![]() ![]() ![]() ![]() |
Searches |
The LDAP "compare" operation allows a client to ask the server whether the named entry has an attribute-value pair. This allows the server to keep certain attribute-values secret (i.e., not exposed for general "search" access) but still allow them to be used in limited ways by the client. Some servers might use this feature for passwords, for example, although it is insecure for the client to pass clear-text passwords in the "compare" operation itself.To accomplish this in the JNDI, use suitably constrained arguments for the following methods:
- search(Name name, String filter, SearchControls ctls)
- search(Name name, String filterExpr, Object[]filterArgs, SearchControls ctls)
First, the filter must be of the form "(name=value)". You cannot use wildcards. Second, the search scope must be SearchControls.OBJECT_SCOPE
. Finally, you must request that no attributes be returned.
Here's an example:
If the compare is successful, the resulting enumeration will contain a single item whose name is the empty name and which contains no attributes.// Value of attribute byte[] key = {(byte)0x61, (byte)0x62, (byte)0x63, (byte)0x64, (byte)0x65, (byte)0x66, (byte)0x67}; // Set up search controls SearchControls ctls = new SearchControls(); ctls.setReturningAttributes(new String[0]); // return no attrs ctls.setSearchScope(SearchControls.OBJECT_SCOPE); // search object only // Perform search NamingEnumeration answer = ctx.search("cn=S. User, ou=NewHires", "(mySpecialKey={0})", new Object[]{key}, ctls);
![]() ![]() ![]() ![]() |
Searches |