Referrals

 


Creating and Updating Referrals


Note: The following discussion assumes that the LDAP server supports referrals as described in draft-ietf-ldapext-namedref-00.txt. If the server does not support referrals in this way, then the examples in this section won't work.

 

 

Representation in the Directory

A referral is represented in the LDAP directory as an object of class "referral". It contains a "ref" attribute, which is a multivalued attribute that contains one or more URLs. Each URL represents equivalent alternatives for following the referral. See draft-ietf-ldapext-namedref-00.txt for the schema definition of the "referral" object class and the "ref" attribute.

 

 

Disabling Following Referrals

You must ensure that the LDAP server will return referral entries as plain LDAP entries. You can do this by setting the Context.REFERRAL environment property to "ignore" or by unsetting it. "ignore" is the default if the property is not set. This is required if you are updating or deleting referrals and is optional if you are simply creating them. However, it is good practice to do this so that all programs that manage referrals are consistent.

 

 

Creating a Referral

You create a referral entry like you do any other type of entry: by using DirContext.bind() or DirContext.createSubcontext() and by supplying the appropriate attributes. The referral entry must have as one of its object classes "referral", and it must have a "ref" attribute that has at least one URL string.

Here's an example that creates a referral called "cn=NewReferral" that points to the "cn=J. Duke, ou=NewHires, o=JNDIDocs" entry on another server.

// The object classes
Attribute objclass = new BasicAttribute("objectclass");
objclass.add("top");
objclass.add("referral");
objclass.add("extensibleObject"); // So that you can use cn as name

// The referral itself
Attribute ref = new BasicAttribute("ref",
    "ldap://localhost:389/cn=J. Duke, ou=NewHires, o=JNDIDocs");

// The name
Attribute cn = new BasicAttribute("cn", "NewReferral");

// Create the attributes to be associated with the new context
Attributes attrs = new BasicAttributes(true); // Case-ignore
attrs.put(objclass);
attrs.put(ref);
attrs.put(cn);

// Create the context
Context result = ctx.createSubcontext("cn=NewReferral", attrs);

You can use the CheckReferral.java sample program to examine the referral entry's attributes. If you run it without command line arguments, then it displays the referral entry itself. If you run it with a command line argument, then it displays the referred entry's attributes.

# java CheckReferral
ref: ldap://localhost:389/cn=J. Duke, ou=NewHires, o=JNDIDocs 
objectclass: top, referral, extensibleObject 
cn: NewReferral

# java CheckReferral follow
sn: Duke 
objectclass: top, person, organizationalPerson, inetOrgPerson
mail: newbie@JNDIDocs.com 
cn: J. Duke

 

 

Updating a Referral

You update a referral entry like any other type of entry, by using DirContext.modifyAttributes(). Here's an example that changes the referral's URL to "ldap://localhost:389/cn=C. User, ou=NewHires, o=JNDIDocs".
// Set up new referral attribute
Attributes attrs = new BasicAttributes("ref",
    "ldap://localhost:389/cn=C. User, ou=NewHires, o=JNDIDocs", 
    true); // Case-ignore

// Update the "ref" attribute
ctx.modifyAttributes(
    "cn=NewReferral", DirContext.REPLACE_ATTRIBUTE, attrs);

After running this program, if you reexamine the entry by using CheckReferral, then you will see the following.

# java CheckReferral
ref: ldap://localhost:389/cn=C. User, ou=NewHires, o=JNDIDocs 
objectclass: top, referral, extensibleObject 
cn: NewReferral

# java CheckReferral follow
sn: User 
objectclass: top, person, organizationalPerson, inetOrgPerson 
mail: cuser@JNDIDocs.com 
userpassword: [B@1dacd887 
cn: C. User

 

 

Deleting a Referral

You delete a referral entry like any other type of entry, by using Context.unbind() or Context.destroySubcontext(). Here's an example that removes the referral entry "cn=NewReferral".
// Remove the entry
ctx.destroySubcontext("cn=NewReferral");

Referrals: End of Lesson

What's next? Now you can:

  • Continue on to the next lesson in this trail for tips on accessing the schema.
  • Go to the Frequently Asked Questions lesson to read about questions that LDAP users have when using the JNDI.