XLDAP Servlet



The xldap servlet is a lightweight utility to access LDAP using SQL query language, with query results returned as XML. This is done by wrapping the Novell LDAP JDBC driver within a custom servlet (http://developer.novell.com/ndk/doc_ldapjdbc.htm). The servlet was inspired by Oracle's XSQL Servlet @ http://www.oracle.com/technology/tech/xml/xdk/doc/production10g/doc/java/xsql/xsql_userguide.html - authentication required), and can be used together with this servlet, to mix relational DB queries with eDirectory data.


Just dump the included xldap.war archive in your Tomcat webapps folder and edit web.xml to suite your needs. See the following section for configuration options.


Configuration of the ldap source is done in web.xml, by setting the following init parameters:

server: The hostname of the ldap server, "somehost.mydomain.com".

user: The user account used for accessing ldap, "cn=ldapuser,ou=test,o=mycompany". Leave blank to access only public fields.

password: Password for the ldap account.

baseDN: The root of the ldap tree search, "ou=test,o=mycompany".

allowCleartext: Set to "true" or "false". If true, the ldap connection can fall back to cleartext communication if ssl is unavailable. Please note that the trusted Root CA of the ldap server must be added to the Java cacerts keystore, if ssl communication is to be used. This is done using the keytool utility included with the java runtime.

keytool -import -alias myrootca -keystore $JAVA_HOME/jre/lib/security/cacerts \-file rootca.crt

dateFormat: Sets the formatting of timestamp values, either "jdbc", "ical", "gregorian" or "custom" can be used. If left blank, "jdbc" is used.

timeZone: Since you might not want to have timestamps in UTC (default for eDirectory), you can set a custom java timezone value here. If left blank, or set to an invalid timezone, the OS default is used instead.


The default mapping for the servlet is /*.xml, so any file in the xldap directory with an extension of .xml is assumed to contain a SQL query, readable by the XLDAP servlet. A query in the file "/xldap/QueryLDAP.xml" could look like this:

select cn AS Username, fullName AS Name, accountBalance AS Account_Balance, lastLoginTime AS Login_Time from inetOrgPerson
where cn like {@cn} and cn <> 'user_template'
order by cn

Where the value {@cn} will be substituted by the value of the "cn" request parameter, or '*' if no cn request parameter was given. So the following request
would return an xml document containing information about the user with cn=admin.

<?xml version="1.0" encoding="ISO-8859-1" ?>
    <ROW num="1">
        <Name>John Doe</Name>
        <Login_Time>2004-08-16 11:11:17.0</Login_Time>

Please note that the query file is just a plain text file, not a xml file. The .xml extension is only used to make query results more "digestible" to other applications.


As the servlet does not contain any xml parser, some other means must be used to transform the xml output if needed. This could be the before mentioned XSQL servlet, using the following query file:

<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="mysheet.xsl"?>
<xsql:include-xml xmlns:xsql="urn:oracle-xsql"
href="http://myhost.com:8080/xldap/QueryLDAP.xml?cn={@cn}" bind-params="cn" />

Here, the "QueryLDAP.xml" file is included with the "cn" request variable passed through, and then "mysheet.xsl" stylesheet is applied to the file.


Probably many Most often errors (file not found, no connection) will be returned as proper xml files, but if errors occur while return data is being generated, the result is a garbled xml file. Also, the code for generating timestamps might is a bit messy, feel free to clean it up, the source is included Error messages looks something like this, additional information can be found in the Tomcat logs:

<?xml version="1.0" encoding="ISO-8859-1" ?>
<ROWSET error="TRUE">
        <![CDATA[ java.io.FileNotFoundException: /var/
tomcat/webapps/xldap/QueryLDAP2.xml (No such file or directory)]]>

Additional information about the error can be found in the Tomcat logs.


Feel free to use and modify the servlet as you see fit, no warranties given.
Please note that the included ldapjdbc.jar is under Novell Developer Kit License Agreement, included in xldap/WEB-INF/lib/license.txt.


Comment List