Shulou(Shulou.com)06/01 Report--

This article mainly explains the "LDAP example analysis", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "LDAP example analysis" bar!

A preliminary study of LDAP

First of all, we have to understand what LDAP is. I read a lot of explanations at that time, but also in the clouds, I couldn't figure it out. Let's get this straight a little bit here. First of all, LDAP is a communication protocol, LDAP supports TCP/IP. Protocols are standards and are abstract. Under this set of standards, AD (Active Directory) is a set of implementation by Microsoft. So what is AD? Think of it as a database for the time being. There are also many people who directly refer to LDAP as a database (LDAP can be understood as a database for storing data). Like other databases, LDAP has client side and server side. The server is used to store resources, and the client is used to operate operations such as additions, deletions, changes and queries. When we say LDAP, we usually refer to the server running this database. You can simply understand AD = LDAP server + LDAP application.

What's so special about a database like LDAP?

We know that, like the MySQL database, the data is stored in the table by record. The LDAP database, on the other hand, is tree-structured, and the data is stored on leaf nodes. Take a look at the following metaphor:

Suppose you want an apple on a tree (a record). How do you tell the gardener where it is? Of course, the first thing to say is which tree (dc, equivalent to the DB of MYSQL), then all the "ou" from the root to the apple, and finally the name of the apple (uid, equivalent to the primary key id of the MySQL table). Okay! At this time, we can clearly point out the position of the apple, that is, the semi-red and semi-green on the east side of the "crooked neck tree" and on the west side and on the north side of the bifurcation. Oh, dizzy! You just climb up!

In this way, a record on the "tree structure" can be described clearly. Let's talk about how to define the location of a record in LDAP.

Tree (dc=ljheee) bifurcation (ou=bei,ou=xi,ou= dong) apple (cn=redApple)

Okay, here's the location of the redApple: dn:cn=honglv,ou=bei,ou=xi,ou=dong,dc=ljheee where the dn identifies a record that describes a detailed path to the data. Hey! Some people wonder why ou has multiple values. If you think about it, from the root to the position of the apple, it may take several branches, and all ou may have multiple values. As for the long list after dn, the cn,ou,dc; is separated by a comma.

Summarize the LDAP tree database as follows: dn: the detailed location of a record dc: the area to which a record belongs (which tree) ou: the organization to which a record belongs (which branch) cn/uid: the name of a record / ID (which apple name) the top of the LDAP directory tree is the root, that is, the so-called "benchmark DN".

Why do you want to use LDAP directory tree to store data? why not use MySQL? why do you have to create a tree-shaped database? This is because using a tree structure to store data makes the query more efficient (for specific reasons, take a look at the implementation principle of relational database indexes-B-tree / B + tree). In some specific scenarios, it is better to use a tree database. For example: need to store a large amount of data, and the data is not often changed, need to find very quickly. Compared with the traditional relational database, LDAP has many application scenarios, such as domain verification, in addition to the feature of fast search.

LDAP programming operation

We can use JDBC to operate the MySQL database to add, delete, modify and check the data. Similarly, the LDAP tree database can also be done through JDBC; in addition, you can also use the JNDI method (more recommended), because the tree can be thought of as a directory, and the branches of the tree structure are equivalent to the directory hierarchy.

There are LDAP database display data is also tree-shaped, you can think of ApacheDirectoryStudio as an interface to connect to the database server client, equivalent to Navicat, WorkBench. Create a new connection and connect to the database server in a similar way.

JNDI connects to the LDAP server import org.springframework.beans.factory.annotation.Autowired;import java.util.Hashtable;import javax.naming.*;import javax.naming.directory.Attribute;import javax.naming.directory.Attributes;import javax.naming.directory.DirContext;import javax.naming.directory.InitialDirContext;public class LdapJNDI {@ AutowiredLdapConfiguration ldapConfiguration;public void JNDILookup () {String rootFilter = "ointcvte.com"; / / String filter = "& (smart-type=E1) (smart-status=1))" String filter = "(& (smart-type=E1) (uid=00012047))"; String username = "uid=USER_NAME,ou=Authorization,ou=People,o=cc.com,o=isp"; / / xxx is the docking account String password = "PASSW"; Hashtable env = new Hashtable (); env.put (Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory") / / set the implementation factory env.put (Context.PROVIDER_URL, "ldap://172.26.39.77:389/" + rootFilter) to connect to the LDAP; / / specify the hostname and port number env.put (Context.SECURITY_AUTHENTICATION, "simple") of the LDAP server; / / provide authentication methods to the environment, such as SIMPLE, SSL/TLS and SASL env.put (Context.SECURITY_PRINCIPAL, username) / / specify the entered directory ID DN env.put (Context.SECURITY_CREDENTIALS, password); / / enter the directory password env.put ("filter", filter); DirContext ctx = null; try {/ / get a reference to the initial directory environment ctx = new InitialDirContext (env); / / The search base entry 'uid=00012047,ou=Internal,ou=People,o=cvte.com,o=isp' does not exist] Remaining name 'uid=00012047,ou=Internal'// Attributes attrs = ctx.getAttributes ("uid=00012047,ou=Internal,ou=People"); / / get a person, NamingEnumeration bindings = ctx.listBindings ("ou=Internal,ou=People"); / / enumerate the insider while (bindings.hasMore ()) {Binding bd = (Binding) bindings.next (); System.out.println (bd.getName () + ":" + bd.getObject ()) } / * find all the attributes of the node according to its DN, and then get all the values from the attributes. Note that an attribute can have multiple values * / for (NamingEnumeration ae = attrs.getAll (); ae.hasMore ();) {/ get an attribute / / Attribute attr = (Attribute) ae.next () / / for (NamingEnumeration ve = attr.getAll (); ve.hasMore ();) {/ / System.out.println (String.format ("Attribute=%s,Value=%s", attr.getID (), ve.next ()); / /} / /} catch (javax.naming.AuthenticationException e) {System.out.println ("Certification failure") E.printStackTrace ();} catch (Exception e) {System.out.println ("Authentication error:"); e.printStackTrace ();} finally {if (ctx! = null) {try {ctx.close ();} catch (NamingException e) {e.printStackTrace () } public static void main (String [] args) {LdapJNDI ldapJNDI = new LdapJNDI (); ldapJNDI.JNDILookup ();} Thank you for reading, the above is the content of "LDAP example Analysis". After the study of this article, I believe you have a deeper understanding of LDAP example analysis of this problem, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.