tessl/maven-com-unboundid--unboundid-ldapsdk
Comprehensive Java LDAP SDK providing full LDAPv3 protocol support, connection pooling, schema handling, and persistence framework for LDAP directory operations.
—
Pending
schema.mddocs/
Schema Management
Complete LDAP schema representation, validation, and manipulation capabilities for attribute types, object classes, matching rules, and schema-based entry validation.
Capabilities
Schema Retrieval and Representation
Schema
Complete LDAP schema representation containing all schema elements.
/**
* Complete LDAP schema representation
*/
public class Schema implements Serializable {
// Schema retrieval
public static Schema getSchema(LDAPInterface connection) throws LDAPException;
public static Schema getSchema(LDAPInterface connection, String subschemaSubentryDN) throws LDAPException;
public static Schema parseSchemaEntry(Entry schemaEntry) throws LDAPException;
// Schema elements access
public Set<AttributeTypeDefinition> getAttributeTypes();
public AttributeTypeDefinition getAttributeType(String name);
public AttributeTypeDefinition getAttributeType(String name, boolean includeSubordinateTypes);
public Set<ObjectClassDefinition> getObjectClasses();
public ObjectClassDefinition getObjectClass(String name);
public Set<AttributeSyntaxDefinition> getAttributeSyntaxes();
public AttributeSyntaxDefinition getAttributeSyntax(String oid);
public Set<MatchingRuleDefinition> getMatchingRules();
public MatchingRuleDefinition getMatchingRule(String nameOrOID);
public Set<MatchingRuleUseDefinition> getMatchingRuleUses();
public MatchingRuleUseDefinition getMatchingRuleUse(String nameOrOID);
public Set<DITContentRuleDefinition> getDITContentRules();
public DITContentRuleDefinition getDITContentRule(String nameOrOID);
public Set<DITStructureRuleDefinition> getDITStructureRules();
public DITStructureRuleDefinition getDITStructureRule(int ruleID);
public DITStructureRuleDefinition getDITStructureRule(String nameOrOID);
public Set<NameFormDefinition> getNameForms();
public NameFormDefinition getNameForm(String nameOrOID);
// Schema validation
public EntryValidator getEntryValidator();
public EntryValidator getEntryValidator(boolean checkAttributeSyntax, boolean checkMissingRequiredAttributes, boolean checkSingleValuedAttributes, boolean checkNameFormCompliance, boolean checkDITContentRuleCompliance);
// Schema operations
public String getSchemaEntry(boolean includeBaseDNAndScope);
public Entry getSchemaEntryAsEntry();
public Schema mergeSchema(Schema schema);
}Attribute Type Definitions
AttributeTypeDefinition
Definition of LDAP attribute types with syntax, matching rules, and constraints.
/**
* Definition of an LDAP attribute type
*/
public class AttributeTypeDefinition implements SchemaElement, Serializable {
// Constructors
public AttributeTypeDefinition(String definition) throws LDAPException;
// Basic properties
public String getOID();
public String[] getNames();
public String getNameOrOID();
public String getDescription();
public boolean isObsolete();
// Type hierarchy
public String getSuperiorType();
public AttributeTypeDefinition getSuperiorType(Schema schema);
public boolean isDescendantOf(AttributeTypeDefinition attributeType, Schema schema);
public boolean isAncestorOf(AttributeTypeDefinition attributeType, Schema schema);
// Syntax and matching
public String getSyntaxOID();
public AttributeSyntaxDefinition getAttributeSyntax(Schema schema);
public String getEqualityMatchingRule();
public MatchingRuleDefinition getEqualityMatchingRule(Schema schema);
public String getOrderingMatchingRule();
public MatchingRuleDefinition getOrderingMatchingRule(Schema schema);
public String getSubstringMatchingRule();
public MatchingRuleDefinition getSubstringMatchingRule(Schema schema);
// Constraints
public boolean isSingleValued();
public boolean isCollective();
public boolean isNoUserModification();
public AttributeUsage getUsage();
// String representation
public String toString();
public String toString(boolean includeFileLocation);
// Extensions
public Map<String, String[]> getExtensions();
public String[] getExtensionValues(String extensionName);
}
/**
* Attribute usage enumeration
*/
public enum AttributeUsage {
USER_APPLICATIONS("userApplications"),
DIRECTORY_OPERATION("directoryOperation"),
DISTRIBUTED_OPERATION("distributedOperation"),
DSA_OPERATION("dSAOperation");
public String getName();
public static AttributeUsage forName(String name);
}Object Class Definitions
ObjectClassDefinition
Definition of LDAP object classes with inheritance and attribute requirements.
