Getting started with LDAP
First you have to understand what is LDAP, then I read a lot to explain, but also foggy, not clear. Here to tell you a little stroke of a stroke.
First, LDAP is a protocol, LDAP supports TCP / IP. Agreement is standard, and abstract. Under this standard, AD (Active Directory) is Microsoft set out to achieve.
AD What is it? For the time being it understood as a database. A lot of people say directly to the LDAP database (LDAP can be understood as a database for storing data). Like other databases, like, LDAP also have client side and server side. server-side resources are used to store, for operating CRUD operations such client.
And we usually say that the LDAP server refers to the running of the database.
AD = LDAP can be simply understood + LDAP server application.
LDAP database that what this special it?
We know that, like the MySQL database, the data is recorded by a records exist in the table. The LDAP database, tree structure, the data stored on the leaf nodes. Consider the following analogy:
Suppose you want an apple tree (a record), how do you tell the gardener its place? Of course, we must first explain what is the tree (dc, equivalent to the MYSQL DB), then from the root to the apple through which all "fork" (ou), this is Apple's last name (uid, equivalent to MySQL table's primary key id). All right! At this point we can clearly indicate the location of the apple, which is by the west side of the bifurcation and then by red-and-green ...... on the north fork of the tree, "Wai Bo tree" east of the bifurcation, fainted! You go directly to climb!
So a record can be clearly described on the "tree" of the.
LDAP talk about how to define a position where a record of it.
Tree (dc = ljheee)
bifurcation (ou = bei, ou = xi , ou = dong)
Apple (cn = redApple)
Well, redApple position out:
dn: CN = honglv, bei OU =, OU = XI, OU = Dong, DC = ljheee
wherein dn identify a record, a data path described in detail.
Hey! Some people question why ou have multiple values? Think about it, from the roots to reach Apple's position, it may take several branches, all ou may have multiple values. On the back of a long list of dn, respectively cn, ou, dc; separated by commas.
LDAP tree database summarize as follows:
DN: detail of the position of a record
dc: a recording area belongs (which tree)
OU: a record belongs to the organization (which branch)
CN / UID: record a name / ID (which an apple a name)
the very top is the root of the LDAP directory tree, the so-called "base DN".
Why use an LDAP directory tree to store data with MySQL will not do it, why we must come up with a tree database?
This is because the data is stored using a tree structure, higher query efficiency (specifically why, can look at the relational database index of realization of the principle --B tree / B + tree). Under certain scenarios, the use of a tree database better. For example: the need to store large amounts of data, but the data is not frequently change, take a quick look.
It compared with traditional relational databases, LDAP features in addition to quickly find and use it there are a lot of scenes, such as domain verification.
LDAP programming operation
We can use JDBC operations MySQL database, additions or deletions to change search the data. Similarly, LDAP tree database, or through JDBC way; in addition, you can also use JNDI way (more recommended), because the tree can be seen as hierarchical directory tree twig structure is equivalent to the directory.
There is also data showing LDAP database tree, as shown by an LDAP server connection ApacheDirectoryStudio:
image.png
ApacheDirectoryStudio can be seen as an interface of the client connection to the database server, corresponding to Navicat, WorkBench. New connection, the connection operation is similar to the database server.
ApacheDirectoryStudio Download:
http://download.csdn.net/download/ljheee/10145654
JNDI连接LDAP服务器
import org.springframework.beans.factory.annotation.Autowired;
import java.util.Hashtable;
import javax.naming.*;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class LdapJNDI {
@Autowired
LdapConfiguration ldapConfiguration;
public void JNDILookup() {
String rootFilter = "o=cvte.com,o=isp";
// String filter = "(&(smart-type=E1)(smart-status=1))";
String filter = "(&(smart-type=E1)(uid=00012047))";
String username = "uid=USER_NAME,ou=Authorization,ou=People,o=cc.com,o=isp";//xxx为申请的对接账户
String password = "PASSW";
The env = new new the Hashtable the Hashtable ();
env.put (Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // Set the connection factory LDAP implementation
env.put (Context.PROVIDER_URL, "ldap: // 172.26.39.77:389/ "+ rootFilter); // specify the LDAP server host name and port number
env.put (Context.SECURITY_AUTHENTICATION," simple ") ; // method to provide authentication environment, SIMPLE, SSL / TLS and SASL
env.put (Context.SECURITY_PRINCIPAL, username); // enter the specified directory distinguished name DN
env.put (Context.SECURITY_CREDENTIALS, password); // enter the directory password
env.put ( "filter", filter);
DirContext ctx = null;
{the try
// get a reference to the initial directory context
ctx = new InitialDirContext (env);
//The search base entry 'uid=00012047,ou=Internal,ou=People,o=cvte.com,o=isp' does not exist]; remaining name 'uid=00012047,ou=Internal'
// Attributes attrs = ctx.getAttributes("uid=00012047,ou=Internal,ou=People");//获取到一个人员,
NamingEnumeration bindings = ctx.listBindings ( "ou = Internal, ou = People"); // include insider
while (bindings.hasMore()) {
Binding bd = (Binding)bindings.next();
System.out.println(bd.getName() + ": " + bd.getObject());
}
/ * The DN nodes to find all of its properties, and then get all the values from the attribute, note that a property can have multiple values * /
// for (the NamingEnumeration attrs.getAll AE = (); ae.hasMore ();) {
// // Get a property
// the attribute attr = (the attribute) ae.next ();
// for (the NamingEnumeration attr.getAll VE = (); ve.hasMore ();) {
// the System .out.println (String.format ( "the Attribute =% S,% S = the Value", attr.getID (), ve.next ()));
//}
//}
} catch (javax.naming.AuthenticationException e) {
System.out.println("认证失败");
e.printStackTrace();
} catch (Exception e) {
System.out.println("认证出错:");
e.printStackTrace();
}finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}
}
public static void main(String[] args) {
LdapJNDI ldapJNDI = new LdapJNDI();
ldapJNDI.JNDILookup();
}
}
To sum up the LDAP:
1, the LDAP structure represented by the tree, rather than form. Because of this, the SQL statement can not be used.
2, LDAP can quickly get results, but in terms of writing, it is much slower.
3, LDAP provides a quick query of static data.
4, Client / server model, Server for storing data, Client operating tools directory information tree.
5, LDAP is an open Internet standard, LDAP protocol Interent protocol is cross-platform.