Network Working Group Rob Weltman INTERNET-DRAFT Coscend Corp. Javed Khan Novell, Inc. April 2001 Java LDAP Controls draft-weltman-ldap-java-controls-06.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document defines support for the Server Sorting Control, the Virtual List Control, the Persistent Search Control, the Proxied Authorization Control, the Authentication Request Control, and the Duplicate Entry Control in the Java LDAP API. Controls are an LDAP protocol version 3 extension to allow passing arbitrary control information along with a standard request to a server, and to receive arbitrary information back with a standard result. Expires October 2001 [Page 1] JAVA LDAP CONTROLS April 2001 1. Introduction....................................................4 2. Overview of the LDAP Control classes............................4 3. The java LDAP Control classes...................................6 3.1 public class LDAPVirtualListControl..........................6 3.1.1 Constructors...............................................6 3.1.2 getAfterCount..............................................7 3.1.3 getBeforeCount.............................................7 3.1.4 getListSize................................................8 3.1.5 setListSize................................................8 3.1.6 setRange...................................................8 3.1.7 getContext.................................................8 3.1.8 setContext.................................................8 3.2 public class LDAPVirtualListResponse.........................9 3.2.1 getContentCount............................................9 3.2.2 getFirstPosition...........................................9 3.2.3 getResultCode..............................................9 3.2.4 getContext.................................................9 3.3 public class LDAPSortControl.................................9 3.3.1 Constructors..............................................10 3.4 public class LDAPSortResponse...............................10 3.4.1 getFailedAttribute........................................10 3.4.2 getResultCode.............................................10 3.5 public class LDAPPersistSearchControl.......................10 3.5.1 Constructors..............................................11 3.5.2 getChangeTypes............................................11 3.5.3 getReturnControls.........................................11 3.5.4 setChangeTypes............................................11 3.5.5 setChangesOnly............................................12 3.5.6 setReturnControls.........................................12 3.6 public class LDAPEntryChangeControl.........................12 3.6.1 getChangeNumber...........................................12 3.6.2 getChangeType.............................................12 3.6.3 getPreviousDN.............................................12 3.7 public class LDAPProxiedAuthControl.........................12 3.7.1 Constructors..............................................13 3.8 public class LDAPAuthRequestControl.........................13 3.8.1 Constructors..............................................13 3.9 public class LDAPAuthResponse...............................13 3.9.1 getAuthorizedIdentity.....................................13 3.10 public class LDAPDuplicateEntryControl......................13 3.10.1 Constructors..............................................14 3.11 public class LDAPDuplicateEntryResponse.....................14 3.11.1 getResultCode.............................................14 3.11.2 getErrorMessage...........................................14 3.11.3 getFailedAttribute........................................14 4. Java LDAP Control helper classes...............................15 4.1 public class LDAPSortKey....................................15 4.1.1 Constructors..............................................15 4.1.2 getKey....................................................16 4.1.3 getReverse................................................16 4.1.4 getMatchRule..............................................16 Expires October 2001 [Page 2] JAVA LDAP CONTROLS April 2001 5. Security Considerations........................................16 6. Bibliography...................................................16 