Spring Boot + Spring LDAP Advanced LDAP Queries Example
By:Roy.LiuLast updated:2019-08-10
This tutorial demonstrates how to write advanced LDAP queries using Spring LDAP. We can write advanced queries using the LdapQueryBuilder or by using custom filters, either by using clear text or custom logical filters.
Maven Dependencies
We use Apache Maven to manage our project dependencies. Add the following dependencies to your project.
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.memorynotfound.ldap</groupId>
<artifactId>advanced-ldap-queries</artifactId>
<version>1.0.0-SNAPSHOT</version>
<url>https://memorynotfound.com</url>
<name>Spring LDAP - ${project.artifactId}</name>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.7.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-ldap</artifactId>
</dependency>
<dependency>
<groupId>com.unboundid</groupId>
<artifactId>unboundid-ldapsdk</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.5.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
</project>Configure Embedded LDAP Server using application.yml
We use spring boot to create and configure our embedded LDAP server. The following properties create an LDAP server running on port 12345 and populates the LDAP server using the schema.ldif which resides on the class-path.
# Spring Boot + Spring LDAP Advanced LDAP Queries Example
spring:
ldap:
# Spring LDAP
#
# In this example we use an embedded ldap server. When using a real one,
# you can configure the settings here.
#
# urls: ldap://localhost:12345
# base: dc=memorynotfound,dc=com
# username: uid=admin
# password: secret
# Embedded Spring LDAP
embedded:
base-dn: dc=memorynotfound,dc=com
credential:
username: uid=admin
password: secret
ldif: classpath:schema.ldif
port: 12345
validation:
enabled: false
Populate LDAP Server
The LDAP servers gets populated using the following schema.ldif file.
dn: dc=memorynotfound,dc=com objectclass: top objectclass: domain objectclass: extensibleObject dc: memorynotfound # Organizational Units dn: ou=groups,dc=memorynotfound,dc=com objectclass: top objectclass: organizationalUnit ou: groups dn: ou=people,dc=memorynotfound,dc=com objectclass: top objectclass: organizationalUnit ou: people # Create People dn: uid=john,ou=people,dc=memorynotfound,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: John Doe sn: John uid: john password: secret dn: uid=jihn,ou=people,dc=memorynotfound,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Jihn Die sn: Jihn uid: jihn password: secret dn: uid=jahn,ou=people,dc=memorynotfound,dc=com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Jahn Dae sn: Jahn uid: jahn password: secret # Create Groups dn: cn=developers,ou=groups,dc=memorynotfound,dc=com objectclass: top objectclass: groupOfUniqueNames cn: developers ou: developer uniqueMember: uid=john,ou=people,dc=memorynotfound,dc=com uniqueMember: uid=jihn,ou=people,dc=memorynotfound,dc=com dn: cn=managers,ou=groups,dc=memorynotfound,dc=com objectclass: top objectclass: groupOfUniqueNames cn: managers ou: manager uniqueMember: uid=jahn,ou=people,dc=memorynotfound,dc=com
Person Object
We are using this Person object to map our LDAP entries to.
package com.memorynotfound.ldap;
public class Person {
private String fullName;
private String lastName;
public Person() {
}
public Person(String fullName, String lastName) {
this.fullName = fullName;
this.lastName = lastName;
}
public String getFullName() {
return fullName;
}
public void setFullName(String fullName) {
this.fullName = fullName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
@Override
public String toString() {
return "Person{" +
"fullName='" + fullName + '\'' +
", lastName='" + lastName + '\'' +
'}';
}
}
LDAP Query Builder Parameters
The LdapQueryBuilder and its associated classes are intended to support all parameters that can be supplied to an LDAP search. The following parameters are supported:
- base – specifies the root DN in the LDAP tree where the search should start.
- searchScope – specifies how deep into the LDAP tree the search should traverse.
- attributes – specifies the attributes to return from the search. Default is all.
- countLimit – specifies the maximum number of entries to return from the search.
- timeLimit – specifies the maximum time that the search may take.
- Search Filter – the conditions that the entries we are looking for must meet.
An LdapQueryBuilder is created with a call to the query method of LdapQueryBuilder. It’s intended as a fluent builder API, where the base parameters are defined first, followed by the filter specification calls. Once filter conditions have been started to be defined with a call to the where method of LdapQueryBuilder, later attempts to call e.g. base will be rejected. The base search parameters are optional, but at least one filter specification call is required.
Filter Criteria
The LDAP query builder has support for the following criteria types:
- is – specifies an equal condition (=).
- gte – specifies a greater than or equals condition (>=).
- lte – specifies a less than or equals condition (<=).
- like – specifies a ‘like’ condition where wildcards can be included in the query, e.g. where("cn").like("J*hn") will result in the filter (cn=J*hn).
