4. Programación

5.5 LDAP Lightweight Directory Access Protocol

What is LDAP

Lightweight Directory Access Protocol
Based on X.500
Directory service (RFC1777)
Stores attribute based data
Data generallly read more than written to
- No transactions
- No rollback
Hierarchical data structure
- Entries are in a tree-like structure called Directory Information Tree (DIT)
Hierachical

Flat
Client-server model
Consistant view of data
- Answers request
- Refer to server with answer
Referrals
1. Client requests information
2. Server 1 returns referral to server 2
3. Client resends request to server 2
4. Server 2 returns information to client
Global View
Based on entries
- Collection of attributes
- Has a distinguished name (DN) - like domain name

Acronyms

LDAP

Lightweight Directory Access Protocol

DN

Distinguish Name

RDN

Relative Distinuished Name

DIT

Directory Information Tree

LDIF

LDAP Data Interchange Format

OID

Object Identifier

LDIF

LDAP Data Interchange Format
- Represents LDAP entries in text
- Human readable format
- Allows easy modification of data
ldbmcat converts ldbm database to ldif
ldif2ldbm converts ldif back to ldbm database

Example extract


dn: uid=bmarshal,ou=People,dc=pisoftware,dc=com
uid: bmarshal
cn: Brad Marshall
objectclass: account
objectclass: posixAccount
objectclass: top
loginshell: /bin/bash
uidnumber: 500
gidnumber: 120
homedirectory: /mnt/home/bmarshal
gecos: Brad Marshall,,,,
userpassword: {crypt}KDnOoUYN7Neac

Schema

Set of rules that describes what kind of data is stored
Helps maintain consistancy and quality of data
Reduces duplication of data
Object class attribute determines schema rules the entry must follow
Schema contains the following:
- Required attributes
- Allowed attributes
- How to compare attributes
- Limit what the attributes can store - ie, restrict to integer etc
- Restrict what information is stored - ie, stops duplication etc

Attribute abbreviations

See RFC2256

uid

User id

cn

Common Name

sn

Surname

l

Location

ou

Organisational Unit

o

Organisation

dc

Domain Component

st

State

c

Country

Search Filters

Criteria for attributes that must be fulfilled for entry to be returned
Base dn = base object entry search is relative to
Prefix notation
Standards
- RFC 1960: LDAP String Representation of Search Filters
- RFC 2254: LDAPv3 Search Filters
Operators
- & = and
- | = or
- ! = not
- ~= = approx equal
- >= = greater than or equal
- <= = less than or equal
- * = any
Eg
- (objectclass=posixAccount)
- (cn=Mickey M*)
- (|(uid=fred)(uid=bill))
- (&(|(uid=jack)(uid=jill))(objectclass=posixAccount))

Deploying LDAP

Servers

Slapd
- University of Michigan
- Openldap
Netscape Directory Server
Microsoft Active Directory (AD)
Novell Directory Services (NDS)
Sun Directory Services (SDS)
Lucent's Internet Directory Server (IDS)

Openldap

LDAP Server architecture

LDAP daemon called slapd
- Choice of databases
  - LDBM - high performance disk based db
  - SHELL - db interface to unix commands
  - PASSWORD - simple password file db
  - SQL - mapping sql to ldap (in OpenLDAP 2.x)
- Multiple database instances
- Access control
- Threaded
- Replication
LDAP Architecture
Replication daemon called slurpd
- Frees slapd from worrying about hosts being down etc
- Communicates with slapd through text file
Replication Architecture

Replication

Increases:
- Reliability - if one copy of the directory is down
- Availability - more likely to find an available server
- Performance - can use a server closer to you
- Speed - can take more queries as replicas are added
Temporary inconsistances are ok
Having replicas close to clients is important - network going down is same as server going down
Removes single point of failure

Replication Options

a. All modifications go to the master LDAP server

b. Using referrals

Client sends modification to replica
Replica returns referral to master
Client resubmits modification to master
Master returns results to client
Master updates replica with change

c. Using chaining

Client sends modification to replica
Replica forwards request to master
Master returns result to replica
Replica forwards result to client
Master updates replica

Examples slapd.conf


#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/slapd.at.conf
include         /etc/openldap/slapd.oc.conf
schemacheck     off

