5 27 OpenLDAPService

LANSA Integrator

5.27 OpenLDAPService

The OpenLDAPService allows you to develop applications that can access LDAP compliant directories.

LDAP (Lightweight Directory Access Protocol) is a protocol that is becoming more and more prevalent in databases and systems throughout the world. It is a protocol that is widely accepted as the industry standard for deploying directory based applications and solutions.

LDAP is typically used for look up directories (or databases) and is ideal for use in the following hyperthetical examples:

  • You need to regularly access relatively static data such as telephone and email directories. For example, email addresses and phone numbers do not change very often, but might be accessed thousands of times a day by your users.
  • You need to access data that is primarily read only. LDAP compliant directories are optimized more for the fast read of information than for the updating, adding or deleting of data. Once again, your users might regularly access email addresses from your central system, but this information will rarely be updated. Alternatively, you might have a directory containing information on all the printers connected to your network.
  • You need to deploy distributed databases, where the reference information might be kept on multiple servers. Such architecture can be useful if, for example, one server is down, then the necessary information could be picked up off another server.
  • You want to set up a system to bypass the multiple Logons that users have to make to access information from different systems. By applying a single Logon across the board, you could significantly reduce the workload placed on your help desk by users forgetting their passwords.

A classic example of where an LDAP directory might be used is in large organizations with a large employee directory. This directory might contain staff contact information that is accessible by staff and perhaps by partners and customers. This directory of contact information is not changed very often, so is used primarily for heavy read access by numerous systems (for example, your email system).

Unique objects within an LDAP directory tree are referenced by what is known as their distinguished name (DN). An object within a tree has a relative distinguished name (RDN), which identifies the object relative to its parents. A DN may therefore be defined as a collection of RDNs that, when combined, uniquely identify the DN within the entire directory. RDN's are generally of the form attribute=value, where attributes might be c (country), cn (common name), o (organization) and so forth. The DN is constructed by combining the RDNs of the object with those of its parents. For example, the DN of the root of the sample tree might be ou=Sales Team, o=LANSA, c=au (this uniquely defines the Sales Team and the company, LANSA, in Australia). The RDN of a member of the sales team is cn=Terry Briggs (the common name of the salesperson concerned is Terry Briggs). Therefore the DN, or the distinguished name, of the directory object that uniquely defines that Terry Briggs as a member of the sales team in LANSA Australia is cn=Terry Briggs, ou=Sales Team, o=LANSA, c=au.

LANSA's OpenLDAPService is designed to enable you to interface easily with LDAP directories from within your application. While the main purpose of LDAP directories is for read operations, there will be times when you will want to update, create or delete entries. The OpenLDAPService provides you with the facilities to do these, should you need to.

By using the OpenLDAPService, LANSA will handle all the interface requirements to the LDAP Server, saving you having to learn how to do so yourself. The service provides the following commands to enable you to perform the standard transactions that can be performed on an LDAP directory:

Get

Perform a single record fetch on a DN in the directory

Add

Add a single record DN to the directory

Modify

Attribute values of a specific DN

Delete

Delete a DN record from the directory

Search

Search through multiple DN records in the directory.

The OpenLDAPServer also provides the necessary commands to enable your application to BIND to and UNBIND from the server. The term BIND is an industry standard term that refers to the way applications connect to an LDAP server.

Prior to using this service you will need to understand how to set up and use an LDAP server on the IBM i. More information can be found on this topic in the IBM i manuals.

Related Services

The OpenLDAPService is not dependant on any other services. Using this service alone, you can read, add, modify and delete entries in your LDAP directory.

Technical Specifications

By default, the OpenLDAPService uses port 389. For secure connections it uses port 636.