SpringBoot整合openldap
前言
本文介绍在springboot框架中集成Ldap,实现用户认证和用户管理,以openldap服务为例。
一、必要依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
二、配置文件
spring:
ldap:
urls: ldap://openldap.example.con:389 #openldap连接地址
username: cn=admin,dc=example,dc=com #用户名
password: xxxxxxx #密码
base: dc=example,dc=com #根dn
三、用户实体类
import com.fasterxml.jackson.annotation.JsonIgnore;
import lombok.Data;
import org.springframework.ldap.odm.annotations.Attribute;
import org.springframework.ldap.odm.annotations.Entry;
import org.springframework.ldap.odm.annotations.Id;
import org.springframework.ldap.support.LdapNameBuilder;
import javax.naming.Name;
@Entry(objectClasses = {
"inetOrgPerson", "top", "posixAccount"})
@Data
public class Person {
@Id
@JsonIgnore // 必写
private Name distinguishedName;
@Attribute(name = "uid")
private String uid;
private String cn;
private String mail;
private String sn;
private String userPassword;
private String mobile;
private String homeDirectory;
private Integer gidNumber;
private Integer uidNumber;
public void setUid(String uid) {
this.uid = uid;
this.setHomeDirectory("/home/users/" + uid);
}
}
四、用户认证和增删改操作
import com.gok.analysis.ldap.entity.Person;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.query.LdapQuery;
import org.springframework.stereotype.Service;
import static org.springframework.ldap.query.LdapQueryBuilder.query;
@Service
@Slf4j
public class LdapServiceImpl implements LdapService {
@Autowired
private LdapTemplate ldapTemplate;
@Override
public Person getLdapUser(String uid) {
LdapQuery query = query().where("uid").is(uid);
try {
return ldapTemplate.findOne(query, Person.class);
} catch (EmptyResultDataAccessException e) {
return null;
}
}
@Override
public boolean authenticate(String uid, String password) {
EqualsFilter filter = new EqualsFilter("uid", uid);
return ldapTemplate.authenticate("", filter.toString(), password);
}
@Override
public Person addLdapUser(Person person) {
ldapTemplate.create(person);
log.info("同步用户成功,name={}", person.getCn());
return person;
}
@Override
public void updateLdapUser(Person person) {
ldapTemplate.update(person);
log.info("更新用户成功,name={}", person.getCn());
}
@Override
public void deleteLdapUser(Person person) {
ldapTemplate.delete(person);
log.info("删除用户成功,name={}", person.getCn());
}
}