Directory Client APIX.500 DAP and/or LDAP access to a Directory
Many applications need to access a directory in order to perform authentication and to obtain configuration information. Isode's Directory Client API provides a simple API to enable applications to do this. This API is designed so that it is easy for applications to access generic directory functionality, and also provides additional functionality for the AMHS (Aviation Messaging) market.
Isode's Directory Client API uses X.500 Directory Access Protocol (DAP) and/or LDAP (Lightweight Directory Access Protocol) to access a Directory. X.500 DAP support is important for applications that require use of DAP, or need to make use of schema definitions that are only defined for used with X.500 (e.g., directory syntaxes defined in X.402 to support X.400 use of directory). LDAP is supported using the same API.
The Isode Directory Client API is of particular interest where there is (or may be) a requirement to use DAP. Its simple design and cross platform multi-language support will also make it useful for LDAP only applications. Strong authentication is supported, which is important for some secure environments.
The Directory Client API is intended for both standalone client applications and for Web applications. A 'C' language binding and a Java binding are provided.
The Isode Directory Client API offers the following benefits:
- For developers of directory enabled applications, it provides a very simple abstraction.
- The API is cross platform.
- The API supports X.500 DAP.
- LDAP and DAP can be used from the same application, without code changes.
Directory applications use the API to connect to M-Vault using X.500 DAP or LDAP. Any application making use of the API need have no knowledge of which protocol is being used to communicate with the directory.
The Directory Client API is designed to be easy to use for applications that access data in the directory. It is also suitable for applications that administer directory data. The following directory operations are supported:
- ModifyDN (Rename)
This API may be used in a synchronous manner for all operations, which allows for straightforward implementation. Read and search operations may also be used asynchronously. Paged results are supported to help with large result sets. The API may be used with a multithreaded application. Note that each distinct DAP or LDAP connection is intended to be accessed by a single thread. If you need to have multiple threads accessing a single association, then contact Isode to review the suitability of this API.
Simple authentication is supported for DAP and LDAP. Strong Authentication is supported for DAP using Isode's Strong Authentication Infrastructure. SASL support and password policy controls are available for LDAP.
AMHS Specific Functionality
The aviation industry has adopted AMHS (Aeronautical Message Handling Systems) for provision of ground to ground communication. Isode provides a set of conformant server products (M-Switch X.400, X.400 Message Store, and M-Vault), to provide an AMHS infrastructure and an ATN (Air Traffic Network) Directory. These standards require use of DAP to communicate with the directory. ATN Directory functionality is provided within the Directory Client API:
- Handle ATN Directory structured attributes such a MTCU (Message Transfer and Conversion Unit) capabilities.
- To provide ATN Directory based conversion between 8-digit AFTN addresses and X.400 O/R addresses.
- To provide ATN Directory based conversion between 8-digit AFTN addresses and Directory Names.
The mapping functionality is broadly specified in Doc 9880 - Second Edition 2016, with details from other industry documents. The O/R Address/AFTN mapping provides a mapping functionality which is conformant to the ICAO specification for MTCU operation.
Isode distributes data suitable to populate a directory with mapping information. This is explained here.
Isode also provides a tool for use in conjunction with this API to convert from the centrally managed AMC tables into this LDIF format, so that mapping data can be easily loaded into the directory.
The ATN Directory API has been primarily developed to integrate applications with the Isode server products. Because of its use of the X.500 DAP and LDAP protocols, applications developed with this library should also work with other conformant servers. For ATN Directory applications and some other X.400 applications, use of the API over LDAP relies on Isode proprietary attribute syntaxes.
- ITU X.500 The Directory: Overview of concepts, models and services, ISO/IEC 9594-1, 2005
- ITU X.501 The Directory: Models, ISO/IEC 9594-2, 2008
- ITU X.509 The Directory: Authentication framework, ISO/IEC 9594-8, 2008
- ITU X.511 The Directory: Abstract service definition, ISO/IEC 9594-3, 2008
- ITU X.519 The Directory: Protocol specifications, ISO/IEC 9594-5, 2008
- LDAP Version 3 (RFC 4510-4519)
- ICAO SARPS Doc 9880. Manual of Detailed Technical Specifications for the Aeronautical Telecommunications Network (ATN) using ISO/OSI Standards and Protocols. Part IV – Directory Services, Security and Systems Management. Second Edition 2016.
API Definition and Documentation
An Isode manual describing the Directory Client API and ATN Directory Client API is available
The core 'C' language Isode Directory Client API definitions are available with sample applications available. The 'C' language ATN Directory Client API comprises the core API plus the 'C' language ATN Directory Client API extensions to the core API. Thedefinitions of these extensions are available with an example program.
A Java version of the API documentation is also available.