7. Authors' Addresses.............................................17 8. Appendix A - Sample usage of the java LDAP controls............18 9. Appendix B - Changes from draft-ietf-rweltman-ldap-java-controls- 06.txt 27 10. Appendix C - Changes from draft-ietf-rweltman-ldap-java-controls- 05.txt 27 11. Appendix D - Changes from draft-ietf-rweltman-ldap-java-controls- 03.txt 27 Expires October 2001 [Page 3] JAVA LDAP CONTROLS April 2001 1. Introduction Version 3 of the LDAP protocol provides a means of supplying arbitrary additional information along with a request to an LDAP server, and receiving arbitrary additional response information. A few applications of the Control mechanism have been identified as having general interest, and the protocol defined for their transmission [5] and [6]. This document defines how support for the Server Sorting Control, the Virtual List Control, the Persistent Search Control, the Proxied Authorization Control, the Authentication Request Control, and the Duplicate Entry Control are supported in the Java LDAP API. The Java LDAP API in general is described in [2]. The Control protocol extension is described in [1], section 4.1.12, and applications of it in [5] and [6]. 2. Overview of the LDAP Control classes LDAPControl is part of a basic LDAP class package. Specific applications/implementations of Controls are in a subpackage called "controls". The base class LDAPControl is defined in [2] as: public class LDAPControl implements Cloneable An LDAPControl encapsulates optional additional parameters or constraints to be applied to LDAP operations. If set as a Server Control, it is sent to the server along with operation requests. If set as a Client Control, it is not sent to the server, but rather interpreted locally by the client. LDAPControl is an LDAPv3 extension, and is not supported in an LDAPv2 environment. Constructors public LDAPControl(String id, boolean critical, byte vals[]) Parameters are: id The type of the Control, as a string. critical True if the LDAP operation should be discarded if the server does not support this Control. vals Control-specific data. getID public String getID() Expires October 2001 [Page 4] JAVA LDAP CONTROLS April 2001 Returns the identifier of the control. isCritical public boolean isCritical() Returns true if the control must be supported for an associated operation to be executed. getValue public byte[] getValue() Returns the control-specific data of the object. The following Controls are defined for the controls subpackage: LDAPVirtualListControl Encapsulates requests for a subset of a virtual list of search results. LDAPVirtualListResponse Encapsulates the response of a server to a virtual list request. LDAPSortControl Encapsulates a requested sorting order for search results returned by a server. LDAPSortResponse Encapsulates a server's response to a request that included a sort control. LDAPPersistSearchControl Used to start a persistent search, one which runs continuously, returning results as the Directory is modified. LDAPEntryChangeControl Returned by the server for changed entries during a persistent search. LDAPProxiedAuthControl Used to request that an operation be executed as an identity specified in the control. LDAPPAuthResponse May be returned by a server in a bind response to indicate the authorized identity of a successful bind. LDAPDuplicateEntryControl Requests that the server return separate entries for each value held in a specified attribute. Expires October 2001 [Page 5] JAVA LDAP CONTROLS April 2001 LDAPDuplicateEntryResponse Returned by the server on completion of a search request that included a duplicate entry control. The following helper class is used by LDAPSortControl: LDAPSortKey Defines an attribute to sort by, the sorting order, and optionally a matching rule to use in sorting. 3. The java LDAP Control classes 3.1 public class LDAPVirtualListControl extends LDAPControl LDAPVirtualListControl is a Server Control to specify that results from a search are to be returned in pages, subsets of the entire virtual result set. On success, an updated LDAPVirtualList object is returned as a response Control, containing information on the virtual list size and the actual first index. This object can then be updated by the client with a new requested position or length and sent to the server to obtain a different segment of the virtual list. The protocol elements are defined in [6]. 