/**
* Definition of an LDAP object class
*/
public class ObjectClassDefinition implements SchemaElement, Serializable {
// Constructors
public ObjectClassDefinition(String definition) throws LDAPException;
// Basic properties
public String getOID();
public String[] getNames();
public String getNameOrOID();
public String getDescription();
public boolean isObsolete();
// Class hierarchy
public String[] getSuperiorClasses();
public Set<ObjectClassDefinition> getSuperiorClasses(Schema schema, boolean includeThis);
public ObjectClassType getObjectClassType();
public boolean isDescendantOf(ObjectClassDefinition objectClass, Schema schema);
public boolean isAncestorOf(ObjectClassDefinition objectClass, Schema schema);
// Attribute requirements
public String[] getRequiredAttributes();
public Set<AttributeTypeDefinition> getRequiredAttributes(Schema schema, boolean includeOptional);
public String[] getOptionalAttributes();
public Set<AttributeTypeDefinition> getOptionalAttributes(Schema schema, boolean includeRequired);
public boolean isRequiredAttribute(String attributeName, Schema schema);
public boolean isOptionalAttribute(String attributeName, Schema schema);
public boolean isRequiredOrOptionalAttribute(String attributeName, Schema schema);
// String representation
public String toString();
public String toString(boolean includeFileLocation);
// Extensions
public Map<String, String[]> getExtensions();
public String[] getExtensionValues(String extensionName);
}
/**
* Object class type enumeration
*/
public enum ObjectClassType {
ABSTRACT("ABSTRACT"),
STRUCTURAL("STRUCTURAL"),
AUXILIARY("AUXILIARY");
public String getName();
public static ObjectClassType forName(String name);
}Matching Rules and Syntaxes
MatchingRuleDefinition
Definition of LDAP matching rules for attribute comparison.
/**
* Definition of an LDAP matching rule
*/
public class MatchingRuleDefinition implements SchemaElement, Serializable {
// Constructors
public MatchingRuleDefinition(String definition) throws LDAPException;
// Basic properties
public String getOID();
public String[] getNames();
public String getNameOrOID();
public String getDescription();
public boolean isObsolete();
// Syntax
public String getSyntaxOID();
public AttributeSyntaxDefinition getAttributeSyntax(Schema schema);
// String representation
public String toString();
public String toString(boolean includeFileLocation);
// Extensions
public Map<String, String[]> getExtensions();
public String[] getExtensionValues(String extensionName);
}AttributeSyntaxDefinition
Definition of LDAP attribute syntaxes.
/**
* Definition of an LDAP attribute syntax
*/
public class AttributeSyntaxDefinition implements SchemaElement, Serializable {
// Constructors
public AttributeSyntaxDefinition(String definition) throws LDAPException;
// Basic properties
public String getOID();
public String getDescription();
// String representation
public String toString();
public String toString(boolean includeFileLocation);
// Extensions
public Map<String, String[]> getExtensions();
public String[] getExtensionValues(String extensionName);
}DIT Rules and Name Forms
DITContentRuleDefinition
Definition of DIT content rules for structural object class constraints.
