理解LDAP可以阅读这篇文章,很不错:http://bbs.chinaunix.net/forum.php?mod=viewthread&tid=593660
openldap安装可参考我的前一篇文章:http://blog.csdn.net/sannychan/article/details/7256244
1、建立如下base.ldif文件,dn可根据自己的喜好设置:
dn: dc=sannychan,dc=cn
objectClass: dcObject
objectClass: organization
o: sannychan Organization
dc: sannychan
dn: cn=root,dc=sannychan,dc=cn
objectClass: organizationalRole
cn: root
dn: ou=People,dc=sannychan,dc=cn
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=sannychan,dc=cn
objectClass: organizationalUnit
ou: Group
dn: ou=Role,dc=sannychan,dc=cn
objectClass: organizationalUnit
ou: Role
2、向openldap导入base.ldif:
ldapadd -h localhost -x -D "cn=root,dc=sannychan,dc=cn" -W -f base.ldif
将出现如下信息,表明导入成功:
3、使用LdapBrowser浏览我们建立的openldap,将会看到我们的目录结构:
4、添加用户,编辑person.ldif,内容如下:
dn:uid=sannychan,ou=People,dc=sannychan,dc=cn
uid: sannychan
cn: sannychan
sn: chan
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
userPassword: aaaaa888
description:this is the first common user in openldap
使用命令ldapadd -h localhost -x -D "cn=root,dc=sannychan,dc=cn" -W -f person1.ldif添加至数据库
出现如上成功信息后,就可以做认证了,简单的示例JAVA代码:
public class OpenLdap {
@SuppressWarnings({ "unchecked", "rawtypes" })
public static void main(String[] args) {
String uid = "sannychan";
String peopleDN ="ou=People,dc=sannychan,dc=cn";
String root = "dc=sannychan,dc=cn"; // root
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://192.168.1.172:389/" + root);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=" + uid + "," + peopleDN);
env.put(Context.SECURITY_CREDENTIALS, "aaaaa888");
DirContext ctx = null;
try {
ctx = new InitialDirContext(env);
System.out.println("认证成功");
} catch (javax.naming.AuthenticationException e) {
e.printStackTrace();
System.out.println("认证失败");
} catch (Exception e) {
System.out.println("认证出错:");
e.printStackTrace();
}
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
// ignore
}
}
}
}
运行结果信息为“认证成功”。
至此安装、配置完成,可以畅游LDAP的海洋了,不过期间有很多让人迷惑的地方,比如objectClass等的概念,还要多研究文档才行。