3.1.1 Constructors public LDAPVirtualListControl( String jumpTo, int beforeCount, int afterCount ) public LDAPVirtualListControl( String jumpTo, int beforeCount, int afterCount, String context ) Constructs a virtual list control using the specified filter expression for the first entry, which defines the extent of the virtual search results, and the number of entries before and after a located index to be returned. public LDAPVirtualListControl( int startIndex, int beforeCount, int afterCount, int contentCount ) public LDAPVirtualListControl( int startIndex, int beforeCount, int afterCount, Expires October 2001 [Page 6] JAVA LDAP CONTROLS April 2001 int contentCount, String context ) Use this constructor when the size of the virtual list is known, to fetch a subset. Parameters are: jumpTo A search expression that defines the first element to be returned in the virtual search results. The filter expression in the search operation itself may be, for example, "objectclass=person" and the jumpTo expression in the virtual list control may be "cn=m*", to retrieve a subset of entries starting at or centered around those with a common name beginning with the letter "M". beforeCount The number of entries before startIndex (the reference entry) to be returned. afterCount The number of entries after startIndex to be returned. startIndex The index of the reference entry to be returned. contentCount The total number of entries assumed to be in the list. This is a number returned on a previous search, in the LDAPVirtualListResponse. The server may use this number to adjust the returned subset offset. context Used by some implementations to process requests more efficiently. The context should be null on the first search, and thereafter it should be whatever was returned by the server in the virtual list response control. 3.1.2 getAfterCount public int getAfterCount() Returns the number of entries after the top/center one to return per page of results. 3.1.3 getBeforeCount public int getBeforeCount() Returns the number of entries before the top/center one to return per Expires October 2001 [Page 7] JAVA LDAP CONTROLS April 2001 page of results. 3.1.4 getListSize public int getListSize() Returns the size of the virtual search results list. For a newly constructed control - one which is not the result of parseResponse on a control returned by a server - the method returns -1. 3.1.5 setListSize public void setListSize( int size ) Sets the assumed size of the virtual search results list. This will typically be a number returned on a previous virtual list request in an LDAPVirtualListResponse. 3.1.6 setRange public void setRange( int listIndex, int beforeCount, int afterCount ) Sets the center or starting list index to return, and the number of results before and after. Parameters are: listIndex The center or starting list index to be returned. beforeCount The number of entries before "listIndex" to be returned. afterCount The number of entries after "listIndex" to be returned. 3.1.7 getContext public String getContext() Returns the cookie used by some servers to optimize the processing of virtual list requests. 3.1.8 setContext public void setContext( String context ) Expires October 2001 [Page 8] JAVA LDAP CONTROLS April 2001 Sets the cookie used by some servers to optimize the processing of virtual list requests. It should be the context field returned in a virtual list response control for the same search. 3.2 public class LDAPVirtualListResponse extends LDAPControl LDAPVirtualListResponse is a Server Control returned by the server in response to a virtual list search request. 3.2.1 getContentCount public int getContentCount () Returns the size of the virtual search results list 3.2.2 getFirstPosition public int getFirstPosition () Returns the index of the first entry returned 3.2.3 getResultCode public int getResultCode () Returns the result code for the virtual list request 3.2.4 getContext public String getContext() Returns the cookie used by some servers to optimize the processing of virtual list requests. 