Spring Boot集成Ldap快速入门Demo
1.Ldap介绍
LDAP,Lightweight Directory Access Protocol,轻量级目录访问协议.
LDAP是一种特殊的服务器,可以存储数据
数据的存储是目录形式的,或者可以理解为树状结构(一层套一层)
一般存储关于用户、用户认证信息、组、用户成员,通常用于用户认证与授权
LDAP简称对应
o:organization(组织-公司)
ou:organization unit(组织单元-部门)
c:countryName(国家)
dc:domainComponent(域名)
sn:surname(姓氏)
cn:common name(常用名称)
2.环境搭建
docker-compose-ldap.yaml
version: '3'services:openldap:container_name: openldapimage: osixia/openldap:latestports:- "8389:389"- "8636:636"volumes:- ~/ldap/backup:/data/backup- ~/ldap/data:/var/lib/openldap- ~/ldap/config:/etc/openldap/slapd.d- ~/ldap/certs:/assets/slapd/certscommand: [--copy-service, --loglevel, debug]phpldapadmin:container_name: phpldapadminimage: osixia/phpldapadmin:latestports:- "8080:80"environment:- PHPLDAPADMIN_HTTPS="false"- PHPLDAPADMIN_LDAP_HOSTS=openldaplinks:- openldapdepends_on:- openldap
ldap setup
docker-compose -f docker-compose-ldap.yml -p ldap up -d
open http://localhost:8080/
default account
username:cn=admin,dc=example,dc=orgpassword:admin
init data
dn: ou=people,dc=exapmple,dc=orgobjectClass: topobjectClass: organizationalUnitou: people
3.代码工程
pom.xml
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><parent><artifactId>springboot-demo</artifactId><groupId>com.et</groupId><version>1.0-SNAPSHOT</version></parent><modelVersion>4.0.0</modelVersion><artifactId>ldap</artifactId><properties><maven.compiler.source>8</maven.compiler.source><maven.compiler.target>8</maven.compiler.target></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-autoconfigure</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><!--ldap--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-data-ldap</artifactId></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId></dependency></dependencies></project>
application.yaml
spring:application:name: spring-demo-ldap# ldap configurationldap:urls: ldap://127.0.0.1:8389base: dc=example,dc=orgusername: cn=admin,${spring.ldap.base}password: adminserver:port: 8088
Person.java
package com.et.ldap.entity;import lombok.Data;import org.springframework.ldap.odm.annotations.Attribute;import org.springframework.ldap.odm.annotations.DnAttribute;import org.springframework.ldap.odm.annotations.Entry;import org.springframework.ldap.odm.annotations.Id;import javax.naming.Name;import java.io.Serializable;@Data@Entry(base = "ou=people", objectClasses="inetOrgPerson")public class Person implements Serializable {private static final long serialVersionUID = -337113594734127702L;/***neccesary*/@Idprivate Name id;@DnAttribute(value = "uid", index = 3)private String uid;@Attribute(name = "cn")private String commonName;@Attribute(name = "sn")private String suerName;private String userPassword;}
以上只是一些关键代码,所有代码请参见下面代码仓库
代码仓库
https://github.com/Harries/springboot-demo
4.测试
package com.et.ldap;import com.et.ldap.entity.Person;import org.junit.Test;import org.junit.runner.RunWith;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.boot.test.context.SpringBootTest;import org.springframework.ldap.NamingException;import org.springframework.ldap.core.AttributesMapper;import org.springframework.ldap.core.LdapTemplate;import org.springframework.test.context.junit4.SpringRunner;import javax.naming.NamingEnumeration;import javax.naming.directory.Attribute;import javax.naming.directory.Attributes;import java.util.List;import static org.springframework.ldap.query.LdapQueryBuilder.query;@RunWith(SpringRunner.class)@SpringBootTestpublic class ApplicationTests {@Autowiredprivate LdapTemplate ldapTemplate;/*** add person*/@Testpublic void addPerson() {Person person = new Person();person.setUid("uid:14");person.setSuerName("LISI");person.setCommonName("lisi");person.setUserPassword("123456");ldapTemplate.create(person);}/*** filter search*/@Testpublic void filterSearch() {// Get the domain list. If you want to get a certain domain, the filter can be written like this: (&(objectclass=dcObject)&(dc=example))// String filter = "(&(objectclass=dcObject))";// Get the list of organizations. If you want to get a specific organization, the filter can be written like this: (&(objectclass=organizationalUnit)&(ou=people)// String filter = "(&(objectclass=organizationalUnit))";//Get the people list. If you want to get a certain person, the filter can be written like this: (&(objectclass=inetOrgPerson)&(uid=uid:13))String filter = "(&(objectclass=inetOrgPerson))";List<Person> list = ldapTemplate.search("", filter, new AttributesMapper() {@Overridepublic Object mapFromAttributes(Attributes attributes) throws NamingException, javax.naming.NamingException {//如果不知道ldap中有哪些属性,可以使用下面这种方式打印NamingEnumeration<? extends Attribute> att = attributes.getAll();while (att.hasMore()) {Attribute a = att.next();System.out.println(a.getID() + "=" + a.get());}Person p = new Person();Attribute a = attributes.get("cn");if (a != null) p.setCommonName((String) a.get());a = attributes.get("uid");if (a != null) p.setUid((String) a.get());a = attributes.get("sn");if (a != null) p.setSuerName((String) a.get());a = attributes.get("userPassword");if (a != null) p.setUserPassword(a.get().toString());return p;}});list.stream().forEach(System.out::println);}/*** query search*/@Testpublic void querySearch() {// You can also use filter query method, filter is (&(objectClass=user)(!(objectClass=computer))List<Person> personList = ldapTemplate.search(query().where("objectClass").is("inetOrgPerson").and("uid").is("uid:14"),new AttributesMapper() {@Overridepublic Person mapFromAttributes(Attributes attributes) throws NamingException, javax.naming.NamingException {//If you don’t know what attributes are in ldap, you can print them in the following way// NamingEnumeration<? extends Attribute> att = attr.getAll();//while (att.hasMore()) {// Attribute a = att.next();// System.out.println(a.getID());//}Person p = new Person();Attribute a = attributes.get("cn");if (a != null) p.setCommonName((String) a.get());a = attributes.get("uid");if (a != null) p.setUid((String) a.get());a = attributes.get("sn");if (a != null) p.setSuerName((String) a.get());a = attributes.get("userPassword");if (a != null) p.setUserPassword(a.get().toString());return p;}});personList.stream().forEach(System.out::println);}}
运行单元测试类,查看数据,可以看到新增一个人
5.引用参考
http://www.liuhaihua.cn/archives/710513.html
https://spring.io/guides/gs/authenticating-ldap/
https://blog.csdn.net/Zhangmaoyang/article/details/123113262