1. 下载安装
Openldap for windows,当前版本2.2.29
下载地址:http://download.bergmans.us/openldap/openldap-2.2.29/openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
2. 配置 OpenLdap
1) 打开 D:\openldap\slapd.conf,添加引用的schema文件
include d:/openldap/schema/core.schema
include d:/openldap/schema/corba.schema
include d:/openldap/schema/cosine.schema
include d:/openldap/schema/dyngroup.schema
include d:/openldap/schema/inetorgperson.schema
include d:/openldap/schema/java.schema
include d:/openldap/schema/misc.schema
include d:/openldap/schema/nis.schema
include d:/openldap/schema/openldap.schema
就都加上吧,方便。
2) 还是在 slapd.conf 文件中,找到
suffix “dc=my-domain,dc=com”
rootdn “cn=Manager,dc=my-domain,dc=com”
把这两行改为
suffix "dc=informationDepartment,dc=wti.ac.cn"
rootdn "cn=Manager,dc=informationDepartment,dc=wti.ac.cn"
suffix 就是看自己如何定义了,后面步骤的 ldif 文件必须与它一致。还要注意到这个配置文件中有一个rootpw secret,这个 secret 是 cn=Manager 的密码,以后会用到,不过这里是明文密码,用命令:
slappasswd -h {MD5} -s secret
算出加密的密码 {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ== 取代配置中的 secret。
3. 启动 OpenLdap
CMD 进入到 D:\openldap 下,运行命令
slapd -d 1
可以看到控制台下打印出一片信息,openldap 默认是用的 Berkeley DB 数据库存储目录数据的。
4. 建立条目
新建一个 ldif(LDAP Data Interchanged Format) 文件(纯文本格式),例如 setup.ldif,文件内容如下
dn: dc=informationDepartment,dc=wti.ac.cn
objectClass: dcObject
objectClass: organization
dc: informationDepartment
o: organization name
dn: ou=roles,dc=informationDepartment,dc=wti.ac.cn
objectClass: top
objectClass: organizationalUnit
ou: roles
dn: ou=people,dc=informationDepartment,dc=wti.ac.cn
objectClass: top
objectClass: organizationalUnit
ou: people
dn: cn=Test Users,ou=roles,dc=informationDepartment,dc=wti.ac.cn
objectClass: groupOfUniqueNames
cn: Test Users
uniqueMember: uid=sspecial,ou=people,dc=informationDepartment,dc=wti.ac.cn
uniqueMember: uid=jbloggs,ou=people,dc=informationDepartment,dc=wti.ac.cn
dn: cn=Special Users,ou=roles,dc=informationDepartment,dc=wti.ac.cn
objectClass: groupOfUniqueNames
cn: Special Users
uniqueMember: uid=sspecial,ou=people,dc=informationDepartment,dc=wti.ac.cn
dn: cn=Admin Users,ou=roles,dc=informationDepartment,dc=wti.ac.cn
objectClass: groupOfUniqueNames
cn: Admin Users
uniqueMember: uid=admin,ou=people,dc=informationDepartment,dc=wti.ac.cn
dn: uid=admin,ou=people,dc=informationDepartment,dc=wti.ac.cn
objectClass: person
objectClass: inetOrgPerson
cn: State App
displayName: App Admin
givenName: App
mail: admin@fake.org
sn: Admin
uid: admin
userPassword: adminpassword
dn: uid=jbloggs,ou=people,dc=informationDepartment,dc=wti.ac.cn
objectClass: person
objectClass: inetOrgPerson
cn: Joe Bloggs
displayName: Joe Bloggs
givenName: Joe
mail: jbloggs@fake.org
sn: Bloggs
uid: jbloggs
userPassword: password
dn: uid=sspecial,ou=people,dc=informationDepartment,dc=wti.ac.cn
objectClass: person
objectClass: inetOrgPerson
cn: Super Special
displayName: Super Special
givenName: Super
mail: sspecial@fake.org
sn: Special
uid: sspecial
userPassword: password
提示:
1) 经常出现的问题是ldif文件的条目格式出错,这可能是对Schema认识不够,认真看下core.schema文件中对各种objectClass的定义和约束;
2) 行末不要有空格;
3) Ldif 文件中每一小段中不要有空行;
5. Ldif 文件导入
JXplorer 的 Import file 失败,不知道什么原因。
而执行命令行导入,ok!
ldapadd -f setup.ldif -x -D "cn=Manager,dc=informationDepartment,dc=wti.ac.cn" -w secret
打开Jxplorer可以看到导入的目录结构如下:
6. LdapTest 认证示例代码
package org.wti.test;
import java.util.*;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class LDAPTest {
public LDAPTest() {
}
public static void main(String[] args) {
String root = "dc=informationDepartment,dc=wti.ac.cn"; //root
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://127.0.0.1/" + root);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=informationDepartment,dc=wti.ac.cn");
env.put(Context.SECURITY_CREDENTIALS, "huangl");
DirContext ctx = null;
try {
// 链接ldap
ctx = new InitialDirContext(env);
System.out.println("认证成功");
/* // 3.添加节点
String newUserName = "user2";
BasicAttributes attrsbu = new BasicAttributes();
BasicAttribute objclassSet = new BasicAttribute("objectclass");
BasicAttribute pass=new BasicAttribute("userpassword");
pass.add("123qweasd");
objclassSet.add("person");
objclassSet.add("top");
objclassSet.add("organizationalPerson");
objclassSet.add("inetOrgPerson");
attrsbu.put(objclassSet);
attrsbu.put(pass);
attrsbu.put("sn", newUserName);
attrsbu.put("uid", newUserName);
ctx.createSubcontext("cn=" + newUserName, attrsbu);*/
}
catch (javax.naming.AuthenticationException e) {
e.printStackTrace();
System.out.println("认证失败");
}
catch (Exception e) {
System.out.println("认证出错:");
e.printStackTrace();
}
if (ctx != null) {
try {
ctx.close();
}
catch (NamingException e) {
//ignore
}
}
System.exit(0);
}
}