Program design
The program has two distinct parts: the first part uses the environment variables and command line value to query an LDAP directory server; the second part establishes the WebSphere MQ connection using the information returned from the directory and sends the messages.
The LDAP calls used in the first part of the program differ slightly depending on whether LDAP version 2 or 3 is being used, and they are described in detail by the documentation that comes with the LDAP client libraries. This section gives a brief description.
The first part of the program checks that it has been called correctly and reads the environment variables. It then establishes a connection with the LDAP directory server at the specified host:
if (ldapV== LDAP_VERSION3) { if ((ld = ldap_init(ldapHost, LDAP_PORT)) == NULL) ... } else { if ((ld = ldap_open(ldapHost, LDAP_PORT)) == NULL ) ... }When a connection has been established, the program sets some options on the server with the “ldap_set_option” call, and then authenticates itself to the server by binding to it:
if (ldapV== LDAP_VERSION3) { if (ldap_simple_bind_s(ld, bindDN, password) != LDAP_SUCCESS) ... } else { if (ldap_bind_s(ld, bindDN, password, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) ... }In the sample program bindDN and password are set to NULL, which means that the program authenticates itself as an anonymous user, that is, it does not have any special access rights and can access only information that is publicly available. In practice, most organizations restrict access to the information that they store in directories so that only authorized users can access it.
The first parameter to the bind call ld is a handle that is used to identify this particular LDAP session throughout the rest of the program. After authenticating, the program searches the directory for entries that match the application name:
rc = ldap_search_s(ld, /* LDAP Handle */ baseDN, /* base distinguished name */ LDAP_SCOPE_ONELEVEL, /* one-level search */ filterPattern, /* filter search pattern */ attrs, /* attributes required */ FALSE, /* NOT attributes only */ &ldapResult); /* search result */This is a simple synchronous call to the server that returns the results directly. There are other types of search that are more appropriate for complex queries or when a large number of results is expected. The first parameter to the search is the handle ld that identifies the session. The second parameter is the base distinguished name, which specifies where in the directory the search is to begin, and the third parameter is the scope of the search, that is, which entries relative to the starting point are searched. These two parameters together define which entries in the directory are searched. The next parameter, filterPattern specifies what we are searching for. The attrs parameter lists the attributes that we want to get back from the object when we have found it. The next attribute says whether we want just the attributes or their values as well; setting this to FALSE means that we want the attribute values. The final parameter is used to return the result.
The result could contain many directory entries, each with the specified attributes and their values. We have to extract the values that we want from the result. In this sample program we only expect one entry to be found, so we only look at the first entry in the result:
ldapEntry = ldap_first_entry(ld, ldapResult);This call returns a handle that represents the first entry, and we set up a for loop to extract all the attributes from the entry:
for (attribute = ldap_first_attribute(ld, ldapEntry, &ber); attribute != NULL; attribute = ldap_next_attribute(ld, ldapEntry, ber )) {For each of these attributes, we extract the values associated with it. Again we only expect one value per attribute, so we only use the first value; we determine which attribute we have and store the value in the appropriate program variable:
values = ldap_get_values(ld, ldapEntry, attribute); if (values != NULL && values[0] != NULL) { if (stricmp(attribute, MQ_HOST_ATTR) == 0) { mqHost = strdup(values[0]); ...Finally we tidy up by freeing memory (ldap_value_free, ldap_memfree, ldap_msgfree) and close the session by unbinding from the server:
ldap_unbind(ld);We check that we have found all the WebSphere MQ values that we need from the directory, and if so we call sendMessages() to connect to the WebSphere MQ server and send the WebSphere MQ messages.
The second part of the sample program is the sendMessages() routine that contains all the WebSphere MQ calls. This is modelled on the amqsput0 sample program, the differences being that the parameters to the program have been extended and MQCONNX is used instead of the MQCONN call.
Parent topic:
LDAP sample program
fg16970_