Many times, when we build a system, we will create a user management system ourselves, which is not difficult for developers. However, when we need to maintain multiple different systems and the same users are used across systems, if each system maintains its own user information, then the synchronization of user information will become more troublesome, and it will be very troublesome for users themselves. It is easy to cause inconsistent passwords of different systems. If we introduce LDAP at this time to centrally store user basic information and provide a unified read and write interface and verification mechanism, then such a problem will be easier to solve. Let’s talk about how to access the LDAP server when we use Spring Boot to develop.
Introduction to LDAP
LDAP (Lightweight Directory Access Protocol) is an information service that provides a directory service. Directory service is a special database system that is specifically optimized for reading, browsing and search operations. Directories are generally used to contain descriptive, attribute-based information and support fine and complex filtering capabilities. Directories generally do not support complex transaction management or revolving strategies for common databases that require a large number of update operations. The update of directory services is generally very simple. This kind of directory can store various information including personal information, web links, jpeg images, etc. In order to access the information stored in the directory, it is necessary to use the access protocol - LDAP running on TCP/IP.
The information in the LDAP directory is organized according to a tree structure, and the specific information is stored in the data structure of the entry (entry). An entry is equivalent to a record of a table in a relational database; an entry is an attribute with the alias DN (Distinguished Name). DN is used to refer to an entry, and DN is equivalent to a keyword in a relational database table. The attribute consists of a type (Type) and one or more values (Values), which is equivalent to a field (Field) in a relational database consists of field names and data types. For the sake of retrieval, the Type in LDAP can have multiple values, rather than the fields implemented in the relational database that require reducing data redundancy must be irrelevant. The organization of entries in LDAP is generally organized according to geographical location and organizational relationships, which is very intuitive. LDAP stores data in files, and to improve efficiency, an index-based file database can be used instead of a relational database. An example of a type is mail, whose value will be an email address.
LDAP information is stored in a tree structure. The tree root generally defines a country (c=CN) or domain name (dc=com), and under it, one or more organizations (o=Acme) or organizational units (ou=People). An organizational unit may contain information such as all employees, all printers in the building, etc. In addition, LDAP supports controlling which attributes can and must be supported by an entry, which is implemented with a special attribute called objectClass. The value of the attribute determines some of the rules that the entry must follow, which specifies which attributes the entry can and should contain at least. For example: the inetorgPerson object class needs to support sn(surname) and cn(common name) attributes, but it can also contain optional attributes such as email, phone number, etc.
LDAP abbreviation
Getting started example
After understanding the basic concepts of LDAP, we can further understand them through a simple example!
Create a basic Spring Boot project (If you don't know yet, you can refer to these two articles: Getting Started 1 or Getting Started 2)
Introducing two important dependencies in pom.xml
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-ldap</artifactId></dependency><depend> <groupId>com.unboundid</groupId> <artifactId>unboundid-ldapsdk</artifactId> <scope>test</scope></dependency>
Among them, spring-boot-starter-data-ldap is an implementation of LDAP automation configuration encapsulated by Spring Boot. It is based on spring-data-ldap to perform specific operations on the LDAP server.
Unboundid-ldapsdk is mainly used to use an embedded LDAP server here to perform test operations, so scope is set to test. In actual applications, we usually connect to a real and independently deployed LDAP server, so this dependency is not needed.
Create the ldap-server.ldif file in the src/test/resources directory to store the basic data of the LDAP server for later programs to access.
dn: dc=didispace,dc=comobjectClass: topobjectClass: domaindn: ou=people,dc=didispace,dc=comobjectclass: topobjectclass: organizationalUnitou: peopledn: uid=ben,ou=people,dc=didispace,dc=comobjectclass: topobjectclass: personobjectclass: organizationalPersonobjectclass: inetOrgPersoncn: didisn: zhaiyongchaouid: didiuserPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=A basic user is created here, with the real name zhaiyongchao and the commonly used name didi. In the subsequent program, we will read this information. For more content explanations, you can learn LDAP in depth to understand it. I won’t explain too much here.
Adding Embedded LDAP configuration in application.properties
spring.ldap.embedded.ldif=ldap-server.ldifspring.ldap.embedded.base-dn=dc=didispace,dc=com
Use the basic usage of spring-data-ldap to define the relationship mapping between properties in LDAP and the entities defined in Java and the corresponding Repository
@Data@Entry(base = "ou=people,dc=diidspace,dc=com", objectClasses = "inetOrgPerson")public class Person { @Id private Name id; @DnAttribute(value = "uid", index = 3) private String uid; @Attribute(name = "cn") private String commonName; @Attribute(name = "sn") private String suerName; private String userPassword;}public interface PersonRepository extends CrudRepository<Person, Name> {}After the above definition, the Person object has been mapped with the LDAP storage content. We only need to use PersonRepository to easily read and write the LDAP content.
Create a unit test case to read all user information:
@RunWith(SpringRunner.class)@SpringBootTestpublic class ApplicationTests { @Autowired private PersonRepository personRepository; @Test public void findAll() throws Exception { personRepository.findAll().forEach(p -> { System.out.println(p); }); }}After starting this test case, we can see that the user information that was just maintained in ldap-server.ldif is output in the console:
2018-01-27 14:25:06.283 WARN 73630 --- [ main] osldap.odm.core.impl.ObjectMetaData : The Entry class Person should be declared final
Person(id=uid=ben,ou=people,dc=didispace,dc=com,uid=ben, commonName=didi, suerName=zhaiyongchao, userPassword=123,83,72,65,125,110,70,67,101,98,87,106,120,102,97,76,98,72,72,71,49,81,107,53,85,85,52,116,114,98,118,81,61)
Add a user
With the above beginner example, if you can complete it independently, the basic goal of operating LDAP in Spring Boot has been completed.
If you know Spring Data enough, it is not difficult to imagine that this sub-project under it must also comply with the Repsitory abstraction. Therefore, we can use the PersonRepository defined above to easily implement operations, such as the following code to easily add users to LDAP:
Person person = new Person(); person.setUid("uid:1"); person.setSuerName("AAA"); person.setCommonName("aaa"); person.setUserPassword("123456"); personRepository.save(person);If you want to implement more operations, you can refer to the documentation of spring-data-ldap for use.
Connect to the LDAP server
In the examples in this article, embedded LDAP servers are used. In fact, this method is limited to our local testing and development use. In the real environment, the LDAP server must be independently deployed.
In Spring Boot package, we only need to configure the following parameters to connect the above example to the remote LDAP instead of embedded LDAP.
spring.ldap.urls=ldap://localhost:1235spring.ldap.base=dc=didispace,dc=comspring.ldap.username=didispacespring.ldap.password=123456
Code of this article
You can check the chapter3-2-10 directory through the following two repositories:
Github: https://github.com/dyc87112/SpringBoot-Learning/
The above is all the content of this article. I hope it will be helpful to everyone's learning and I hope everyone will support Wulin.com more.