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

defaultaccess read

access to attr=userpassword
   by self write
   by * read

access to *
   by self write
   by dn=".+" read
   by * read
#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=pisoftware, dc=com"
rootdn          "cn=Manager, dc=pisoftware, dc=com"
rootpw          {crypt}lAn4J@KmNp9
replica host=cox.staff.plugged.com.au:389
    binddn="cn=Manager,dc=pisoftware,dc=com"
    bindmethod=simple credentials=secret
    replogfile /var/lib/openldap/replication.log
# cleartext passwords, especially for the rootdn, should
# be avoid.  See slapd.conf(5) for details.
directory       /var/lib/openldap/

Installing and Configuring LDAP

setenv CC gcc
setenv CXX gcc
source ~carlos/.cshrc
:~/openldapsrc>env CC=gcc CPPFLAGS="-I/centia01/common/include" LDFLAGS="-L/centia01/common/lib" LD_LIBRARY_PATH=/centia01/common/lib ./configure --prefix=/archivos/vol880-12/carlos/local

setenv MANPATH ${MANPATH}:/archivos/vol880-12/carlos/local/man

:~/local/etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/home/digital/local/etc/openldap/schema/core.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
   # service AND an understanding of referrals.
   #referral ldap://root.openldap.org

pidfile /home/digital/local/var/run/slapd.pid
   argsfile /home/digital/local/var/run/slapd.args

# Load dynamic backend modules:
   # modulepath /home/digital/local/libexec/openldap
   # moduleload back_bdb.la
   # moduleload back_ldap.la
   # moduleload back_ldbm.la
   # moduleload back_passwd.la
   # moduleload back_shell.la

# Sample security restrictions
   # Require integrity protection (prevent hijacking)
   # Require 112-bit (3DES or better) encryption for updates
   # Require 63-bit encryption for simple bind
   # security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
   # Root DSE: allow anyone to read it
   # Subschema (sub)entry DSE: allow anyone to read it
   # Other DSEs:
   # Allow self write access
   # Allow authenticated users read access
   # Allow anonymous users to authenticate
   # Directives needed to implement policy:
   # access to dn.base="" by * read
   # access to dn.base="cn=Subschema" by * read
   # access to *
   # by self write
   # by users read
   # by anonymous auth
   #
   # if no access controls are present, the default policy
   # allows anyone and everyone to read anything but restricts
   # updates to rootdn. (e.g., "access to * by * read")
   #
   # rootdn can always read and write EVERYTHING!

   #password-hash {MD5}
   #######################################################################
   # BDB database definitions
   #######################################################################

database bdb
   suffix "dc=udlap,dc=mx"
   rootdn "cn=Manager,dc=udlap,dc=mx"
   # Cleartext passwords, especially for the rootdn, should
   # be avoid. See slappasswd(8) and slapd.conf(5) for details.
   # Use of strong authentication encouraged.
   rootpw lolo
   # The database directory MUST exist prior to running slapd AND 
   # should only be accessible by the slapd and slap tools.
   # Mode 700 recommended.
   directory /home/digital/local/var/openldap-data
   # Indices to maintain
   index objectClass eq


Start

:~/local/libexec> /home/digital/local/libexec/slapd -h ldap://ict.udlap.mx:9009/
o levantándolo como root en el puerto por default 389
:~/local/libexec> su root -c /home/digital/local/libexec/slapd 

La primera vez habra que inicializar el directorio:

archivo: initial.ldif

dn: dc=udlap,dc=mx
objectclass: dcObject
objectclass: organization
o: Example Company
dc: udlap

dn: cn=Manager,dc=udlap,dc=mx
   objectclass: organizationalRole
   cn: Manager

:~/local>bin/ldapadd -x -D "cn=Manager,dc=udlap,dc=mx" -W -h ict.udlap.mx -p 9009 -f initial.ldif
Enter LDAP Password:
adding new entry "dc=udlap,dc=mx"

adding new entry "cn=Manager,dc=udlap,dc=mx"

:~/local>bin/ldapsearch -x -b 'cn=Manager,dc=udlap,dc=mx' -h    ict.udlap.mx -p 9009 '(objectclass=*)'
   # extended LDIF
   #
   # LDAPv3
   # base <cn=Manager,dc=udlap,dc=mx> with scope sub
   # filter: (objectclass=*)
   # requesting: ALL
   #

