From Stefan Zoerner <>
Subject Groovy and LDAP, how to accomplish this?
Date Sat, 16 Jun 2007 17:08:58 GMT
Hi all!

I did some research about accessing LDAP from Groovy, in order to create 
some simple scripts. Has anybody tried this out already?

Anyway, this is what I got so far: It is possible to use both JNDI and 
libraries like Netscape or Novell SDK from Groovy (you can basically use 
any Java library in Groovy scripts).

But these approaches have disadvantages. Netscape SDK is plain LDAP, so 
the scripts look like one familiar to LDAP would expect. But the API is 
not connected very well to the Collection API, so sometimes it is not 
easy to use the result from Groovy. And you have a non-standard 
dependency. JNDI on the other hand is easier to use (exists in every 
VM), but the scripts look *horrible*, because of the LDAP abstraction 
JNDI does. For instance you have to type "entry.nameInNamespace" instead 
of "entry.DN" (Netscape). Igitt.

It seems that there does no special solution/library for Groovy and LDAP 
exist. So I started to create a little prototype (!). Basically, it is a 
wrapper which uses JNDI (in order to omit the dependency to a 
non-standard library) under the hood, but looks like LDAP from the 
outside (script).

The following as an example how a script which uses it looks like:



con = new LDAPConnection(hostname: 'zanzibar', port: 10389)
con.connect('uid=admin,ou=system', 'secret');
// anonymous bind:
// con.connect()

// Simple entry lookup via dn
tori ='cn=Tori Amos,dc=example,dc=com')
println "DN: ${tori.dn}"
println "Common name: ${}"
println "Object classes: ${tori.attrs.objectclass}"
println ""

// search op
results ='dc=example,dc=com', SearchScope.ONE, 
for (result in results) {
   entry = result.object



output, if run by Groovy interpreter:

DN: cn=Tori Amos,dc=example,dc=com
Common name: Tori Amos
Object classes: ["person", "organizationalPerson", "inetOrgPerson", "top"]

Tori Amos
Kate Bush


But there still some design decision. For instance, I would prefer 
writting "" instead of "", but my current solution 
with does work like this yet (it is feasible).

Anyway. Should I sandbox my little prototype, create a cwiki page about 
how to use it, and wait and see whether other Groovy users are 
interested in it? Or is it not worth the effort?

If it goes well, it may be a start for a new tiny litle sub-project 
("GLDAP", "GroovyLDAP", or whatever) within Directory, which may be 
useful for some people.

What do you think about it?

Greetings from Hamburg,

