Querying LDAP Server Where LDAP Structure Not Known

Question

I am developing in Java using Spring for my company. We are developing an application that we have a local LDAP server. The LDAP server will be used to fetch information. However, we do not want the user of the application to know the LDAP structure/schema. This is because the customer/user will have their own LDAP server with their own LDAP structure/schema.

For example, the customer/user will fetch information through a user interface by providing the LDAP server details that will be used to conect to the LDAP server. Once connected, they will be able to fetch information by executing a query. Now, they will not know information about the LDAP structure. The code that will be written, will be done by executing the user query. If the query is run, then it will return that information, otherwise it will give an Exception.

The problem that I am facing is that:

When you use Spring LDAP, there is something called AttributesMapper and ContextMapper. In order to use this, I have to pass in a strongly typed object. So for example:

public class EmployeeAttributesMapper implements AttributesMapper {

public EmployeeAttributesMapper() {

}

/**
 * This method maps the Employee Entity to data stored in the LDAP Server through a Attribute.
 * @param attrs the name of the Attribute to get
 * @return the Employee Entity.
 */
public Object mapFromAttributes(Attributes attrs) throws NamingException {
    Employee employee = new Employee();
    employee.setFirstName((String) attrs.get("cn").get());
    return employee;
}
}

The above code when executed depending on the query, will fetch information only about the cn attribute and nothing else. Is there something else that doesn't require an strongly typed object?

I am not sure what to do.

For example, to search for all employees:

public List getAllEmployees() {
    return ldapTemplate.search("", "(objectclass=person)", new EmployeeContextMapper());
}

This will return all the employees but only set the cn attributes. But, on the customer LDAP server they may not have the attribute called cn.

What is the best way to do this? Our code that we write, acts as a proxy between the user interface and the customer LDAP server.

Answer 1

The simplest answer is to abstract the intended use of attributes to the attribute type, which is an OID or an alias. For example, map "Name" to the cn (common name) attribute alias, "First Name" to the givenName attribute, "Last Name" to the sn attribute, and so forth. IETF has many RFCs which describe attributes that have been recommended for use with LDAP directory server databases. inetOrgPerson (RFC2798) is a good example.

If the presentation is separated from the implementation correctly, users need never know that the data comes from an LDAP directory server at all, not to mention what the attribute names are.