Network Working Group                                         Rob Weltman
INTERNET-DRAFT                              Netscape Communications Corp.
                                                       September 26, 1997


                           Java LDAP Controls
               draft-ietf-asid-ldap-java-controls-00.txt


Status of this Memo

This document is an Internet-Draft.  Internet-Drafts are working docu-
ments of the Internet Engineering Task Force (IETF), its areas, and its
working groups.  Note that other groups may also distribute working
documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.''

To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow
Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe),
ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).

Abstract

This document defines support for the Preferred Language Control, the
Server Sorting Control, and the Virtual List Control in the java LDAP
API.  Controls are an LDAP protocol version 3 extension, to allow pass-
ing arbitrary control information along with a standard request to a
server, and to receive arbitrary information back with a standard
result.


1.  Introduction

Version 3 of the LDAP protocol provides a means of supplying arbitrary
additional information along with a request to an LDAP server, and
receiving arbitrary additional response information. A few applications
of the Control mechanism have been identified as having general
interest, and the protocol defined for their transmission [5] and [6].
This document defines how support for the Preferred Language Control,
the Server Sorting Control, and the Virtual List Control are supported
in the java LDAP API. The java LDAP API in general is described in [2].
The Control protocol extension is described in [1], section 4.1.12, and
applications of it in [5] and [6].



Expires 3/98                                                    [Page 1]


JAVA LDAP CONTROLS                                        September 1997


2.  Overview of the LDAP Control classes

LDAPControl is part of a basic LDAP class package. Specific
applications/implementations of Controls are in a subpackage called
"controls".

The base class LDAPControl is defined in [2] as:

   public class LDAPControl implements Cloneable

   An LDAPControl encapsulates optional additional parameters or con-
   straints to be applied to LDAP operations. If set as a Server Con-
   trol, it is sent to the server along with operation requests. If set
   as a Client Control, it is not sent to the server, but rather inter-
   preted locally by the client. LDAPControl is an LDAPv3 extension, and
   is not supported in an LDAPv2 environment.

   Constructors

      public LDAPControl(String id,
                         boolean critical,
                         byte vals[])

      Parameters are:

      id              The type of the Control, as a string.

      critical        True if the LDAP operation should be discarded if
                      the server does not support this Control.

      vals            Control-specific data.

   getID

      public String getID()

      Returns the identifier of the control.

   isCritical

      public boolean isCritical()

      Returns true if the control must be supported for an associated
      operation to be executed.

   getValue

      public byte[] getValue()



Expires 3/98                                                    [Page 2]


JAVA LDAP CONTROLS                                        September 1997


      Returns the control-specific data of the object.


The following Controls are defined for the controls subpackage:


LDAPLanguageControl   Is used to set a preferred language for results
                      from the server.


LDAPVirtualListControlEncapsulates requests for a subset of a virtual
                      list of search results, and the response of a
                      server to such a request.


LDAPSortControl       Encapsulates a requested sorting order for search
                      results returned by a server, and the server's
                      response to the request.


3.  The java LDAP Control classes


3.1.  public class LDAPLanguageControl extends LDAPControl

The LDAPLanguageControl class represents control data for setting a pre-
ferred language for results returned by a Directory Server.


3.1.1.  Constructors

   public LDAPLanguageControl(String lang)

   Constructs a new LDAPLanguageControl object using a a string specifi-
   cation of language and optionally also country and a variant.



   public LDAPLanguageControl(Locale locale)

   Constructs a new LDAPLanguageControl object using a Locale object to
   select language.

   Parameters are:

   lang            A string of the form "en" or "ja-JP-kanji". The syn-
                   tax is defined in [3] and [4]. The first two charac-
                   ters are a language specification (as defined in ISO



Expires 3/98                                                    [Page 3]


JAVA LDAP CONTROLS                                        September 1997


                   639); they may be followed by a dash and a two char-
                   acter country specification (as defined in ISO 3166);
                   the latter may be followed by a dash and a language
                   variant.  Examples:
                      "lang-en"
                      "lang-en-us"
                      "lang-ja-JP-kanji"

   locale          A Locale object to be used to define the preferred
                   language. A control for the default locale language
                   may be created with
                      LDAPLanguageControl lc = new LDAPLanguageControl(
                      Locale.getDefault() );


3.1.2.  public class LDAPVirtualListControl extends LDAPControl

LDAPVirtualListControl is a Server Control to specify that results from
a search are to be returned in pages, subsets of the entire virtual
result set. On success, an updated LDAPVirtualList object is returned as
a response Control, containing information on the virtual list size and
the actual first index. This object can then be updated by the client
with a new requested position or length and sent to the server to obtain
a different segment of the virtual list.


