Enterprise Distribution Micro Service Cloud Springcloud springboot MyBatis (16) Use LDAP in Spring boot to manage user information uniformly

LDAP Introduction

LDAP (Lightweight Directory Access Protocol, Lightweight directory for Access Protocol) is an implementation that provides information services known as directory services. The directory service is a special database system that is specifically optimized for read, browse, and search operations. Catalogs are typically used to contain descriptive, attribute-based information and support sophisticated filtering capabilities. The directory generally does not support complex transaction management or rollback policies that are required for a large number of update operations by the universal database. Updates to directory services are generally very simple. This catalog can store a variety of information, including personal information, web links, jpeg images, and so on. In order to access the information stored in the directory, you need to use the Access Protocol-ldap that runs on top of TCP/IP.

The information in the LDAP directory is organized according to the tree structure, and the specific information is stored in the data structure of the entry (entry). Entries are records of tables in a relational database, entries are attributes (Attribute) with distinguished name DN (distinguished name), DN is used to reference a bar, and DN is equivalent to a keyword in a relational database table (Primary key). A property consists of a type and one or more values, which is equivalent to a field in a relational database that consists of a field name and a data type, but for the purpose of facilitating retrieval, the type in LDAP can have more than one value, Instead of the various domains in the relational database that are required to reduce the redundancy of the data, they must be irrelevant. The organization of entries in LDAP is generally organized by geographic location and organizational relationships, and is very intuitive. LDAP stores data in files, and for efficiency it can use an index-based file database instead of a relational database. An example of a type is mail, whose value will be an e-mail address.

LDAP information is stored in a tree structure, typically defined as a country (C=CN) or domain name (dc=com), under which it is often defined by one or more organizations (organization) (O=ACME) or organizational units (organizational units) (OU =people). An organizational unit may contain information such as all employees, all printers in the building, and so on. In addition, LDAP supports control over which attributes an entry can and must support, which is implemented by a special property called the object category (ObjectClass). The value of this property determines the rules that must be followed by the entry, which specifies which attributes the entry should and should contain at least. For example, the InetOrgPerson object class needs to support the SN (surname) and CN (common name) properties, but it can also include optional properties such as mail, phone numbers, and so on.

LDAP abbreviation Correspondence

• O:organization (Organization-Company)
• Ou:organization Unit (Organizational unit-department)
• C:countryname (Country)
• Dc:domaincomponent (domain name)
• Sn:surname (surname)
• Cn:common name (common names)

The above information is from: LDAP QuickStart

Getting Started example

After understanding the basic concepts of LDAP, we understand it with a simple example!

• Create a basic Spring boot project (if you don't, you can refer to both articles: Getting Started 1 or getting Started 2)

• Introduces two important dependencies in pom.xml

• Create a ldap-server.ldif file under the src/test/resources directory to store the underlying data for the LDAP server for subsequent program access.

  dn:dc=didispace,dc=comobjectclass:topobjectclass:domaindn:ou=people,dc= Didispace,dc=comobjectclass:topobjectclass:organizationalunitou:peopledn:uid=ben,ou=people,dc=didispace,dc= COMOBJECTCLASS:TOPOBJECTCLASS:PERSONOBJECTCLASS:ORGANIZATIONALPERSONOBJECTCLASS:INETORGPERSONCN:DIDISN: Zhaiyongchaouid:didiuserpassword: {sha}nfcebwjxfalbhhg1qk5uu4trbvq= 

  Creates a base user here with a real name of Zhaiyongchao , common name Didi , in later programs, we will read this information. More explanation You can learn more about LDAP to understand, here do not do too much explanation.

• application.propertiesAdd the configuration of embedded LDAP in

  Spring.ldap.embedded.ldif=ldap-server.ldifspring.ldap.embedded.base-dn=dc=didispace,dc=com

  Using the basic usage of SPRING-DATA-LDAP, define the relationship mappings between attributes in LDAP and our defined entities in Java and the corresponding repository

  @Data @entry (base = "Ou=people,dc=didispace,dc=com", objectclasses = "InetOrgPerson") public class Person {    @Id    Private Name ID;    @DnAttribute (value = "UID", index = 3)    private String uid;    @Attribute (name = "cn")    private String commonname;    @Attribute (name = "SN")    private String suername;    Private String UserPassword;} Public interface Personrepository extends Crudrepository<person, name> {}

  With the above definition, the person object has been mapped to the LDAP store content, and we PersonRepository can easily read and write to the LDAP content just by using it.

• Create a unit test case to read all user information:

  @RunWith (springrunner.class) @SpringBootTestpublic class Applicationtests {@Autowiredprivate personrepository personrepository; @Testpublic void FindAll () throws Exception {Personrepository.findall (). ForEach (P, { SYSTEM.OUT.PRINTLN (P);});}}

  After starting the test case, we can see the console output the user information that was just maintained in ldap-server.ldif :

  2018-01-27 14:25:06.283  WARN 73630---[           main] o.s.ldap.odm.core.impl.objectmetadata    : The Entry class Person should is declared Finalperson (id=uid=ben,ou=people,dc=didispace,dc=com, Uid=ben, Commonname=didi, suerName= Zhaiyongchao, userpassword= 123,83,72,65,125,110,70,67,101,98,87,106,120,102,97,76,98,72,72,71,49,81,107,53,85,85,52,116,114,98,118,81,61)

  Add user

  With the Getting started example above, if you can do it independently, the base target for operating LDAP in spring boot is complete.

  If you are familiar with spring Data, it is not difficult to think that this sub-project under it must also adhere to the repsitory abstraction. Therefore, we can use the above definition PersonRepository to easily implement the operation, such as the following code can be easily added to LDAP users:

  person person = new person ();p erson.setuid ("uid:1");p erson.setsuername ("AAA");p erson.setcommonname ("AAA"); Person.setuserpassword ("123456");p ersonrepository.save (person);

  If you want to do more, you can refer to the SPRING-DATA-LDAP documentation for use.

  Connecting to the LDAP Service side

  In this case, the embedded LDAP server is used, in fact, this method is limited to our local testing and development, and the LDAP Service side must be deployed independently in the real environment.

  In the Spring boot package, we only need to configure the following parameters to connect the above example to the remote LDAP instead of the embedded LDAP.

  Spring.ldap.urls=ldap://localhost:1235spring.ldap.base=dc=didispace,dc=comspring.ldap.username= didispacespring.ldap.password=123456

  　　Source Source

Enterprise Distribution Micro Service Cloud Springcloud springboot MyBatis (16) Use LDAP in Spring boot to manage user information uniformly