# Manager, udlap.mx
   dn: cn=Manager,dc=udlap,dc=mx
   objectClass: organizationalRole
   cn: Manager

# search result
   search: 2
   result: 0 Success

# numResponses: 2
   # numEntries: 1
 
Stop

kill -INT `cat /home/digital/local/var/run/slapd.pid`
o en Solaris
kill  `cat /home/digital/local/var/run/slapd.pid`

LDAP Applications

Application Architecture

Using Multiple Applications

LDAP Browsers

JXPLORER

http://pegacat.com/jxplorer/

LDAPBrowser

http://www-unix.mcs.anl.gov/~gawor/ldap/

http://biot.com/gq/

Programas ejemplo con el API de Novell

   1:import com.novell.ldap.LDAPAttribute;
   2:import com.novell.ldap.LDAPAttributeSet;
   3:import com.novell.ldap.LDAPEntry;
   4:import com.novell.ldap.LDAPConnection;
   5:import com.novell.ldap.LDAPException;
   6:import java.io.UnsupportedEncodingException;
   7:
   8:public class AddEntry
   9:{
  10:    public static void main( String[] args )
  11:    {
  12:        if (args.length != 4) {
  13:            System.err.println("Usage:   java AddEntry <host name> <login dn>"
  14:                                                + " <password> <container>");
  15:            System.err.println("Example: java AddEntry Acme.com"
  16:                        + " \"cn=admin,o=Acme\" secret \"ou=Sales,o=Acme\"");
  17:            System.exit(1);
  18:        }
  19:                
  20:        int ldapPort = LDAPConnection.DEFAULT_PORT;
  21:        int ldapVersion  = LDAPConnection.LDAP_V3;
  22:        String ldapHost       = args[0];
  23:        String loginDN        = args[1];
  24:        String password       = args[2];
  25:        String containerName  = args[3];
  26:        LDAPConnection lc = new LDAPConnection();
  27:        LDAPAttribute  attribute = null;
  28:        LDAPAttributeSet attributeSet = new LDAPAttributeSet();
  29:
  30:     
  31:        /* To Add an entry to the directory,
  32:         *  - Create the attributes of the entry and add them to an attribute set
  33:         *  - Specify the DN of the entry to be created
  34:         *  - Create an LDAPEntry object with the DN and the attribute set
  35:         *  - Call the LDAPConnection add method to add it to the directory
  36:         */                   
  37:        attributeSet.add( new LDAPAttribute( 
  38:                             "objectclass", new String("organizationalPerson")));                
  39:        attributeSet.add( new LDAPAttribute("cn", 
  40:                new String[]{"James Smith", "Jim Smith", "Jimmy Smith"}));               
  41:               
  42:        attributeSet.add( new LDAPAttribute("sn", new String("Smith")));        
  43:        attributeSet.add( new LDAPAttribute("telephonenumber",
  44:                                            new String("1 801 555 1212")));                                                     
  45:       
  46:        attributeSet.add( new LDAPAttribute("userpassword", 
  47:                                               new String("newpassword")));                                           
  48:                                               
  49:        String  dn  = "cn=Jim Smith," + containerName;      
  50:        LDAPEntry newEntry = new LDAPEntry( dn, attributeSet );
  51:
  52:        try {
  53:            // connect to the server
  54:            lc.connect( ldapHost, ldapPort );
  55:            // authenticate to the server
  56:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  57:
  58:            lc.add( newEntry );
  59:            System.out.println( "\nAdded object: " + dn + " successfully." );
  60:
  61:            // disconnect with the server
  62:            lc.disconnect();
  63:        }
  64:        catch( LDAPException e ) {
  65:            System.out.println( "Error:  " + e.toString());
  66:        }
  67:        catch( UnsupportedEncodingException e ) {
  68:            System.out.println( "Error: " + e.toString() );
  69:        }                                   
  70:        System.exit(0);
  71:    }
  72:}

digital@localhost:~/ldapsample> java AddEntry localhost "cn=Manager,dc=udlap,dc=mx"        lolo "dc=udlap,dc=mx"

Added object: cn=Jim Smith,dc=udlap,dc=mx successfully.

