Software Engineering

Recitation 6

Suhit Gupta

Review

Classpath Stream vs. Reader

Today

LDAP

LDAP

Lightweight Directory Access Protocol

Snapshot of UT

LDAP – support is wide

What is LDAP

Lightweight Directory Access Protocol – A cross platform protocol for communicating with a directory server

It has descended from the X.500 OSI Directory Access protocol – which was too cumbersome for microcomputers

It is a data representation model optimized for arbitrary queries.

What is a directory?

A centralized structured hierarchical repository of configuration, authentication and other network and systems related information.

Eg - /etc/passwd, /etc/shadow It is a system optimized for a predominantly “lookup”

application. It is not a database

– No transactions– Not relations– Poor Update/Insert/Delete Operations

So why are we using it?

A centralized cross-platform data repository greatly simplifies administration

Replication support increases availability Distribution of information can reduce network

load on critical segments Front-ends such as www to LDAP in

conjunction with well designed access controls can place some administration tasks in the hands of the users themselves.

Why LDAP?

Both NDS and MSFT-AD are LDAP servers

LDAP is open, and will inter-operate with other directories

It is simple

Some notation

cn ou dc o dn

What the structure looks like…

O=softe

Ou=services Ou=actors Ou=states

However…

It’s really a flat db There really isn’t this tree like structure But we don’t care

What is a schema?

The schema describes the structure of the directory contents. Schemas are optional but you usually want them.

The schema describes the datatype of each attribute.

The schema specifies the attribute found in each object class.

Schema

Janak has explicitly created three for you– Service– Actor– ActorState

Service

Service reference ID: CN tag in DN: use your group ID

Required:– ServerIP (string)– ServerPort (int)– ServerType (string): A or S

Optional– WorldName– Extensions

Actor

Actor “name”/login id: CN tag in DN Required:

– HP: int– XP: int– Gold: int– Password: String

Optional:– ImageURL

ActorState

CN in DN: unique identifier– We’ll use combination of actor, world, and service– “ac=actorname+wn=worldname+sv=servicename”

Required– LocationX: int– LocationY: int– Status: int– WorldInstance: int

JNDI

Relatively simple Java API, built into 1.3 and higher

Actually more than LDAP: DNS, etc. For LDAP, uses concept of directory

context in which the operation will be done– ldap://softe.cs.columbia.edu:389/o=softe

Once set, go ahead and do operation

JNDI Lookups

getAttributes() method searches by (unique) DN– similar to lookup() but more powerful

Returns Attributes object: collection of attribute-value pairs; you can “get” and “put”, like a Hashtable

JNDI Searches search() searches within a DN for all entries

that match the Attributes set you provide– list() finds all in the DN context

Returns NamingEnumeration (subinterface of Enumeration)– Each entry in the Enumeration is a

SearchResult, which you can convert toString() and then do a lookup

– For list(), returns a NameClassPair Example

JNDI Writes

Just like we can getAttributes(), we can…

(re)bind()– Ok, so the parallel isn’t ideal– Name: DN– Object: null (Java can serialize to LDAP!)– Attributes: our good friend

Example

JNDI Deletes

unbind(); Must supply whole DN to it

– Use search() if you don’t know what the full DN of the relevant object is

JNDI Miscellany

Name class– You don’t have to use this: it’s a bit more

“civilized” way of dealing with DN’s, though– For the scope of this class, it’s acceptable

just to use Strings for DN’s

The receive code

Update to new version, Suhit

import javax.naming.*;import javax.naming.directory.*;import java.util.*;

public class SearchForServices { public static void main(String[] args) { if(args.length != 1) { System.out.println("usage: java SearchForServices <LDAP server>:port"); System.exit(-1); } // Create the environment in which we will do lookups Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY,

"com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL,

"ldap://" + args[0] + "/dc=softe,dc=cs,dc=columbia,dc=edu");

// Now connect and perform the list request DirContext ctx = null; NamingEnumeration ne = null; try { ctx = new InitialDirContext(env); ne = ctx.list("ou=services"); } catch(NamingException e) { e.printStackTrace(); }

// Now list all services while(ne.hasMoreElements()) { NameClassPair ncp = (NameClassPair)ne.nextElement(); System.out.println("Found " + ncp + "; attributes are:"); // Lookup this element Attributes a = null; try {

a = ctx.getAttributes(ncp.getName() + ",ou=services"); } catch(NamingException e) { e.printStackTrace(); } // Print out the set of attributes System.out.println(a + "-------"); }}}

The send code

Update to new version, Suhit

import javax.naming.*;import javax.naming.directory.*;import java.util.*;

public class AddService { public static void main(String[] args) { if(args.length != 5) { System.out.println("usage: java AddService <LDAP server:port> <ServerRef> <ServerIP> <ServerPort> <ServerType>"); System.exit(-1); }

// Create the environment in which we will do binds Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY,

"com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL,

"ldap://" + args[0] + "/o=softe"); env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,o=softe"); env.put(Context.SECURITY_CREDENTIALS, "cs3156");

// Now connect and perform the list request DirContext ctx = null; NamingEnumeration ne = null; try { ctx = new InitialDirContext(env); // Create the attributes Attributes a = new BasicAttributes(); a.put("objectClass", "Service"); a.put("ServerIP", args[2]); a.put("ServerPort", args[3]); a.put("ServerType", args[4]);

ctx.bind("cn=" + args[1] + ",ou=services",null,a); } catch(NamingException e) { e.printStackTrace(); }

System.out.println("Done!"); }}

Where does our LDAP server exist??

liberty.psl.cs.columbia.edu (but we call it softe.cs.columbia.edu)

We shall give you the username/password etc. on the webpage in the next few days

We will also update the requirement field names