| Author |
Topic: LDAP Tree Delete Control -- Code Example |
|
SteveHB
member
offline  |
| |
| posts: |
113 |
| joined: |
05/31/2006 |
| from: |
Mountain View, CA |
|
|
 |
|
|
| LDAP Tree Delete Control -- Code Example |
Tree Delete Control
TreeDeleteControl ::= SEQUENCE {
controlType 1.2.840.113556.1.4.805,
criticality BOOLEAN DEFAULT FALSE,
controlValue (absent)
}
This control allows a client to delete an entire subtree. This control will delete an entire subtree of a container entry. This control is beneficial in extending the functionality of the LDAP protocol and may be useful in administration in an LDAP environment.
|
|
|
|
|
|
|
SteveHB
member
offline  |
| |
| posts: |
113 |
| joined: |
05/31/2006 |
| from: |
Mountain View, CA |
|
|
|
|
|
| Code Example |
/**
* A code example of Tree Delete Control JNDI Client for AD
* Note: This example has been tested to work with Active Directory 2003
*/
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;
import java.util.Hashtable;
public class TreeDeleteControlJndiClient
{
static final String TREE_DELETE_CONTROL_OID = "1.2.840.113556.1.4.805";
public static void main(String[] args)
{
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://myAactiveDirectory:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "testUser@myDomain.com");
env.put(Context.SECURITY_CREDENTIALS, "password");
try{
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env, null);
System.out.println("Initial binding done!");
/* Query the server to see if the Tree Delete Control is supported */
if (!isTreeDeleteControlSupported(ctx)){
System.out.println("The server does not support Tree Delete Control.");
System.exit(1);
}
/* Activate the control */
Control[] tdCtls = new Control[]{new TreeDeleteControl()};
ctx.setRequestControls(tdCtls);
String delete_dn = "ou=Sales,cn=Users,dc=mydomain,dc=com";
ctx.destroySubcontext(delete_dn);
// Close the LDAP association
ctx.close();
}catch (Exception e){
e.printStackTrace();
}
}
/**
* Is Tree Delete Control supported?
*
* Query the rootDSE object to find out if the Tree Delete Control
* is supported.
*/
static boolean isTreeDeleteControlSupported(LdapContext ctx)
throws NamingException
{
SearchControls ctl = new SearchControls();
ctl.setReturningAttributes(new String[]{"supportedControl"});
ctl.setSearchScope(SearchControls.OBJECT_SCOPE);
/* search for the rootDSE object */
NamingEnumeration results = ctx.search("", "(objectClass=*)", ctl);
while(results.hasMore()){
SearchResult entry = (SearchResult)results.next();
NamingEnumeration attrs = entry.getAttributes().getAll();
while (attrs.hasMore()){
Attribute attr = (Attribute)attrs.next();
NamingEnumeration vals = attr.getAll();
while (vals.hasMore()){
String value = (String) vals.next();
if (value.equals(TREE_DELETE_CONTROL_OID))
return true;
}
}
}
return false;
}
}
class TreeDeleteControl implements Control
{
public byte[] getEncodedValue() {
return new byte[] {};
}
public String getID() {
return "1.2.840.113556.1.4.805";
}
public boolean isCritical() {
return true;
}
}
|
|
|
|
|
|
|
SteveHB
member
offline |
| |
| posts: |
113 |
| joined: |
05/31/2006 |
| from: |
Mountain View, CA |
|
|
|
|
|
| javax.naming.ContextNotEmptyException |
If you try to delete a subtree without TreeDeleteControl, most likely you will get somethings like:
AD
javax.naming.ContextNotEmptyException: [LDAP: error code 66 - 0000208C: UpdErr: DSID-030A0491, problem 6003 (CANT_ON_NON_LEAF), data 0
]; remaining name 'ou=Sales,cn=Users,DC=mydomain,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3040)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
at com.sun.jndi.ldap.LdapCtx.c_destroySubcontext(LdapCtx.java:830)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_destroySubcontext(ComponentContext.java:653)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.destroySubcontext(PartialCompositeContext.java:336)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.destroySubcontext(PartialCompositeContext.java:326)
at javax.naming.InitialContext.destroySubcontext(InitialContext.java:415)
SunOne
javax.naming.ContextNotEmptyException: [LDAP: error code 66 - Not Allowed On Non-leaf]; remaining name 'ou=Sales,cn=Users,DC=mydomain,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3040)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
at com.sun.jndi.ldap.LdapCtx.c_destroySubcontext(LdapCtx.java:830)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_destroySubcontext(ComponentContext.java:653)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.destroySubcontext(PartialCompositeContext.java:336)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.destroySubcontext(PartialCompositeContext.java:326)
at javax.naming.InitialContext.destroySubcontext(InitialContext.java:415)
|
|
|
|
|
|
|
SteveHB
member
offline |
| |
| posts: |
113 |
| joined: |
05/31/2006 |
| from: |
Mountain View, CA |
|
|
|
|
|
| javax.naming.OperationNotSupportedException |
If the server doesn't support the TreeDeleteControl and you send the control out anyway, you will get somethings like:
SunOne
javax.naming.OperationNotSupportedException: [LDAP: error code 12 - Unavailable Critical Extension]; remaining name 'ou=Sales,cn=Users,DC=mydomain,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3065)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
at com.sun.jndi.ldap.LdapCtx.c_destroySubcontext(LdapCtx.java:830)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_destroySubcontext(ComponentContext.java:653)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.destroySubcontext(PartialCompositeContext.java:336)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.destroySubcontext(PartialCompositeContext.java:326)
at javax.naming.InitialContext.destroySubcontext(InitialContext.java:415)
|
|
|
|
|
|
|
SteveHB
member
offline |
| |
| posts: |
113 |
| joined: |
05/31/2006 |
| from: |
Mountain View, CA |
|
|
|
|
|
| javax.naming.NoPermissionException |
If you as a client do not have the permission to delete an entire tree, you will get somethings like:
AD
javax.naming.NoPermissionException: [LDAP: error code 50 - 00000005: SecErr: DSID-03151D12, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]; remaining name 'ou=Sales,cn=Users,DC=mydomain,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
at com.sun.jndi.ldap.LdapCtx.c_destroySubcontext(LdapCtx.java:830)
at com.sun.jndi.toolkit.ctx.ComponentContext.p_destroySubcontext(ComponentContext.java:653)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.destroySubcontext(PartialCompositeContext.java:336)
at com.sun.jndi.toolkit.ctx.PartialCompositeContext.destroySubcontext(PartialCompositeContext.java:326)
at javax.naming.InitialContext.destroySubcontext(InitialContext.java:415)
|
|
|
|
|
|
|
|
Email To Friend | 
Set Alert To This Topic
New Topic | 
Post Reply 
posted on: 04/04/2007 05:38:01 PM
Edit
Quote
Report
Profile
Reply