   1:import com.novell.ldap.*;
   2:import java.io.UnsupportedEncodingException;
   3:
   4:public class AddUserToGroup 
   5:{
   6:    public static void main( String[] args ) 
   7:    {
   8:                        
   9:        if (args.length != 5) {
  10:            usage();
  11:            System.exit(1);
  12:        }
  13:
  14:        int ldapPort      = LDAPConnection.DEFAULT_PORT;
  15:        int ldapVersion   = LDAPConnection.LDAP_V3;
  16:        boolean status    = false;
  17:        LDAPConnection lc = new LDAPConnection();
  18:        String   ldapHost = args[0];
  19:        String   loginDN  = args[1];
  20:        String   password = args[2];
  21:        String   userDN   = args[3];
  22:        String   groupDN  = args[4];
  23:        
  24:        try {
  25:            // connect to the server
  26:            lc.connect( ldapHost, ldapPort);
  27:            // bind to the server
  28:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  29:            
  30:            // call _AddUseToGroup() to add the user to the group
  31:            status = _AddUserToGroup( lc, userDN, groupDN );
  32:            
  33:            if ( status )
  34:                System.out.println(
  35:                  "User: " + userDN + " was enrolled in group: " + groupDN);
  36:            else
  37:                System.out.println( "User: " + userDN + 
  38:                             " could not be enrolled in group: " + groupDN);
  39:
  40:            // disconnect with the server
  41:            lc.disconnect();
  42:        }
  43:        catch( LDAPException e ) { 
  44:            System.out.println( "Error: " + e.toString() );
  45:        }
  46:        catch( UnsupportedEncodingException e ) {
  47:            System.out.println( "Error: " + e.toString() );
  48:        }
  49:        System.exit(0);
  50:    }
  51:    
  52:    public static void usage() {
  53:            System.err.println("Usage:   java AddUserToGroup <ldap host>"
  54:                        + " <login dn> <password> <user dn >\n" 
  55:                        +"              <group dn>");
  56:            System.err.println("Example: java AddUserToGroup Acme.com" 
  57:                               + " \"cn=Admin,o=Acme\" secret\n" 
  58:                               + "              \"cn=James,ou=Sales,o=Acme\""
  59:                               + " \"cn=salesGroup,ou=Sales,o=Acme\"");
  60:    }
  61:    
  62:    public static boolean _AddUserToGroup( LDAPConnection lc,
  63:                                           String userdn, 
  64:                                           String groupdn ) {
  65:
  66:        // modifications for group and user
  67:        LDAPModification[]  modGroup = new LDAPModification[1];
  68:       
  69:        // Add modifications to modGroup
  70:        LDAPAttribute member = new LDAPAttribute("member", userdn);
  71:        modGroup[0] = new LDAPModification( LDAPModification.ADD, member);
  72:       
  73:        try {
  74:            // Modify the group's attributes
  75:            lc.modify( groupdn, modGroup);
  76:            System.out.println("Modified the group's attribute.");
  77:        }
  78:        catch( LDAPException e ) {
  79:            System.out.println(
  80:                "Failed to modify group's attributes: " + e.toString() );
  81:            
  82:            return false;
  83:        }
  84:        return true;
  85:    }
  86:
  87:    
  88:}

digital@localhost:~/ldapsample> java AddUserToGroup localhost "cn=Manager,dc=udlap,dc=mx"        lolo "cn=Carlos Proal,ou=usuarios,dc=udlap,dc=mx" "cn=amigos,dc=udlap,dc=mx"
       Modified the group's attribute.
       User: cn=Carlos Proal,ou=usuarios,dc=udlap,dc=mx was enrolled in group:        cn=amigos,dc=udlap,dc=mx

