LDAP
Get a brief introduction to LDAP with a code example
Overview
In this chapter, we will concentrate on the storage of user credentials in LDAP and Database. These options are available by default within the Security API standard.
In this lesson, we will use an LDAP directory server to authenticate and authorize a user in a test application. LDAP is the protocol to access the data in a directory server. The directory server stores users and other entries in a hierarchical way. When the LDAP or directory service is used to authenticate users, there are two options:
We can do a direct check of the username and password. In that case, the user needs the complete hierarchical structure of the entry for the user in the username field (e.g uid=nobel, dc=example, dc=com).
We can search for the user entry based on some properties like the username, and then the credentials are verified in a second call. This option is more common and easier for the user as they don’t need to type in the complete hierarchical structure.
In this example, we use the Jakarta standards to create a custom authentication protocol. The LDAP option is also supported by the Apache Shiro library. If we want to go that route, we look at the query parameters of the URL to determine the user. This example is just for demo purposes. Other mechanisms can be used and should be implemented for production situations.