3.3 public class LDAPSortControl extends LDAPControl LDAPSortControl is a Server Control to specify how search results are to be sorted by the server (see [5]). If a server does not support sorting in general or for a particular query, the results will be returned unsorted, along with a control indicating why they were not sorted (or that sort controls are not supported). If the control was marked "critical", the whole search operation will fail if the sort control is not supported. Expires October 2001 [Page 9] JAVA LDAP CONTROLS April 2001 3.3.1 Constructors public LDAPSortControl( LDAPSortKey key, boolean critical) Constructs a sort control with a single key. public LDAPSortControl( LDAPSortKey[] keys, boolean critical) Constructs a sort control with multiple sort keys. Parameters are: key A sort key object, which specifies attribute, order, and optional matching rule. See 4.1 keys An array of sort key objects, to be processed in order. critical True if the search operation is to fail if the server does not support this control. 3.4 public class LDAPSortResponse extends LDAPControl LDAPSortResponse is returned by a server in response to a search request with a sort control. 3.4.1 getFailedAttribute public String getFailedAttribute() If not null, this returns the attribute that caused the sort operation to fail. 3.4.2 getResultCode public int getResultCode () Returns the result code from the sort, as defined in [1], section 4.1.10. 3.5 public class LDAPPersistSearchControl extends LDAPControl The LDAPPersistSearchControl class is used to start a persistent search, one that doesn't end after returning any initial results, but Expires October 2001 [Page 10] JAVA LDAP CONTROLS April 2001 continues to monitor changes in a designated part of a Directory, reporting the results as changes are made. The protocol elements are defined in [4]. 3.5.1 Constructors public LDAPPersistSearchControl(int changeTypes, boolean changesOnly, boolean returnControls, boolean isCritical) Parameters are: changeTypes The change types to be monitored as a logical OR of any or all of these types: ADD, DELETE, MODIFY, and/or MODDN. changesOnly true if the initial search is to be skipped. returnControls true if entry change controls are to be returned with the search results. isCritical true if the search is to be abandoned if the server doesn't support this control. 3.5.2 getChangeTypes public int getChangeTypes() Returns the change types to be monitored as a logical OR of any or all of these types: ADD, DELETE, MODIFY, and/or MODDN. 3.5.3 getReturnControls public boolean getReturnControls() Returns true if entry change controls are to be returned with the search results. 3.5.4 setChangeTypes public void setChangeTypes(int types) Sets change types to be monitored. Parameters are: types The change types to be monitored as a logical OR of any or all of these types: ADD, DELETE, MODIFY, and/or MODDN. Expires October 2001 [Page 11] JAVA LDAP CONTROLS April 2001 3.5.5 setChangesOnly public void setChangesOnly(boolean changesOnly) Requests that only changes be returned - skip the initial search. Parameters are: changesOnly true to skip the initial search. 3.5.6 setReturnControls public void setReturnControls(boolean returnControls) Requests that entry change controls are returned with the search results. Parameters are: returnControls true to return entry change controls. 3.6 public class LDAPEntryChangeControl extends LDAPControl An LDAPEntryChangeControl object may be returned by a server when an entry changes, during a persistent search. 3.6.1 getChangeNumber public int getChangeNumber () Returns record number of the change in the server's change log. 3.6.2 getChangeType public int getChangeType() Returns one of these types: ADD, DELETE, MODIFY, and/or MODDN. 3.6.3 getPreviousDN public String getPreviousDN () Returns the previous DN of the entry, if it was renamed. 3.7 public class LDAPProxiedAuthControl extends LDAPControl Expires October 2001 [Page 12] JAVA LDAP CONTROLS April 2001 The LDAPProxiedAuthControl class is used to request that the operation it accompanies be executed using an identity specified in the control. The protocol elements are defined in [7]. 3.7.1 Constructors public LDAPProxiedAuthControl ( String dn, boolean isCritical) Parameters are: dn The identity to execute as. isCritical true if the search is to be abandoned if the server doesn't support this control. 3.8 public class LDAPAuthRequestControl extends LDAPControl An LDAPAuthRequestControl object may be included with a bind request to indicate that the server should return an authentication response control with the final bind response if it succeeds. The protocol elements are defined in [8]. 