Spring Examples of using LDAP to uniformly manage user information in Boot

Most of the time, when we were in the build system will create your own user management system, it not be hard for the developer, but when we need to maintain a number of different systems and users across systems use the same case, if each system to maintain their own user information, then user information at this time synchronization will become more troublesome, for users themselves also will be very, very easy to appear different system password is not 1 to ah, and so on and so forth. If we introduce LDAP at this point to centralize the user's basic information and provide a uniform read-write interface and verification mechanism, then this problem is relatively easy to solve. Here's how to access the LDAP server when developing with Spring.

LDAP profile

LDAP (Lightweight Directory Access Protocol, Lightweight Directory Access Protocol) is an implementation that provides information services known as directory services. A directory service is a special database system that is optimized for read, browse, and search operations. Directory 1 is typically used to contain descriptive, attribute-based information and support sophisticated filtering capabilities. Directory 1 does not support complex transaction management or rollback strategies that are required for a large number of update operations in a common database. Updates to directory services are usually very simple. This directory can store a variety of information including personal information, web links, jpeg images, and more. To access the information stored in the directory, you need to use the access protocol - LDAP, which runs on top of TCP/IP.

The information in the LDAP directory is organized in a tree structure and is stored in the data structure of the entry (entry). An entry corresponds to a record of a table in a relational database; The entry is an attribute (Attribute) with the distinct name DN (Distinguished Name), DN is used to reference the entry, and DN is equivalent to a keyword in a relational database table (Primary Key). Properties by type (Type) and one or more values (Values), equivalent to a relational database in the field (Field) consists of the field name and data type, just for the sake of convenient retrieval needs, the Type LDAP can have multiple Value, rather than a relational database in order to reduce the redundancy of data for each domain must be irrelevant. The organization of article 1 in LDAP is generally organized according to the geographical location and organizational relationship, which is very intuitive. LDAP stores data in files, and for efficiency you can use an index-based file database rather than a relational database. An example of a type is mail, whose value would be an E-mail address.

LDAP information is stored in a tree structure, where a country (c=CN) or domain name (dc=com) is defined at the root of the tree, and below that one or more organizations (organization)(o=Acme) or organizational units (organizational units) (ou=People) are defined. An organizational unit might contain information such as all employees, all printers in the building, and so on. In addition, ES56en supports control over which properties an item can and must support, which is done by a special attribute called object category (ES57en). The value of this attribute determines the rules that the entry must follow, specifying which attributes the entry can and should at least contain. For example, the inetorgPerson object class needs to support sn(surname) and cn(common name) properties, but can also contain optional properties such as email, phone numbers, and so on.

LDAP abbreviation corresponding

o: organization (Organization-Company) ou: organization unit (Organizational Unit - Department) c: countryName (Country) dc: domainComponent (domain name) sn: suer name (real name) cn: common name (common name)

An introduction to the sample

With the basic concepts of ES86en in mind, let's take a step forward with a simple example!

Create a basic Spring Boot project (if you don't already, refer to these two articles: Getting Started 1 or Getting Started 2)

Two important dependencies are introduced in pom.xml

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>

<dependency>
  <groupId>com.unboundid</groupId>
  <artifactId>unboundid-ldapsdk</artifactId>
  <scope>test</scope>
</dependency>

Among them, spring-boot-starter-data-ldap is Spring Boot encapsulated implementation of automatic configuration of LDAP, it is based on spring-data-ldap to LDAP server specific operation.

unboundid-ldapsdk is designed to use the embedded LDAP server for testing operations here, so scope is set to test. In practice, we usually connect to a real, independently deployed LDAP server, so this dependency is not required.

In src/test/resources directory to create ldap - server. ldif file, used to store the LDAP based data from the server, in case of the back of the application access.

dn: dc=didispace,dc=com
objectClass: top
objectClass: domain

dn: ou=people,dc=didispace,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=ben,ou=people,dc=didispace,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: didi
sn: zhaiyongchao
uid: didi
userPassword: {SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=

Here we create a base user, whose real name is zhaiyongchao, and the common name is didi. We will read this information later in the program. You can go into LDAP to understand more, but I won't go into it too much here.

Add embedded LDAP configuration in application.properties

spring.ldap.embedded.ldif=ldap-server.ldif
spring.ldap.embedded.base-dn=dc=didispace,dc=com

Using the basic usage of spring-data-ldap, define the relational mapping between the attributes in LDAP and the entities defined in our Java and the corresponding Repository

@Data
@Entry(base = "ou=people,dc=didispace,dc=com", objectClasses = "inetOrgPerson")
public class Person {

  @Id
  private Name id;
  @DnAttribute(value = "uid", index = 3)
  private String uid;
  @Attribute(name = "cn")
  private String commonName;
  @Attribute(name = "sn")
  private String suerName;
  private String userPassword;
}

public interface PersonRepository extends CrudRepository<Person, Name> {
}

After the above definition, Person objects have been mapped to LDAP storage content, and we can easily read and write LDAP content using only PersonRepository.

Create a unit test case to read all user information:

@RunWith(SpringRunner.class)
@SpringBootTest
public class ApplicationTests {

  @Autowired
  private PersonRepository personRepository;

  @Test
  public void findAll() throws Exception {
    personRepository.findAll().forEach(p -> {
      System.out.println(p);
    });
  }
}

After starting the test case, we can see the console output the user information we just maintained in ldap-server.ldif:

[

2018-01-27 14:25:06.283 WARN 73630 --- [ main] o.s.ldap.odm.core.impl.ObjectMetaData : The Entry class Person should be declared final
Person(id=uid=ben,ou=people,dc=didispace,dc=com, uid=ben, commonName=didi, suerName=zhaiyongchao, userPassword=123,83,72,65,125,110,70,67,101,98,87,106,120,102,97,76,98,72,72,71,49,81,107,53,85,85,52,116,114,98,118,81,61)

]

Add user

With the above introductory example, the basic goal of operating with LDAP in Spring Boot has been accomplished, if you can do it on your own.

If you know Spring well enough, it's not hard to imagine that this subproject under it must also adhere to the Repsitory abstraction. Therefore, we can use PersonRepository defined above to easily implement the operation, such as the following code to easily add users to LDAP:

Person person = new Person();
person.setUid("uid:1");
person.setSuerName("AAA");
person.setCommonName("aaa");
person.setUserPassword("123456");
personRepository.save(person);

If you want to do more, you can refer to the documentation for spring-data-ldap to use it.

Connect to the LDAP server

In this article, the examples all use embedded LDAP server, in fact, this way is limited to our local test and development use, the real environment LDAP server must be independently deployed.

To connect the above example to the remote LDAP instead of the embedded LDAP, we only need to configure the following parameters in the Spring package.

spring.ldap.urls=ldap://localhost:1235
spring.ldap.base=dc=didispace,dc=com
spring.ldap.username=didispace
spring.ldap.password=123456

In this paper, the code

The chapter3-2-10 catalog can be found in the following two repositories:

Github: https: / / github com/dyc87112 / SpringBoot Learning /