Directory Services

EDSDemo Java Code Example

Overview

EDSDemo is a set of custom Java classes that demonstrates one way to use secure Enterprise Directory Services (EDS). The program queries the Groups Directory Service (GDS) and then the Person Directory Service (PDS). For GDS, it demonstrates a simple group membership check. For PDS, it demonstrates a simple person lookup.

• EDSDemo.java - EDSDemo class
• Directory.java - custom Directory class
• PEMStore.java - custom PEMStore class for handling TLS credentials
• PKCS1.java - custom PKCS1 class for handling RSA private key

The EDSDemo program uses the Directory class to connect to and query each directory. The Directory class uses the PEMStore class to read in TLS credentials (a trusted CA certificate, client certificate, and private key) using the PCKS1 class to read in the RSA private key. It then establishes a connection to the specified LDAP server, issues the StartTLS extended operation binding with the SASL EXTERNAL (TLS client certificate authentication) mechanism, and performs a simple search using the defined searchbase and filter.

Usage

To use the EDSDemo program modify it to use your settings, compile it, and then launch EDSDemo:

1. Prerequite: You will need a UW certificate to which access has been granted to the GDS or PDS.

2. Modify EDSDemo.java configuration settings:

        // modify SASL EXTERNAL authentication config
        String tls_cacert = "/path/to/uwca.crt";
        String tls_cert = "/path/to/my.crt";
        String tls_key = "/path/to/my.key";
   
        // modify this UW NetID for searching      
        String uwnetid = "netid";
   
        // modify this UW GroupID for searching 
        String group = "u_subman_ezproxy";
   

3. Compile the source files:

   javac EDSDemo.java
   javac Directory.java
   javac PEMStore.java
   javac PKCS1.java
   

4. Launch EDSDemo:

   java EDSDemo