   1:import com.novell.ldap.LDAPAttribute;
   2:import com.novell.ldap.LDAPAttributeSet;
   3:import com.novell.ldap.LDAPConnection;
   4:import com.novell.ldap.LDAPEntry;
   5:import com.novell.ldap.LDAPException;
   6:import com.novell.ldap.LDAPSearchResults;
   7:import com.novell.ldap.util.Base64;
   8:import java.util.Enumeration;
   9:import java.util.Iterator;
  10:import java.io.UnsupportedEncodingException;
  11:
  12:public class Read
  13:{
  14:    public static void main( String[] args )
  15:    {
  16:        if (args.length != 4) {
  17:           System.out.println("Usage:   java Search <host name> <login dn>"
  18:                              + " <password> <user dn>");
  19:                              
  20:           System.out.println("Example: java Search Acme.com"
  21:                                    + " \"cn=admin,o=Acme\""
  22:                                    + " secret \"cn= John Smith, ou=sales,o=Acme\"");
  23:                                    
  24:           System.exit(0);
  25:        }
  26:
  27:        int ldapPort = LDAPConnection.DEFAULT_PORT;
  28:        int ldapVersion  = LDAPConnection.LDAP_V3;
  29:        String ldapHost = args[0];
  30:        String loginDN  = args[1];
  31:        String password = args[2];
  32:        String userDN = args[3];
  33:        
  34:        LDAPConnection lc = new LDAPConnection();
  35:
  36:        try {
  37:            // connect to the server
  38:            lc.connect( ldapHost, ldapPort );
  39:            // bind to the server
  40:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  41:
  42:            LDAPEntry resultEntry =
  43:                lc.read(  userDN );
  44:
  45:            /* To print out the search results,
  46:             *   -- The first while loop goes through all the attributes
  47:             *   -- The second while loop goes through all the attribute values
  48:             */
  49:            
  50:                System.out.println("\n" + resultEntry.getDN());
  51:                System.out.println("  Attributes: ");
  52:
  53:                LDAPAttributeSet attributeSet = resultEntry.getAttributeSet();
  54:                Iterator allAttributes = attributeSet.iterator();
  55:
  56:                while(allAttributes.hasNext()) {
  57:                    LDAPAttribute attribute =
  58:                                (LDAPAttribute)allAttributes.next();
  59:                    String attributeName = attribute.getName();
  60:
  61:                    System.out.println("    " + attributeName);
  62:
  63:                    Enumeration allValues = attribute.getStringValues();
  64:
  65:                    if( allValues != null) {
  66:                        while(allValues.hasMoreElements()) {
  67:                            String Value = (String) allValues.nextElement();
  68:                            if (Base64.isLDIFSafe(Value)) {
  69:                                // is printable
  70:                                System.out.println("      " + Value);
  71:                            }
  72:                            else {
  73:                                // base64 encode and then print out
  74:                                Value = Base64.encode(Value.getBytes());
  75:                                System.out.println("      " + Value);
  76:                            }
  77:                        }
  78:                    }
  79:                }
  80:            
  81:            // disconnect with the server
  82:            lc.disconnect();
  83:        }
  84:        catch( LDAPException e ) {
  85:            System.out.println( "Error: " + e.toString() );
  86:        }
  87:        catch( UnsupportedEncodingException e ) {
  88:            System.out.println( "Error: " + e.toString() );
  89:        }
  90:        System.exit(0);
  91:    }
  92:}

digital@localhost:~/ldapsample> java Read localhost "cn=Jim Smith,dc=udlap,dc=mx" newpassword "cn=Jim Smith,dc=udlap,dc=mx"
cn=Jim Smith,dc=udlap,dc=mx
         Attributes:
         sn
         Smith
         cn
         James Smith
         Jim Smith
         Jimmy Smith
         objectClass
         organizationalPerson
         userPassword
         newpassword
         telephoneNumber
         1 801 555 1212


digital@localhost:~/ldapsample> java Read localhost "cn=Carlos        Proal,ou=usuarios,dc=udlap,dc=mx" lele "cn=Hermelinda Linda,ou=usuarios,dc=udlap,dc=mx" 
cn=Hermelinda Linda,ou=usuarios,dc=udlap,dc=mx

         Attributes:
         sn
         Linda
         cn
         Hermelinda Linda
         objectClass
         organizationalPerson
         person
         top
         userPassword
         feya

