LDAP as enterprise Application Login Authentication Service Development Drip

Background

In the Internet environment, the Enterprise Office application in the past two years has shown a vigorous development of the situation, these applications must be compatible with the enterprise's existing login authentication system, LDAP (Lightweight directory Access Protocol) as a standard directory services, widely used by enterprises. This article records the problems and workarounds that are encountered in accessing the LDAP Service and hopes to help beginners who have just contacted LDAP.

"Environment, voice, and open Source Library"

Linux

C++

OpenLDAP

Compiler

Download OpenLDAP latest version from official website ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.44.tgz

1, decompression OpenLDAP

Navigate to the directory where openldap-2.4.44.tgz is located, perform the tar zxvf openldap-2.4.44.tgz extract, generate openldap-2.4.44 directory under the current directory, ll command to view the included subdirectories and files:

2, vi command to view the install file, a preliminary understanding of the compilation installation steps

3, compile the configuration, execute the following command:

./configure--prefix=/data/allanchen/opensource/openldap/openldap-2.4.44/build_lib--enable-backends=no-- Enable-slapd=no--enable-shared=no--with-pic=yes--with-cyrus-sasl=no--prefix: Set compilation Build Path--enable-backends=no-- Enable-slapd=no, since this project is just for the client, cancel the server-side related configuration when you see the last prompt for "Please run" made depend "to build dependencies", configure executed successfully 4, Execute make depend, generate dependency 5, execute Make6, execute make install, finalize compile, protect include header file and Lib static library file: "User login Authentication"User login authentication by ldap_simple_bind_s (LD, DN, pw) function, DN (distinguishedname) for authenticated user Full path, PW for the authentication user password, DN due to the requirements of the full path, making it difficult to configure the base DN and it to splice the user full DN, so, before the authentication login, we need to try to query to the user complete dn,ldap_search_s just provide the corresponding function, the user set the base DN , and set filter (can be set to (& (Classobject=user) (Samaccountname=loginname)), to find the user DN, thereby calling ldap_simple_bind_s complete user logon authentication.

#include "Ldap.h" using namespace std;      LDAP * LD;IF (ld = Ldap_init (Host.c_str (), ldap_port) = = NULL) {cout << "LDAP init failed" << Endl; return 1;} int version = Ldap_version3;if (ldap_set_option (LD, ldap_opt_protocol_version, &version)! = ldap_success) {cout &L    t;< "Set protocol version failed" << Endl; return 1;} int max_timeout = 10;if (ldap_set_option (LD, Ldap_opt_timelimit, (void *) &max_timeout)! = ldap_success) {cout &    lt;< "Set time limit Failed" << Endl; return 1;} Must do Setif (Ldap_set_option (ld,ldap_opt_referrals,ldap_opt_off)! = ldap_success) {cout << "set referrals O    FF failed "<< Endl; return 1;} DN,PW Admin account and password int ret = ldap_success;if (ret = ldap_simple_bind_s (LD, Dn_admin, pw_admin))! = ldap_success) {cout &    lt;< "ldap_simple_bind_s failed" << Endl;    cout << "Errcode:" << ret << Endl; cout << "errmsg:" << ldap_err2string (ret) << Endl return 1;} Ldapmessage *result, *msg;char * attrs[1];attrs[0] = "distinguishedname"; char * filter = "(& (Objectclass=user) ( Samaccountname=loginname)) "; char * base =" dc=mycompany,dc=com "; if (ret = ldap_search_s (LD, base, Ldap_scope_subtree,    Filter, Attrs, 0, &result))! = ldap_success) {cout << "ldap_search_s failed" << Endl;    cout << "Errcode:" << ret << Endl;    cout << "errmsg:" << ldap_err2string (ret) << Endl; return 1;} Char **vals;if (msg = ldap_first_entry (ld, result)) = NULL) {if (Vals = ldap_get_values (LD, MSG, "distinguishedname        ")) = NULL) {char * DN = LDAP_GET_DN (LD, MSG);        ret = ldap_simple_bind_s (LD, DN, PW) if (ret = = ldap_success) {cout << "auth succ";        } else {cout << "auth failed"; }}

"Conclusion"The key is to be compatible with different enterprise LDAP user DN, and the same enterprise different without different level DN.

LDAP as enterprise Application Login Authentication Service Development Drip