Accessing user repositories

You can use various types of repositories, such as LDAP directories, relational databases, and flat files with either JEE or custom security. You can use EGL single-sign on to access different repositories to authenticate to the application, proxy, and Web services. For single-sign on to succeed, the user id and password that the end user enters in the login screen must exist in each of the various repositories.

The most popular type of repository is a Lightweight Directory Access Protocol (LDAP) directory, which is a specialized database that is optimized for read access and that organizes its data in a tree structure. Before you access an LDAP directory for JEE authentication, configure the application server to connect to the LDAP directory server. For Apache Tomcat, specify this information in the \conf\server.xml file.

You can also use EGL code that is generated into Java™ and running on a server to access an LDAP directory. To use EGL code to access an LDAP directory, define either an EGL REST or SOAP service. The service can use EGL external types that map to JNDI LDAP Java classes to access an LDAP directory. Here is an example of EGL code that establishes a connection to an LDAP directory server:
// External types needed to access an LDAP directory server.
externalType ControlArray type  JavaObject
         { JavaName = "Control[]", PackageName = "javax.naming.ldap" }
end

externalType InitialDirContext type JavaObject
         { JavaName = "InitialDirContext", 
         PackageName = "javax.naming.directory" }
   function modifyAttributes( name String in, 
              mods ModificationItemArray in );
end

externalType InitialLdapContext extends InitialDirContext type JavaObject
         { JavaName = "InitialLdapContext", 
         PackageName = "javax.naming.ldap" }
   constructor( environment Hashtable in, connCtls ControlArray in );
end

externalType ModificationItemArray extends Object type JavaObject
         { JavaName = "ModificationItem[]", 
         PackageName = "javax.naming.directory" }
end

   // Instantiate a hashtable for binding criteria.
   // Hashtable is already defined within EGL.
   hashtable Hashtable = new Hashtable();

   // Properties can be found at
   // http://java.sun.com/j2se/1.4.2/docs/guide/jndi/jndi-ldap.html.

   // Set JNDI environment properties. 
   // userid and password are passed in as strings.
   hashtable.put( "java.naming.factory.initial", 
            "com.sun.jndi.ldap.LdapCtxFactory" );
   hashtable.put( "java.naming.provider.url", 
            "ldap://localhost:389/o=sample" );
   hashtable.put( "java.naming.security.principal",
            "uid=" + userid + ",ou=people,o=sample");
   hashtable.put( "java.naming.security.credentials", password );
   hashtable.put( "java.naming.security.authentication", "simple" );
   hashtable.put( "java.naming.referral", "follow" );
   hashtable.put( "java.naming.security.protocol", null );

   // Set LDAP-specific properties.
   hashtable.put( "java.naming.ldap.version", "3" );

   // Connect to the LDAP directory server.
   ctx InitialLdapContext = new InitialLdapContext( hashtable, null );
   if ( ctx != null )
      // Retrieve data
      ...
   end

For more sample EGL code, including code that retrieves and modifies data in an LDAP directory, see "EGL LDAP Access" or "J2EE Security with EGL LDAP Access" in the help system.


Feedback