LDAP is Lightweight Directory Access Protocol, damned until right now I still think this kind of technology is one of that those american people made just for fun and just as trend or mode in IT, but I just joining the trend, same as I joining java people, and enjoying in it. LDAP is just a text file that have username and password, it extension is ldif (LDAP Data Interchange Format), it is stored in a server, and many applications can call it, and match it, and it more faster rather than from database. Ok, perhaps I wrong to describe LDAP, it just my definition, CMIIW, and you can browse the correct definition on the net, and they have plenty of it.
match ---> enabled ---> welcome
---> null in Oracle
not match ---> wrong password ---> 3x opportunities ---> Oracle disabled
---> null in LDAP
Above is my LDAP scheme in my application, fyi, I use appfuse, SpringMVC, Acegi security, oracle-hibernate, and now want to add LDAP authentication.
I use ApacheDS as LDAP server, there are many other servers such as openLDAP, Spring LDAP, but I use apache as same as other application, but I use the newest version one, rather than the old one that other used. http://directory.apache.org/ is the link, and choose the newest version, 1.5.4, the documentation is clear enough altough there needs more updates, but I try to tell you my way, the way that I think the good way for newbie as me.
- download the installer, the different version, the server.xml is also different, I dedicate this post for 1.5.4 version, and there are many kinds of the installer, choose the most appropriate for your machine.
- I've download the .bin installer for my linux-intel machine, if your machine is AMD, then download the AMD version.
- In the folder of the installer, type: ./apacheds-1.5.2-i386.bin in the terminal. You can download the .deb version and just double click and it's automatically install just like .exe in windows
- It will prompted, I forgot the exactly message, but by default there are three important places:
- /opt/apacheds-1.5.4, the main program is here
- /var/lib/apacheds-1.5.4, the variables of apacheDS is here, such as the server.xml
- /etc/init.d/apacheds-1.5.4-default, the commad to start, stop or console mode is here
- Add partition (name for scheme or database in oracle) in /var/lib/apacheds-1.5.4/default/conf/server.xml, inside the partitions tag, new jdbmPartition, we give id as sevenSeas just same as the manual.
<jdbmpartition id="sevenSeas" suffix="o=sevenSeas">
- It needs to restart to apply the change of the adding of the
- Download the ApacheDS studio for the UI for browsing, adding partition, http://directory.apache.org/studio/, and install it.
- make new connection, feel with this entry:
- hostname: 172.16.0.164
- port: 10389
- check network parameter
- Bind DN or username: uid=admin,ou=system
- Bind Password: secret
- Check Authentication
- Download the sevenSeasRoot.ldif and names_sevenSeas.ldif,
- In the LDAP browser pane in the ApacheDS studio, expand the Root DSE, expand the o=sevenSeas, right click, import, LDIF Import, and then select sevenSeasRoot.ldif and then names_sevenSeas.ldif
- In the tree, the o=sevenSeas now should have list of people and list of groups.