springboot整合ldap实现AD域认证

springboot整合ldap实现AD域认证

这里以
distinguishedName:
CN=service_leave,OU=Service,OU=SysAuth,DC=al,DC=com对应的条目为例

步骤

1、引入maven

            org.springframework.boot
            spring-boot-starter-data-ldap
        

2、配置yml

spring:
  ##AD认证
  ldap:
  ##AD服务器IP，默认端口389
    urls: ldap://1.1.1.1:389
   ##登录账号
    username: service
   ##密码
    password: labjB57uc734
   #distinguishedName的部分节点
    base: OU=Service,OU=SysAuth,DC=al,DC=com

3、配置config

@Configuration
public class LdapConfig {
    @Value("${spring.ldap.urls}")
    private String ldapUrl;
    @Value("${spring.ldap.username}")
    private String userName;
    @Value("${spring.ldap.password}")
    private String passWord;
    @Value("${spring.ldap.base}")
    private String base;



    @Bean
    public LdapContextSource ldapContextSource(){
        LdapContextSource source = new LdapContextSource();
        source.setBase(base);
        source.setUrl(ldapUrl);
        source.setPassword(passWord);
        source.setUserDn(userName);
        return source;
    }

    @Bean
    public LdapTemplate ldapTemplate(){
        return new LdapTemplate(ldapContextSource());
    }


}

4、编写service、serviceImpl

public interface LdapService {

    boolean ldapAuth(String username, String passWord);
}

@Service
public class LdapServiceImpl implements LdapService {
    @Autowired
    private LdapTemplate ldapTemplate;

    @Override
    public boolean ldapAuth(String username, String passWord) {
        EqualsFilter filter = new EqualsFilter("sAMAccountName",username);
        return ldapTemplate.authenticate("",filter.toString(),passWord);
    }
}

sAMAccountName是ladp中记录的一个属性

5、编写测试用例