3.8.1 Constructors public LDAPAuthRequestControl () 3.9 public class LDAPAuthResponse extends LDAPControl An LDAPAuthResponse object is returned by a server on a successful bind if an authentication request control was provided on the bind request, and if the server supports the controls. 3.9.1 getAuthorizedIdentity public String getAuthorizedIdentity () Returns the identity resulting from the bind, if successful. It returns null for anonymous authentication. 3.10 public class LDAPDuplicateEntryControl extends LDAPControl LDAPDuplicateEntryControl can be used with an LDAP search by a client to request that the server return separate entries for each value held in the specified attribute. For example if a user has Expires October 2001 [Page 13] JAVA LDAP CONTROLS April 2001 multiple telephoneNumber values in an entry, each telephoneNumber is returned as a separate result. The protocol elements are defined in [9]. 3.10.1 Constructors public LDAPDuplicateEntryControl( String[] attrs, boolean partialOK ) Constructs a duplicate entry control using the specified attribute list. Parameters are: attrs Specifies an array of attributes. partialOK true if the server is allowed to apply the control to a subset of search results. 3.11 public class LDAPDuplicateEntryResponse extends LDAPControl LDAPDuplicateEntryResponse is a server control that is returned by the LDAP server with the searchResultDone message in response to a duplicate entry control request. It includes a resultcode, optional error message and optional name of first attribute to be matched. 3.11.1 getResultCode public int getResultCode() Returns the result code from the sort, as defined in [9], section 4.2.2. 3.11.2 getErrorMessage public String getErrorMessage() Returns the error string returned by the LDAP server if an error occured when processing this control. 3.11.3 getFailedAttribute public String getFailedAttribute() If an error occurs, the LDAP server may return the name of the first attribute that was included in the duplicate entry control request. This method is used to retrieve this attribute name if an error result code was returned. Expires October 2001 [Page 14] JAVA LDAP CONTROLS April 2001 4. Java LDAP Control helper classes 4.1 public class LDAPSortKey Encapsulates parameters for sorting search results. 4.1.1 Constructors public LDAPSortKey( String keyDescription ) Constructs a new LDAPSortKey object using a, possibly complex, sorting specification. public LDAPSortKey( String key, boolean reverse) Constructs a new LDAPSortKey object using an attribute name and a sort order. public LDAPSortKey( String key, boolean reverse, String matchRule) Constructs a new LDAPSortKey object using an attribute name, a sort order, and a matching rule. Parameters are: keyDescription A single attribute specification to sort by. If prefixed with "-", reverse order sorting is requested. A matching rule OID may be appended following ":". Examples: "cn" "-cn" "-cn:1.2.3.4.5" key An attribute name, e.g. "cn". reverse True to sort in reverse collation order. matchRule The object ID (OID) of a matching rule used for collation. If the object will be used to request server-side sorting of search results, it should be the OID of a matching rule known to be supported by that server. Expires October 2001 [Page 15] JAVA LDAP CONTROLS April 2001 4.1.2 getKey public String getKey() Returns the attribute to be used for collation. 4.1.3 getReverse public boolean getReverse() Returns true if the sort key specifies reverse-order sorting. 4.1.4 getMatchRule public String getMatchRule() Returns the OID to be used as matching rule, or null if none is to be used. 5. Security Considerations See [2] for security considerations in the java LDAP API. 6. Bibliography [1] M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access Protocol (v3)", RFC 2251, December 1997. [2] R. Weltman, C. Tomlinson, M. Kekic, S. Sonntag, J. Sermersheim, T. Howes, M. Smith, "The Java LDAP Application Program Interface", Internet Draft draft-ietf-ldapext-ldap-java-api- 13.txt, February 2001. [3] H. Alvestrans, "Tags for the Identification of Languages", RFC 1766, March 1995. [4] M. Smith, T. Howes, G. Good, R. Weltman, "Persistent Search: A Simple LDAP Change Notification