Getting Information About the Directory Service LDAP directories expose what their capabilities through the root DSE. They also expose their schema definitions, which define the sort of entries and attributes can be stored in a directory, over protocol. OpenDJ SDK allows you to look up that information in your client application.
Reading Root DSEs LDAP Root DSE LDAP Checking supported features The directory entry with distinguished name "" (empty string) is called the root DSE. DSE stands for DSA-Specific Entry. DSA stands for Directory System Agent. The DSE is a different entry on each server. The root DSE serves to expose information over LDAP about what the directory server supports in terms of LDAP controls, auth password schemes, SASL mechanisms, LDAP protocol versions, naming contexts, features, LDAP extended operations, and so forth. The root DSE holds all the information as values of LDAP attributes. OpenDJ defines these attributes as operational. In other words, OpenDJ only returns the attributes if you either request them specifically, or request all operational attributes. To access the list of what an OpenDJ server supports, for example, get all operational attributes from the root DSE entry as in the following excerpt. [jcp:org.forgerock.opendj.examples.GetInfo:--- JCite ---] For a complete example in context, see GetInfo.java. Notice that by default you can access the root DSE after authenticating anonymously. When you look at the entry in LDIF, you see that supported capabilities are generally identified by object identifier (OID). # Root DSE for LDAP server at localhost:1389 dn: supportedControl: 1.2.826.0.1.3344810.2.3 supportedControl: 1.2.840.113556.1.4.1413 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 1.2.840.113556.1.4.805 supportedControl: 1.3.6.1.1.12 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.4.1.26027.1.5.2 supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.3.6.1.4.1.4203.1.10.2 supportedControl: 1.3.6.1.4.1.7628.5.101.1 supportedControl: 2.16.840.1.113730.3.4.12 supportedControl: 2.16.840.1.113730.3.4.16 supportedControl: 2.16.840.1.113730.3.4.17 supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.19 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 2.16.840.1.113730.3.4.3 supportedControl: 2.16.840.1.113730.3.4.4 supportedControl: 2.16.840.1.113730.3.4.5 supportedControl: 2.16.840.1.113730.3.4.9 supportedAuthPasswordSchemes: MD5 supportedAuthPasswordSchemes: SHA1 supportedAuthPasswordSchemes: SHA256 supportedAuthPasswordSchemes: SHA512 supportedAuthPasswordSchemes: SHA384 supportedSASLMechanisms: PLAIN supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedLDAPVersion: 2 supportedLDAPVersion: 3 etag: 00000000e9155ba0 pwdPolicySubentry: cn=Default Password Policy,cn=Password Policies,cn=config supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 subschemaSubentry: cn=schema changelog: cn=changelog supportedTLSCiphers: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_RSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 supportedTLSCiphers: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_RSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_DHE_RSA_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_DHE_DSS_WITH_AES_128_CBC_SHA supportedTLSCiphers: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA supportedTLSCiphers: TLS_ECDHE_RSA_WITH_RC4_128_SHA supportedTLSCiphers: SSL_RSA_WITH_RC4_128_SHA supportedTLSCiphers: TLS_ECDH_ECDSA_WITH_RC4_128_SHA supportedTLSCiphers: TLS_ECDH_RSA_WITH_RC4_128_SHA supportedTLSCiphers: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_RSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA supportedTLSCiphers: SSL_RSA_WITH_RC4_128_MD5 supportedTLSCiphers: TLS_EMPTY_RENEGOTIATION_INFO_SCSV ds-private-naming-contexts: cn=admin data ds-private-naming-contexts: cn=ads-truststore ds-private-naming-contexts: cn=backups ds-private-naming-contexts: cn=config ds-private-naming-contexts: cn=monitor ds-private-naming-contexts: cn=schema ds-private-naming-contexts: cn=tasks ds-private-naming-contexts: dc=replicationChanges supportedTLSProtocols: SSLv2Hello supportedTLSProtocols: SSLv3 supportedTLSProtocols: TLSv1 supportedTLSProtocols: TLSv1.1 supportedTLSProtocols: TLSv1.2 numSubordinates: 1 namingContexts: dc=example,dc=com structuralObjectClass: ds-root-dse lastExternalChangelogCookie: lastChangeNumber: 0 firstChangeNumber: 0 supportedExtension: 1.3.6.1.1.8 supportedExtension: 1.3.6.1.4.1.26027.1.6.1 supportedExtension: 1.3.6.1.4.1.26027.1.6.2 supportedExtension: 1.3.6.1.4.1.26027.1.6.3 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.1466.20037 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 vendorName: ForgeRock AS. vendorVersion: OpenDJ 2.5.0 hasSubordinates: true entryDN: entryUUID: d41d8cd9-8f00-3204-a980-0998ecf8427e Three key pieces of information in the entry shown above are attribute values for namingContexts (showing the base DNs under which your application can look for user data), subschemaSubentry (indicating where the LDAP schema are stored), and supportedLDAPVersion (with OpenDJ seen to support both LDAPv2 and LDAPv3).
Checking For LDAPv3 Support As shown in the previous section, you can check that the root DSE attribute supportedLDAPVersion has a value of 3. LDAPv3 has been available since 1997. Client applications built with OpenDJ SDK use LDAPv3.
Getting Schema Information LDAP Schema The root DSE attribute subschemaSubentry shows the DN of the entry holding LDAP schema definitions. LDAP schema defines the object classes, attributes types, attribute value syntaxes, matching rules and so on that constrain entries held by the LDAP server. The org.forgerock.opendj.ldap.schema package is devoted to constructing and querying LDAP schemas. The Schema class provides readSchema(), and readSchemaForEntry() to get the relevant schema from the subschema subentry, and then validateEntry() to check an entry your application has constructed before sending the entry to the server. The following example reads schemas from the directory server, and then lists the attribute types, object classes, matching rules, and syntaxes obtained. [jcp:org.forgerock.opendj.examples.ReadSchema:--- JCite ---]