   1:import com.novell.ldap.LDAPAttribute;
   2:import com.novell.ldap.LDAPAttributeSet;
   3:import com.novell.ldap.LDAPConnection;
   4:import com.novell.ldap.LDAPEntry;
   5:import com.novell.ldap.LDAPException;
   6:import com.novell.ldap.LDAPSearchResults;
   7:import com.novell.ldap.util.Base64;
   8:import java.util.Enumeration;
   9:import java.util.Iterator;
  10:import java.io.UnsupportedEncodingException;
  11:
  12:public class Search
  13:{
  14:    public static void main( String[] args )
  15:    {
  16:        if (args.length != 5) {
  17:           System.out.println("Usage:   java Search <host name> <login dn>"
  18:                              + " <password> <search base>\n"
  19:                              + "         <search filter>");
  20:           System.out.println("Example: java Search Acme.com"
  21:                                    + " \"cn=admin,o=Acme\""
  22:                                    + " secret \"ou=sales,o=Acme\"\n"
  23:                                    + "         \"(objectclass=*)\"");
  24:           System.exit(0);
  25:        }
  26:
  27:        int ldapPort = LDAPConnection.DEFAULT_PORT;
  28:        int searchScope = LDAPConnection.SCOPE_ONE;
  29:        int ldapVersion  = LDAPConnection.LDAP_V3;
  30:        String ldapHost = args[0];
  31:        String loginDN  = args[1];
  32:        String password = args[2];
  33:        String searchBase = args[3];
  34:        String searchFilter = args[4];
  35:        LDAPConnection lc = new LDAPConnection();
  36:
  37:        try {
  38:            // connect to the server
  39:            lc.connect( ldapHost, ldapPort );
  40:            // bind to the server
  41:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  42:
  43:            LDAPSearchResults searchResults =
  44:                lc.search(  searchBase,
  45:                            searchScope,
  46:                            searchFilter,
  47:                            null,          // return all attributes
  48:                            false);        // return attrs and values
  49:
  50:            /* To print out the search results,
  51:             *   -- The first while loop goes through all the entries
  52:             *   -- The second while loop goes through all the attributes
  53:             *   -- The third while loop goes through all the attribute values
  54:             */
  55:            while ( searchResults.hasMore()) {
  56:                LDAPEntry nextEntry = null;
  57:                try {
  58:                    nextEntry = searchResults.next();
  59:                }
  60:                catch(LDAPException e) {
  61:                    System.out.println("Error: " + e.toString());
  62:
  63:                    // Exception is thrown, go for next entry
  64:
  65:                    continue;
  66:                }
  67:
  68:                System.out.println("\n" + nextEntry.getDN());
  69:                System.out.println("  Attributes: ");
  70:
  71:                LDAPAttributeSet attributeSet = nextEntry.getAttributeSet();
  72:                Iterator allAttributes = attributeSet.iterator();
  73:
  74:                while(allAttributes.hasNext()) {
  75:                    LDAPAttribute attribute =
  76:                                (LDAPAttribute)allAttributes.next();
  77:                    String attributeName = attribute.getName();
  78:
  79:                    System.out.println("    " + attributeName);
  80:
  81:                    Enumeration allValues = attribute.getStringValues();
  82:
  83:                    if( allValues != null) {
  84:                        while(allValues.hasMoreElements()) {
  85:                            String Value = (String) allValues.nextElement();
  86:                            if (Base64.isLDIFSafe(Value)) {
  87:                                // is printable
  88:                                System.out.println("      " + Value);
  89:                            }
  90:                            else {
  91:                                // base64 encode and then print out
  92:                                Value = Base64.encode(Value.getBytes());
  93:                                System.out.println("      " + Value);
  94:                            }
  95:                        }
  96:                    }
  97:                }
  98:            }
  99:            // disconnect with the server
 100:            lc.disconnect();
 101:        }
 102:        catch( LDAPException e ) {
 103:            System.out.println( "Error: " + e.toString() );
 104:        }
 105:        catch( UnsupportedEncodingException e ) {
 106:            System.out.println( "Error: " + e.toString() );
 107:        }
 108:        System.exit(0);
 109:    }
 110:}

digital@localhost:~/ldapsample> java Search localhost "cn=Jim        Smith,dc=udlap,dc=mx" newpassword "dc=udlap,dc=mx" "(objectclass=*)"

cn=Manager,dc=udlap,dc=mx
         Attributes:
         cn
         Manager
         objectClass
         organizationalRole

cn=Carlos Proal,dc=udlap,dc=mx
         Attributes:
         sn
         Proal
         title
         Mtro.
         Ing.
         ou
         biblio
         cn
         Carlos Proal
         objectClass
         organizationalPerson
         person
         top
         street
         mi casa
         userPassword
         lele

cn=amigos,dc=udlap,dc=mx
         Attributes:
         cn
         amigos
         objectClass
         groupOfNames
         top
         member
         cn=Carlos Proal,dc=udlap,dc=mx
         cn=Juan Perez,dc=udlap,dc=mx

cn=Juan Perez,dc=udlap,dc=mx
         Attributes:
         sn
         Perez
         cn
         Juan Perez
         objectClass
         organizationalPerson
         person
         top
         userPassword
         lele

cn=Jim Smith,dc=udlap,dc=mx
         Attributes:
         sn
         Smith
         cn
         James Smith
         Jim Smith
         Jimmy Smith
         objectClass
         organizationalPerson
         userPassword
         newpassword
         telephoneNumber
         1 801 555 1212

