Previous | Next | Trail Map | Tips for LDAP Users | Comparison of the LDAP and JNDI Models

JNDI Mapping

Both the JNDI and LDAP models define a hierarchical namespace in which you name objects. Each object in the namespace can have attributes that can be used to search for the object. At this high level, the two models are similar, so it is not surprising that the JNDI maps well to the LDAP.

This section discusses how the LDAP maps to the JNDI. Some topics, such as referrals and schema, are discussed only briefly here and are described in more detail in other lessons in this trail.

Models

You can think of an LDAP entry as a JNDI DirContext(in the API reference documentation) . Each LDAP entry contains a name and a set of attributes, and an optional set of child entries. For example, the LDAP entry o=JNDITutorial may have as its attributes objectclass and o, and it may have as its children ou=Groups and ou=People.

In the JNDI, the LDAP entry o=JNDITutorial is represented as a context with the name o=JNDITutorial that has two subcontexts: ou=Groups and ou=People. An LDAP entry's attributes are represented by the Attributes(in the API reference documentation) interface, while individual attributes are represented by the Attribute(in the API reference documentation) interface. See the next part of this lesson for details on how the LDAP operations are accessed through the JNDI.

Federation

While the LDAP model covers a single namespace, the JNDI model deals with multiple namespaces linked together via federation. The LDAP namespace is but one of many namespaces that can be accessed through the JNDI.

Names

As a result of federation, the names that you supply to the JNDI's Context(in the API reference documentation) methods can span multiple namespaces. These are called composite names. When using the JNDI to access an LDAP service, you should be aware that the forward slash character in a string name has special meaning to the JNDI. If the LDAP entry's name contains a forward slash character ("/"), you need to escape it (using the back slash character ("\")). For example, an LDAP entry with the name "cn=O/R" must be presented as the string "cn=O\\/R" to the JNDI context methods.

LDAP names as they are used in the protocol are always fully qualified names that identify entries starting from the root of the LDAP namespace (as defined by the server). The following are some examples of fully qualified LDAP names: 

cn=John Smith, ou=Marketing, o=Some Corporation, c=gb
cn=Ted Geisel, ou=People, o=JNDITutorial

In the JNDI, however, names are always relative. You always name an object relative to a context. For example, you can name the entry cn=Ted Geisel relative to the context named ou=People, o=JNDITutorial. Or you can name the entry cn=Ted Geisel, ou=People relative to the context named o=JNDITutorial. Or, if you create an initial context pointing at the root of the LDAP server's namespace, you can name the entry using the name 

cn=Ted Geisel, ou=People, o=JNDITutorial
In the JNDI, you can also use LDAP URLs to name LDAP entries. See the LDAP URL discussion in the Miscellaneous (in the Tips for LDAP Users trail) lesson.

Searches

One of the most important aspects of the LDAP is its search model. LDAP entries can be searched, given a search filter. The JNDI's DirContext(in the API reference documentation) interface supports LDAP-style searches and search filters. The results of searches are returned in an enumeration of SearchResult(in the API reference documentation). Searches are discussed in detail in the Searches (in the Tips for LDAP Users trail) lesson.

Referrals

LDAP-style referrals are supported using the ReferralException(in the API reference documentation) . Referrals are discussed in detail in the Referrals (in the Tips for LDAP Users trail) lesson.

Schema

The JNDI contains methods in the DirContext(in the API reference documentation) and Attribute(in the API reference documentation) interfaces for retrieving an LDAP entry's or an LDAP attribute's schema. The schema is discussed in detail in the Schema (in the Tips for LDAP Users trail) lesson.

Controls and Extensions

LDAP v3-style controls and extensions are supported using the javax.naming.ldap(in the API reference documentation) package and are described in detail in the Controls and Extensions (in the Tips for LDAP Users trail) lesson.

Java Objects

Beyond basic LDAP functionality such as accessing LDAP entries and searching the directory, the JNDI also supports the notion of Java objects being integrated into the directory. This means that you can think of the LDAP directory as a repository for Java objects, as an integral part of the environment in which you develop and deploy your Java applications. This topic is discussed in detail in the Java Objects and the Directory (in the Java Objects and the Directory trail) trail.

Previous | Next | Trail Map | Tips for LDAP Users | Comparison of the LDAP and JNDI Models