/**
* Definition of a DIT content rule
*/
public class DITContentRuleDefinition implements SchemaElement, Serializable {
// Constructors
public DITContentRuleDefinition(String definition) throws LDAPException;
// Basic properties
public String getOID();
public String[] getNames();
public String getNameOrOID();
public String getDescription();
public boolean isObsolete();
// Structural object class
public String getStructuralClass();
public ObjectClassDefinition getStructuralClass(Schema schema);
// Auxiliary classes
public String[] getAuxiliaryClasses();
public Set<ObjectClassDefinition> getAuxiliaryClasses(Schema schema);
public String[] getProhibitedAuxiliaryClasses();
public Set<ObjectClassDefinition> getProhibitedAuxiliaryClasses(Schema schema);
// Attribute constraints
public String[] getRequiredAttributes();
public Set<AttributeTypeDefinition> getRequiredAttributes(Schema schema);
public String[] getOptionalAttributes();
public Set<AttributeTypeDefinition> getOptionalAttributes(Schema schema);
public String[] getProhibitedAttributes();
public Set<AttributeTypeDefinition> getProhibitedAttributes(Schema schema);
// String representation
public String toString();
// Extensions
public Map<String, String[]> getExtensions();
}DITStructureRuleDefinition
Definition of DIT structure rules for hierarchical constraints.
/**
* Definition of a DIT structure rule
*/
public class DITStructureRuleDefinition implements SchemaElement, Serializable {
// Constructors
public DITStructureRuleDefinition(String definition) throws LDAPException;
// Basic properties
public int getRuleID();
public String[] getNames();
public String getNameOrOID();
public String getDescription();
public boolean isObsolete();
// Name form and hierarchy
public String getNameFormID();
public NameFormDefinition getNameForm(Schema schema);
public int[] getSuperiorRuleIDs();
public Set<DITStructureRuleDefinition> getSuperiorRules(Schema schema);
// String representation
public String toString();
// Extensions
public Map<String, String[]> getExtensions();
}NameFormDefinition
Definition of LDAP name forms for RDN constraints.
/**
* Definition of an LDAP name form
*/
public class NameFormDefinition implements SchemaElement, Serializable {
// Constructors
public NameFormDefinition(String definition) throws LDAPException;
// Basic properties
public String getOID();
public String[] getNames();
public String getNameOrOID();
public String getDescription();
public boolean isObsolete();
// Structural object class
public String getStructuralClass();
public ObjectClassDefinition getStructuralClass(Schema schema);
// Required and optional naming attributes
public String[] getRequiredNamingAttributes();
public Set<AttributeTypeDefinition> getRequiredNamingAttributes(Schema schema);
public String[] getOptionalNamingAttributes();
public Set<AttributeTypeDefinition> getOptionalNamingAttributes(Schema schema);
// String representation
public String toString();
// Extensions
public Map<String, String[]> getExtensions();
}Schema Validation
EntryValidator
Comprehensive LDAP entry validation against schema rules.
/**
* Validator for LDAP entries against schema rules
*/
public class EntryValidator {
// Constructors
public EntryValidator(Schema schema);
public EntryValidator(Schema schema, boolean checkAttributeSyntax, boolean checkMissingRequiredAttributes, boolean checkSingleValuedAttributes, boolean checkNameFormCompliance, boolean checkDITContentRuleCompliance);
// Validation methods
public List<String> validateEntry(Entry entry);
public List<String> validateEntry(Entry entry, boolean checkMissingAttributes);
public boolean entryIsValid(Entry entry);
public boolean entryIsValid(Entry entry, List<String> invalidReasons);
// Attribute validation
public List<String> validateAttribute(Attribute attribute, Entry entry);
public boolean attributeIsValid(Attribute attribute, Entry entry);
public boolean attributeIsValid(Attribute attribute, Entry entry, List<String> invalidReasons);
