8. Querying Oak LDAP from Java

The instructions in this section assume that you have configured your system according to Common Client Configuration.

8.1. Using JNDI

Example JAAS configuration:

OakGSSAPI {
    com.sun.security.auth.module.Krb5LoginModule required 
        keyTab="conf/keytab"
        useKeyTab=true
        doNotPrompt=true
        principal="webauth/HOSTNAME@OX.AC.UK"
        debug=TRUE;
};
Example Java VM Invocation Arguments:
java -Djava.security.auth.login.config=conf/jaas.conf -Djava.security.krb5.conf=/etc/krb5.conf
Example code for querying Oak LDAP:
import java.security.PrivilegedAction;
import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;


public class LdapGssapi {

    /**
     * @param args
     */
    public static void main(String[] args) {

        try {

            LoginContext lc = new LoginContext("OakGSSAPI");
            lc.login();

            Subject.doAs(lc.getSubject(), new PrivilegedAction() {

                public Object run() {

                    // Set up environment for creating initial context
                    Hashtable env = new Hashtable(3);

                    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

                    // Must use fully qualified hostname
                    env.put(Context.PROVIDER_URL, "ldaps://ldap.oak.ox.ac.uk");

                    // Request the use of the "GSSAPI" SASL mechanism
                    // Authenticate by using already established Kerberos credentials
                    env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");

                    try {
                        /* Create initial context */
                        DirContext ctx = new InitialDirContext(env);

                        NamingEnumeration units = ctx.list("ou=units,dc=oak,dc=ox,dc=ac,dc=uk");

                        while(units.hasMore()) {
                            System.out.println(units.next());
                        }

                        // Close the context when we're done
                        ctx.close();
                    } catch (NamingException e) {
                        System.err.println("LDAP exception: " + e.getMessage());
                    }


                    return null;

                }

            });

        } catch (LoginException e) {
            System.err.println("Login exception: " + e.getMessage());
        }

    }

}

The following references may be useful

When using GSSAPI or LDAP over SSL pooling has to be done manually.

8.2. Using JLDAP

JLDAP doesn't support GSSAPI. Since GSSAPI is currently the only authentication mechanism supported by the Oak LDAP service, it's not currently possible to use JLDAP with Oak LDAP.

Up: Contents Previous: 7. Querying Oak LDAP from Python Next: 9. Querying Oak LDAP from Ruby