From the course: Spring 6: Spring Security
Introduction to LDAP for authentication
From the course: Spring 6: Spring Security
Introduction to LDAP for authentication
- [Instructor] One of the most common ways to authenticate an application in an enterprise is due to the use of LDAP. So let's talk a little bit about LDAP in Microsoft Active Directory. LDAP or Lightweight Directory Access Protocol is a lightweight user authentication directory structure. It's built in natively to many operating systems in one shape or another and of course there are standalone implementations as well. One of the biggest benefits of LDAP is the fact that it's interoperable among many different operating systems and components. In fact, IT services are exported to many of those components so that they don't natively have to support authentication, which in an enterprise setting is exactly what we want. Because LDAP is lightweight, it's also highly scalable, which again, is another benefit when you're running distributed systems across the globe. And all of those enterprise systems need to share the same directory structure. Now, I mentioned Microsoft Active Directory. In some way, shape or form, it supports an LDAP protocol, but it is not LDAP, and that's very important to understand before we go forward. Now, Spring Security LDAP is not a very hard project to learn. The base project is Spring Security LDAP itself. It offers full support for all native LDAP operations that you would need outside of authentication. And while we're going to focus primarily on the authentication routines, it is good to keep in mind that you have other accesses to LDAP outside of authentication as well. Spring Security also provides adequate support for password hashing that most LDAP implementations also support. Now, the paradigm that we will use to learn Spring Security with LDAP is going to be very similar to what we saw with basic and form-based authentication. LDAP authentication still leverages the authentication manager builder that we have been configuring in our security configuration class. I do want to talk a little bit about how we're going to to use LDAP in this chapter. We're going to use an embedded LDAP server that's part of the spring dependency management structure. You don't have to use the embedded LDAP server if you don't want to. You can use something like OpenLDAP with Docker or built into your OS. It's ready to go. That's actually how I do most of my LDAP work when I'm running locally. But again, in this example, we're going to use an embedded LDAP instance. Now you may be asking yourself, well, I've got access to Active Directory. Can I just use it for the purposes of this demo? The short answer is you can. It's a little bit different, and we're going to talk about some of those differences. However, it's important to note that active directory is not LDAP, but it can use LDAP for authentication routines. Both of them are based on a directory structure and it's very similar, but they are not the same, and we should be really clear on that. With all that being said, let's jump in.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.