   1:import com.novell.ldap.*;
   2:import java.io.UnsupportedEncodingException;
   3:
   4:public class VerifyPassword
   5:{
   6:    public static void main( String[] args ) 
   7:    {        
   8:        if (args.length != 5) {
   9:           System.out.println("Usage:   java VerifyPassword <host name>"
  10:                            + " <login dn> <password> <object dn>\n"
  11:                            + "         <test password>");
  12:           System.out.println("Example: java VerifyPassword Acme.com "
  13:                       + "\"cn=Admin,o=Acme\" secret\n"
  14:                       + "         \"cn=JSmith,ou=Sales,o=Acme\" testPassword");
  15:           System.exit(0);
  16:        }
  17:
  18:        int ldapPort = LDAPConnection.DEFAULT_PORT;
  19:        int ldapVersion = LDAPConnection.LDAP_V3;
  20:        String ldapHost = args[0];
  21:        String loginDN = args[1];
  22:        String password = args[2];
  23:        String objectDN = args[3];
  24:        String testPassword = args[4];
  25:        LDAPConnection lc = new LDAPConnection();
  26:
  27:        try {
  28:            // connect to the server
  29:            lc.connect( ldapHost, ldapPort );
  30:
  31:            // authenticate to the server
  32:            lc.bind( ldapVersion, loginDN, password.getBytes("UTF8") );
  33:
  34:            LDAPAttribute attr = new LDAPAttribute(
  35:                                            "userPassword", testPassword );
  36:            boolean correct = lc.compare( objectDN, attr );
  37:
  38:            System.out.println( correct ? "The password is correct.":
  39:                                          "The password is incorrect.\n");
  40:
  41:            // disconnect with the server
  42:            lc.disconnect();
  43:        }
  44:        catch( LDAPException e ) {
  45:            if ( e.getResultCode() == LDAPException.NO_SUCH_OBJECT ) {
  46:                System.err.println( "Error: No such entry" );
  47:            } else if ( e.getResultCode() == 
  48:                                        LDAPException.NO_SUCH_ATTRIBUTE ) {
  49:                System.err.println( "Error: No such attribute" );
  50:            } else {
  51:                System.err.println( "Error: " + e.toString() );
  52:            }        
  53:        }
  54:        catch( UnsupportedEncodingException e ) {
  55:            System.out.println( "Error: " + e.toString() );
  56:        }       
  57:        System.exit(0);
  58:    }
  59:}
  60:

digital@localhost:~/ldapsample> java VerifyPassword localhost "cn=Jimmy        Smith,dc=udlap,dc=mx" newpassword "cn=Jimmy Smith,dc=udlap,dc=mx"        newpassword
       Error: LDAPException: Invalid Credentials (49) Invalid Credentials
       LDAPException: Matched DN:
       digital@localhost:~/ldapsample> java VerifyPassword localhost "cn=Jim        Smith,dc=udlap,dc=mx" newpassword "cn=Jimmy Smith,dc=udlap,dc=mx"        newpassword
       Error: No such entry
       digital@localhost:~/ldapsample> java VerifyPassword localhost "cn=Jim        Smith,dc=udlap,dc=mx" newpassword "cn=Jim Smith,dc=udlap,dc=mx"        newpassword
       The password is correct.

   1:import java.io.UnsupportedEncodingException;
   2:import java.security.MessageDigest;
   3:import java.security.NoSuchAlgorithmException;
   4:import com.novell.ldap.util.Base64;
   5:/**
   6: * Test MD5 digest computation
   7: *
   8: */
   9:public class MD5
  10:   {
  11:
  12:   /**
  13:    * test MD5 digest, requires Java 1.4+
  14:    *
  15:    * @param args not used
  16:    */
  17:   public static void main ( String[] args ) throws UnsupportedEncodingException, NoSuchAlgorithmException
  18:   {
  19:      byte[] theTextToDigestAsBytes = "lolo".getBytes( "ISO-8859-1" /* encoding */ );
  20:      MessageDigest md = MessageDigest.getInstance( "MD5" );
  21:      md.update( theTextToDigestAsBytes );
  22:      byte[] digest = md.digest();
  23:      System.out.println("{MD5}"+Base64.encode(digest));
  24:      
  25:      
  26:      
  27:   }
  28:   }

digital@localhost:~/ldapsample> java MD5
       {MD5}1lgdVCx+r4AShPCER4tfzA==