- Spring Security(Third Edition)
- Mick Knutson Robert Winch Peter Mularien
- 366字
- 2025-04-04 17:54:29
LDAP
At this point, if you have never used LDAP before, you may be wondering what it is. We'll illustrate a sample LDAP schema with a screen from the Apache Directory Server 2.0.0-M231.5 example directory, as shown in the following screenshot:
Starting at a particular user entry for uid=admin1@example.com (highlighted in the preceding screenshot), we can infer the organizational membership of admin1 by starting at this node in the tree and moving upward. We can see that the user aeinstein is a member of the organizational unit (ou=users), which itself is a part of the domain example.com (the abbreviation dc shown in the preceding screenshot stands for domain component). Preceding this are the organizational elements (DIT and Root DSE) of the LDAP tree itself, which don't concern us in the context of Spring Security. The position of the user aeinstein in the LDAP hierarchy is semantically and definitively meaningful—you can imagine a much more complex hierarchy easily illustrating the organizational and departmental boundaries of a huge organization.
The complete top-to-bottom path formed by walking down the tree to an inpidual leaf node forms a string composed of all intervening nodes along the way, as with the node path of admin1, as follows:
uid=admin1,ou=users,dc=example,dc=com
The preceding node path is unique and is known as a node's distinguished name (DN). The distinguished name is akin to a database primary key, allowing a node to be uniquely identified and located in a complex tree structure. We'll see a node's DN used extensively throughout the authentication and searching process with Spring Security LDAP integration.
Note that there are several other users listed at the same level of organization as admin1. All of these users are assumed to be within the same organizational position as admin1. Although this example organization is relatively simple and flat, the structure of LDAP is arbitrarily flexible, with many levels of nesting and logical organization possible.
Spring Security LDAP support is assisted by the Spring LDAP module (http://www.springsource.org/ldap), which is actually a separate project from the core Spring Framework and Spring Security projects. It's considered to be stable and provides a helpful set of wrappers around the standard Java LDAP functionality.