Sample Application Demonstrating the Usage of Group using Oracle Internet Directory Java API
Date: 05-Jan-2005
Table of Contents
Introduction
Application Overview
Software Requirements
Terminology
Configuring the Application
Deploying and Running the Application
Sample Application Files
Additional References
Introduction
Prerequisite
This sample program is intended for audience interested in integrating customer Java application with Oracle Identity Management. The specific usage here deals with the use of Group using Oracle Internet Directory Java API.
To understand this sample application the user is expected to have knowledge in the following area,
Technical Overview
Group is an useful concept because you can associate a collection of entries as one single entity. Imagine the case where we want to give several hundred users access to browse an entry. We can insert each one of those users into that entry's active control list (ACL), but this could require considerable administrative overhead. More over, if later you decide to change the priviledge, each individual entry will have to be modified. Instead, a more efficient solution is to assign the privilege collectively. To do this, you create a group entry, assign the desired privilege to that group, then assign users as members of that group. If you later change the access rights, you need only to do it in one place, for the group, rather than for each individual user.
In the world of LDAP, a group is simply a collection of LDAP entries. Since each entry in OID is represented using Distinguished Name (DN), we can have a group of users/application/services being direct members of a group. In addition, we can also have nested group membership whereby group entry itself can be entry of another group.
Directory-enabled applications must access OID to obtain the properties of a group and to verify that a given user is a member of that group.
Application Overview
This is a sample Java program demonstrating the usage of Group using Oracle Internet Directory Java API. It starts off by creating a LDAP connection bounded as a sample application for looking up several groups and user. Then the application does some common group related operations such as listing the members belonging to a group and checking user's direct and nested group membership.
Software Requirements
The following softwares are required for configuring and running this sample application
Terminology
| <ORACLE_HOME> |
Directory where Oracle 10g Application Server is installed. For example. D:\oracle or /private/oracle |
| <SAMPLE_HOME> |
The directory where the sample application is extracted |
| <JAVA_HOME> |
The directory where JAVA is installed |
<OID_Host>
|
The hostname where Oracle Internet Directory is running |
<OID_Port>
|
The non-SSL port number of Oracle Internet Directory |
<Superuser_Password>
|
The password of superuser “cn=orcladmin” |
Configuring the Application
- Unzip the provided
SampleGroup.zip. This creates the SampleGroup directory with all the source files. We will refer to this directory as <SAMPLE_HOME>.
- To create and load the sample LDAP entries into OID, execute the following command against the provided
<SAMPLE_HOME>/data/sample.ldif.
<ORACLE_HOME>/bin/ldifmigrator input_file=<SAMPLE_HOME>/data/sample.ldif output_file=<SAMPLE_HOME>/data/sample_out.ldif –lookup dn="cn=orcladmin" password=<Superuser_Password> port=<OID_Port> host=<OID_Host> -load
The data created by sample_out.ldif consists of the following:
- A set of sample users under the user container of the default realm of the directory. For example, if the realm DN is "dc=acme,dc=com", then the users are created under "dc=sample_users,cn=users,dc=acme,dc=com".
- A set of sample groups under the group container of the default realm of the directory. For example, if the realm DN is "dc=acme,dc=com", then the groups are created under "dc=sample_groups,cn=groups,dc=acme,dc=com". The members of these groups consist of the sample users created above.
- Two application entities are created. The DNs are "orclApplicationCommonName=myTestApp1" and "orclApplicationCommonName=myTestApp2". Both application entities are given the UserProxyPrivilege to allow them to proxy as any end user under the realm user container. However, only application myTestApp1 is given the DASAdmin privilege that which grants it sufficient privileges for user/group management.
- When done with the sample application, execute the following command against the provided
<SAMPLE_HOME>/data/sample_del.ldif to delete the sample LDAP entries.
<ORACLE_HOME>/bin/ldifmigrator input_file=<SAMPLE_HOME>/data/sample_del.ldif output_file=<SAMPLE_HOME>/data/sample_del_out.ldif –lookup dn="cn=orcladmin" password=<Superuser_Password> port=<OID_Port> host=<OID_Host> -load
Deploying and Running the Application
- In the
<SAMPLE_HOME>/src directory, compile the SampleGroup class using the following command
- On Windows
<JAVA_HOME>\bin\javac -d . –classpath <ORACLE_HOME>\jlib\ldapjclnt10.jar SampleGroup.java
- On Linux or Solaris
<JAVA_HOME>/bin/javac -d . –classpath <ORACLE_HOME>/jlib/ldapjclnt10.jar SampleGroup.java
- To run the
SampleGroup class, run the following Java command from the <SAMPLE_HOME>/src directory
- On Windows
<JAVA_HOME>\bin\java –classpath .;<ORACLE_HOME>\jlib\ldapjclnt10.jar oracle.otnsamples.oim.SampleGroup <OID_Host> <OID_Port>
- On Linux or Solaris
<JAVA_HOME>/bin/java –classpath .:<ORACLE_HOME>/jlib/ldapjclnt10.jar oracle.otnsamples.oim.SampleGroup <OID_Host> <OID_Port>
Sample Application Files
This section will provide a tabular listing of the sample application files, along with their respective directory locations and a description of what they do in the overall scheme of the application.
| Directory |
File |
Description |
<SAMPLE_HOME>\doc |
readme.html |
This file |
<SAMPLE_HOME>\src |
*.java |
Java source files used in this sample application |
<SAMPLE_HOME>\data |
*.ldif |
LDIF files containing the sample LDAP data |
Additional References
Please enter your comments about this sample application here. |
Bookmark