3.1.2.1.  Constructors

   public LDAPVirtualListControl( String subFilter,
                                  int beforeCount,
                                  int afterCount )

   Constructs a virtual list control using the specified filter expres-
   sion, which defines the extent of the virtual search results, and the
   number of entries before and after a located index to be returned.

   Parameters are:

   subFilter       A search expression that defines the extent of the
                   virtual search results. The filter expression in the
                   search operation itself may be, for example,
                   "objectclass=person" and the subFilter expression in
                   the virtual list control may be "cn=m*", to retrieve
                   a subset of entries starting at or centered around
                   those with a common name beginning with the letter
                   "M".

   beforeCount     The number of entries before "listIndex" to be



Expires 3/98                                                    [Page 4]


JAVA LDAP CONTROLS                                        September 1997


                   returned.

   afterCount      The number of entries after "listIndex" to be
                   returned.


3.1.2.2.  getAfterCount

   public int getAfterCount()

   Returns the number of entries after the top/center one to return per
   page of results.


3.1.2.3.  getBeforeCount

   public int getBeforeCount()

   Returns the number of entries before the top/center one to return per
   page of results.


3.1.2.4.  getListSize

   public int getListSize()

   Returns the size of the virtual search results list. For a newly con-
   structed control - one which is not the result of parseResponse on a
   control returned by a server - the method returns -1.


3.1.2.5.  setRange

   public void setRange( int listIndex,
                         int beforeCount,
                         int afterCount )

   Sets the center or starting list index to return, and the number of
   results before and after.

   Parameters are:

   listIndex       The center or starting list index to be returned.

   beforeCount     The number of entries before "listIndex" to be
                   returned.

   afterCount      The number of entries after "listIndex" to be



Expires 3/98                                                    [Page 5]


JAVA LDAP CONTROLS                                        September 1997


                   returned.


3.1.2.6.  parseResult

   public LDAPVirtualListControl parseResponse()

   public static LDAPVirtualListControl parseResponse(
                                         LDAPControl[] controls )

   When applied to a virtual list control returned by a server, par-
   seResponse returns a new virtual list control which can be used for
   subsequent searches using the same substringFilter. The second form
   processes a list of controls, one of which may or may not be an LDAP-
   VirtualListControl. The input is typically provided with the
   LDAPConnection.getResponseControls method.

   Parameters are:

   controls        An array of  controls. It may be null.


3.1.3.  public class LDAPSortControl extends LDAPControl

LDAPSortControl is a Server Control to specify how search results are to
be sorted by the server (see [5]). If a server does not support sorting
in general or for a particular query, the results will be returned
unsorted, along with a control indicating why they were not sorted (or
that sort controls are not supported). If the control was marked "criti-
cal", the whole search operation will fail if the sort control is not
supported.


3.1.3.1.  Constructors

   public LDAPSortControl( LDAPSortKey key, boolean critical)

   Constructs a sort control with a single key.



   public LDAPSortControl( LDAPSortKey[] keys, boolean critical)

   Constructs a sort control with multiple sort keys.

   Parameters are:

   key             A sort key object, which specifies attribute, order,



Expires 3/98                                                    [Page 6]


JAVA LDAP CONTROLS                                        September 1997


                   and optional matching rule.

   keys            An array of sort key objects, to be processed in
                   order.

   critical        True if the search operation is to fail if the server
                   does not support this control.


   3.1.3.2.  parseResponse

   public static String parseResponse( LDAPControl[] controls,
                                       int results[] )

   Processes an array of Server Controls to determine if sorting was
   rejected, and if so, why. If sorting was rejected, the return value
   is the attribute name which caused sorting to fail. results[0] con-
   tains the result code on return. The result code is one defined in
   [1], section 4.1.10.

   Parameters are:


   controls        An array of Server Controls, typically obtained with
                   LDAPConnection.getResponseControls(). It may be null,
                   which is equivalent to no error.


4.  Security Considerations

See [2] for security considerations in the java LDAP API.




















