Novell Home

Novell LDAP Command JavaBeans Introduction

Novell Cool Solutions: Feature
By Jeff Fischer

Digg This - Slashdot This

Posted: 13 May 2004

Novell LDAP Command Beans are used to develop web-based Directory applications. They are 100% pure Java, with no dependancy on native code. Because of this, they can be used in any J2EE technology such as JSP, Servlets, or Enterprise JavaBeans.

LDAP Command Beans are Java Beans that contain logic for simple Directory tasks. LDAP Command Beans provide you with the functionality to authenticate to an LDAP Directory, and give you read and write access to any LDAP Directory. You can perform such tasks as creating objects, adding or modifying object attributes, and setting or modifying object rights within the Directory. All this can be done through a secure connection or not, depending on your needs. This gives you a lot of power as you develop your application. Since these beans are written entirely in Java, support LDAP, provide security over SSL/TLS, and support the MVC architecture, they are a nice fit for web applications.

All LDAP Command Beans are included in three library files. As with normal libraries, they should be in your classpath and be imported into your application. The three library files are ecb.jar, ecbldap.jar, and ecbsecurity.jar. Depending on which classes you want to import into your application, the import statements should be statements such as:

import com.novell.ecb.*
import com.novell.ecb.ldap.*

LDAP Command Beans provide a specific bean that will accomplish a simple task. In nearly all cases, only a single business logic task has been included in the bean. This is referred to as a Command Bean. A Command Bean implements the Command interface to provide you with isolated components to include in your web application. The Command interface includes several methods that you should be familiar with.

LDAP Command Beans receive three methods from the Command interface.

isReady()   Tests to see if the required properties have been input and the bean is ready to execute. It returns a boolean value.
execute()   Executes the bean with the input properties that have been set.
reset()   Resets the beans properties. Must be called before the bean can be re-used.

LDAP Command Beans also receive three states from the Command interface.

New   This is the state of the bean after instantiation. The isReady() method returns false. The set methods should be called to set the input properties.
Initialized   The bean is initialized when the requred input properties for execution have been set. The isReady() method returns true.
Executed   This is the state of the bean after execution. The get methods can be called to return the values needed. The reset method should be called before the bean is re-used.

LDAP Command Beans work similarly to other JavaBeans you may have worked with. Each bean has its own set of properties. You must initialize the required properties in order for the bean to execute. Additional properties can be initialized to add functionality.

Necessary Steps to Use LDAP Command Beans

  1. Instantiate the bean.

        AuthenticateLdap bean = new AuthenticateLdap();

  2. Set the required and any optional input properties.


  3. Call the execute method after the properties are set.


  4. Read any desired output properties of the bean.

        String auth = bean.isAuthenticated();

Each bean is used following this same pattern. The documentation for the bean should tell you which properties are required, then the bean can be run. Or you can use the isReady() method to test yourself.

Types of LDAP Command Beans

Novell LDAP Command Beans consist of two types of beans:

  1. LDAP Beans
  2. Security Beans

LDAP Beans

The LDAP beans provide the Directory functionality. They provide read and write access to any LDAP Directory as well as authentication and rights assignments. All of this can be done over an encrypted channel using SSL as well. Listed below are several commonly used LDAP command beans and their functions.

AuthenticateLdap Use this bean to Authenticate to an LDAP Directory.
LdapConnection Use this bean to provide your communication channel between your web app and the Directory. You must use this bean anytime you intend to do more in the Directory besides Authenticate.
ContextlessLoginLdap Allows you to login without specifying the user's fully distinguished name. You can also set a filter to search and login by a user's specific attribute such email address, for example.
CreateLdapEntry Use this bean to create an entry in an LDAP Directory.
DeleteLdapEntry Deletes an entry from the Directory.
ListLdapEntry Lists the entries in the Directory at a specified context.
ModifyLdapEntry Used to modify the attributes of a entry in the Directory. You can add a new attribute to the object, replace an attribute, or delete one as well. Use this bean also to modify the rights of an entry.
ChangePasswordLdapEntry Used to change the password of an entry in the Directory.
SetPasswordLdapEntry Sets the password for an entry.
ReadLdapEntry Use this bean to read the attributes of an LDAP entry.
SearchLdapEntry Searches through the Directory to find the entry with a specified property value.
UnauthenticateLdap Unauthenticates from the Directory.

Complete These Tasks to Develop With LDAP Beans

You should think of six steps when you are using LDAP Beans. This will be the basic form for an application using LDAP beans.

  1. Instantiate an LdapConnection object if you are going to perform any operation on the Directory.
  2. Instantiate an AuthenticateLdap bean and set its required properties. Naturally, you must authenticate into eDirectory before you can perform any operations on it. If you authenticate without specifying a user, you will be authenticated as a member of the [Public] group, which only has sufficient rights to view the objects in the Directory tree. Any operation attempted will fail because of insufficient rights.
  3. Execute the AuthenticateLdap bean and catch any exceptions that may occur.
  4. Grab the connection you created by assigning the connection to the LdapConnection bean you instantiated. This is done by the statement by calling the AuthenticateLdap bean's getLdapConnection() method and assigning it to the LdapConnection bean you created earlier.
  5. Now that you have the LdapConnection object, you can use this object as an input property to any other LDAP bean you want to instantiate.
  6. Unauthenticate from eDirectory using the UnauthenticateLdap bean with the LdapConnection object as a parameter.

Simple Authentication Example

Here is a basic servlet demonstrating standard authentication into eDirectory:

import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
import com.novell.ecb.*;
import com.novell.ecb.ldap.*;

public class BasicAuth extends HttpServlet
  private static final String CONTENT_TYPE = "text/html";
  //Initialize global variables
  public void init() throws ServletException
 public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
     PrintWriter out = response.getWriter();
     out.println("<font color=\"green\">");
     LdapConnection lc = new LdapConnection();
       AuthenticateLdap auth = new AuthenticateLdap();
       auth.setDN("cn=jnovell, o=novell");
       lc = auth.getLdapConnection();
       out.println("<h1>Welcome to this Basic Authentication Site</h1>");
     catch(CommandException e)
  public void destroy()

Notice I followed the steps outlined previously. Now, if I wanted to perform any other operations in eDirectory, I have an LdapConnection object with which I can do that. I simply use that as my parameter to another LDAP bean and I can easily do so.

Common Exceptions You Should Handle

The following table lists the common exceptions you should consider handling in your application and the cause of the exception.

LdapAuthenticationException Occurs when a login fails because the password was mis-typed.
CommandException General exception thrown by a Command Bean. This will probably be the last exception you catch.
LdapException This is a generic LDAP exception.
LdapCommunicationException Thrown when the client is unable to communicate via LDAP.
LdapAttributeInUseException Thrown when an attribute already exists.
LdapInvalidAttributeIdentifier Thrown when an invalid attribute identifier is used to name an attribute.
LdapInvalidAttributesException Thrown when an attribute set has been specified incorrectly.
LdapInvalidAttributeValue Thrown when an attribute value conflicts with the Directory schema.
LdapInvalidNameException Thrown when the object name is not in correct LDAP form.
LdapInvalidSearchFilter Thrown when the search filter is incorrect.
LdapNameNotFound Thrown when the object name cannot be found in the Directory tree.
LdapNoPermissionException Thrown when the client does not have the necessary rights to perform the operation.
LdapNoSuchAttributeDefinition Thrown when the attribute does not exist in the schema.

This is a simple introduction to using the LDAP Command JavaBeans. Whenever you want to use a simple interface to talk to eDirectory, consider using the LDAP Command JavaBeans as your library.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© 2014 Novell