Welcome to Tony Dahbura's LDAP resource page


This page contains various links to help people interested in interacting with LDAP directory services via java and sometimes other languages.  I spend quite a bit of time connecting folks doing internet development into how to do things with LDAP.  This is a compilation of some of the areas I find useful.  I also have written a book on the subject with a colleague of mine.  If you want a book on how to program and do things with LDAP utilizing the java language check the Books and Resources section below.

While I fully support the JNDI model for accessing LDAP, I feel that many times there functions and such that you wish to perform programmatically that are hard if not impossible to implement utilizing the JNDI layer.  JNDI provides a standardized API layer agnostic of the service provider underneath.  One could argue that it does all it needs to, but I have also heard the same argument about using ODBC vs native Oracle drivers.  Sometimes as a programmer you just need to get into the system and do something without an abstraction layer.  Given this most of my LDAP programming is through the use of the Iplanet java SDK for LDAP.  This is a very clean SDK and provides a native java library to work with ANY ldap server.  The API is available in source or compiled form and is in the Mozilla public domain.  You can download this great API at http://developer.iplanet.com. For the latest version check the Mozilla site at http://www.mozilla.org/directory or see further down on this page!


My other work (beyond my day job!)
I created a native java/ldap implementation of a realm module for the tomcat server.  This module supports many production level needs that people have been requesting for sometime.  It provides all the support that the current JNDI realm modules provides with the additional services of:
Connection pooling - the main entry point is not synchronized because we utilize ldap connection pooling.
SSL connection support (via JSSE) - you can utilize a ssl tunnel to talk ldaps to your server.
User Authentication - supports validating user credentials by actually binding to the server versus comparing the password
Role support - supports role membership at the user record level as well as listing users in a role entry
Optimized reads - when possible authentication and role membership only require one read from the directory vs many
I am trying to get the module added to the base tomcat builds so if you like it let the tomcat group know!

LDAP Realm Module for Tomcat Version 1.4

With the introduction of the jdk/sdk version 1.4 from Sun, Sun has included the SSL libraries in the base jdk. With the addition of these libraries to the SDK, they made some changes to the names of handlers. As a result of this you will need to download the correct ldaprealm file and associated pieces based on which JDK you will be using with Tomcat. Please select from a link below and it will take you to the appropriate page for the jdk you are using with the code available.

Using JDK version 1.3 or lower

Using JDK version 1.4 or higher

Using JDK version 1.5 with Tomcat 5.x

LDAPRealm Module Change History


Books and Resources

Java SDK for LDAP (main site with source code and latest builds as well as C and Perl)

Understanding and Deploying LDAP Directory Services (Definitive text on LDAP-not much on Java though)

LDAP Programming with Java (lots of examples and sample code to cut and paste)

Implementing LDAP (covers accessing LDAP from other languages as well)

Mark Wilcox's LDAP site (author of Implementing LDAP)

OpenLDAP (reference open source implementation)

Iplanet LDAP server (fast and commercially supported implementation)