Expires 3/98                                                    [Page 7]


JAVA LDAP CONTROLS                                        September 1997


5.  Bibliography

[1]  M. Wahl, T. Howes, S. Kille, "Lightweight Directory Access Protocol
     (v3)", Internet Draft draft-ietf-asid-ldapv3-protocol-06.txt, July
     1997.

[2]  R. Weltman, T. Howes, M. Smith, "The Java LDAP Application Program
     Interface", Internet Draft draft-ietf-asid-ldap-java-api-01.txt,
     September 1997.

[3]  H. Alvestrans, "Tags for the Identification of Languages", Request
     for Comments 1766, March 1995.

[4]  M. Wahl, T. Howes, "Use of Language Codes in LDAPv3", Internet
     Draft draft-ietf-asid-ldapv3-lang-02.txt, June 1997.

[5]  A. Herron, T. Howes, M. Wahl, "LDAP Control Extension for Server
     Side Sorting of Search Results", Internet Draft draft-ietf-asid-
     ldapv3-sorting-00.txt, April 1997.

[6]  D. Boreham, "LDAP Control Extension for Virtual List View Browsing
     of Search Results", Internet Draft draft-ietf-asid-ldapv3-
     virtuallistview-01.txt, October 1997.

[7]  C. Weider, A Herron, T. Howes, "LDAP Control Extension for Simple
     Paged Results Manipulation", Internet Draft draft-ietf-asid-
     ldapv3-simple-paged-01.txt, March 1997.

6.  Author's Address

   Rob Weltman
   Netscape Communications Corp.
   501 E. Middlefield Rd.
   Mountain View, CA 94043
   USA
   +1 650 937-3301
   rweltman@netscape.com


7.  Appendix A - Sample usage of the java LDAP controls

   Doing a search with results sorted on the server

   import netscape.ldap.*;
   import netscape.ldap.controls.*;
   import java.util.*;

   public class SearchJensenSorted {



Expires 3/98                                                    [Page 8]


JAVA LDAP CONTROLS                                        September 1997


       public static void main( String[] args )
       {
           try {
               LDAPConnection ld = new LDAPConnection();
               /* Connect to server */
               String MY_HOST = "localhost";
               int MY_PORT = 389;
               ld.connect( MY_HOST, MY_PORT );

               /* search for all entries with surname of Jensen */
               String MY_FILTER = "sn=Jensen";
               String MY_SEARCHBASE = "o=Ace Industry, c=US";

               /* Get the common name, uid, and telephone number */
               String[] attrs = new String[3];
               attrs[0] = "cn";
               attrs[1] = "telephonenumber";
               attrs[2] = "uid";

               /* Sort by lastname, firstname */
               LDAPSortKey[] keys = new LDAPSortKey[2];
               keys[0] = new LDAPSortKey( "sn" );
               keys[1] = new LDAPSortKey( "givenname" );
               LDAPSortControl sort = new LDAPSortControl( keys, true );
               ld.setOption( LDAPConnection.SERVERCONTROLS, sort );

               LDAPSearchResults res = ld.search( MY_SEARCHBASE,
                                                  LDAPConnection.SCOPE_ONE,
                                                  MY_FILTER,
                                                  attrs,
                                                  false );

               /* Loop on results until finished */
               while ( res.hasMoreElements() ) {

                   /* Next directory entry */
                   LDAPEntry findEntry = (LDAPEntry)res.nextElement();
                   System.out.println( findEntry.getDN() );

                   /* Get the attributes of the entry */
                   LDAPAttributeSet findAttrs = findEntry.getAttributeSet();
                   Enumeration enumAttrs = findAttrs.getAttributes();
                   System.out.println( "Attributes: " );

                   /* Loop on attributes */
                   while ( enumAttrs.hasMoreElements() ) {
                       LDAPAttribute anAttr =
                           (LDAPAttribute)enumAttrs.nextElement();



Expires 3/98                                                    [Page 9]


JAVA LDAP CONTROLS                                        September 1997


                       String attrName = anAttr.getName();
                       System.out.println( "" + attrName );
                       /* Loop on values for this attribute */
                       Enumeration enumVals = anAttr.getStringValues();
                       while ( enumVals.hasMoreElements() ) {
                           String aVal = ( String )enumVals.nextElement();
                           System.out.println( "" + aVal );
                       }
                   }
               }

