Understanding LDAP through the Spring Boot
1. What LDAP is?
From Okta, this is the definition “Companies store usernames, passwords, email addresses, printer connections, and other static data within directories. LDAP is an open, vendor-neutral application protocol for accessing and maintaining that data. LDAP can also tackle authentication, so users can sign on just once and access many different files on the server.”
2. What is AD?
AD is the acronym for Active Directory. AD is a directory services implementation that provides all sorts of functionality like authentication, group and user management, policy administration and more.
3. Are AD and LDAP the same thing?
No, link to the reference here.
LDAP is a protocol that many different directory services and access management solutions can understand, for instance:
- HTTP is a web protocol.
- Apache is a web server that uses the HTTP protocol.
- LDAP is a directory services protocol.
- Active Directory is a directory server that uses the LDAP protocol.
4. Hands on
4.1 Diagram from okta.com
4.2. Example
The straightforward way to run using LDAP is through a SpringBoot application.
This is the receipt. Go to the guide and run the example 😉
4.3 Why use the LDAP as a file?
Instead of using a server to provide the data, is more likely using a file, it’s the same approach to use an in-memory database instead of a SQL Server instance to test.
Before we continue, let’s understand the acronym. This is the reference for https://en.wikipedia.org/wiki/LDAP_Data_Interchange_Format
dn - Distinguished name
dc - Domain component
ou - Organization unit
cn - Common name
The password below is encrypted and to log in use benspassword
dn: dc=springframework,dc=org
objectclass: top
objectclass: domain
objectclass: extensibleObject
dc: springframework
dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
dn: uid=ben,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Ben Alex
sn: Alex
uid: ben
userPassword: $2a$10$c6bSeWPhg06xB1lvmaWNNe4NROmZiSpYhlocU/98HNr2MhIOiSt36
4.4. Spring Boot
This WebSecurityConfig class is responsible for guaranteeing the login via LDAP. The method configure
will read the file and compare the input sent by the user versus the LDAP.
For more details, check out the Spring article.
4.5. Up and running
After start the application, go to http://localhost:8080/movies and the login page will be shown. Fill the data using, ben
and benspassword
and hit the Sign In button.
5. What’s next?
The next will be a React application + Spring boot application work together, yes, I’m not a good front end developer but I’m really working hard for it.