• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

JNDI and LDAP group operations

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am writing an application that need to perform the following tasks. Can anyone recommend some "best practice" on doing the tasks?
A) Add a member to a group.
Currently, I do the following to achieve this.
1) Query the group object using the DN of the group, and ask for "member" as an return attribute.
2) Get the attribute object, and add the DN of the new member to this attribute object.
3) Use DirContext.modifyAttribute method, passing in DN of the group and an ModificationItem array. This array contains one ModificationItem object, with the "member" attribute object and DirContext.REPLACE_ATTRIBUTE flag as parameters to the constructor.
I have a concern about this approach. My understanding of this approach involves getting all available values of the "member" attribute of the group object, add one to the list, and send them all back to the LDAP server. Is there another JNDI way to do this so that my application only need to send the group name and the new value (DN of the new member) to the LDAP server and have the server add the value to the group?

B) Check if user belongs to a specific group.
I haven't code this yet, but my approach is similar to what I did to add a member to a group. I plan to get all the values of the "member" attribute of a group, and then check if the DN of the user are one of the values I
retrieved. I am going to use the "contains" method of the Attribute object to do the check. My concern is, my application is getting all values back from the server and do the check on client side. Any idea if JNDI provides
a better way?
C) Verify a username / password pair provided by a user match a record in a LDAP context. I think my application might have to log in as the given user using the password provided, and log back in as my app's credential after the check. But how can I do this after my app already has a DirContext? Do I have to get a new DirContext everytime I do the check?
Thanks a lot.
Jeffrey Sze
 
Paper beats rock. Scissors beats tiny ad.
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic