Shulou(Shulou.com)05/31 Report--

This article introduces you how to quickly integrate LDAP and achieve user single sign-on, the content is very detailed, interested friends can refer to, hope to be helpful to you.

What is LDAP?

LDAP,Lightweight Directory Access Protocol, lightweight Directory access Protocol, is an industry standard application protocol that defines an interface or language for clients to connect to directory services to query or modify information, such as OpenLDAP, Active Directory, and so on.

A LDAP service generally stores information about users, user authentication, groups, user members, and so on, and acts as a central repository of user information, usually used for user authentication and authorization.

You can imagine that a LDAP is a data store that supports client application communication using the LDAP protocol, which includes two aspects, namely the directory and the protocol.

LDAP directory structure

An LDAP directory has a hierarchical tree structure consisting of one or more entries that typically represent real-world entries, such as organizations, users, and so on. For an enterprise, for example, the root (top level) of the tree can represent an organization itself, and the sub-items can be organizations, business units, locations, and so on. These sub-items can support more entries to represent individual resources, such as users, groups, and so on, as shown in the following figure:

Terminology analysis and examples

The following creates a real directory that is easy to understand, and the data uses a school, as shown in the following figure:

At the top level you can see a dc=hogwarts, dc=com, which is used to represent the whole school, and it has a sub-entry, which is represented by an organizational unit ou=users, and it has many sub-entries, such as cn=triddle to represent students.

In the figure above, we can ignore the top-level entries ou=config, ou=schema, ou=system, because they relate to the directory's own schema and config, which are from the default configuration after installation.

Entry (entry): each object is called a LDAP entry in the directory, for example: ou=users,cn=triddle.

Attribute: each entry typically has one or more attributes that are used to describe objects, such as last name, first name, mailbox, business unit, and so on.

The LDAP specification defines a standard property setting, such as cn,sn,mail,objectClass, etc. For our example, let's take the user Tom Riddle as an example from the above description. Here are the attributes of this user:

Dn: cn=triddle, ou=users, dc=hogwarts, dc=comobjectClass: organizationalPersonobjectClass: personobjectClass: inetOrgPersonobjectClass: topcn: triddlesn: RiddledisplayName: Tom RiddlegivenName: Tommail: Tom.Riddle@hogwarts.eduuid: 20007userPassword: SHA hashed password

As you can see, it contains some basic personal information and the user's password.

Distinguished Name or DN:

To identify an entry in LDAP, we use Distinguished Name or dn, which is globally unique in a directory. Its value is the location of an object in the directory tree, and it can be "joined" to the name of the current entry and its parent node all the way to the top-level (root) node. For the user Tom Riddle listed above, its DN will be:

"cn=triddle" + "ou=users" + "dc=hogwarts, dc=com" DN:cn=triddle, ou=users, dc=hogwarts, dc=com user authentication

An authentication based on LDAP also requires a user name and password. In this case, the user name is the DN in LDAP. Therefore, assuming that the password of the user Tom Riddle is 123456, you will successfully authenticate in the following ways:

Username: cn=triddle, ou=users, dc=hogwarts, dc=compassword: 123456 how to use LDAP on the Authing identity cloud?

In Authing identity Cloud, we have integrated LDAP protocol for you. You only need to turn on LDAP with one click. You can not only manage user information on your cloud through LDAP protocol, but also seamlessly connect other platforms that support LDAP protocol for your users using LDAP protocol to perform operations such as authentication and authorization.

Opening method:

First, log in to the Authing platform with your account password, and then click * * user Management * *-> * * user Management * *-> Click the switch in the upper right corner * * to open it, as shown below:

Isn't it easy? When enabled, you can use LDAP protocol to manage users. Functions have been integrated, such as authentication, filtering, adding, deleting, changing, querying, and so on.

The common search dn address data structure is as follows:

The following is an example of the query function, as shown below:

-H LDAP server URI, including address and port, all users are at this address-D bind dn, specify the distinguished name used by the server to authenticate you-w user pool password-LLL specify output in LDIF format without comments and version-b base dn, if the server to be searched needs to specify the search starting point, you must use this parameter Otherwise, the parameter is optional-x simple authentication

For other help documents, please log in to the Authing identity Cloud and click on the main screen-- user Management-- use the documentation to see more help.

On how to quickly integrate LDAP and the realization of single sign-on users to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.