Mechanism", Internet Draft draft-ietf-ldapext-psearch-03.txt, November 2000. [5] A. Anantha, T. Howes, M. Wahl, "LDAP Control Extension for Server Side Sorting of Search Results, RFC 2891, August 2000. [6] D. Boreham, A. Anantha, J. Sermersheim, M. Armijo, "LDAP Control Extension for Virtual List View Browsing of Search Results", Internet draft-ietf-ldapext-ldapv3-vlv-04.txt, April 2000. Expires October 2001 [Page 16] JAVA LDAP CONTROLS April 2001 [7] R. Weltman, T. Howes, "LDAP Proxied Authorization Control", Internet Draft draft-weltman-ldapv3-proxy-06.txt, November 2000. [8] R. Weltman, M. Smith, M. Wahl, "LDAP Authentication Response Control", Internet Draft draft-weltman-ldapv3-auth-response- 03.txt, November 2000. [9] J. Sermersheim, "LDAP Control for a Duplicate Entry Representation of Search Results" Internet Draft draft-ietf- ldapext-ldapv3-dupent-06.txt October 2000 7. Authors' Addresses Rob Weltman Coscend Corp. 3290 West Bayshore Road Palo Alto, CA 94303 USA +1 650 461 1708 robw@coscend.com Javed Khan Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA jkhan@novell.com Expires October 2001 [Page 17] JAVA LDAP CONTROLS April 2001 8. Appendix A - Sample usage of the java LDAP controls Doing a search with results sorted on the server import org.ietf.ldap.*; import org.ietf.ldap.controls.*; import java.util.*; public class SearchJensenSorted { public static void main( String[] args ) { try { LDAPConnection ld = new LDAPConnection(); /* Connect to server */ String MY_HOST = "localhost"; int MY_PORT = 389; ld.connect( MY_HOST, MY_PORT ); /* search for all entries with surname of Jensen */ String MY_FILTER = "sn=Jensen"; String MY_SEARCHBASE = "o=Ace Industry, c=US"; /* Get the common name, uid, and telephone number */ String[] attrs = new String[3]; attrs[0] = "cn"; attrs[1] = "telephonenumber"; attrs[2] = "uid"; /* Sort by lastname, firstname */ LDAPSortKey[] keys = new LDAPSortKey[2]; keys[0] = new LDAPSortKey( "sn" ); keys[1] = new LDAPSortKey( "givenname" ); LDAPSortControl sort = new LDAPSortControl( keys, true ); LDAPSearchConstraints cons = ld.getSearchConstraints(); cons.setServerControls( ld.SERVERCONTROLS, sort ); LDAPSearchResults res = ld.search( MY_SEARCHBASE, LDAPConnection.SCOPE_ONE, MY_FILTER, attrs, false, cons ); /* Loop on results until finished */ while ( res.hasMoreElements() ) { /* Next directory entry */ LDAPEntry findEntry = (LDAPEntry)res.nextElement(); System.out.println( findEntry.getDN() ); /* Get the attributes of the entry */ Expires October 2001 [Page 18] JAVA LDAP CONTROLS April 2001 LDAPAttributeSet findAttrs = findEntry.getAttributeSet(); Enumeration enumAttrs = findAttrs.getAttributes(); System.out.println( "Attributes: " ); /* Loop on attributes */ while ( enumAttrs.hasMoreElements() ) { LDAPAttribute anAttr = (LDAPAttribute)enumAttrs.nextElement(); String attrName = anAttr.getName(); System.out.println( "" + attrName ); /* Loop on values for this attribute */ Enumeration enumVals = anAttr.getStringValues(); while ( enumVals.hasMoreElements() ) { String aVal = ( String )enumVals.nextElement(); System.out.println( "" + aVal ); } } } /* Check if the server had something to say about the sort request */ LDAPControl[] controls = ld.getResponseControls(); if ( controls != null ) { for( int i = 0; i < controls.length; i++ ) { if ( controls[i] instanceof LDAPSortResponse ) { String bad = ((LDAPSortResponse)controls[i]). getFailedAttribute(); int res = ((LDAPSortResponse)controls[i]). getResultCode(); if ( res != 0 ) { System.out.println( "Error code: " + res ); if ( bad != null ) { System.out.println( "Offending " + "attribute: " + bad ); } else { System.out.println( "No offending " + "attribute " + "returned" ); } } break; } } } catch( LDAPException e ) { System.out.println( e.toString() ); } Expires October 2001 [Page 19] JAVA LDAP CONTROLS April 2001 /* Done, so disconnect */ if ( ld.isConnected() ) ld.disconnect(); } } Expires October 2001 [Page 20] JAVA LDAP CONTROLS April 2001 Using virtual list controls - an application using JFC import org.ietf.ldap.*; import org.ietf.ldap.controls.