Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what is the method of Springboot+LDAP research log". In the daily operation, I believe that many people have doubts about the method of Springboot+LDAP research log. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "what is the method of Springboot+LDAP research log?" Next, please follow the editor to study!

LDAP (1) concept

LDAP is a lightweight directory access protocol, the English full name is Lightweight Directory Access Protocol, generally referred to as LDAP. It is based on the X.500 standard, but it is much simpler and can be customized as needed. Unlike X. 500, LDAP supports TCP/IP, which is necessary to access Internet. The core specification of LDAP is defined in RFC, and all RFC related to LDAP can be found in LDAPman RFC pages. The above content comes from Baidu encyclopedia.

(2) Enterprise-level LDAP scenarios

Difficult problem

In the process of operation, every enterprise will use mailbox, attendance, CRM, ERP and other systems, and each system needs an account to log in and authenticate. When each new employee enters the job, HR needs to open many system accounts for it. On the one hand, there are many accounts that need to be opened, and employees freeze these accounts one by one when they leave, which increases the workload of HR. On the other hand, employees have so many accounts and passwords, it is not very convenient to manage, smart need to do a personInfo.txt to maintain.

At this time, set up a unified account authentication center, use an account, you can log in everywhere, and then assign different permissions in each system, so that you can solve the above two problems.

Why use LDAP authentication

It is a kind of database that optimizes the read operation, and the read operation is efficient.

The data type can be changed flexibly, and adding fields will not affect the query.

LDAP is an open standard protocol that provides standard API interfaces for all programming languages.

Because the data storage of LDAP database is tree structure, branches can be placed on a single server separately, which can support distributed, load balancing, cross-domain and so on.

LDAP supports strong authentication, which can achieve high security. In terms of internationalization, LDAP uses UTF-8 encoding to store characters in various languages

Set up OpenLDAP

First go to the official website link http://www.openldap.org/ I started in docker, if you choose to start in linux, you can refer to https://yq.aliyun.com/articles/549058 this post

Start in docker mode

If you are not particularly familiar with the docker command, I have another post for a brief understanding of https://www.jianshu.com/p/af7977b1075c

Pull the image

Docker pull osixia/openldap:1.2.2

Start mirroring

Docker run-p 389 env LDAP_ORGANISATION= 389-- name my-openldap\-- env LDAP_DOMAIN= "my-company.com"-- env LDAP_ADMIN_PASSWORD= "123456"-- detach osixia/openldap:1.2.2

View

Docker ps-aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESd90a057443b0 osixia/openldap:1.2.2 "/ container/tool/run" 47 hours ago Up 47 hours 0.0.0.0 container/tool/run 389-> 389/tcp 0.0.0.0 689-> 689/tcp, 636/tcp my-openldap

You can see that I have started successfully, mapping out two ports, 389 and 689, and our main operation is on 389.

Connect using client tools

Download address: http://directory.apache.org/studio

ConnectionName gave the connection an easy-to-remember name himself.

Hostname is the IP address of my own server. I started it locally.

Port is the port. Default is 389.

AuthenticationMethod: Simple Authentication simple verification

Bind DN or User: administrator user name previously set by cn=admin,dc=my_company,dc=com

Bind Password: administrator password set

Related concepts of LDAP

Abbreviated meaning

Attribute meaning: chestnut cCountry country c=chinesedcDomainComponent, often used to refer to a part of a domain name dc=my_company,dc=comcnCommonName, the name of an object, if you refer to a person, use the full name cn=calvinouOrganizationalUnit, the name of an organizational unit ou = bj_develop (Beijing R & D Department) snSurname, a person's surname sn= Zhao, Qian, Sun, Li uidUserid, a user's login name, different from the user's uid in the Linux system, the name o=develop for a unique IDoOrganization organization.

Core Attribute

Name describes the required attribute domain

Organizationo

OrganizationalUnitou

Personsn,cn

OrganizationPersoncn,sn

Top abstract, top-level ObjectClass

PosixAccountLinux user cn,gidNumber,homeDirectory,uid,uidNumberposixGroupLinux user group cn,gidNumber

The above information comes from https://cloud.tencent.com/developer/article/1444535

Springboot integrates LDAP

After the above installation, even if we successfully start an OpenLdap service, the environment is ready, and then we officially start to build the project.

Project core class construction

Pom.xml

Org.springframework.boot spring-boot-starter-parent 1.5.14.RELEASE com.calvin.ldap ldap-test 0.0.1-SNAPSHOT ldap-test 1.8 org.springframework.boot spring-boot-starter org.springframework.ldap spring-ldap -core com.sun ldapbp 1.0 org.springframework.boot spring-boot-starter-test test org.springframework.boot spring-boot-maven-plugin

Application.yml

Calvin: ldap: url: 'ldap://127.0.0.1:389' base:' dc=my-company,dc=com' user_dn: 'cn=admin,dc=my-company,dc=com' password:' 123456'

LdapConfigruation.java

/ *

* LDAP configuration class *

* @ author Calvin * @ date 2019-10-14 * @ since 1.0 * / @ Configurationpublic class LdapConfiguration {/ * Server address * / @ Value ("${calvin.ldap.url}") private String ldapUrl; / * Company, Department * / @ Value ("${calvin.ldap.base}") private String baseDC / * * Administrator user * / @ Value ("${calvin.ldap.user_dn}") private String ldapUser; / * Administrator password * / @ Value ("${calvin.ldap.password}") private String ldapPassword / * LDAP environment configuration * @ return * / @ Bean public LdapContextSource ldapContextSource () {LdapContextSource source = new LdapContextSource (); Map config = new HashMap (); config.put ("java.naming.ldap.attributes.binary", "objectGUID"); source.setUrl (ldapUrl); source.setBase (baseDC); source.setPassword (ldapPassword); source.setUserDn (ldapUser) Source.setPooled (true); source.setBaseEnvironmentProperties (config); Bean definition of return source;} / * LDAP operation class * @ return * / @ Bean public LdapTemplate ldapTemplate () {LdapTemplate ldapTemplate = new LdapTemplate (); ldapTemplate.setContextSource (ldapContextSource ()); return ldapTemplate;}}

JSONObjectMapper.java

/ *

* JSONObjectMapper, conversion class, convert Attributes to a JSONObject to facilitate receiving printing *

* * @ author Calvin * @ date 2019-10-17 * @ since * / public class JSONObjectMapper implements AttributesMapper {@ Override public JSONObject mapFromAttributes (Attributes attributes) throws NamingException {NamingEnumeration

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.