- whitespaceWildcardsLike – specifies a condition where all whitespace is replaced with wildcards, e.g. where("cn").like("John Doe") will result in the filter (cn=John*Doe).
- isPresent – specifies condition that checks for the presence of an attribute, e.g. where("cn").isPresent() will result in the filter (cn=*).
- not – specifies that the current condition should be negated, e.g. where("sn").not().is("Doe") will result in the filter (!(sn=Doe)).
Writing Advanced LDAP Queries using LdapTemplate
In the following example we demonstrate a couple of different example use cases. First, we are building advanced LDAP queries using the builder API. Second, we are building advanced queries using hardcoded filters. Last, we are building advanced ldap queries using conditional filters. Each method maps the attributes with the same custom AttributesMapper which as the name implies, maps the attributes to the Person object.
package com.memorynotfound.ldap;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.query.LdapQuery;
import org.springframework.ldap.query.SearchScope;
import org.springframework.ldap.support.LdapUtils;
import org.springframework.stereotype.Service;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import java.util.List;
import static org.springframework.ldap.query.LdapQueryBuilder.query;
@Service
public class PersonRepository {
private static final Integer THREE_SECONDS = 3000;
@Autowired
private LdapTemplate ldapTemplate;
public List<Person> getPersonNamesByLastName(String lastName) {
LdapQuery query = query()
.searchScope(SearchScope.SUBTREE)
.timeLimit(THREE_SECONDS)
.countLimit(10)
.attributes("cn")
.base(LdapUtils.emptyLdapName())
.where("objectclass").is("person")
.and("sn").not().is(lastName)
.and("sn").like("j*hn")
.and("uid").isPresent();
return ldapTemplate.search(query, new PersonAttributesMapper());
}
public List<Person> getPersonNamesByLastName2(String lastName) {
SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
sc.setTimeLimit(THREE_SECONDS);
sc.setCountLimit(10);
sc.setReturningAttributes(new String[]{"cn"});
String filter = "(&(objectclass=person)(sn=" + lastName + "))";
return ldapTemplate.search(LdapUtils.emptyLdapName(), filter, sc, new PersonAttributesMapper());
}
public List<Person> getPersonNamesByLastName3(String lastName) {
SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
sc.setTimeLimit(THREE_SECONDS);
sc.setCountLimit(10);
sc.setReturningAttributes(new String[]{"cn"});
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person"));
filter.and(new EqualsFilter("sn", lastName));
return ldapTemplate.search(LdapUtils.emptyLdapName(), filter.encode(), sc, new PersonAttributesMapper());
}
/**
* Custom person attributes mapper, maps the attributes to the person POJO
*/
private class PersonAttributesMapper implements AttributesMapper<Person> {
public Person mapFromAttributes(Attributes attrs) throws NamingException {
Person person = new Person();
person.setFullName((String)attrs.get("cn").get());
Attribute sn = attrs.get("sn");
if (sn != null){
person.setLastName((String)sn.get());
}
return person;
}
}
}Spring Boot + Spring LDAP Advanced LDAP Queries Example
We bootstrap our application using spring boot. After the application is initialized, we execute some operations on the LDAP server to demonstrate our previous code.
package com.memorynotfound.ldap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import javax.annotation.PostConstruct;
import java.util.List;
@SpringBootApplication
public class Application {
private static Logger log = LoggerFactory.getLogger(Application.class);
@Autowired
private PersonRepository personRepository;
public static void main(String[] args) throws Exception {
SpringApplication.run(Application.class, args);
}
@PostConstruct
public void setup(){
log.info("Spring Boot + Spring LDAP Advanced LDAP Queries Example");
List<Person> names = personRepository.getPersonNamesByLastName("John");
log.info("names: " + names);
names = personRepository.getPersonNamesByLastName2("Jihn");
log.info("names: " + names);
names = personRepository.getPersonNamesByLastName3("Jahn");
log.info("names: " + names);
System.exit(-1);
}
}Output
The previous application will print the following output to the console.
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v1.5.7.RELEASE)
2017-10-03 14:17:12.653 INFO 30067 --- [main] com.memorynotfound.ldap.Application: Spring Boot + Spring LDAP Advanced LDAP Queries Example
2017-10-03 14:17:12.697 INFO 30067 --- [main] com.memorynotfound.ldap.Application: names: [Person{fullName='Jahn Dae', lastName='null'}, Person{fullName='Jihn Die', lastName='null'}]
2017-10-03 14:17:12.699 INFO 30067 --- [main] com.memorynotfound.ldap.Application: names: [Person{fullName='Jihn Die', lastName='null'}]
2017-10-03 14:17:12.701 INFO 30067 --- [main] com.memorynotfound.ldap.Application: names: [Person{fullName='Jahn Dae', lastName='null'}]
Download
Download it – spring-boot-spring-ldap-advanced-ldap-queries-example
From:一号门
COMMENTS