*; // Call this to initialize the list box, whenever the search // conditions change. // "filter" may be "objectclass=person", for example void initListBox( String host, int port, String base, String filter ) { // Create list box if not already done if ( _dataList == null ) { _dataList = new JList(); JScrollPane scrollPane = new JScrollPane(_dataList); add( scrollPane ); } // Create a virtual data model vlistModel model = new vlistModel( host, port, base, filter ); // Keep a buffer of one page before and one after model.setPageSize( getScrollVisibleSize() ); _dataList.setModel( model ); } // Data model to supply buffer list data class vlistModel extends AbstractListModel { vlistModel( String host, int port, String base, String filter ) { _base = base; _filter = filter; // Connect to the server try { _ldc = new LDAPConnection(); System.out.println( "Connecting to " + host + ":" + port ); _ldc.connect( host, port ); } catch ( LDAPException e ) { System.out.println( e ); _ldc = null; } } // Called by JList to get virtual list size public int getSize() { if ( !_initialized ) { _initialized = true; _pageControls = new LDAPControl[2]; // Paged results also require a sort control _pageControls[0] = new LDAPSortControl( new LDAPSortKey("cn"), true ); // Do an initial search to get the virtual list size // Keep one page before and one page after the start Expires October 2001 [Page 21] JAVA LDAP CONTROLS April 2001 _beforeCount = _pageSize; _afterCount = _pageSize; // Create the initial paged results control LDAPVirtualListControl cont = new LDAPVirtualListControl( "A", _beforeCount, _afterCount ); _pageControls[1] = cont; _vlc = (LDAPVirtualListControl)_pageControls[1]; getPage( 0 ); } return _size; } // Get a page starting at first (although we may also fetch // some preceding entries) boolean getPage( int first ) { vlc.setRange( first, _beforeCount, _afterCount ); return getPage(); } boolean getEntries() { // Specify necessary controls for vlv if ( _pageControls != null ) { try { LDAPSearchConstraints cons = ldc.getSearchConstraints(); cons.setServerControls( ldc.SERVERCONTROLS, pageControls ); } catch ( LDAPException e ) { System.out.println( e + ", setting vlv control" ); } } // Empty the buffer _entries.removeAllElements(); // Do a search try { String[] attrs = { "cn" }; LDAPSearchResults result = _ldc.search( base, LDAPConnection.SCOPE_SUB, filter, attrs, false, cons ); while ( result.hasMoreElements() ) { LDAPEntry entry = (LDAPEntry)result.nextElement(); LDAPAttribute attr = entry.getAttribute( attrs[0] ); if ( attr != null ) { Enumeration en = attr.getStringValues(); while( en.hasMoreElements() ) { String name = (String)en.nextElement(); _entries.addElement( name ); } Expires October 2001 [Page 22] JAVA LDAP CONTROLS April 2001 } } } catch ( LDAPException e ) { System.out.println( e + ", searching" ); return false; } return true; } // Fetch a buffer boolean getPage() { // Get the actual entries if ( !getEntries() ) return false; // Check if we have a control returned LDAPControl[] c = _ldc.getResponseControls(); LDAPVirtualListResponse nextCont = null; if ( c != null ) { for( int i = 0; i < c.length; i++ ) { if ( c[i] instanceof LDAPVirtualListResponse ) { nextCont = (LDAPVirtualListResponse)c[i]; break; } } } if ( nextCont != null ) { _selectedIndex = nextCont.getFirstPosition() - 1; _top = Math.max( 0, _selectedIndex - _beforeCount ); // Now we know the total size of the virtual list box _size = nextCont.getContentCount(); _vlc.setListSize( _size ); } else { System.out.println( "Null response control" ); } return true; } // Called by JList to fetch data to paint a single list item public Object getElementAt(int index) { if ( (index < _top) || (index >= _top + _entries.size()) ) { getPage( index ); } int offset = index - _top; if ( (offset < 0) || (offset >= _entries.size()) ) return new String( "No entry at " + index ); else return _entries.elementAt( offset ); } // Called by application to find out the virutal selected index public int getSelectedIndex() { return _selectedIndex; } // Called by application to find out the top of the buffer public int getFirstIndex() { Expires October 2001 [Page 23] JAVA LDAP CONTROLS April 2001 return _top; } public void setPageSize( int size ) { _pageSize = size; } Vector _entries = new Vector(); protected boolean _initialized = false; private int _top = 0; protected int _beforeCount; protected int _afterCount; private int _pageSize = 10; private int _selectedIndex = 0; protected LDAPControl[] _pageControls = null; protected LDAPVirtualListControl _vlc = null; protected int _size = -1; private String _base; private String _filter; private LDAPConnection _ldc; } Expires October 2001 [Page 24] JAVA LDAP CONTROLS April 2001 Starting a persistent search import org.ietf.ldap.