LDAP (Lightweight Directory Access Protocol) is an open, platform-independent, industry-standard application-level protocol for organizing access and maintenance of distributed directory information services via an IP network. Spring Boot provides auto-configuration for any compatible LDAP server, as well as support for an embedded in-memory LDAP server from UnboundID.

LDAP abstractions are provided through Spring Data LDAP. For convenient collection of dependencies, there is a “starter” spring-boot-starter-data-ldap.

Connecting to an LDAP server

To connect to the LDAP server, make sure you declare a dependency on the "starter" spring-boot-starter-data-ldap or spring-ldap-core, and then declare your server's URL in your application.properties as shown in the following example:

Java webinar
Properties
spring.ldap.urls=ldap://myserver:1235
spring.ldap.username=admin
spring.ldap.password=secret
Yaml
spring:
  ldap:
    urls: "ldap://myserver:1235"
    username: "admin"
    password: "secret"

If you need to configure connection settings, you can use the spring.ldap.base and spring.ldap.base-environment properties.

LdapContextSource is automatically configured based on these parameters. If a DirContextAuthenticationStrategy bean is present, it is bound to the autoconfigured LdapContextSource. If you need to configure it to use PooledContextSource, for example, you can still implement an autoconfigurable LdapContextSource. Be sure to mark your configured ContextSource as @Primary so that the autoconfigured LdapTemplate can use it.

Spring Data LDAP repositories

Spring Data includes repository support for LDAP.

A self-configuring instance of LdapTemplate can be implemented just like any other Spring Bean, as shown in the following example:

Java
import java.util.List;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.stereotype.Component;
@Component
public class MyBean {
    private final LdapTemplate template;
    public MyBean(LdapTemplate template) {
        this.template = template;
    }
 // ...
 public List<User> someMethod() {
        return this.template.findAll(User.class);
    }
}
Kotlin
import org.springframework.ldap.core.LdapTemplate
import org.springframework.stereotype.Component
@Component
class MyBean(private val template: LdapTemplate) {
 // ...
 fun someMethod(): List<User> {
        return template.findAll(User::class.java)
    }
}

Embedded in-memory LDAP server

For testing purposes, Spring Boot supports auto-configuring an in-memory LDAP server from UnboundID. To configure the server, add the com.unboundid:unboundid-ldapsdk dependency and declare the spring.ldap.embedded.base-dn property as shown below:

Properties
spring.ldap.embedded.base-dn=dc=spring,dc=io
Yaml
spring:
  ldap:
    embedded:
      base-dn: "dc=spring,dc=io"

You can define multiple "base-dn" search base values, however, since distinguished names usually contain commas, they must be defined using proof notation.

You can use a yaml list entry in yaml files. Properties files must include the index as part of the property name:

Properties
spring.ldap.embedded.base-dn[0]=dc=spring,dc=io
spring.ldap.embedded.base-dn[1]=dc=pivotal,dc=io
Yaml
spring.ldap.embedded.base-dn:
  - "dc=spring,dc=io"
  - "dc=pivotal,dc=io"

By default, the server starts on a random port and also initiates the launch of standard support tools for LDAP. There is no need to set the spring.ldap.urls property.

If there is a schema.ldif file in the classpath, it is used to initialize the server. If you want to load the init script from another resource, you can also use the spring.ldap.embedded.ldif property.

By default, the standard scheme is used to validate files in the LDIF format. You can disable validation completely by setting the spring.ldap.embedded.validation.enabled property. If you have custom attributes, you can use spring.ldap.embedded.validation.schema to define custom attribute types or object classes.