               /* Check if the server had something to say about the
                  sort request */
               LDAPControl[] controls = ld.getResponseControls();
               if ( controls != null ) {
                   int[] results = new int[1];
                   String bad = LDAPSortControl.parseResponse( controls,
                                                               results );
                   if ( results[0] != 0 ) {
                       System.out.println( "Error code: " + results[0] );
                       if ( bad != null )
                           System.out.println( "Offending attribute: " +
                                               bad );
                       else
                           System.out.println( "No offending attribute +
                                               "returned" );
                   }
               }
           }
           catch( LDAPException e ) {
               System.out.println( "Error: " + e.toString() );
           }
           /* Done, so disconnect */
           if ( ld.isConnected() )
               ld.disconnect();
       }
   }














Expires 3/98                                                   [Page 10]


JAVA LDAP CONTROLS                                        September 1997


   Using virtual list controls - excerpts from an application

   import netscape.ldap.*;
   import netscape.ldap.controls.*;

       // Call this to initialize the list box, whenever the search
       // conditions change.
       // "filter" may be "objectclass=person", for example, and
       // "subFilter" might be "cn>=m*"
       void initListBox( String base, int scope, String filter,
                         String attrs, String subFilter ) {
           // Record the virtual list box settings
           beforeCount = 2;
           afterCount = getScrollVisibleSize() - beforeCount - 1;
           this.base = base;
           this.scope = scope;
           this.filter = filter;
           this.attrs = attrs;
           // Create the initial virtual list control
           pageControls = new LDAPControl[2];
           pageControls[0] = new LDAPVirtualListControl( subFilter,
                                                         beforeCount,
                                                         afterCount );
           // virtual list also require a sort control
           pageControls[1] = new LDAPSortControl( new LDAPSortKey("cn"),
                                                  true );
           // We have no idea yet how big the virtual list is, so just
           // hint that there is more than what is visible
           setScrollRange( 0, 100 );
           // Do an initial update of the scroll box
           onScrollListBox();
       }

       // This is called any time the list box needs to be updated. It
       // fetches an appropriate page of results from the server.
       void onScrollListBox() {
           // Where is the list scrolled to now?
           int topOfList = getScrollTop();
           // Check if we have a control returned from a previous search
           LDAPVirtualListControl nextCont =
                          LDAPVirtualListControl.parseResponse(
                                                 ld.getResponseControls() );
           // If this is the first search, use the initial settings;
           // otherwise use the just-retrieved control
           if ( nextCont != null ) {
               nextCont.setRange( topOfList, beforeCount, afterCount );
               pageControls[0] = nextCont;
               // Now we know the total size of the virtual list box



Expires 3/98                                                   [Page 11]


JAVA LDAP CONTROLS                                        September 1997


               setScrollRange( 0, nextCont.getListSize() );
           }
           ld.setControls( pageControls );
           // Fetch a page of results
           LDAPSearchResults res = ld.search( base, scope, filter,
                                              attrs, false );
           // and display them in the list box
           showResults( res );
       }

       private int beforeCount, afterCount;
       private String base, filter, attrs;
       private int scope;
       private LDAPControl[] pageControls;





































Expires 3/98                                                   [Page 12]


JAVA LDAP CONTROLS                                        September 1997


8.  Appendix D - Outstanding issues


8.1.  Virtual List Control

The described LDAPVirtualListControl does not correspond to the Paged
Results Control described in [7], which was found to be less useful than
the one described in this document.











































Expires 3/98                                                   [Page 13]

1.     Introduction...................................................1
2.     Overview of the LDAP Control classes...........................2
3.     The java LDAP Control classes..................................3
3.1.     LDAPLanguageControl..........................................3
3.1.1.       Constructors.............................................3
3.1.2.      LDAPVirtualListControl....................................4
3.1.2.1.        Constructors..........................................4
3.1.2.2.        getAfterCount.........................................5
3.1.2.3.        getBeforeCount........................................5
3.1.2.4.        getListSize...........................................5
3.1.2.5.        setRange..............................................5
3.1.2.6.        parseResult...........................................6
3.1.3.      LDAPSortControl...........................................6
3.1.3.1.        Constructors..........................................6
4.     Security Considerations........................................7
5.     Bibliography...................................................8
6.     Author's Address...............................................8
7.     Appendix A - Sample usage of the java LDAP controls............8
8.     Appendix D - Outstanding issues................................13
8.1.      Virtual List Control........................................13