• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Tim Cooke
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Frank Carver
  • Henry Wong
  • Ron McLeod
Saloon Keepers:
  • Tim Moores
  • Frits Walraven
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Al Hobbs
  • Piet Souris
  • Himai Minh

JNDI and LDAP group operations

Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am writing an application that need to perform the following tasks. Can anyone recommend some "best practice" on doing the tasks?
A) Add a member to a group.
Currently, I do the following to achieve this.
1) Query the group object using the DN of the group, and ask for "member" as an return attribute.
2) Get the attribute object, and add the DN of the new member to this attribute object.
3) Use DirContext.modifyAttribute method, passing in DN of the group and an ModificationItem array. This array contains one ModificationItem object, with the "member" attribute object and DirContext.REPLACE_ATTRIBUTE flag as parameters to the constructor.
I have a concern about this approach. My understanding of this approach involves getting all available values of the "member" attribute of the group object, add one to the list, and send them all back to the LDAP server. Is there another JNDI way to do this so that my application only need to send the group name and the new value (DN of the new member) to the LDAP server and have the server add the value to the group?

B) Check if user belongs to a specific group.
I haven't code this yet, but my approach is similar to what I did to add a member to a group. I plan to get all the values of the "member" attribute of a group, and then check if the DN of the user are one of the values I
retrieved. I am going to use the "contains" method of the Attribute object to do the check. My concern is, my application is getting all values back from the server and do the check on client side. Any idea if JNDI provides
a better way?
C) Verify a username / password pair provided by a user match a record in a LDAP context. I think my application might have to log in as the given user using the password provided, and log back in as my app's credential after the check. But how can I do this after my app already has a DirContext? Do I have to get a new DirContext everytime I do the check?
Thanks a lot.
Jeffrey Sze
I'm not dead! I feel happy! I'd like to go for a walk! I'll even read a tiny ad:
the value of filler advertising in 2021
    Bookmark Topic Watch Topic
  • New Topic