Spring LDAP – LDAP Programming in Java Made Simple

The Java Naming and Directory Interface (JNDI) is for LDAP programming what Java Database Connectivity (JDBC) is for SQL programming. There are several similarities between JDBC and JNDI/LDAP (Java LDAP). Despite being two completely different APIs with different pros and cons, they share a number of less flattering characteristics:

  • They require extensive plumbing code, even to perform the simplest of tasks.
  • All resources need to be correctly closed, no matter what happens.
  • Exception handling is difficult.

The above points often lead to massive code duplication in common usages of the
APIs. As we all know, code duplication is one of the worst code smells. All in all, it
boils down to this: JDBC and LDAP programming in Java are both incredibly dull
and repetitive.
Spring JDBC, a part of the Spring framework, provides excellent utilities for sim-
plifying SQL programming. We need a similar framework for Java LDAP program-

The Traditional Way

Consider, for example, a method that should search some storage for all persons and
return their names in a list. Using JDBC, we would create a connection and execute
a query using a statement. We would then loop over the result set and retrieve the
column we want, adding it to a list. By contrast, using Java LDAP, we would create a
context and perform a search using a search filter. We would then loop over the re-
sulting naming enumeration and retrieve the attribute we want, adding it to a list.
The traditional way of implementing this person name search method in Java
LDAP is this:

The method above produces a list containing the cn (common name) attribute of
the person objects found in the database. It is important to always close the naming
enumeration and the context. The same procedural manner of programming needs
to be used whether you want to search, create, update or delete data. It’s easy to see
how this leads to massive code duplication.

Introducing Spring LDAP

The above made us realize the need for help, which is why we created the Spring
LDAP project. It’s a library for simpler LDAP programming in Java, built on the
same principles as Spring JDBC. It was recently included as a Spring Framework
sub project.
Spring LDAP completely eliminates the need to worry about creating and closing
DirContext and looping through NamingEnumeration. It also provides a more
comprehensive unchecked exception hierarchy, built on Spring’s DataAccessEx-
. As a bonus, it also contains classes for dynamically building LDAP filters
and distinguished names. An LDAP filter corresponds somewhat to the WHERE
clause in a SQL SELECT statement. A distinguished name (dn) can be seen as a
handle or the path to a specific object in the LDAP database. If the dn is available,
an object can be looked up directly, rather than having to be searched for.
This article will present the core features of Spring LDAP and demonstrate how
LDAP programming really can be made simple.

Searches using AttributesMapper

In this example, we will use an AttributesMapper to easily build a list of all common
names of all person objects. This is exactly what we did in the earlier example using
the traditional way.

The inline implementation of AttributesMapper just gets the desired attribute
value from the Attributes and returns it. Internally, Spring LDAP iterates over
all entries found, calling the given AttributesMapper for each entry, and collects
the results in a list. The list is then returned by the search method.
Note that the AttributesMapper implementation could easily be modified to
return a full Person object:

Dynamically Building Distinguished Names

The standard Name interface represents a generic name, which is basically an or-
dered sequence of components. The Name interface also provides operations on that
sequence; e.g., add or remove. Spring LDAP provides an implementation of the
Name interface: DistinguishedName. Using this class greatly simplifies building
distinguished names, especially considering the sometimes complex rules regarding
escapings and encodings. The following example illustrates how Distinguished-
can be used to dynamically construct a distinguished name:
public static final String BASE_DN = ”dc=jayway, dc=se”;

Assuming that a Person has the following attributes:

  • country: Sweden
  • company: Some Company
  • fullname: Some Person
    then the result of the code above would be the following dn: cn=Some
    Person, ou=Some Company, c=Sweden, dc=jayway, dc=se

Managing Attributes Using the DirContextAdapter

As demonstrated above, values in LDAP are managed using Attributes. Working
with Attributes is as dull and verbose as the rest of the standard LDAP API. This
is why the Spring LDAP library provides the DirContextAdapter.
Whenever a context is found in the LDAP tree, Spring LDAP will use its At-
to construct a DirContextAdapter. This enables us to use a Con-
instead of an AttributesMapper to transform found values:

While useful in searches and lookups, the DirContextAdapter is especially use-
ful when creating and updating data, which will be described below.

Binding Data

Inserting data in Java LDAP is called binding. In order to do that, a distinguished
name that uniquely identifies the new entry is required. The following example
shows how data is bound using Spring LDAP:

Unbinding Data

Removing data in Java LDAP is called unbinding. A distinguished name (dn) is re-
quired to identify the entry, just as in the binding operation. The following example
shows how data is unbound using Spring LDAP:
public class PersonDaoImpl implements PersonDao {


We have seen how Spring LDAP can provide substantial improvements compared
to code using JNDI directly. There is no longer any need for creating contexts manu-
ally or looping through naming enumerations. Nor is there any risk of forgetting to
close any of those.
By now it should be clear that the Spring LDAP library will be of great help for
any Java project that communicates with LDAP. Further information is available on
the Spring LDAP home page, including a full reference manual, API documenta-
tion, and links for downloading the library.

Mattias Arthursson and Ulrik Sandberg


Spring LDAP home page
Sun’s JNDI pages:

Originally published in JayView.

Leave a Reply

Close Menu