// Configuration access
public Schema getSchema();
public boolean checkAttributeSyntax();
public boolean checkMissingRequiredAttributes();
public boolean checkSingleValuedAttributes();
public boolean checkNameFormCompliance();
public boolean checkDITContentRuleCompliance();
}Schema Modification
Schema Utilities
/**
* Utilities for schema manipulation and comparison
*/
public class SchemaValidator {
public static List<String> getSchemaEntryWarnings(Entry schemaEntry);
public static List<String> validateSchema(Schema schema);
public static List<String> validateSchema(Schema schema, Entry schemaEntry);
}
/**
* Schema comparison utilities
*/
public class SchemaComparator {
public static List<String> getSchemaCompatibilityWarnings(Schema oldSchema, Schema newSchema);
public static boolean schemasAreCompatible(Schema oldSchema, Schema newSchema);
}Usage Examples
Retrieving and Examining Schema
import com.unboundid.ldap.sdk.*;
import com.unboundid.ldap.sdk.schema.*;
LDAPConnection connection = new LDAPConnection("ldap.example.com", 389);
try {
connection.bind("cn=admin,dc=example,dc=com", "password");
// Retrieve schema from the server
Schema schema = Schema.getSchema(connection);
System.out.println("Schema retrieved successfully");
System.out.println("Number of attribute types: " + schema.getAttributeTypes().size());
System.out.println("Number of object classes: " + schema.getObjectClasses().size());
System.out.println("Number of matching rules: " + schema.getMatchingRules().size());
// Examine specific attribute type
AttributeTypeDefinition cnAttrType = schema.getAttributeType("cn");
if (cnAttrType != null) {
System.out.println("\nCommonName (cn) attribute type:");
System.out.println(" OID: " + cnAttrType.getOID());
System.out.println(" Names: " + Arrays.toString(cnAttrType.getNames()));
System.out.println(" Description: " + cnAttrType.getDescription());
System.out.println(" Syntax OID: " + cnAttrType.getSyntaxOID());
System.out.println(" Single-valued: " + cnAttrType.isSingleValued());
System.out.println(" Superior type: " + cnAttrType.getSuperiorType());
System.out.println(" Equality matching rule: " + cnAttrType.getEqualityMatchingRule());
}
// Examine specific object class
ObjectClassDefinition personOC = schema.getObjectClass("person");
if (personOC != null) {
System.out.println("\nPerson object class:");
System.out.println(" OID: " + personOC.getOID());
System.out.println(" Names: " + Arrays.toString(personOC.getNames()));
System.out.println(" Type: " + personOC.getObjectClassType());
System.out.println(" Superior classes: " + Arrays.toString(personOC.getSuperiorClasses()));
System.out.println(" Required attributes: " + Arrays.toString(personOC.getRequiredAttributes()));
System.out.println(" Optional attributes: " + Arrays.toString(personOC.getOptionalAttributes()));
}
} finally {
connection.close();
}Schema-Based Entry Validation
import com.unboundid.ldap.sdk.*;
import com.unboundid.ldap.sdk.schema.*;
LDAPConnection connection = new LDAPConnection("ldap.example.com", 389);
try {
connection.bind("cn=admin,dc=example,dc=com", "password");
// Get schema
Schema schema = Schema.getSchema(connection);
// Create entry validator
EntryValidator validator = schema.getEntryValidator();
// Create test entry
Entry testEntry = new Entry(
"cn=John Doe,ou=people,dc=example,dc=com",
new Attribute("objectClass", "inetOrgPerson"),
new Attribute("cn", "John Doe"),
new Attribute("sn", "Doe"),
new Attribute("givenName", "John"),
new Attribute("mail", "john.doe@example.com"),
new Attribute("telephoneNumber", "+1-555-0123")
);
// Validate entry
List<String> validationErrors = validator.validateEntry(testEntry);
if (validationErrors.isEmpty()) {
System.out.println("Entry is valid according to schema");
} else {
System.out.println("Entry validation errors:");
for (String error : validationErrors) {
System.out.println(" - " + error);
}
}
// Test with invalid entry (missing required attribute)
Entry invalidEntry = new Entry(
