This chapter is from the book
This chapter is from the book
This chapter is from the book
APIs
The LDAP API has been around since the mid-1990s, so many of the APIs available today have been well developed and used extensively. Following are descriptions of some of the more commonly used LDAP APIs.
C/C++
By far there are more C/C++ LDAP API implementations than any other language. This comes as no surprise since the first LDAP API was written in C at the University of Michigan and was later documented in RFC 1823.
University of Michigan
The LDAP protocol and API were created at the University of Michigan in the early 1990s. Development on the University of Michigan (Umich) LDAP implementation has ceased, but is still commonly referred to in the LDAP community. For more information, see http://www.umich.edu/~dirsvcs/ldap/.
Microsoft
The Microsoft C LDAP API is available in the Platform SDK. It is based on the C-style LDAP API, but has additional extensions defined by Microsoft. Some of these extensions include support for auto-reconnect, ambiguous name resolution (ANR), and extended search filter matching. For more information, see the Platform SDK.
Netscape
The Netscape C LDAP API is also based on the C-style LDAP API and is available on the iPlanet Web site. iPlanet is the joint venture formed between Sun Microsystems, America Online, and Netscape to develop e-commerce products. All former Netscape server products including the Netscape Enterprise Web Server and Netscape Directory Server are now maintained by iPlanet. For more information, see http://www.iplanet.com/downloads/developer/.
OpenLDAP
OpenLDAP is an open-source project geared toward developing commercial-quality LDAP applications and development tools. Since development has ceased on the Umich LDAP distribution, OpenLDAP has taken over as the primary open-source LDAP distribution. The software developed by OpenLDAP includes a server, clients, and libraries written in C that implement the LDAP C API. For more information, see http://www.openldap.org/.
Perl
Currently, there are two "factions" within the Perl LDAP community. On one side are the Mozilla::LDAP modules, which interface with the Netscape C libraries directly, and on the other side is the pure Perl implementation started by Graham Barr called Net::LDAP. For the purposes of this book, all Perl code samples use Net::LDAP. Net::LDAP was chosen because it is actively supported, and does not require an external SDK to be installed, unlike Mozilla::LDAP.
Mozilla::LDAP
The Mozilla::LDAP modules, also known as PerLDAP (not to be confused with the perl-ldap module distribution available for the Net::LDAP modules), was first developed at Netscape in 1998. It was later taken over by Mozilla (http://www.mozilla.org) where it is currently maintained. Clayton Donley's Net::LDAPapi code was initially used and later many enhancements were made, including the addition of an object-oriented interface. The dependency on an external LDAP C SDK is still present just as it was with the deprecated Net::LDAPapi module. For more information, see http://www.mozilla.org/directory/perldap.html.
Net::LDAP
The Net::LDAP effort is currently the most actively maintained set of Perl LDAP modules. Net::LDAP uses some of the C-style API function names, but has an object-oriented interface. Unlike the other Perl LDAP modules, Net::LDAP is the only pure Perl implementation, requiring no external C SDK to be installed. It also provides an interface for LDAP controls, LDIF, schema, and even DSML. For more information, see http://perl-ldap.sourceforge.net/.
Visual Basic
No pure LDAP API is written specifically for Visual Basic, but it is possible to call out to a dynamic-link library (DLL) which implements an LDAP API and use functions available in the DLL. This can easily be done with any of the C LDAP APIs that have been implemented on Windows. Generally, most Visual Basic programmers would use ADSI instead of LDAP for writing directory-enabled applications, especially when programming against Active Directory. More information is provided on ADSI in Chapter 4.
Java
Most of the effort to make Java LDAP aware has unsurprisingly come from Sun.
Sun
The most prevalent Java API for accessing LDAP directories is the Java Naming and Directory Interface (JNDI). JNDI is not LDAP specific, but is meant to work with different directories similar to ADSI. JNDI does not implement the c-style LDAP API, but instead provides an object-oriented interface to LDAP. JNDI does provide access to all the key features available in LDAP v3. For more information, see http://java.sun.com/jndi/.
Netscape
To complement its C API, Netscape implemented a Java API for interfacing with LDAP. They also developed a JNDI service provider for LDAP. For more information, see http://www.mozilla.org/directory/javasdk.html.