58 lines
3.1 KiB
Plaintext
58 lines
3.1 KiB
Plaintext
== User Admin Sample
|
|
|
|
Sample application demonstrating how to do some real work with Spring LDAP. This is a fully functional LDAP user
|
|
administration application. It uses many of the useful concepts in Spring LDAP and would serve as a
|
|
good example for best practices and various useful tricks.
|
|
|
|
=== Users and Groups in LDAP
|
|
|
|
Users in LDAP are usually represented as `organizationalPerson` or `inetOrgPerson` entries in the LDAP tree.
|
|
The attributes in these entries represent the basic information on the users, e.g. (subset of available attributes):
|
|
|
|
* `cn`: Common Name, or full name of the user
|
|
* `sn`: Surname
|
|
* `mail`: Email address
|
|
* `telephoneNumber`: Phone number
|
|
* ...several more attributes are available
|
|
|
|
Groups in LDAP are typically organized in `groupOfName` or `groupOfUniqueName` entries. These entries have a name,
|
|
an optional description, and an attribute containing the distinguished names (i.e. the unique identifiers) of all
|
|
members of the group. This attribute is named `member` and `uniqueMember` respectively.
|
|
|
|
Thus, user administration in LDAP typically involves creating and manipulating `orgalizationalPerson` or `inetOrgPerson`
|
|
entries and adding or removing references to these entries in `groupOfName` or `groupOfUniqueName` entries.
|
|
|
|
This application demonstrates to do this easily and efficiently using Spring LDAP.
|
|
|
|
=== Application Structure
|
|
|
|
The core Spring application context of the sample is defined in resources/applicationContext.xml.
|
|
By default this ApplicationContext will start an in-process Apache Directory Server instance, automatically populated
|
|
with some test data. The data will be reset every time the application is restarted.
|
|
|
|
=== Running the Example
|
|
|
|
To run the example, do `gradle jettyRun`, or `mvn jetty:run`, and then navigate to `http://localhost:8080/spring-ldap-user-admin-sample`
|
|
|
|
It is also possible to run this sample application against a remote LDAP server as opposed to starting an in-process
|
|
LDAP server. To do this, use the following system properties:
|
|
|
|
* `spring.profiles.active` - set this to `no-apacheds` to prevent the in-process ApacheDs to be launched
|
|
* `sample.ldap.url` - the URL of the target LDAP server
|
|
* `sample.ldap.userDn` - principal to use for authentication against the LDAP server
|
|
* `sample.ldap.password` - authentication password
|
|
* `sample.ldap.base` - the directory root to use - note that by default all data under this node will be deleted and replaced with test data
|
|
* `sample.ldap.clean` - set this property to false to *not* clear the root node
|
|
* `sample.ldap.directory.type` - NORMAL or AD. Specify AD if running against Active Directory in order to enable some particular AD tweaks
|
|
|
|
Example:
|
|
|
|
[source,bash,role="primary"]
|
|
----
|
|
gradle jettyRun -Dspring.profiles.active=no-apacheds -Dsample.ldap.url=ldaps://127.0.0.1:636 \
|
|
-Dsample.ldap.userDn=CN=ldaptest,CN=Users,DC=261consulting,DC=local -Dsample.ldap.password=secret \
|
|
-Dsample.ldap.base=ou=test,dc=261consulting,dc=local -Dsample.ldap.directory.type=AD
|
|
----
|
|
|
|
This sample uses Bootstrap to present a decent web design - copyright 2013 Twitter, Inc; distributed under the Apache 2 License.
|