springboot整合ldap实现AD域认证
这里以
distinguishedName:
CN=service_leave,OU=Service,OU=SysAuth,DC=al,DC=com对应的条目为例
步骤
1、引入maven
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
2、配置yml
spring:
##AD认证
ldap:
##AD服务器IP,默认端口389
urls: ldap://1.1.1.1:389
##登录账号
username: service
##密码
password: labjB57uc734
#distinguishedName的部分节点
base: OU=Service,OU=SysAuth,DC=al,DC=com
3、配置config
@Configuration
public class LdapConfig {
@Value("${spring.ldap.urls}")
private String ldapUrl;
@Value("${spring.ldap.username}")
private String userName;
@Value("${spring.ldap.password}")
private String passWord;
@Value("${spring.ldap.base}")
private String base;
@Bean
public LdapContextSource ldapContextSource(){
LdapContextSource source = new LdapContextSource();
source.setBase(base);
source.setUrl(ldapUrl);
source.setPassword(passWord);
source.setUserDn(userName);
return source;
}
@Bean
public LdapTemplate ldapTemplate(){
return new LdapTemplate(ldapContextSource());
}
}
4、编写service、serviceImpl
public interface LdapService {
boolean ldapAuth(String username, String passWord);
}
@Service
public class LdapServiceImpl implements LdapService {
@Autowired
private LdapTemplate ldapTemplate;
@Override
public boolean ldapAuth(String username, String passWord) {
EqualsFilter filter = new EqualsFilter("sAMAccountName",username);
return ldapTemplate.authenticate("",filter.toString(),passWord);
}
}
sAMAccountName是ladp中记录的一个属性