"cn=Jane Smith,ou=people,dc=example,dc=com",
new Attribute("objectClass", "inetOrgPerson"),
new Attribute("cn", "Jane Smith")
// Missing required 'sn' attribute
);
validationErrors = validator.validateEntry(invalidEntry);
System.out.println("\nValidation errors for incomplete entry:");
for (String error : validationErrors) {
System.out.println(" - " + error);
}
} finally {
connection.close();
}Working with Attribute Types
import com.unboundid.ldap.sdk.*;
import com.unboundid.ldap.sdk.schema.*;
LDAPConnection connection = new LDAPConnection("ldap.example.com", 389);
try {
connection.bind("cn=admin,dc=example,dc=com", "password");
Schema schema = Schema.getSchema(connection);
// Find all single-valued attributes
System.out.println("Single-valued attribute types:");
for (AttributeTypeDefinition attrType : schema.getAttributeTypes()) {
if (attrType.isSingleValued()) {
System.out.println(" " + attrType.getNameOrOID() + " - " + attrType.getDescription());
}
}
// Find attributes with specific syntax (e.g., telephone numbers)
System.out.println("\nTelephone number attributes:");
for (AttributeTypeDefinition attrType : schema.getAttributeTypes()) {
if ("1.3.6.1.4.1.1466.115.121.1.50".equals(attrType.getSyntaxOID())) {
System.out.println(" " + attrType.getNameOrOID());
}
}
// Examine attribute inheritance hierarchy
AttributeTypeDefinition nameAttr = schema.getAttributeType("name");
if (nameAttr != null) {
System.out.println("\nAttribute type hierarchy for 'name':");
System.out.println(" " + nameAttr.getNameOrOID());
// Find all descendants of 'name'
for (AttributeTypeDefinition attrType : schema.getAttributeTypes()) {
if (attrType.isDescendantOf(nameAttr, schema)) {
System.out.println(" -> " + attrType.getNameOrOID());
}
}
}
} finally {
connection.close();
}Working with Object Classes
import com.unboundid.ldap.sdk.*;
import com.unboundid.ldap.sdk.schema.*;
LDAPConnection connection = new LDAPConnection("ldap.example.com", 389);
try {
connection.bind("cn=admin,dc=example,dc=com", "password");
Schema schema = Schema.getSchema(connection);
// Find all structural object classes
System.out.println("Structural object classes:");
for (ObjectClassDefinition objClass : schema.getObjectClasses()) {
if (objClass.getObjectClassType() == ObjectClassType.STRUCTURAL) {
System.out.println(" " + objClass.getNameOrOID() + " - " + objClass.getDescription());
}
}
// Analyze inetOrgPerson object class
ObjectClassDefinition inetOrgPerson = schema.getObjectClass("inetOrgPerson");
if (inetOrgPerson != null) {
System.out.println("\ninetOrgPerson analysis:");
// Get all required attributes (including inherited)
Set<AttributeTypeDefinition> allRequired = inetOrgPerson.getRequiredAttributes(schema, false);
System.out.println(" All required attributes (" + allRequired.size() + "):");
for (AttributeTypeDefinition attrType : allRequired) {
System.out.println(" - " + attrType.getNameOrOID());
}
// Get all optional attributes (including inherited)
Set<AttributeTypeDefinition> allOptional = inetOrgPerson.getOptionalAttributes(schema, false);
System.out.println(" All optional attributes (" + allOptional.size() + "):");
for (AttributeTypeDefinition attrType : allOptional) {
System.out.println(" - " + attrType.getNameOrOID());
}
// Check class hierarchy
System.out.println(" Superior classes:");
Set<ObjectClassDefinition> superiors = inetOrgPerson.getSuperiorClasses(schema, false);
for (ObjectClassDefinition superior : superiors) {
System.out.println(" - " + superior.getNameOrOID());
}
}
} finally {
connection.close();
}Entry Validation with Custom Rules
import com.unboundid.ldap.sdk.*;
import com.unboundid.ldap.sdk.schema.*;
LDAPConnection connection = new LDAPConnection("ldap.example.com", 389);
try {
connection.bind("cn=admin,dc=example,dc=com", "password");
Schema schema = Schema.getSchema(connection);
// Create validator with specific rules
EntryValidator strictValidator = new EntryValidator(
schema,
true, // Check attribute syntax
true, // Check missing required attributes
