Which is your best, Apache or UnboundID?

What is your most favorite library to use when you want to write something to do with LDAP servers in Java language? LDAP Java library – Stack Overflow lists four choices: JNDI (Java Naming and Directory Interface), Spring LDAP, Apache Directory LDAP API, and UnboundID LDAP SDK. I have got interested in Apache and UnboundID.

Why not JNDI or Spring LDAP?

As a beginner to Java programming, I have been ignorant about any other choices than JNDI until recently, though I have felt a little uncomfortable about using it. JNDI requires me to do something with legacy interfaces and classes such as Enumeration and Hashtable. The bind and unbind methods of Context interface and of its subinterfaces, e.g. DirContext and LdapContext, are not meant to do LDAP’s Bind or Unbind operations. Actually, JNDI is an API for naming and directory functionality. It does not mean that JNDI focuses on LDAP only.

As for Spring LDAP, I have no chance to use Spring Framework so far. I may or may not start learning it in the future when necessary or required.

Now, I briefly tried a very basic connection and disconnection by using Apache Directory LDAP API (version 1.0.0-M20) and UnboundID LDAP SDK for Java (version 2.3.5) at this time. The runtime environment is Oracle’s JDK 7u51.

Connect and Disconnect by Apache

By creating an instance of LdapConnection instance and calling connect method, you can try to connect to LDAP servers as follows.

        LdapConnection conn
            = new LdapNetworkConnection("192.168.1.1", 389);
        
        try {
            conn.connect();
            
            // ... Do something
            
        } catch (LdapException e) {
            // ...
        }

A simple Bind operation can be done by calling bind method. If you call it before opening a connection, this method also opens a connection before doing Bind operation.

        LdapConnection conn
            = new LdapNetworkConnection("192.168.1.1", 389);
        
        try {
            // conn.connect();
            conn.bind("cn=Manager,dc=localdomain", "secret");
            
            // ... Do something
            
        } catch (LdapException e) {
            // ...
        }

Anyways, to create an instance of LdapConnection itself does not mean to open a connection to the target LDAP servers.

One of the official documents, 2.1 – Connection and disconnection — Apache Directory, tells that you have to close the connection by calling close method. But I would rather recommend you to call unBind method, whether you have done Bind operation before or not. That is because close method does not gracefully close the connection and because unBind method politely sends an Unbind request to the server so that the connection can be gracefully closed. (However, you may still have to call close method after calling unBind method…)

        LdapConnection conn
            = new LdapNetworkConnection("192.168.1.1", 389);
        
        try {
            // conn.connect();
            conn.bind("cn=Manager,dc=localdomain", "secret");
            
            // ... Do something
            
        } catch (LdapException e) {
            // ...
        } finally {
            if (conn.isConnected()) {
                try {
                    conn.unBind();
                } catch (LdapException e) {
                    // ...
                }
            }
            try {
                conn.close();
            } catch (IOException e) {
                // ...
            }
        }

One thing that can make your code a little less readable is that unBind method may throw an LdapException and that close method may throw an IOException. In both cases, you have to catch or throw them to the caller of your code.

Connect and Disconnect by UnboundID

By creating an instance of LDAPConnection instance, you can try to connect to LDAP servers. If necessary, you can also call bind method to do Bind operation. And finally you only need to call close method when you want to close the connection.

        LDAPConnection conn = null;
        
        try {
            conn = new LDAPConnection("192.168.1.1", 389);
            conn.bind("cn=Manager,dc=localdomain", "secret");
            
            // ... Do something
            
        } catch (LDAPException e) {
            // ...
        } finally {
            if (conn != null && conn.isConnected()) {
                conn.close();
            }
        }

You do not need to call connect method if you pass the needful information to a constructor of LDAPConnection in advance. In the above code, the constructor creates an instance and then tries to connect to the target LDAP server.

You also do not need to wonder whether to call unBind or close method. Actually, LDAPConnection class does not have unBind (or unbind) method. Instead, close method alone politely sends an Unbind request to the server so that the connection can be gracefully closed. In addition, close method throws no exception that you have to wonder whether to catch or throw to the caller of your code.

How simple and concise it is.

First Impression

The differences between Apache and UnboundID might look very subtle, but I have a feeling that I am going to prefer UnboundID LDAP SDK over Apache Directory LDAP API. That is the first impression at this time.

Advertisements

About tt4cs

I am a post-sale service engineer working in Tokyo for a Singapore-based software development company, which provides authentication and access management solutions for global and regional financial institutions in Asia-Pacific region.
This entry was posted in Java, LDAP and tagged , . Bookmark the permalink.

One Response to Which is your best, Apache or UnboundID?

  1. Hi,

    I have been facing issues with Apache LDAP api at lease on the logout as it waits indefinitely.

    I am not sure if i should rewrite all my service code and move it to uboundID. Can you please suggest if it makes a lot of sense to move over to unboundID. We are squeezing time and if unbind will work mostly i am fine with using Apache.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s