Erlang Central

How to talk LDAP from Erlang

Revision as of 06:20, 11 June 2007 by TranthamProbst828 (Talk | contribs)




How to talk LDAP from Erlang


LDAP (Lightweight Directory Access Protocol) is described in RFC xxxx. It comprises of not just a protocol but also of an abstract model of the data. Basically, think of the data as being stored in a tree. Each node (or entry) has a name (a Relative Distinguished Name). By concatenating the RDN's, while traversing the tree, you get a path (or name) that uniquely identifies a particular entry (the Distinguished Name, DN). Data is modelled as object classes each class containing a number of mandatory and optional attributes. A particular LDAP entry can be seen as an instance of one (or more) class(es). Example of such an entry can be seen below:

Code listing 1.1: An LDAP entry

dn: uid=tobbe,ou=People,dc=bluetail,dc=com
objectClass: inetOrgPerson
cn: Torbjorn Tornkvist
sn: Tornkvist
uid: tobbe
userPassword: {SSHA}Rj4mgDuKguD1xqLRQ2V6YKEzRajNORA6
telephoneNumber:  46 8 555 55 555
facsimileTelephoneNumber:  46 8 444 44 44

Note the attributes to left, where the dn: at the top holds the unique name of the entry (the DN). As you can see, an entry may contain a (encrypted) password. This makes it possible to use LDAP for authentication of users. Normally it is often possible to search (or lookup) data without having to authenticate (it depends on how the LDAP server is configured). We will look at how we can use the eldap library to communicate with an LDAP server. </p>

In this example I have been using OTP-R10B-3 release and the jerl Jungerl start script. By using the Jungerl start script I automatically get eldap in my path.

Authenticate with eldap

We start by setting up a TCP socket to the LDAP server. The default port (389) will be used if you don't specify another port in the option list as {port,Port}. It is also possible to setup a SSL connection by using the {ssl,true} option (note that you then probably also should use the port 636).

{{CodeSnippet|Code listing 1.2: Authenticating a user|