LDAP URLs

Chapter 4 introduced us to the concept of LDAP URLs. In this section, we will have a closer look at how to use them. A program written in your favorite programming languages can produce LDAP URLs, but they can also he coded by hand, and as such you can write them clown just as plain HTML. In this way, the browser delivers you the HTML page, you click on a URL, and the browser promptly delivers the information required. The advantage of this solution is that it will work on all modern browsers available because LDAP URLs are defined by RFC 2255. See the "LDAP URLs" section in Chapter 4 for more details.

Now lets us have a look at the HTML page necessary to look up information from the directory. Note that the user need not have any knowledge about LDAP to use this page; all she has to do is to click on a link. To get the page in Exhibit 1, all you have to do is put this link on the HTML page:

 <a href="ldap://www.LdapAbc.org/o=LdapAbc.org?l,ou,telephoneNumber? one> All Departments on one glance </a> 

Exhibit 1: HTML Page Produced by Simple LDAP URL

That is a lot of functionality packed into a simple URL. But if you put this page in a context using frames, you can also hide the ugly-looking URL. If you want, you can even use a simple Java script to process user input.

Until now, we have dynamically produced the requests sent to the LDAP server, which then sends the answer back to the browser. What would happen if we could filter the output of the LDAP server? This could make it possible to process the output of the LDAP server and write an entire application.

How would we process the output from the LDAP server? The easiest way is via a CGI script. This is different from the approach used in the next section because you do not need any LDAP library to achieve this. You simply produce an LDAP URL and process the answer you got back from the LDAP server.

There is yet another possibility to use LDAP from the browser, but this depends on the browser you are using. As mentioned in the introduction, there are Web browsers that transparently can handle other protocols. The Conqueror Web browser available for LINUX is an example of such a smart browser. Given a URL, it allows you to browse a directory just by clicking on its objects as if it were a Web server. The end user does not notice much difference. If she carefully observes the URLs in the address bar, she will notice that these LDAP URLs are prefixed with "ldap://" instead of the typical "http://" prefix. Unfortunately, you cannot rely on this capability because it is not available in all browsers. Let us hope that other browsers will also begin to implement this feature.

As mentioned in the previous chapters, LDAP URLs can be used for browsing only. Thus, the user can only consult the directory; insert or update actions are not possible.