LDAP (Lightweight Directory Access Protocol) is an open, platform-independent, industry-standard application-level protocol for organizing access and maintenance of distributed directory information services via an IP network. Spring Boot provides auto-configuration for any compatible LDAP server, as well as support for an embedded in-memory LDAP server from UnboundID.
LDAP abstractions are provided through Spring
Data LDAP. For convenient collection of dependencies, there is a “starter”
spring-boot-starter-data-ldap
.
Connecting to an LDAP server
To connect to the LDAP server, make sure you declare a dependency on the "starter" spring-boot-starter-data-ldap
or spring-ldap-core
, and then declare your server's URL in your application.properties as shown in the
following example:
spring.ldap.urls=ldap://myserver:1235
spring.ldap.username=admin
spring.ldap.password=secret
spring:
ldap:
urls: "ldap://myserver:1235"
username: "admin"
password: "secret"
If you need to configure connection settings, you can use the spring.ldap.base
and spring.ldap.base-environment
properties.
LdapContextSource
is automatically configured based on these parameters. If a DirContextAuthenticationStrategy
bean is present, it is bound to the autoconfigured LdapContextSource
. If you need to configure it to
use PooledContextSource
, for example, you can still implement an autoconfigurable LdapContextSource
.
Be sure to mark your configured ContextSource
as @Primary
so that the autoconfigured
LdapTemplate
can use it.
Spring Data LDAP repositories
Spring Data includes repository support for LDAP.
A self-configuring instance of LdapTemplate
can be implemented just like any other Spring Bean, as shown
in the following example:
@Component
public class MyBean {
private final LdapTemplate template;
public MyBean(LdapTemplate template) {
this.template = template;
}
}
@Component
class MyBean(private val template: LdapTemplate) {
}
Embedded in-memory LDAP server
For testing purposes, Spring Boot supports auto-configuring an in-memory LDAP server from UnboundID. To configure the server,
add the com.unboundid:unboundid-ldapsdk
dependency and declare the
spring.ldap.embedded.base-dn
property as shown below:
spring.ldap.embedded.base-dn=dc=spring,dc=io
spring:
ldap:
embedded:
base-dn: "dc=spring,dc=io"
You can define multiple "base-dn" search base values, however, since distinguished names usually contain commas, they must be defined using proof notation.
You can use a yaml list entry in yaml files. Properties files must include the index as part of the property name:
spring.ldap.embedded.base-dn[0]=dc=spring,dc=io
spring.ldap.embedded.base-dn[1]=dc=pivotal,dc=io
spring.ldap.embedded.base-dn:
- "dc=spring,dc=io"
- "dc=pivotal,dc=io"
By default, the server starts on a random port and also initiates the launch of standard support tools for LDAP.
There is no need to set the spring.ldap.urls
property.
If there is a schema.ldif
file in the classpath, it is used to initialize the server. If you want to
load the init script from another resource, you can also use the spring.ldap.embedded.ldif
property.
By default, the standard scheme is used to validate files in the LDIF
format. You can disable validation
completely by setting the spring.ldap.embedded.validation.enabled
property. If you have custom
attributes, you can use spring.ldap.embedded.validation.schema
to define custom attribute types or
object classes.
GO TO FULL VERSION