posted 22 years ago
Hi,
I am writing an application that need to perform the following tasks. Can anyone recommend some "best practice" on doing the tasks?
A) Add a member to a group.
Currently, I do the following to achieve this.
1) Query the group object using the DN of the group, and ask for "member" as an return attribute.
2) Get the attribute object, and add the DN of the new member to this attribute object.
3) Use DirContext.modifyAttribute method, passing in DN of the group and an ModificationItem array. This array contains one ModificationItem object, with the "member" attribute object and DirContext.REPLACE_ATTRIBUTE flag as parameters to the constructor.
I have a concern about this approach. My understanding of this approach involves getting all available values of the "member" attribute of the group object, add one to the list, and send them all back to the LDAP server. Is there another JNDI way to do this so that my application only need to send the group name and the new value (DN of the new member) to the LDAP server and have the server add the value to the group?
B) Check if user belongs to a specific group.
I haven't code this yet, but my approach is similar to what I did to add a member to a group. I plan to get all the values of the "member" attribute of a group, and then check if the DN of the user are one of the values I
retrieved. I am going to use the "contains" method of the Attribute object to do the check. My concern is, my application is getting all values back from the server and do the check on client side. Any idea if JNDI provides
a better way?
C) Verify a username / password pair provided by a user match a record in a LDAP context. I think my application might have to log in as the given user using the password provided, and log back in as my app's credential after the check. But how can I do this after my app already has a DirContext? Do I have to get a new DirContext everytime I do the check?
Thanks a lot.
Jeffrey Sze