Understanding and Deploying LDAP Directory Services > 3. An Introduction to LDAP > LDAP APIs |
LDAP APIsEarly on, the developers of LDAP realized that the creation of directory-enabled applications would happen much more quickly if there existed a standard API for accessing and updating the directory. The original LDAP distribution from the University of Michigan (often referred to as the U-M LDAP release; refer to Chapter 2) included a C programming library and several sample client programs built on this library. For quite a while, the C API included in the U-M distribution was the only API/SDK available. With the current industry momentum behind LDAP, however, the number of SDKs is increasing, and additional SDKs are becoming available. (We will discuss these additional SDKs later in this section and in Chapter 20.) Figure 3.22 shows how the LDAP SDK fits into a directory-enabled client application. Figure 3.22 The LDAP API provides a common interface to an LDAP client library SDK.The LDAP C API for LDAP version 2 is documented in RFC 1823, and a proposed C API for LDAP version 3 is in draft form at this time (available from the IETF Web site at http://www.ietf.org). The C API document simply defines the API calls and their semantics. To obtain an actual SDK, you need to download one from one of a number of sources:
All of the C SDKs can, of course, be used from a C++ program. An Overview of the C LDAP APIThe LDAP C API defines a set of core functions that map almost one-to-one onto the LDAP protocol operations. Those core functions are shown in Table 3.5. Table 3.5. The main LDAP C API functions
The APIs listed in Table 3.5 provide an asynchronous interface to the directory; that is, the calls are used to initiate a protocol operation to the server, and the ldap_result() call is used later to collect results from the previously initiated operations. This allows your client to issue multiple protocol requests or perform other work, such as updating window contents, while the operation is in progress on the server. The API also provides a synchronous interface, in which the API calls are blocked until all results are returned from the server. The synchronous calls are generally simpler to use and are appropriate for simple command-line clients and multithreaded applications. In addition to the API calls listed in Table 3.5 and their synchronous counterparts, the LDAP API defines a set of utility routines that can be used to parse returned results from the server; iterates over sets of entries, attributes, and attribute values; and performs other useful operations. For a complete description of the various API calls available in the SDK you are using, consult the documentation. A useful reference book that covers the C API in detail and offers general advice on building directory-enabled applications was written by two of the authors of this book. It is called LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol , by Tim Howes and Mark Smith, published by Macmillan Technical Publishing. Other LDAP APIsIn addition the various implementations of the C API, four other APIs are available:
These "directory- agnostic " access APIs (APIs that can access a number of different directory systems) can be useful if you are writing client software that must simultaneously access multiple directory services running incompatible protocols. However, because they present a single API across all the different directory protocols they support, these tools may not have sufficient fidelity for your needs. In other words, some features supported by the underlying protocol may not be available in the unified API. In order to support these new features, the unified API must be revised to expose the new features. If the new feature exposes functionality in some protocol you aren't using, this is unnecessary clutter and overhead. LDAP-only APIs don't suffer from this problem.
|
Index terms contained in this sectionADSI (Microsoft)APIs 2nd C LDAP API functions synchronicity utility routines JNDI (Java Naming and Directory Interface) Microsoft ADSI multiple directory access Netscape Java API PerLDAP C LDAP API functions synchronicity utility routines directories APIs accessing multiple downloading SDKs (software development kits) functions C LDAP API IETF Web site Innsoft Web site Java Naming and Directory Interface (JNDI) JNDI (Java Naming and Directory Interface LDAP APIs 2nd C LDAP API 2nd 3rd 4th JNDI (Java Naming and Directory Interface) Microsoft ADSI multiple directory access Netscape Java API PerLDAP Microsoft ADSI Microsoft Web site mozilla.org Web site multiple directories API access Netscape Java API Netscape Web site PerLDAP API SDKs (software development kits) downloading synchronicity C LDAP API University of Michigan SDK Web site utility routines C LDAP API Web sites IETF Innsoft JavaSoft Microsoft mozilla.org Netscape University of Michigan SDK |
2002, O'Reilly & Associates, Inc. |