Searching & Comparing Directory Data Traditionally directories excel at serving read requests. This chapter covers the read (search and compare) capabilities that OpenDJ LDAP Java SDK provides. The data used in examples here is available online.
About Searching An LDAP search looks up entries based on the following parameters. A filter that indicates which attribute values to match A base DN that specifies where in the directory information tree to look for matches A scope that defines how far to go under the base DN A list of attributes to fetch for an entry when a match is found For example, imagine you must write an application where users login using their email address and a password. After the user logs in, your application displays the user's full name so it is obvious who is logged in. Your application is supposed to go to the user directory both for authentication, and also to read user profile information. You are told the user directory stores user profile entries under base DN ou=People,dc=example,dc=com, that email addresses are stored on the standard mail attribute, and full names are store on the standard cn attribute. You figure out how to authenticate from the chapter on authentication, in which you learn you need a bind DN and a password to do simple authentication. But how do you find the bind DN given the email? How do you get the full name? The answer to both questions is that you do an LDAP search for the user's entry, which has the DN that you use to bind, and you have the server fetch the cn attribute in the results. Your search uses the following parameters. The filter is (mail=emailAddress), where emailAddress is the email address the user provided. The base DN is the one given to you, ou=People,dc=example,dc=com. For the scope, you figure the user entry is somewhere under the base DN, so you opt to search the whole subtree. The attribute to fetch is cn. The following code excerpt demonstrates how this might be done in a minimal command-line program. // Prompt for mail and password. Console c = System.console(); if (c == null) { System.err.println("No console."); System.exit(1); } String mail = c.readLine("Email address: "); char[] password = c.readPassword("Password: "); // Search using mail address, and then bind with the DN and password. final LDAPConnectionFactory factory = new LDAPConnectionFactory(host, port); Connection connection = null; try { connection = factory.getConnection(); SearchResultEntry entry = connection.searchSingleEntry(baseDN, SearchScope.WHOLE_SUBTREE, "(mail=" + mail + ")", "cn"); DN bindDN = entry.getName(); BindResult result = connection.bind(bindDN.toString(), password); if (result.isSuccess()) { String cn = entry.getAttribute("cn").firstValueAsString(); System.out.println("Hello, " + cn + "!"); } else { System.err.println("Failed to bind."); } } catch (final ErrorResultException e) { System.err.println("Failed to bind."); System.exit(e.getResult().getResultCode().intValue()); return; } catch (final InterruptedException e) { System.err.println(e.getMessage()); System.exit(ResultCode.CLIENT_SIDE_USER_CANCELLED.intValue()); return; } finally { if (connection != null) { connection.close(); } }
Working With Search Filters TODO
Sending a Search Request TODO
Getting Search Results TODO
Abandoning an Incomplete Search TODO
Working With LDAP URLs TODO
Sorting Search Results TODO
About Comparing TODO