Tools-openLDAP

发表于 更新于 分类于 Waline:

基础概念

  • o:organization(组织-公司)
  • ou:organization unit(组织单元-部门)
  • c:countryName(国家)
  • dc:domainComponent(域名)
  • sn:surname(姓氏)
  • cn:common name(常用名称)
  • dn:Distiguished Name(唯一标识名)
  • uid:User ID(用户标识)

安装

服务端安装osixia/docker-openldap

1
2
3
4
5
6
7
8
9
10
11
12
docker pull osixia/openldap:1.5.0
docker run \
  -p 389:31236 \ #tcp
  -p 636:636 \ #https
	--volume /data/slapd/database:/var/lib/ldap \
	--volume /data/slapd/config:/etc/ldap/slapd.d \  
	--env LDAP_ORGANISATION="exxk" \
	--env LDAP_DOMAIN="exxktech.io" \
	--env LDAP_ADMIN_PASSWORD="exxkTech@2023" \
	--detach osixia/openldap:1.5.0

客户端安装工具

mac客户端管理工具Ldap Admin Tool

进去可以创建用户或组以及设置密码

测试demo

application.yml配置

1
2
3
4
5
6
spring:
  ldap:
    urls: ldap://172.1.1.44:31236
    base: dc=hcytech,dc=io
    username: cn=admin,dc=exxktech,dc=io
    password: exxkTech@2023

Pom.xml添加依赖

1
2
3
4
5
6
7
8
9
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
<dependency>
    <groupId>com.unboundid</groupId>
    <artifactId>unboundid-ldapsdk</artifactId>
    <scope>test</scope>
</dependency>

Customer.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
package com.exxk.ldaputil;

import org.springframework.ldap.odm.annotations.Attribute;
import org.springframework.ldap.odm.annotations.Entry;
import org.springframework.ldap.odm.annotations.Id;

import javax.naming.Name;

@Entry(base = "ou=customer,dc=exxktech,dc=io",objectClasses ="inetOrgPerson" )
public class Customer {
    @Id
    private Name id;
    @Attribute(name = "cn")
    private String userName;

    @Override
    public String toString() {
        return "Customer{" +
                "id=" + id +
                ", userName='" + userName + '\'' +
                '}';
    }
}

TestController.java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
package com.exxk.ldaputil;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.query.LdapQuery;
import org.springframework.ldap.query.LdapQueryBuilder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class TestController {
    @Autowired
    LdapTemplate ldapTemplate;

    @GetMapping("/login")
    public String compressVideo(String username,String password) {
        String status="ok";
        LdapQuery query= LdapQueryBuilder.query().where("cn").is(username);
        Customer customer= ldapTemplate.findOne(query,Customer.class);
        System.out.println("用户名"+customer.toString());
        EqualsFilter filter = new EqualsFilter("cn", username);
        if(!ldapTemplate.authenticate("", filter.toString(), password)){
            status="用户密码错误!";
        }
        return status;
    }
}

访问http://127.0.0.1:8080/login?username=lisi&password=111111进行测试

常见错误

  1. InvalidNmeException: [LDAP: error code 34 - invalid DN]] with root cause

    解决:spring.ldap.username的值从admin修改为cn=admin,dc=exxktech,dc=io