 |
| Developer(s) | Apache Software Foundation |
|---|---|
| Stable release | 2.1.6 / February 6, 2024 |
| Repository | LDAP API Repository |
| Written in | Java |
| Type | Application programming interface (LDAP) |
| License | Apache License 2.0 |
| Website | directory |
Apache LDAP API is an open source project of the Apache Software Foundation and a subproject of the Apache Directory. It's a replacement for outdated Java/LDAP libraries like (jLdap, Mozilla LDAP SDK and JNDI) and works with any LDAP server.
The Apache Directory project was started using the JNDI library, but many of its LDAP structures had to be developed in-house because the JNDI library was ineffective for interacting with an LDAP server. It wasn't convenient for the project team to use JNDI which indicated to them it wouldn't be easy for typical users either. Eventually, all of the necessary LDAP data structures (_Attribute_, _Entry_, _DN_, ...) were re-implemented by the project team.
At some point it became necessary to communicate with other LDAP servers without using the JNDI library, so a new _LdapConnection_ class was developed. This was the first step toward a full Java API specifically designed for LDAP usage on the Java platform.
After starting this effort (back in 2007), some people from Sun (Microsystems), who was working on the OpenDS project, contacted the Apache Directory project team to gauge interest in helping create a new version of JNDI. ([Resurrecting The Java LDAP Centric API](https://web.archive.org/web/20170102082918/https://blogs.oracle.com/treydrake/entry/resurrecting_the_java_ldap_centric). Unfortunately, the effort stalled, as the need for JNDI2 was no longer a priority for Sun. Nevertheless the Apache Directory team continued with the work but the pace was slow.
Collaboration with Sun renewed after the OpenDS project team's presentation at LdapCon in 2009 ([Towards a common LDAP API for the Java Platform](http://www.symas.com/ldapcon2009/papers/poitou1.shtml%5B%5D)). The story repeated itself once again after Oracle bought Sun in 2010, and its project team disbanded.
Despite these fits and starts, a consensus was reached about the need for a new LDAP API and what it should be capable of doing. An agreement that these key features should be included:
Java is a high-level, class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible. It is a general-purpose programming language intended to let programmers write once, run anywhere (WORA), meaning that compiled Java code can run on all platforms that support Java without the need to recompile. Java applications are typically compiled to bytecode that can run on any Java virtual machine (JVM) regardless of the underlying computer architecture. The syntax of Java is similar to C and C++, but has fewer low-level facilities than either of them. The Java runtime provides dynamic capabilities that are typically not available in traditional compiled languages.
Jakarta Enterprise Beans is one of several Java APIs for modular construction of enterprise software. EJB is a server-side software component that encapsulates business logic of an application. An EJB web container provides a runtime environment for web related software components, including computer security, Java servlet lifecycle management, transaction processing, and other web services. The EJB specification is a subset of the Java EE specification.
The Java Naming and Directory Interface (JNDI) is a Java API for a directory service that allows Java software clients to discover and look up data and resources via a name. Like all Java APIs that interface with host systems, JNDI is independent of the underlying implementation. Additionally, it specifies a service provider interface (SPI) that allows directory service implementations to be plugged into the framework. The information looked up via JNDI may be supplied by a server, a flat file, or a database; the choice is up to the implementation used.
Jakarta EE, formerly Java Platform, Enterprise Edition and Java 2 Platform, Enterprise Edition (J2EE), is a set of specifications, extending Java SE with specifications for enterprise features such as distributed computing and web services. Jakarta EE applications are run on reference runtimes, which can be microservices or application servers, which handle transactions, security, scalability, concurrency and management of the components they are deploying.
WebObjects is a discontinued Java web application server and a server-based web application framework originally developed by NeXT Software, Inc.
In computing, a directory service or name service maps the names of network resources to their respective network addresses. It is a shared information infrastructure for locating, managing, administering and organizing everyday items and network resources, which can include volumes, folders, files, printers, users, groups, devices, telephone numbers and other objects. A directory service is a critical component of a network operating system. A directory server or name server is a server which provides such a service. Each resource on the network is considered an object by the directory server. Information about a particular resource is stored as a collection of attributes associated with that resource or object.
Jakarta Faces, formerly Jakarta Server Faces and JavaServer Faces (JSF) is a Java specification for building component-based user interfaces for web applications. It was formalized as a standard through the Java Community Process as part of the Java Platform, Enterprise Edition. It is an MVC web framework that simplifies the construction of user interfaces (UI) for server-based applications by using reusable UI components in a page.
Apache Harmony is a retired open source, free Java implementation, developed by the Apache Software Foundation. It was announced in early May 2005 and on October 25, 2006, the board of directors voted to make Apache Harmony a top-level project. The Harmony project achieved 99% completeness for J2SE 5.0, and 97% for Java SE 6. The Android operating system has historically been a major user of Harmony, although since Android Nougat it increasingly relies on OpenJDK libraries.
Multi-master replication is a method of database replication which allows data to be stored by a group of computers, and updated by any member of the group. All members are responsive to client data queries. The multi-master replication system is responsible for propagating the data modifications made by each member to the rest of the group and resolving any conflicts that might arise between concurrent changes made by different members.
Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.
In software engineering, a WAR file is a file used to distribute a collection of JAR-files, JavaServer Pages, Java Servlets, Java classes, XML files, tag libraries, static web pages and other resources that together constitute a web application.
Java is a set of computer software and specifications that provides a software platform for developing application software and deploying it in a cross-platform computing environment. Java is used in a wide variety of computing platforms from embedded devices and mobile phones to enterprise servers and supercomputers. Java applets, which are less common than standalone Java applications, were commonly run in secure, sandboxed environments to provide many features of native applications through being embedded in HTML pages.
The Sun Java System Directory Server is a discontinued LDAP directory server and DSML server written in C and originally developed by Sun Microsystems. The Java System Directory Server is a component of the Java Enterprise System. Earlier iterations of Sun Java System Directory Server were known as Sun ONE Directory Server, iPlanet Directory Server, and, before that, Netscape Directory Server.
OpenJDK is a free and open-source implementation of the Java Platform, Standard Edition. It is the result of an effort Sun Microsystems began in 2006. The implementation is licensed under the GPL-2.0-only with a linking exception. Were it not for the GPL linking exception, components that linked to the Java Class Library would be subject to the terms of the GPL license. OpenJDK is the official reference implementation of Java SE since version 7.
An embedded database system is a database management system (DBMS) which is tightly integrated with an application software; it is embedded in the application. It is a broad technology category that includes:
OpenDJ is a directory server which implements a wide range of Lightweight Directory Access Protocol and related standards, including full compliance with LDAPv3 but also support for Directory Service Markup Language (DSMLv2). Written in Java, OpenDJ offers multi-master replication, access control, and many extensions.
Google LLC v. Oracle America, Inc., 593 U.S. ___ (2021), was a U.S. Supreme Court decision related to the nature of computer code and copyright law. The dispute centered on the use of parts of the Java programming language's application programming interfaces (APIs) and about 11,000 lines of source code, which are owned by Oracle, within early versions of the Android operating system by Google. Google has since transitioned Android to a copyright-unburdened engine without the source code, and has admitted to using the APIs but claimed this was within fair use.
Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.
 | This security software article is a stub. You can help Wikipedia by expanding it. |
