II: Designing Your Directory Service

Understanding and Deploying LDAP Directory Services > 3. An Introduction to LDAP > LDAP APIs

<  BACK CONTINUE  >
153021169001182127177100019128036004029190136140232051053055078208061188076048209225242

LDAP APIs

Early on, the developers of LDAP realized that the creation of directory-enabled applications would happen much more quickly if there existed a standard API for accessing and updating the directory. The original LDAP distribution from the University of Michigan (often referred to as the U-M LDAP release; refer to Chapter 2) included a C programming library and several sample client programs built on this library. For quite a while, the C API included in the U-M distribution was the only API/SDK available. With the current industry momentum behind LDAP, however, the number of SDKs is increasing, and additional SDKs are becoming available. (We will discuss these additional SDKs later in this section and in Chapter 20.) Figure 3.22 shows how the LDAP SDK fits into a directory-enabled client application.

Figure 3.22 The LDAP API provides a common interface to an LDAP client library SDK.

The LDAP C API for LDAP version 2 is documented in RFC 1823, and a proposed C API for LDAP version 3 is in draft form at this time (available from the IETF Web site at http://www.ietf.org). The C API document simply defines the API calls and their semantics.

To obtain an actual SDK, you need to download one from one of a number of sources:

  • The original University of Michigan SDK, which supports LDAPv2, is available in source code form from http://www.umich.edu/~dirsvcs/ldap/.

  • An updated C SDK that supports LDAPv2 and LDAPv3 is available free of charge in binary form from Netscape at http://developer.netscape.com.

  • Source code for the Netscape SDK is publicly available from mozilla.org at http://www.mozilla.org.

  • Another LDAPv2/LDAPv3 SDK is available from Innosoft at http://www.innosoft.com.

All of the C SDKs can, of course, be used from a C++ program.

An Overview of the C LDAP API

The LDAP C API defines a set of core functions that map almost one-to-one onto the LDAP protocol operations. Those core functions are shown in Table 3.5.

Table  3.5. The main LDAP C API functions
Function Description
ldap_search() Searches for directory entries
ldap_compare() Sees whether an entry contains a given attribute value
ldap_bind() Authenticates (proves your identity) to a directory server
ldap_unbind() Terminates an LDAP session
ldap_modify() Makes changes to an existing directory entry
ldap_add() Adds a new directory entry
ldap_delete() Deletes an existing directory entry
ldap_rename() Renames an existing directory entry (this call is named ldap_modrdn() in LDAPv2-only SDKs)
ldap_result() Retrieves the results of one of the previous operations

The APIs listed in Table 3.5 provide an asynchronous interface to the directory; that is, the calls are used to initiate a protocol operation to the server, and the ldap_result() call is used later to collect results from the previously initiated operations. This allows your client to issue multiple protocol requests or perform other work, such as updating window contents, while the operation is in progress on the server.

The API also provides a synchronous interface, in which the API calls are blocked until all results are returned from the server. The synchronous calls are generally simpler to use and are appropriate for simple command-line clients and multithreaded applications.

In addition to the API calls listed in Table 3.5 and their synchronous counterparts, the LDAP API defines a set of utility routines that can be used to parse returned results from the server; iterates over sets of entries, attributes, and attribute values; and performs other useful operations. For a complete description of the various API calls available in the SDK you are using, consult the documentation.

A useful reference book that covers the C API in detail and offers general advice on building directory-enabled applications was written by two of the authors of this book. It is called LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol , by Tim Howes and Mark Smith, published by Macmillan Technical Publishing.

Other LDAP APIs

In addition the various implementations of the C API, four other APIs are available:

  • Netscape has developed an LDAPv2 and LDAPv3 Java API that, like the C API, has a close mapping onto the LDAP protocol. The Java API specification, currently in draft form, is available from the IETF Web site at http://www.ietf.org . An SDK that implements the draft API is available from http://developer.netscape.com/ and, like the C SDK, is available in source code form at http://www.mozilla.org . Online documentation is also available. The Java classes that implement the Netscape SDK are also included with versions of Netscape Communicator currently being shipped.

  • Perl fans can use PerLDAP, available from http://www.mozilla.org .

  • JavaSoft has developed the proprietary Java Naming and Directory Interface (JNDI). This API/SDK defines a common interface for accessing a number of different directory systems from a Java application or applet. Additional types of directory systems and protocols can be supported by developing additional service provider interfaces (SPIs) for JNDI. This allows a JNDI client to access a number of distinct directory services, such as NIS, DNS, LDAP, NDS, or X.500. JNDI is available from JavaSoft at http://www.javasoft.com/ .

  • Microsoft also has a proprietary, object-oriented SDK, called ADSI, for accessing multiple directory systems. ADSI APIs are available for Visual Basic, C, and C++. For more information on ADSI, see http://www.microsoft.com .

These "directory- agnostic " access APIs (APIs that can access a number of different directory systems) can be useful if you are writing client software that must simultaneously access multiple directory services running incompatible protocols. However, because they present a single API across all the different directory protocols they support, these tools may not have sufficient fidelity for your needs. In other words, some features supported by the underlying protocol may not be available in the unified API.

In order to support these new features, the unified API must be revised to expose the new features. If the new feature exposes functionality in some protocol you aren't using, this is unnecessary clutter and overhead. LDAP-only APIs don't suffer from this problem.



Understanding and Deploying LDAP Directory Services,  2002 New Riders Publishing
<  BACK CONTINUE  >

Index terms contained in this section

ADSI (Microsoft)
APIs 2nd
          C LDAP API
                    functions
                    synchronicity
                    utility routines
          JNDI (Java Naming and Directory Interface)
          Microsoft ADSI
          multiple directory access
          Netscape Java API
          PerLDAP
C LDAP API
          functions
          synchronicity
          utility routines
directories
         APIs
                    accessing multiple
downloading
          SDKs (software development kits)
functions
          C LDAP API
IETF
          Web site
Innsoft Web site
Java Naming and Directory Interface (JNDI)
JNDI (Java Naming and Directory Interface
LDAP
          APIs 2nd
                    C LDAP API 2nd 3rd 4th
                    JNDI (Java Naming and Directory Interface)
                    Microsoft ADSI
                    multiple directory access
                    Netscape Java API
                    PerLDAP
Microsoft ADSI
Microsoft Web site
mozilla.org Web site
multiple directories
          API access
Netscape Java API
Netscape Web site
PerLDAP API
SDKs (software development kits)
          downloading
synchronicity
          C LDAP API
University of Michigan SDK Web site
utility routines
          C LDAP API
Web sites
          IETF
          Innsoft
          JavaSoft
          Microsoft
          mozilla.org
          Netscape
          University of Michigan SDK

2002, O'Reilly & Associates, Inc.



Understanding and Deploying LDAP Directory Services
Understanding and Deploying LDAP Directory Services (2nd Edition)
ISBN: 0672323168
EAN: 2147483647
Year: 1997
Pages: 245

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net