*; import org.ietf.ldap.controls.*; import java.util.*; public class PersistSearch implements Runnable{ public PersistSearch() { } public static void main(String[] argv) { Thread th = new Thread(new PersistSearch(), "conn"); th.start(); System.out.println("Main thread, waiting for " + "some action" ); } public static void printResults(String str, LDAPSearchResults myResults) { LDAPEntry myEntry = null; /* hasMoreElements() will block until there is a change on the server satisfying our search conditions. When it returns, we can see what has changed. The loop is then repeated, and hasMoreElements() will block again until there are additional changes on the server. */ while ( myResults.hasMoreElements() ) { /* A new Richard has appeared, let's get his attributes */ System.out.println("**** " + str + "****"); try { myEntry = myResults.next(); } catch (LDAPReferralException e) { /* Or was it a referral? */ LDAPUrl[] urls = e.getURLs(); System.out.println("Referral received:" ); for( int i = 0; i < urls.length; i++ ) System.out.println(" " + urls[i].getUrl() ); } String nextDN = myEntry.getDN(); System.out.println( nextDN ); LDAPAttributeSet entryAttrs = myEntry.getAttributeSet(); Enumeration attrsInSet = entryAttrs.getAttributes(); while ( attrsInSet.hasMoreElements() ) { LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement(); String attrName = nextAttr.getName(); System.out.println( "\t" + attrName + ":" ); Enumeration valsInAttr = nextAttr.getStringValues(); while ( valsInAttr.hasMoreElements() ) { Expires October 2001 [Page 25] JAVA LDAP CONTROLS April 2001 String nextValue = (String)valsInAttr.nextElement(); System.out.println( "\t\t" + nextValue ); } } System.out.println(""); } } public void run() { /* Connect to standard port on local host */ String hostname = "localhost"; int portnum = 389; /* We want to be notified when any Richard is added to any part of the directory under "o=Airius.com". We're not interested in any Richards already there. We also don't care for any return change controls. We only want to do this search if the server supports persistent search, so set isCritical to true. When a Richard is added, we want to know his email address. */ String filter = "givenname=Richard"; String searchbase = "o=Airius.com"; int scope = LDAPConnection.SCOPE_SUB; String[] attrs = {"mail"}; int op = LDAPPersistSearchControl.ADD; boolean changesOnly = true; boolean returnControls = false; boolean isCritical = true; try { /* Connect */ LDAPConnection ld = new LDAPConnection(); ld.connect(hostname, portnum); LDAPSearchConstraints cons = ld.getSearchConstraints(); cons.setBatchSize(1); LDAPPersistSearchControl control = new LDAPPersistSearchControl( op, changesOnly, returnControls, isCritical ); cons.setServerControls( control ); /* The call to search will return almost immediately */ LDAPSearchResults res = ld.search( searchbase, scope, filter, attrs, false, cons ); printResults("Persistent Search ", res); } catch (Exception e) { Expires October 2001 [Page 26] JAVA LDAP CONTROLS April 2001 System.out.println(e.toString()); } } } 9. Appendix B - Changes from draft-ietf-rweltman-ldap-java-controls- 06.txt LDAPSortResponse and LDAPSortControl Added the response control to represent a server's response to a sort control. Previously the LDAPSortControl was returned as a response control as well. LDAPAuthRequestControl, LDAPAuthResponse, LDAPDuplicateEntryControl, LDAPDuplicateEntryResponse Added these controls. 10. Appendix C - Changes from draft-ietf-rweltman-ldap-java-controls- 05.txt LDAPSortKey Defined this control, since it is no longer defined in [2]. 11. Appendix D - Changes from draft-ietf-rweltman-ldap-java-controls- 03.txt LDAPEntryChangeControl, LDAPProxiedAuthControl Added these controls. LDAPVirtualListControl Added constructors that take a context argument, and getContext() and setContext(). LDAPVirtualListResponse Removed parseResponse(). Added getContext(). LDAPSortControl Expires October 2001 [Page 27] JAVA LDAP CONTROLS April 2001 Removed parseResponse(). Added getFailedAttribute() and getResultCode(). Appendix Updated examples for changed LDAPVirtualResponse and LDAPSortControl API. Expires October 2001 [Page 28]