In this section we examine some different categories of SDKs and scripting tools that can be used to develop LDAP applications. The Further Reading section near the end of this chapter includes pointers to more detailed information on all the tools we mention. Directory software vendors naturally encourage developers to write directory-enabled applications, so many of these tools can be freely downloaded from the Internet and used at no cost. LDAP software development tools that can be used to write directory-enabled applications can be organized into four categories:
Practically speaking, your choice of LDAP software development tools is constrained by the programming languages you're comfortable using. The next two most important criteria for choosing a tool are its quality and its documentation. You should experiment with several packages to see which one you like best before you begin writing code. LDAP SDKsLDAP SDKs typically provide complete, high-performance, native access to all the features of LDAP. The application programming interfaces (APIs) they provide may conform to the C or Java LDAP API specifications being developed by the Internet Engineering Task Force (IETF). At the time of this writing, the programming languages directly supported include C, C++, Perl, Java, Python, and Ruby. Popular LDAP SDKs include the following:
An LDAP SDK is a good choice if the application you need to LDAP-enable is written in one of the supported languages. All popular hardware and OS platforms are supported, and in some cases (such as with the Netscape SDKs), source code is available to allow for ports to other platforms. If your programming language of choice is not directly supported, you may still be able to use one of these SDKs. Most widely used programming and scripting languages can call C, C++, or Java code. For example, Microsoft Visual Basic code can use C library functions, and JavaScript can use Java classes and methods . LDAP Command-Line ToolsSome vendors provide a set of command-line tools that provide access to LDAP directories. These tools are useful for simple LDAP integration tasks , especially those for which performance isn't critical. LDAP command-line tools are good choices for batch-oriented applications as well. The LDAP command-line tools can be called from a variety of languages, including compiled languages such as C++, Windows command language, any Unix shell-scripting language, and Perl. Netscape provides the following command-line tools with its directory SDKs and its Directory Server product:
Several other directory software vendors, such as OpenLDAP, provide similar tools. LDAP Tag Libraries for Web DevelopmentTemplates and tag libraries have become popular in the Web development community as a way to cleanly separate the user interface from the application logic. To accomplish this separation, HTML or XML templates are used to describe the user interface in conjunction with embedded tags that trigger calls to application-specific code. The most popular Web page template frameworks are Microsoft's Active Server Pages (ASP) and Sun's JavaServer Pages (JSP). Because of Java's popularity as a platform for writing portable Web applications, JSPs are widely used. JSP files are standard HTML files with some extra JSP tags thrown in. Several JSP tag libraries are available for accessing LDAP directories. One such library is Simya Consultancy's LDAP JSP Tag Library, which is available at http://www.simya.net/products.html. Listing 21.2 shows a simple JSP file that uses Simya's tag library to search an LDAP directory server and produce a table from the entries returned. Listing 21.2 An LDAP JSP Example: list-jensens.jsp1. <%@ taglib uri="/ldap" prefix="ldap" %> 2. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 3. <html><head><title>User List</title></head> 4. <body> 5. <ldap:connect url="ldap://ldap.example.com"> 6. <h2>List of Jensens in example.com</h2> 7. <table bgcolor="#F0F8FF" cellspacing="0" cellpadding="2" border="1"> 8. <tr bgcolor="Silver"> 9. <th>RDN</th> 10. <th>User ID</th> 11. <th>User Name</th> 12. <th>Telephone</th> 13. <th>Department</th></tr> 14. <ldap:query id="ldapresult" basedn="ou=People,dc=example,dc=com" 15. filter="(sn=jensen)" limit="100"> 16. <tr> 17. <td><%= ldapresult.getDN() %></td> 18. <td><%= ldapresult.getStringAttribute("uid") %></td> 19. <td><ldap:getAttribute name="cn"/></td> 20. <td><ldap:getAttribute name="telephonenumber"/></td> 21. <td><ldap:getAttribute name="ou" delimiter="<br>"/></td> 22. </tr> 23. </ldap:query> 24. </table> 25. </ldap:connect> 26. </body> 27. </html> Line 1 contains a JSP tag library directive that causes the Simya LDAP tag library to be loaded. The JSP tags that begin with "<ldap:" are the Simya tags themselves that pull information out of the example.com LDAP server (for example, line 5 contains an ldap:connect tag). The tags that begin with "<%=" are JSP expressions (for example, line 17 includes an embedded expression that retrieves the distinguished name, or DN, of an entry in the list of search results). Listing 21.2 also contains many standard HTML tags, some of which are used to produce a table. Figure 21.10 shows a sample of the output produced by this JSP file, as viewed in a Web browser. Figure 21.10. The list-jensens.jsp Example in Action
The Further Reading section near the end of this chapter provides pointers to additional JSP resources.
Directory-Agnostic SDKsYour remaining choice is to use an SDK that provides access to a variety of directory and directory-like data sources (including LDAP). We use the term directory-agnostic to describe these SDKs. Examples include Microsoft's Active Directory Services Interface (ADSI) for the Windows platform and Sun's Java Naming and Directory Interface (JNDI). ADSI can be used with a variety of programming languages, including C++, Visual Basic, and VBScript. JNDI can be used only with Java. Access to a variety of data sources is provided by a common, directory-independent API that application programmers may use. These SDKs are internally designed and constructed so that a variety of directory service modules can be plugged in beneath the API. A good example of this kind of SDK architecture is JNDI. Figure 21.11 shows the internal architecture of the JNDI implementation. Figure 21.11. The JNDI Architecture
A directory-agnostic SDK may be a good choice if your application needs access to directory services other than LDAP. The main disadvantages of these SDKs are that in some cases they do not provide full access to LDAP's capabilities and they do not evolve as fast as the SDKs that focus purely on LDAP. Other disadvantages include increased overhead and code size as a result of the extra layers and directory service modules included. In the case of ADSI, it may be difficult to call the SDK functions from existing applications that are not based on Microsoft's Component Object Model (COM). JNDI, on the other hand, has been enhanced to support most LDAP features, including LDAPv3 controls and extended operations. JNDI is included in Sun's Java Development Kits (JDKs) and is widely used. |