Hello
Requesting again to the experienced people on the matter to comment on my
earlier post on how I can handle integration of my app with existing groups
on LDAP server.
I have done research myself and based on that these are my findings but
I have not worked earlier with LDAP, so not sure.
I need to meet the deadline so any help would be great..
Thanks..
On 11/28/06, Avneet Singh <[EMAIL PROTECTED]> wrote:
Are these algorithms good to find all kinds of groups/user info.
Requirement - To be able to query existing user/group info from any kind
of DS(Apache,Active Dir etc) having any kind of groups(Static, Dynamic
etc)
*getAllStaticGroups*()
{
Search: your root naming context
Scope: subtree
Filter: (&(objectclass=groupofuniquenames))//for any DS
(&(objectclass=groupofnames))//for any DS
(&(objectclass=group))//for active directory
}
*getAllDynamicGroups*()
{
Search: your root naming context
Scope: subtree
Filter: (&(objectclass=groupOfURLs))
}
*isMemberOfStaticGroup*(groupname,userdn)
{
Search: your root naming context
Scope: subtree
Filter:
(&(objectclass=groupofuniquenames)(cn=groupname)(uniquemember=userdn))//for
any DS
(&(objectclass=groupofnames)(cn=groupname)(member=userdn))//for any DS
(&(objectclass=group)(cn=groupname)(member=userdn))//for active
directory
}
*isMemberOfDynamicGroup*(groupname,userdn)
{
Step 1: Search: your root naming context
Scope: subtree
Filter: (&(objectclass=groupOfURLs)(cn=groupname))
Step 2: use 'memberURL' attribute to chk if user is in the group
}
If the above are not good, any pointers to already existing algo/program
snippets would be helpful..
Thanks
Avneet Singh
On 11/28/06, Stefan Zoerner <[EMAIL PROTECTED]> wrote:
>
> Hi Avneet!
>
> Avneet Singh wrote:
> > Thanks ..It was a great article, some general questions though-
> >
> > 1. The article was written a while back, are there any
> > additions/updations to it somewhere on the Internet or does it still
> > holds good.
>
> I know (and like) this article as well, it still holds true for many
> directories which use these object classes. We have also adopted some
> algorithms successfully to Active Directory, which uses other object
> classes, but comparable concepts ...
>
> > 2. Is there no Java API to do simple group search rather than a
> > developer going into the complexities of several different
> possibilities
> > of groups?
> > 3. Actually ours is a java app which uses authentication from
> customers
> > ldap server. Till now we did not have concept of groups but we need to
>
> > support that now. Since our customers can have any kind of
> pre-existing
> > LDAP schema(and thus any kind of groups), I need to be able to support
> > all kind of possibilities in groups. So I was trying to find some Java
>
> > API which hides the complexity of so many different possibles, how can
> I
> > achieve that?
>
> One option is to make the search filters used in the algorithm
> configurable (as Tomcat in its JNDI Realm does, for instance).
>
> If you use JNDI, another option is to use object and/or state factories
> to translate between directory entries for groups and Java objects,
> which represent groups. Learn more about these (widely unknown) JNDI
> feature here:
>
> http://java.sun.com/products/jndi/tutorial/objects/factory/index.html
> http://java.sun.com/products/jndi/tutorial/objects/state/index.html
>
> The LDAP Booster Pack for JNDI already provides object and state
> factories for RFC style groups. They may help (I am not certain, because
> I do not know your requirements in detail -- for instance they do not
> work with Active Directory, afaik).
> You can download these classes here
> http://java.sun.com/products/jndi/
>
> Perhaps two valid ideas, how to abstract from schema details.
>
> I hope this helps, Greetings from Frankfurt,
> Stefan
>
>
--
Regds
Avneet Singh
781-492-4449
--
Regds
Avneet Singh
781-492-4449
