Guides

LDAPClient difference wtih ISVA

Suggest Edits

Differences between the LDAP classes and traditional Verify Access LDAP classes

Input argument and return value type differences

1. List type

JS array is used instead of java.util.List.

  • Input argument: use JavaScript array to create the variable.
var attrUtil = new LdapAttributeUtil("ldap");
// getAttributeValue
let attrList = ["objectClass", "description"]
let result = attrUtil.getAttributeValue("ou=newOu", attrList);
// do something
  • Return value: access the return values as JavaScript array
var userLookupHelper = new UserLookupHelper("ldap");
let results = userLookupHelper.search("givenName", "Scott", 5);
if (results != null) {
    for (let i = 0; i < results.length; i++) {
        let result = results[i];
        // Do something...
    }
}

2. Map type

JS object is used instead of java.util.Map

  • Input argument: use JavaScript object to create the variable.
var attrUtil = new LdapAttributeUtil("ldap");
// createSubContext
let attrMap = {"objectClass": ["top", "organizationalUnit"]}
let result = attrUtil.createSubContext("ou=newOu", attrMap);
// do something

3. LdapOperationResult and subtypes

LdapAttributeUtil methods use LdapAttributeResult as the return type instead of using subtype classes of com.ibm.security.access.ldap.LdapOperationResult.

  • Return value: LDAP classes do not have Map type return value

API differences

1. UserLookupHelper vs com.ibm.security.access.user.UserLookupHelper

  • Constructors: UserLookupHelper takes in one argument, which indicate which ldap configuration to use. If it's not specified, the default configuration name ldap will be used.
    Refer to storage configure guide for ldap configuration.
  • Supported methods: Uses same input arguments as com.ibm.security.access.user.UserLookupHelper
    • getUser
    • getUserByNativeId
  • Supported but incompatible methods: The following methods from com.ibm.security.access.user.UserLookupHelper are functionally supported by UserLookupHelper, but incompatible to the original method due to input arguments differences.
    • createUser: The signatures are different.
    • deleteUser: Supports the first argument username only. The removeNativeUser argument is ignored if provided.
    • init: Tests the ldap connection only, does not perform ldap initialization. Returns true if the test connection succeeded, otherwise returns false. Refer to UserLookupHelper Constructors to connect different ldap.
    • isReady: Test the ldap connection. Returns true if the test connection succeeded, otherwise returns false
    • search: Supports the first three arguments searchAttr, attrPattern, and maxReturned only. The pageSize argument is ignored if provided.
  • Unsupported methods: shutdown

2. User compared to com.ibm.security.access.user.User

  • Constructors: Not applicable
  • Supported methods: Uses same input arguments as com.ibm.security.access.user.User.
    Also, refer to Input Argument and Return Value Type Differences for return type differences
    • authenticate
    • getId
    • getNativeId
    • getAttributeNames
    • getAttribute
    • getAttributes
    • getErrMessage
    • attributeExists
  • Unsupported methods:
    • addAttribute
    • addToGroup
    • changePassword
    • clearError
    • getGroups
    • getNativeGroups
    • isAccountDisabled
    • isAccountLocked
    • isAccountValid
    • isCredentialsValid
    • isPasswordCharsValid
    • isPasswordContainsRepeatedChars
    • isPasswordContainsSpaces
    • isPasswordExpiringSoon
    • isPasswordMissingAlphaChars
    • isPasswordMissingNonAlphaChars
    • isPasswordTooShort
    • isPasswordValid
    • isValidTimeOfDayAccess
    • removeAttribute
    • removeFromGroup
    • replaceAttribut
    • setPassword
    • wasAccountJustDisabled
    • wasAccountJustLocked
    • wasOldPasswordValid
  • New methods: User provides these new methods
    • hasError
    • getError

3. LdapAttributeUtil vs com.ibm.security.access.ldap.utils.AttributeUtil

  • Constructors: LdapAttributeUtil takes in one argument, which indicate which ldap configuration to use. If it's not specified, the default configuration name ldap will be used.
    Refer to storage configure guide for ldap configuration.
  • Supported methods: Uses same input arguments as com.ibm.security.access.ldap.utils.AttributeUtil
    • addAttributeValue
    • getAttributeValue
    • removeAttribute
    • search
    • setAttributeValue
  • Supported but incompatible methods: The following methods from com.ibm.security.access.ldap.utils.AttributeUtil are functionally supported by LdapAttributeUtil, but incompatible to the original method due to input arguments differences
    • createSubContext: The type of second argument attributes is JavaScript Object instead of javax.naming.directory.Attributes
    • init: Tests the ldap connection only, it does not perform ldap initialization.
      • Use hasError or isSuccessful on the returned LdapAttributeResult instance to check whether the test connection succeeded.
      • Use getError or getNamingException on the returned LdapAttributeResult instance to retrieve the error details.
        Refer to LdapAttributeUtil Constructors to connect different ldap
  • Unsupported methods:
    • ldapAttributeGetResultToAttributeGetResult

4. LdapAttributeResult compared to com.ibm.security.access.ldap.LdapOperationResult and its subtypes

  • Constructors: Not applicable
  • Supported methods:
    • isSuccessful
    • getNamingException
    • getAttributes
    • getNamingEnumeration
  • Unsupported methods: The following methods from com.ibm.security.access.ldap.LdapOperationResult and its subtypes are NOT supported by LdapAttributeResult
    • getResponseControls
    • toString
    • getCreatedContext
  • New methods: LdapAttributeResult provides these new methods
    • hasError
    • getError

5. Attributes compared to javax.naming.directory.Attributes

  • Constructors: Not to be instantiated by the user
  • Supported methods: Uses same input arguments as javax.naming.directory.Attributes
    • get
    • getIDs
    • getAll
    • isCaseIgnored
    • size
  • Unsupported methods:
    • clone
    • put
    • remove

6. Attribute compared to javax.naming.directory.Attribute

  • Constructors: Not to be instantiated by the user
  • Supported methods: Uses same input arguments as javax.naming.directory.Attribute
    • contains
    • isOrdered
    • size
    • getID
    • get
    • getAll
  • Unsupported methods:
    • clone
    • add
    • clear
    • remove
    • set

7. SearchResult compared to javax.naming.directory.SearchResult

  • Constructors: Not to be instantiated by the user
  • Supported methods: Uses same input arguments as javax.naming.directory.SearchResult
    • getAttributes
    • getName
  • Unsupported methods:
    • setAttributes
    • toString

8. NamingEnumeration compared to javax.naming.NamingEnumeration

  • Constructors: Not to be instantiated by the user
  • Supported methods: Uses same input arguments as javax.naming.NamingEnumeration
    • hasMore
    • next
  • Unsupported methods:
    • close

Updated about 2 years ago