开发者

Adobe Air - Read information from LDAP server

开发者 https://www.devze.com 2022-12-28 04:44 出处:网络
I have an AIR application and would like to connect to an LDAP server to obtain some information for a particular user.

I have an AIR application and would like to connect to an LDAP server to obtain some information for a particular user.

The url is something like ldap://ldapservername:389/

I would like to pass the 开发者_如何学编程userid/Name as the parameter and hope to retrieve the Full Name, Email address etc.

Can you please provide suggestions regarding implementing this? A Windows specific solution is also fine with me.


Adobe AIR does not have built-in support for LDAP. All online examples go through a server for LDAP integration.

Sample: Performing an LDAP query for role resolution http://www.adobe.com/devnet/livecycle/articles/perform_ldap_resolution.html

Short of using a server, you're limited to two options, neither of which is good.

  1. Completely re-implement the LDAP protocol in AIR. I think this is feasible, but is a huge undertaking. With Alchemy you theoretically could recompile an existing C library to work with AIR, but I don't know how well that will work for this particular use-case. Plus it's a research project, not production ready.

  2. Embed a native application. With AIR 2.0 you can include a native application written in C or .NET or whatever and launch it to perform your LDAP calls. The only way to communicate with this other process is through stdin/stdout so it's not easy to transfer complex/typed data, but it's feasible.

AIR is not suited for all applications. If all of your application's requirements can be fulfilled within AIR's API, then it's great. But if you need to do something not directly supported by AIR and don't have a server component, you're better off not using AIR.


You will probably need to do the usual LDAP stuff. Either start with the full DN of the user (uncommon) or search for it.

Bind to the LDAP directory as a proxy user, or as an anonymous bind. Query for ATTR=VALUE where ATTR is something you define as the unique value in the directory. Traditionally this is uid in LDAP servers. For Active Directory probably would be better to search for ATTR of sAMAccountName. Keep this as a setup parameter for the admin, since it will make it easier on different LDAP backend servers.

It might be mail, and the login value the user would enter is their email address. Depends on the use case. But leave it configurable to be flexible.

Then the search should return one value, with a full DN, then you want to bind as that user with the full DN and the provided password. I like the approach of binding as the user, instead of comparing the password, since then you increment any Last Login attributes, or the like, making it easier to detect account inactivity from the directory administrators perspective.

0

精彩评论

暂无评论...
验证码 换一张
取 消