true, // Check single-valued attributes
true, // Check name form compliance
true // Check DIT content rule compliance
);
// Create validator that only checks basic requirements
EntryValidator basicValidator = new EntryValidator(
schema,
false, // Don't check attribute syntax
true, // Check missing required attributes
false, // Don't check single-valued attributes
false, // Don't check name form compliance
false // Don't check DIT content rule compliance
);
// Test entry with multiple values for single-valued attribute
Entry testEntry = new Entry(
"cn=Test User,ou=people,dc=example,dc=com",
new Attribute("objectClass", "inetOrgPerson"),
new Attribute("cn", "Test User"),
new Attribute("sn", "User"),
new Attribute("displayName", "Test User", "T. User") // displayName is usually single-valued
);
// Validate with strict validator
List<String> strictErrors = strictValidator.validateEntry(testEntry);
System.out.println("Strict validation errors:");
if (strictErrors.isEmpty()) {
System.out.println(" None");
} else {
for (String error : strictErrors) {
System.out.println(" - " + error);
}
}
// Validate with basic validator
List<String> basicErrors = basicValidator.validateEntry(testEntry);
System.out.println("\nBasic validation errors:");
if (basicErrors.isEmpty()) {
System.out.println(" None");
} else {
for (String error : basicErrors) {
System.out.println(" - " + error);
}
}
} finally {
connection.close();
}Schema Export and Analysis
import com.unboundid.ldap.sdk.*;
import com.unboundid.ldap.sdk.schema.*;
import java.io.*;
LDAPConnection connection = new LDAPConnection("ldap.example.com", 389);
try {
connection.bind("cn=admin,dc=example,dc=com", "password");
Schema schema = Schema.getSchema(connection);
// Export schema to file
Entry schemaEntry = schema.getSchemaEntryAsEntry();
FileWriter writer = new FileWriter("schema-export.ldif");
writer.write(schemaEntry.toLDIFString());
writer.close();
System.out.println("Schema exported to schema-export.ldif");
// Generate schema statistics
System.out.println("\nSchema Statistics:");
System.out.println(" Attribute Types: " + schema.getAttributeTypes().size());
System.out.println(" Object Classes: " + schema.getObjectClasses().size());
System.out.println(" Matching Rules: " + schema.getMatchingRules().size());
System.out.println(" Attribute Syntaxes: " + schema.getAttributeSyntaxes().size());
System.out.println(" DIT Content Rules: " + schema.getDITContentRules().size());
System.out.println(" DIT Structure Rules: " + schema.getDITStructureRules().size());
System.out.println(" Name Forms: " + schema.getNameForms().size());
// Analyze object class types
int structural = 0, auxiliary = 0, abstractClasses = 0;
for (ObjectClassDefinition objClass : schema.getObjectClasses()) {
switch (objClass.getObjectClassType()) {
case STRUCTURAL:
structural++;
break;
case AUXILIARY:
auxiliary++;
break;
case ABSTRACT:
abstractClasses++;
break;
}
}
System.out.println("\nObject Class Types:");
System.out.println(" Structural: " + structural);
System.out.println(" Auxiliary: " + auxiliary);
System.out.println(" Abstract: " + abstractClasses);
// Find most commonly used attribute syntaxes
Map<String, Integer> syntaxCounts = new HashMap<>();
for (AttributeTypeDefinition attrType : schema.getAttributeTypes()) {
String syntaxOID = attrType.getSyntaxOID();
if (syntaxOID != null) {
syntaxCounts.put(syntaxOID, syntaxCounts.getOrDefault(syntaxOID, 0) + 1);
}
}
System.out.println("\nMost common attribute syntaxes:");
syntaxCounts.entrySet().stream()
.sorted(Map.Entry.<String, Integer>comparingByValue().reversed())
.limit(5)
.forEach(entry -> {
AttributeSyntaxDefinition syntax = schema.getAttributeSyntax(entry.getKey());
String description = (syntax != null) ? syntax.getDescription() : "Unknown";
System.out.println(" " + entry.getKey() + " (" + entry.getValue() + " attributes) - " + description);
});
} finally {
connection.close();
}Install with Tessl CLI
npx tessl i tessl/maven-com-unboundid--unboundid-ldapsdk