[OpenAM] Embedded data store and LDAP querying

Major Péter majorpetya at sch.bme.hu
Wed Dec 8 14:27:07 GMT 2010


Hi,

in the DataStore settings, you had to set up, what your naming attribute 
is, the pattern will try to match that attribute, so if your naming 
attribute is uid, and the pattern is "alice", then the resulted filter 
will be (uid=alice).
You can set more filters in IdSearchControl AFAIK.

Regards,
Peter

2010-12-07 15:15 keltezéssel, Alex Lu írta:
> Hi Peter,
>
> I have looked into the AMIdentityRepository class and find the
>
> *searchIdentities*
> <../../../../com/sun/identity/idm/AMIdentityRepository.html#searchIdentities(com.sun.identity.idm.IdType,
> java.lang.String, com.sun.identity.idm.IdSearchControl)>(IdType
> <../../../../com/sun/identity/idm/IdType.html>type, String
> <http://java.sun.com/j2se/1.5.0/docs/api/java/lang/String.html>pattern,
> IdSearchControl
> <../../../../com/sun/identity/idm/IdSearchControl.html>ctrl)
>
> method. I am not sure whether the "pattern" refers to a RegExp that
> matches any attribute's value of an identity/subject. Would you please
> clarify this?
>
> Kind regards,
> Alex
>
>
>  > Date: Tue, 7 Dec 2010 14:37:50 +0100
>  > From: majorpetya at sch.bme.hu
>  > To: openam at forgerock.org
>  > Subject: Re: [OpenAM] Embedded data store and LDAP querying
>  >
>  > Hi,
>  >
>  > The datastore API is an abstraction layer above the datastores. This
>  > means, that you can transparently access configured datastores (LDAP or
>  > JDBC it doesn't matter).
>  >
>  > I haven't find doc about it with a quick look, but reading
>  > AMIdentityRepository and AMIdentity classes should be helpful for you.
>  > It's part of the ClientSDK, yes.
>  >
>  > Regards,
>  > Peter
>  >
>  > 2010-12-07 14:24 keltezéssel, Alex Lu írta:
>  > >
>  > > Hi Peter,
>  > >
>  > > Thanks for the fast response.
>  > >
>  > > Could you specify a bit more details about using the data store API?
>  > >
>  > > Are you meaning that using the data store API can totally manage all
>  > > subjects stored in OpenAM's data store, without touching LDAP API?
>  > >
>  > > Any guidelines and code snippets for using the data store API for
>  > > reference? Is it in the client SDK or somewhere else?
>  > >
>  > > Thanks!
>  > >
>  > >
>  > > > Date: Tue, 7 Dec 2010 13:32:50 +0100
>  > > > From: majorpetya at sch.bme.hu
>  > > > To: openam at forgerock.org
>  > > > Subject: Re: [OpenAM] Embedded data store and LDAP querying
>  > > >
>  > > > Hi,
>  > > >
>  > > > see comments inline:
>  > > >
>  > > > 2010-12-07 13:22 keltezéssel, Alex Lu írta:
>  > > > > 1) Is there a way to access the embedded OpenDS LDAP using LDAP
>  > > JAVA API?
>  > > >
>  > > > sure, but the embedded datastore also contains the configuration,
> so you
>  > > > have to be very careful there :)
>  > > > Also, you could use OpenAM's DataStore API (AMIdentityRepository &
>  > > > friends) for managing subjects of configured datastores
>  > > >
>  > > > > 2) What parameters (e.g. IP address, admin username, password,
> etc.)
>  > > > > must be included in the code?
>  > > >
>  > > > ip address: same as the OpenAM instance
>  > > > username: cn=Directory Manager
>  > > > password: <password of amAdmin>
>  > > > port: the LDAP port, that you've setted during installation
>  > > >
>  > > > > 3) And, how can I enumerate all users created by OpenAM? I use the
>  > > > > OpenAM default root suffix.
>  > > >
>  > > > you can execute a search with LDAP API & DataStore API
>  > > >
>  > > > > 4) Could you recommend a good LDAP JAVA API?
>  > > >
>  > > > Personally I'm using SpringLDAP for this kind of stuff, it's not that
>  > > > hard to get along with it. Although I've seen that the OpenDJ-SDK is
>  > > > also a great stuff for these kind of things. With that you can create
>  > > > pretty readable codes, but it's not that well documented (YET! :) )
>  > > >
>  > > > Regards,
>  > > > Peter



More information about the OpenAM mailing list