基础概念
- o:organization(组织-公司)
- ou:organization unit(组织单元-部门)
- c:countryName(国家)
- dc:domainComponent(域名)
- sn:surname(姓氏)
- cn:common name(常用名称)
- dn:Distiguished Name(唯一标识名)
- uid:User ID(用户标识)
安装
1 2 3 4 5 6 7 8 9 10 11 12
| docker pull osixia/openldap:1.5.0 docker run \ -p 389:31236 \ -p 636:636 \ --volume /data/slapd/database:/var/lib/ldap \ --volume /data/slapd/config:/etc/ldap/slapd.d \ --env LDAP_ORGANISATION="exxk" \ --env LDAP_DOMAIN="exxktech.io" \ --env LDAP_ADMIN_PASSWORD="exxkTech@2023" \ --detach osixia/openldap:1.5.0
|
客户端安装工具
mac客户端管理工具Ldap Admin Tool
进去可以创建用户或组以及设置密码
测试demo
application.yml
配置
1 2 3 4 5 6
| spring: ldap: urls: ldap://172.1.1.44:31236 base: dc=iexxk,dc=io username: cn=admin,dc=exxktech,dc=io password: exxkTech@2023
|
Pom.xml
添加依赖
1 2 3 4 5 6 7 8 9
| <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-ldap</artifactId> </dependency> <dependency> <groupId>com.unboundid</groupId> <artifactId>unboundid-ldapsdk</artifactId> <scope>test</scope> </dependency>
|
Customer.java
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
| package com.exxk.ldaputil;
import org.springframework.ldap.odm.annotations.Attribute; import org.springframework.ldap.odm.annotations.Entry; import org.springframework.ldap.odm.annotations.Id;
import javax.naming.Name;
@Entry(base = "ou=customer,dc=exxktech,dc=io",objectClasses ="inetOrgPerson" ) public class Customer { @Id private Name id; @Attribute(name = "cn") private String userName;
@Override public String toString() { return "Customer{" + "id=" + id + ", userName='" + userName + '\'' + '}'; } }
|
TestController.java
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
| package com.exxk.ldaputil;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.ldap.core.LdapTemplate; import org.springframework.ldap.filter.EqualsFilter; import org.springframework.ldap.query.LdapQuery; import org.springframework.ldap.query.LdapQueryBuilder; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController;
@RestController public class TestController { @Autowired LdapTemplate ldapTemplate;
@GetMapping("/login") public String compressVideo(String username,String password) { String status="ok"; LdapQuery query= LdapQueryBuilder.query().where("cn").is(username); Customer customer= ldapTemplate.findOne(query,Customer.class); System.out.println("用户名"+customer.toString()); EqualsFilter filter = new EqualsFilter("cn", username); if(!ldapTemplate.authenticate("", filter.toString(), password)){ status="用户密码错误!"; } return status; } }
|
访问http://127.0.0.1:8080/login?username=lisi&password=111111进行测试
常见错误
InvalidNmeException: [LDAP: error code 34 - invalid DN]] with root cause
解决:spring.ldap.username
的值从admin
修改为cn=admin,dc=exxktech,dc=io