Powered by Blogger.

Wednesday 5 July 2023

Simple LDAP sign-on Authentication Using Ldap-a143mkJar

July 05, 2023 , , 1 comment :
LDAP sign-on is an authentication scheme that allows a user to log in with a single ID to any of several related, independent, software systems or web applications. In this post user will login through Outlook Mail. Ldap-a143mkJar.jar
Process of Ldap sign-On (LSO) Authentication:



Download the jar file and implement some methods / functions have been used, the names of the methods are as follows:

Call Class object LdapClient ldapClientClass=new LdapClient();
  1. A143mkLdapConnection(ldapUrl, ldapDnConn, userEmailId, password);
There are some parameters in methods, which we initialize by creating configuration object like this.

String ldapUrl= "ldap://172.0.0.0:389/"; 
String lDapDnConn="dc=domainName,dc=com"; 
String userEmailId="EmailMail@mailDomen.com"; 
String password="mailPassword"; 

How to create a project/main class/other class to follow us.




while creating the controller/main class Ldapconn.java.


Output :


Monday 26 June 2023

LDAP Authentication with Spring Boots

June 26, 2023 , , 3 comments :
LDAP is a lightweight version of the Directory Access Protocol (DAP).LDAP’s primary function is enabling users to find data about organizations, persons, and more. It accomplishes this goal by storing data in the LDAP directory and authenticating users to access the directory. It also provides the communication language that applications require to send and receive information from directory services.
Step-by-step authentication process with Some Ldap properties.
The client (an LDAP-ready system or application) sends a request to access information stored within an LDAP database. The client provides their LDAP server user credentials (username and password). The LDAP server cross-checks the user’s submitted credentials against the core user identity data stored in its LDAP database. If the provided credentials match the stored core user identity, the client can access the requested information. Incorrect credentials will lead to denied access to the LDAP database.
Some Ldap properties.

ldap.enable=true

Enable / disable LDAP support.

ldap.ldapUrl=ldap://HostIP:389

The URL/IP to your LDAP server, including port

ldap.ldapSystemDN=cn=Administrator,dc=olattest,dc=org

System user: used for getting all users and connection testing

ldap.ldapSystemPW=mySuperPassword

The LDAP password of the system user

ldap.ldapBases= ou=person,dc=olattest,dc=org

List of bases where to find users. To use multiple bases you must edit the config file manually

ldap.sslEnabled = false

Enable SSL connection

ldap.trustStoreLocation=/usr/lib/j2sdk1.5-sun/jre/lib/security/cacerts

Location of the Java trust store

ldap.trustStorePwd=changeit

The Java trust store password

ldap.trustStoreType=JKS

The Java trust store type

ldap.cacheLDAPPwdAsOLATPwdOnLogin=true

When users log in via LDAP, the system can keep a copy of the password as encrypted hash in the database. This makes OLAT more independent from an offline LDAP server and users can use their LDAP password to use the WebDAV functionality. When setting to true (recommended), make sure you configured password.change.allowed=false

ldap.convertExistingLocalUsersToLDAPUsers=true

When the system detects an LDAP user that does already exist in OLAT but is not marked as LDAP user, the OLAT user can be converted to an LDAP managed user. When enabling this feature you should make sure that you don't have a user 'administrator' in your ldapBases (not a problem but not recommended)

ldap.deleteRemovedLDAPUsersOnSync=false

Users that have been created vial LDAP sync but now can't be found on the LDAP anymore can be deleted automatically. If unsure, set to false and delete those users manually in the LDAP administration panel.

ldap.deleteRemovedLDAPUsersPercentage=50

Sanity check when deleteRemovedLDAPUsersOnSync is set to 'true': if more than the defined percentages of user accounts are not found on the LDAP server and thus recognized as to be deleted, the LDAP sync will not happen and require a manual triggering of the delete job from the admin interface. This should prevent accidential deletion of OLAT user because of temporary LDAP problems or user relocation on the LDAP side. Value= 0 (never delete) to 100 (always delete).

ldap.ldapSyncOnStartup=true

Should users be created and synchronized automatically on startup? If you set this and the cron configuration to false, the users will be generated on-the-fly when they log in the first time.

ldap.ldapSyncCronSync=true

Should users be created and synchronized periodically, not just during startup? If you set this and the startup configuration to false, the users will be generated on-the-fly when they log in the first time.

ldap.ldapSyncCronSyncExpression=0 0 * * * ?

Set the rule how often the LDAP synchronization should take place. Default is every hour. For the cron syntax see quartz cron syntax documentation

ldap.ldapUserObjectClass=person

Configuration for syncing user attributes during login or cron and batch sync. The user object class to use.

ldap.ldapUserCreatedTimestampAttribute=createdTimestamp

The LDAP attribute that tells the creation date of the LDAP user. In active Directory this is typically "whenCreated", in OpenLDAP "createdTimestamp". If not available, use the same as for the last modified date.

ldap.ldapUserLastModifiedTimestampAttribute=modifyTimestamp

The LDAP attribute that tells the creation date of the LDAP user. In active Directory this is typically "whenChanged", in OpenLDAP "modifiedTimestamp"

ldap.attributename.useridentifyer=uid

Mapping of the LDAP user identifyer to an OLAT user. In Active Directory this is typically "sAMAccountName", in OpenLDAP "uid".

ldap.attributename.email=mail

Mapping of the mandatory OLAT user properties. In this example the LDAP attribute "mail" will be mapped to the OLAT user property "email"

ldap.attributename.firstName=givenName

Mapping of the mandatory OLAT user properties. In this example the LDAP attribute "givenName" will be mapped to the OLAT user property "firstname"

ldap.attributename.lastName=sn

Mapping of the mandatory OLAT user properties. In this example the LDAP attribute "sn" will be mapped to the OLAT user property "lastName"

olatprovider.enable=false

Disable the normal OLAT login screen. When you set ldap.cacheLDAPPwdAsOLATPwdOnLogin=true, a fallback to the normal OLAT login is made in case the LDAP server can not be reached. You can set this variable also to true to have the OLAT and the LDAP login screen available

default.auth.provider=LDAP

Use the LDAP login screen as the default login screen.
  1. Create Spring Boot Java (Microservices) Project Example
      Create Spring Boot Java (Microservices).
  1. Project Name: LdapAuthenticationConfigSpringBoots.
  2. Group:Ldap-Auth-a143mk.
  3. Artifactid:Ldap-Auth-a143mk.
  4. Description:Learn-Configure LDAP Authentication.
  5. Package:LDAPAutha143mk.



Select the technologies and library(Maven Dependency ) to be.
  1. Spring Web
  2. Spring ldap
  3. ldapsdk
  4. ldap security

while creating the project pom.xml file and some maven dependency, main class is automatically created when web add any dependency like.

pom.xml



Configure application.properties


Create ldap-data.ldif :
Directory Server uses LDAP Data Interchange Format is a standard text format for representing LDAP objects and LDAP updates (add, modify, delete, modify DN) in a textual form.

WebSecurityConfig ClassCreate new package, named LDAPAutha143mk.config. In this package, create Configuration class name is WebSecurityConfig.java as below:

Create Controllers
Create new package named LDAPAutha143mk.controller. In this package, create new java class named LoginWelcomeController.java


Run Project
 

Subscribe to: Posts ( Atom )