Most of the time, when we were in the build system will create your own user management system, it not be hard for the developer, but when we need to maintain a number of different systems and users across systems use the same case, if each system to maintain their own user information, then user information at this time synchronization will become more troublesome, For the user itself will also be very confusing, it is easy to appear different systems password inconsistent ah and so on. This problem would have been easier to solve if LDAP had been introduced to centrally store basic user information and provide a unified read/write interface and verification mechanism. Here is how to access the LDAP server while developing using Spring Boot.

LDAP profile

Lightweight Directory Access Protocol (LDAP) is an information service that provides Directory services. A directory service is a special database system that is specifically optimized for read, browse, and search operations. Directories are typically used to contain descriptive, attribute-based information and to support sophisticated filtering capabilities. Directories generally do not support the complex transaction management or rollback strategies that common databases need to operate against a large number of update operations. Directory service updates are generally very simple. This directory can store information including personal information, Web links, JPEG images, and more. To access information stored in directories, you need to use LDAP, an access protocol that runs on top of TCP/IP.

Information in an LDAP directory is organized in a tree structure and stored in the data structure of entries. Entries are equivalent to records of tables in a relational database; An entry is an Attribute with a Distinguished Name (DN), which is used to reference the entry. The DN is equivalent to a Primary Key in a table of a relational database. An attribute consists of a Type and one or more Values, just as a Field in a relational database consists of a Field name and a data Type. To facilitate retrieval, an LDAP Type can have multiple Values. Instead, the fields implemented in a relational database to reduce data redundancy must be unrelated. LDAP items are organized by location and organization relationship, which is intuitive. LDAP stores data in files, and for efficiency you can use an index-based file database instead of a relational database. An example of a type is mail, whose value will be an E-mail address.

LDAP information is stored in a tree structure. Countries (c=CN) or domain names (dc=com) are generally defined at the root. One or more organizations (O =Acme) or organizational units (OU =People) are usually defined below. An organizational unit might contain information such as all the employees, all the printers in the building, etc. In addition, LDAP supports control over which attributes an entry can and must support, with a special attribute called objectClass. The value of this attribute determines the rules that the entry must follow, which specify what attributes the entry can and at least should contain. For example, the inetorgPerson object class needs to support sn(surname) and cn(common name) attributes, but can also contain optional attributes such as email and telephone number.

LDAP abbreviation Correspondence

  • O: Organization
  • Unit: Organization unit
  • C: countryName
  • Dc: domainComponent (domain name)
  • Sn: suer name
  • Cn: Common name

For details, see LDAP Quick Start

An introduction to the sample

Now that you know the basic concepts of LDAP, let’s take it a step further with a simple example!

  • Create a basic Spring Boot project (if you don’t already, refer to these two articles: Getting Started 1 or Getting Started 2)

  • Two important dependencies are introduced in POM.xml

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>

<dependency>
    <groupId>com.unboundid</groupId>
    <artifactId>unboundid-ldapsdk</artifactId>
    <scope>test</scope>
</dependency>
Copy the code

Spring-boot-starter-data-ldap is an implementation of automatic LDAP configuration encapsulated by Spring Boot. It performs specific operations on the LDAP server based on spring-data-ldap.

The unboundid-LDapSDK is mainly for testing operations using the embedded LDAP server, so scope is set to test. In practical applications, we usually connect to a real and independently deployed LDAP server, so this dependency is not required.

  • insrc/test/resourcesDirectory creationldap-server.ldifThis file is used to store basic data on the LDAP server for later access.
dn: dc=didispace,dc=com
objectClass: top
objectClass: domain

dn: ou=people,dc=didispace,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=ben,ou=people,dc=didispace,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: didi
sn: zhaiyongchao
uid: didi
userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=
Copy the code

Here we create a basic user, real name is Zhaiyongchao, common name didi, we will read this information later in the program. You can learn more about LDAP in depth to understand, there is not too much explanation here.

  • inapplication.propertiesTo add the embedded LDAP configuration
spring.ldap.embedded.ldif=ldap-server.ldif
spring.ldap.embedded.base-dn=dc=didispace,dc=com
Copy the code
  • Using the basic usage of Spring-data-LDAP, define the relational mapping of attributes in LDAP to entities defined in Java and the corresponding Repository
@Data
@Entry(base = "ou=people,dc=didispace,dc=com", objectClasses = "inetOrgPerson")
public class Person {

    @Id
    private Name id;
    @DnAttribute(value = "uid", index = 3)
    private String uid;
    @Attribute(name = "cn")
    private String commonName;
    @Attribute(name = "sn")
    private String suerName;
    private String userPassword;

}

public interface PersonRepository extends CrudRepository<Person, Name> {

}
Copy the code

With the above definition, the Person object has been mapped to the LDAP storage content, and we can easily read and write the LDAP content using PersonRepository.

  • Create a unit test case to read all user information:
@RunWith(SpringRunner.class) @SpringBootTest public class ApplicationTests { @Autowired private PersonRepository personRepository; @Test public void findAll() throws Exception { personRepository.findAll().forEach(p -> { System.out.println(p); }); }}Copy the code

After starting the test case, we can see that the user information just maintained in ldap-server.ldif is printed in the console:

The 2018-01-27 14:25:06. 73630-283 WARN [main] O.S.L dap. Odm. Core. Impl. ObjectMetaData: The Entry class Person should be declared final Person(id=uid=ben,ou=people,dc=didispace,dc=com, uid=ben, commonName=didi, suerName=zhaiyongchao, UserPassword = 123,83,72,65,125,110,70,67,101,98,87,106,120,102,97,76,98,72,72,71,49,81,107,53,85,85,52,116,114,98,118,81, 61).Copy the code

Add user

With the introductory example above, the basic goal of operating LDAP in Spring Boot is complete if you can do it on your own.

If you know enough about Spring Data, it’s not hard to imagine that this subproject must also adhere to the Repsitory abstraction. Therefore, we can easily use PersonRepository as defined above, such as the following code to easily add users to LDAP:

Person person = new Person();
person.setUid("uid:1");
person.setSuerName("AAA");
person.setCommonName("aaa");
person.setUserPassword("123456");
personRepository.save(person);
Copy the code

If you want to do more, you can refer to the spring-data-ldap documentation.

Connect to the LDAP server

The embedded LDAP server is used in all the examples in this article. In fact, this method is only used in our local test development. In real environment, the LDAP server must be independently deployed.

In the Spring Boot package, we only need to configure the following parameters to connect the above example to the remote LDAP instead of the embedded LDAP.

spring.ldap.urls=ldap://localhost:1235
spring.ldap.base=dc=didispace,dc=com
spring.ldap.username=didispace
spring.ldap.password=123456
Copy the code

In this paper, the code

The chapter3-2-10 directory can be found in the following two repositories:

  • Github:github.com/dyc87112/Sp…
  • Gitee:gitee.com/didispace/S…

The following tutorials may be of interest to you