Friday, October 24, 2008


This is my masterpiece, yes, just feels like leonardo da vinci with his monalisa, it feels so proud when you complete something that you imagine it as difficult as building Nasa station in your neighborhood, first I ever heard about LDAP, they said that today every enterprises use LDAP for their applications, so they refer to one autentication server for some applications the have, its so scary thing such as object that came from another planet that used by big enterprises in earth. By the way, by little bit of passions and all the goodness of internet and i-friends you can call me master of LDAP right now, or LDAP guru sounds more attractive.

LDAP is Lightweight Directory Access Protocol, damned until right now I still think
this kind of technology is one of that those american people made just for fun and just as trend or mode in IT, but I just joining the trend, same as I joining java people, and enjoying in it. LDAP is just a text file that have username and password, it extension is ldif (LDAP Data Interchange Format), it is stored in a server, and many applications can call it, and match it, and it more faster rather than from database. Ok, perhaps I wrong to describe LDAP, it just my definition, CMIIW, and you can browse the correct definition on the net, and they have plenty of it.

match ---> enabled ---> welcome
---> disabled
---> null in Oracle
not match ---> wrong password ---> 3x opportunities ---> Oracle disabled
---> null in LDAP

Above is my LDAP scheme in my application, fyi, I use appfuse, SpringMVC, Acegi security,
oracle-hibernate, and now want to add LDAP authentication.

I use ApacheDS as LDAP server, there are many other servers such as openLDAP, Spring LDAP, but I use apache as same as other application, but I use the newest version one, rather than the old one that other used. is the link, and choose the newest version, 1.5.4, the documentation is clear enough altough there needs more updates, but I try to tell you my way, the way that I think the good way for newbie as me.
  • download the installer, the different version, the server.xml is also different, I dedicate this post for 1.5.4 version, and there are many kinds of the installer, choose the most appropriate for your machine.
  • I've download the .bin installer for my linux-intel machine, if your machine is AMD, then download the AMD version.
  • In the folder of the installer, type: ./apacheds-1.5.2-i386.bin in the terminal. You can download the .deb version and just double click and it's automatically install just like .exe in windows
  • It will prompted, I forgot the exactly message, but by default there are three important places:
    • /opt/apacheds-1.5.4, the main program is here
    • /var/lib/apacheds-1.5.4, the variables of apacheDS is here, such as the server.xml
    • /etc/init.d/apacheds-1.5.4-default, the commad to start, stop or console mode is here
  • Add partition (name for scheme or database in oracle) in /var/lib/apacheds-1.5.4/default/conf/server.xml, inside the partitions tag, new jdbmPartition, we give id as sevenSeas just same as the manual.
<jdbmpartition id="sevenSeas" suffix="o=sevenSeas">

  • It needs to restart to apply the change of the adding of the
  • Download the ApacheDS studio for the UI for browsing, adding partition,, and install it.
  • make new connection, feel with this entry:
    • hostname:
    • port: 10389
    • check network parameter
    • Bind DN or username: uid=admin,ou=system
    • Bind Password: secret
    • Check Authentication
  • Download the sevenSeasRoot.ldif and names_sevenSeas.ldif,
  • In the LDAP browser pane in the ApacheDS studio, expand the Root DSE, expand the o=sevenSeas, right click, import, LDIF Import, and then select sevenSeasRoot.ldif and then names_sevenSeas.ldif
  • In the tree, the o=sevenSeas now should have list of people and list of groups.
The LDAP is ready to use, and the next post I will describe in my application side.

No comments: