Udostępnij za pośrednictwem

3.2.17 Example 17: Store Application Data in the Directory

Developers can create directory-enabled applications that store data in the Active Directory system. To store application data, a user runs the client application on a client computer that targets a directory server in the Active Directory system. The client application uses LDAP to create the directory object in the application NC.

This example covers the use case in section 2.7.1.1, Create Directory Object - Client Application.

Prerequisites

The general requirements described in section 2.6, Assumptions and Preconditions.

The Active Directory system meets all preconditions described in section 2.7.1.1.

Initial System State

None.

Final System State

The new directory object for the application to use has been created in the application NC with the attributes that were specified. No other state in the directory has changed.

Sequence of Events

The following sequence diagram shows the message flow that is associated with this example.

Message flow for storing application data in the directory

Figure 62: Message flow for storing application data in the directory

Unless otherwise noted, all responses that include a return code contain a return code that indicates that the operation was successfully performed.

  1. The client application starts and sends an LDAP bind request ([RFC2251] section 4.2) to the directory server with credentials.

  2. The directory server verifies the credentials ([MS-AUTHSOD] section 2) and sends an LDAP bind response ([RFC2251] section 4.2.3) to the client application.

  3. The client application sends an LDAP search request ([RFC2251] section 4.5.1) to the server. The application requests the subtree contents of the application NC.

  4. The server sends an LDAP search response ([RFC2251] section 4.5.2) that contains the list of objects under the application NC. The client application organizes this information and displays it to the user. Steps 3 and 4 are artifacts of the client application.

  5. The user selects a parent directory object under which the new application directory object is to be located, and all the necessary data is provided in preparation for the creation of the directory object. An LDAP add request ([RFC2251] section 4.7) is sent to the directory server. The LDAP add operation contains the distinguished name (DN), the object class of the object to be created, and any other mandatory parameters specified in [MS-ADTS] section 3.1.1.2.4.5. Security principal objects can be created only in the domain NC for AD DS and in the application NC for AD LDS, as specified in [MS-ADTS] section 5.1.1.5.

  6. The server processes the add request ([RFC2251] section 4.7) and verifies the processing rules and constraints specified in [MS-ADTS] sections 3.1.1.5.1 and 3.1.1.5.2. It then sends an LDAP add response ([RFC2251] section 4.7) to the client application indicating success.

  7. The client application sends an LDAP unbind request ([RFC2251] section 4.3) to the server. The LDAP connection to the directory server is closed.