LDAP

Overview

In this chapter, we will concentrate on the storage of user credentials in LDAP and Database. These options are available by default within the Security API standard.

In this lesson, we will use an LDAP directory server to authenticate and authorize a user in a test application. LDAP is the protocol to access the data in a directory server. The directory server stores users and other entries in a hierarchical way. When the LDAP or directory service is used to authenticate users, there are two options:

• We can do a direct check of the username and password. In that case, the user needs the complete hierarchical structure of the entry for the user in the username field (e.g uid=nobel, dc=example, dc=com).

• We can search for the user entry based on some properties like the username, and then the credentials are verified in a second call. This option is more common and easier for the user as they don’t need to type in the complete hierarchical structure.

In this example, we use the Jakarta standards to create a custom authentication protocol. The LDAP option is also supported by the Apache Shiro library. If we want to go that route, we look at the query parameters of the URL to determine the user. This example is just for demo purposes. Other mechanisms can be used and should be implemented for production situations.

Create the project

We start from the project template that we defined in the chapter “Concepts” and add the required dependencies and classes to it.

If you want to work within the Educative platform, simply use the project we’ve created at the end of this lesson. If you choose to work locally, you will need to create a Maven project ldap as described in “Introduction to Window Shopping."

In our case, we don't need any additional dependencies.

Define the authentication method

Let's go ahead and create the TestAuthenticationMechanism.java file in the src/main/java/be/rubus/security/workshop/ldap directory: