectclass=*)"       
cn=Manager,dc=midominio,dc=mx
         Attributes:
         cn
         Manager
         objectClass
         organizationalRole
cn=Carlos Proal,dc=midominio,dc=mx
         Attributes:
         sn
         Proal
         title
         Mtro.
         Ing.
         ou
         biblio
         cn
         Carlos Proal
         objectClass
         organizationalPerson
         person
         top
         street
         mi casa
         userPassword
         lele
cn=amigos,dc=midominio,dc=mx
         Attributes:
         cn
         amigos
         objectClass
         groupOfNames
         top
         member
         cn=Carlos Proal,dc=midominio,dc=mx
         cn=Juan Perez,dc=midominio,dc=mx
cn=Juan Perez,dc=midominio,dc=mx
         Attributes:
         sn
         Perez
         cn
         Juan Perez
         objectClass
         organizationalPerson
         person
         top
         userPassword
         lele
cn=Jim Smith,dc=midominio,dc=mx
         Attributes:
         sn
         Smith
         cn
         James Smith
         Jim Smith
         Jimmy Smith
         objectClass
         organizationalPerson
         userPassword
         newpassword
         telephoneNumber
         1 801 555 1212

 

   1:import com.novell.ldap.*;
   2:import java.io.UnsupportedEncodingException;
   3:
   4:public class VerifyPassword
   5:{
   6:    public static void main( String[] args ) 
   7:    {        
   8:        if (args.length != 5) {
   9:           System.out.println("Usage:   java VerifyPassword <host name>"
  10:                            + " <login dn> <password> <object dn>\n"
  11:                            + "         <test password>");
  12:           System.out.println("Example: java VerifyPassword Acme.com "
  13:                       + "\"cn=Admin,o=Acme\" secret\n"
  14:                       + "         \"cn=JSmith,ou=Sales,o=Acme\" testPassword");
  15:           System.exit(0);
  16:        }
  17:
  18:        int ldapPort = LDAPConnection.DEFAULT_PORT;
  19:        int ldapVersion = LDAPConnection.LDAP_V3;
  20:        String ldapHost = args[0];
  21:        String loginDN = args[1];
  22:        String password = args[2];
  23:        String objectDN = args[3];
  24:        String testPassword = args[4];
  25:        LDAPConnection lc = new LDAPConnection();
  26:
  27:        try {
  28:            // connect to the server
  29:            lc.connect( ldapHost, ldapPort );
  30:
  31:            // authenticate to the server
  32:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  33:
  34:            LDAPAttribute attr = new LDAPAttribute(
  35:                                            "userPassword", testPassword );
  36:            boolean correct = lc.compare( objectDN, attr );
  37:
  38:            System.out.println( correct ? "The password is correct.":
  39:                                          "The password is incorrect.\n");
  40:
  41:            // disconnect with the server
  42:            lc.disconnect();
  43:        }
  44:        catch( LDAPException e ) {
  45:            if ( e.getResultCode() == LDAPException.NO_SUCH_OBJECT ) {
  46:                System.err.println( "Error: No such entry" );
  47:            } else if ( e.getResultCode() == 
  48:                                        LDAPException.NO_SUCH_ATTRIBUTE ) {
  49:                System.err.println( "Error: No such attribute" );
  50:            } else {
  51:                System.err.println( "Error: " + e.toString() );
  52:            }        
  53:        }
  54:        catch( UnsupportedEncodingException e ) {
  55:            System.out.println( "Error: " + e.toString() );
  56:        }       
  57:        System.exit(0);
  58:    }
  59:}
  60:
      
:> java VerifyPassword localhost "cn=Jimmy        Smith,dc=midominio,dc=mx" newpassword "cn=Jimmy Smith,dc=midominio,dc=mx"        newpassword
       Error: LDAPException: Invalid Credentials (49) Invalid Credentials
       LDAPException: Matched DN:
       digital@localhost:~/ldapsample> java VerifyPassword localhost "cn=Jim        Smith,dc=midominio,dc=mx" newpassword "cn=Jimmy Smith,dc=midominio,dc=mx"        newpassword
       Error: No such entry
       digital@localhost:~/ldapsample> java VerifyPassword localhost "cn=Jim        Smith,dc=midominio,dc=mx" newpassword "cn=Jim Smith,dc=midominio,dc=mx"        newpassword
       The password is correct.

 

   1:import java.io.UnsupportedEncodingException;
   2:import java.security.MessageDigest;
   3:import java.security.NoSuchAlgorithmException;
   4:import com.novell.ldap.util.Base64;
   5:/**
   6: * Test MD5 digest computation
   7: *
   8: */
   9:public class MD5
  10:   {
  11:
  12:   /**
  13:    * test MD5 digest, requires Java 1.4+
  14:    *
  15:    * @param args not used
  16:    */
  17:   public static void main ( String[] args ) throws UnsupportedEncodingException, NoSuchAlgorithmException
  18:   {
  19:      byte[] theTextToDigestAsBytes = "lolo".getBytes( "ISO-8859-1" /* encoding */ );
  20:      MessageDigest md = MessageDigest.getInstance( "MD5" );
  21:      md.update( theTextToDigestAsBytes );
  22:      byte[] digest = md.digest();
  23:      System.out.println("{MD5}"+Base64.encode(digest));
  24:      
  25:      
  26:      
  27:   }
  28:   }
      
 
:> java MD5
       {MD5}1lgdVCx+r4AShPCER4tfzA==