Application Servers

Accessing an LDAP Server via CGI Scripts

A CGI application is a good client-server implementation to access a directory. The client is the Web browser, and the server is the HTTP server. Using your favorite programming language, all you have to do is write a number of CGI scripts that access the directory on behalf of the end user. The LDAP protocol therefore remains completely hidden from the end user.

Exhibit 2 shows the architecture. The user makes a request via a browser for the URL corresponding to the LDAP application. The Web server receives this request and assigns it to an HTTPD process. The HTTPD process understands from the URL that a CGI script should service the request. It then launches the CGI script as a new process, delivering all the necessary parameters to this CGI script. Upon execution, the CGI script accesses the directory, formats the result in an HTTP response, and sends the output back to the Web browser.

Exhibit 2: Client-Server Implementation Using CGI Scripts

Recall from Chapter 4 that there are a great many programming languages that offer the possibility of accessing an LDAP repository via libraries. This solution is very easy to implement because you can break down the whole application into a number of CGI scripts, each of them offering a particular functionality, for example "search.cgi," "add.cgi," "delete.cgi," and so on.

However, this solution also has disadvantages deriving from the fact that each of these CGI scripts is a different process and is therefore executed in a different context. Because the HTTP protocol is a stateless protocol, no process knows about the processes executed before. Therefore, if you wish to develop a more complicated application, you will soon face the problem of saving state information from one request to the other. There are various ways to accomplish this:

• JavaScript: If you put the information you wish to save from request to request in HTML fields, you can get this information back because JavaScript can access the HTML fields from the calling HTML page, i.e., the output from the previously executed CGI script.

• Cookies: A cookie is a number-value pair that the HTML page can store on the browser requesting this page. Thus, with the help of a cookie, you can store state information on the browser. However, many users configure their browsers to reject cookies. The browser configuration determines whether cookies are accepted or not.

• Query parameters: Together with an HTTP request, you can also send additional information in the so-called query parameters. This query parameter can be interrogated by the CGI script called from the HTTPD process. The CGI script then creates new query parameters that it sends along with the result HTTP that is sent back to the browser.

CGI scripts are easy to write and maintain if you are writing a limited application. The details of directory access and the LDAP protocol remain hidden from the end user.