This week's book giveaway is in the Design and Architecture forum.
We're giving away four copies of Communication Patterns: A Guide for Developers and Architects and have Jacqui Read on-line!
See this thread for details.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

JNDI and LDAP group operations

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am writing an application that need to perform the following tasks. Can anyone recommend some "best practice" on doing the tasks?
A) Add a member to a group.
Currently, I do the following to achieve this.
1) Query the group object using the DN of the group, and ask for "member" as an return attribute.
2) Get the attribute object, and add the DN of the new member to this attribute object.
3) Use DirContext.modifyAttribute method, passing in DN of the group and an ModificationItem array. This array contains one ModificationItem object, with the "member" attribute object and DirContext.REPLACE_ATTRIBUTE flag as parameters to the constructor.
I have a concern about this approach. My understanding of this approach involves getting all available values of the "member" attribute of the group object, add one to the list, and send them all back to the LDAP server. Is there another JNDI way to do this so that my application only need to send the group name and the new value (DN of the new member) to the LDAP server and have the server add the value to the group?

B) Check if user belongs to a specific group.
I haven't code this yet, but my approach is similar to what I did to add a member to a group. I plan to get all the values of the "member" attribute of a group, and then check if the DN of the user are one of the values I
retrieved. I am going to use the "contains" method of the Attribute object to do the check. My concern is, my application is getting all values back from the server and do the check on client side. Any idea if JNDI provides
a better way?
C) Verify a username / password pair provided by a user match a record in a LDAP context. I think my application might have to log in as the given user using the password provided, and log back in as my app's credential after the check. But how can I do this after my app already has a DirContext? Do I have to get a new DirContext everytime I do the check?
Thanks a lot.
Jeffrey Sze
 
Surfs up space ponies, I'm making gravy without this lumpy, tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic