Reputation: 121
Spring Ldap - multipe base names
I am trying to use spring LDAP /ODM to receive some attributes from LDAP. Is there a way to configure multiple base names in
<ldap:context-source
url="${ldap.url}"
base="${ldap.base}" // here ..is there a prop that will take an array of base names
username="${userdn}"
password="${password}" />
<ldap:ldap-template id="ldapTemplate" />
or in
@Entry(objectClasses = { "person"} base={..CAN I GIVE MULTIPLE BASENames here..})
public class LdapUser {
@Id
private Name dn;
//..
}
The app I am developing has users defined under one OU and internal TESTERs defined in another ou in our AD. So I am trying to see if I can use the same LDAP entry class for looking up everyone.
Upvotes: 2
Views: 6156
Answers (3)
Reputation: 3300
The ContextSource base is intended to specify the base of all operations on the ContextSource, and is typically set to the domain controller DN.
You can use ODM without specifying a base on the @Entry (or using a base DN higher up in the tree), but in that case you will typically use the @DnAttribute annotation in order to have the framework automatically build DNs for you (mainly needed when persisting entries back to LDAP).
If we assume your users are in the following structure:
dc=example,dc=com,ou=USERS
dc=example,dc=com,ou=TESTERS
Now, if you specify base dc=example,dc=com on the ContextSource you can have ODM handle this automatically as described briefly below:
@Entry(objectclasses={"person"})
public class Person {
@Id
private Name dn;
@DnAttribute(name="ou", index=0)
@Transient // Indicates that this is not an attribute on the entry
private String userType;
@Attribute(name="cn")
private String name;
// More attributes here
}
The above will handle automatic mapping of LDAP entries to and from the Person class. Now, if you want to find all persons, do:
List<Person> allPersons = ldapTemplate.findAll(Person.class);
If you want to find all testers you would do:
List<Person> testers = ldapTemplate.find(
query().base("ou=TESTERS"),
Person.class);
Upvotes: 2
Reputation: 15459
No expert here, mind you. With XML config at least, you can wire an LdapTemplate instance. One suggestion might be to make a new implementation called something like DelegatingLdapTemplate that gets injected with two regular templates (one per basename) and then delegates to them appropriately (or just calls one, then the other if the first one return 0 results), and use this in place of a normal template instance. This of course makes sense only if your use case really warrants this behavior (e.g. if you never know where to search for the user and have to check both locations). Otherwise, just make two separate beans.
Upvotes: 0
Reputation: 174664
I am not very familiar with Spring LDAP but (IIRC) LDAP itself can only search from a single node (base). So, looking at the documentation, you might have to do a search from the organization (o=xx) with an LDAPQueryBuilder, adding conditions for the ous. See the javadocs.
Upvotes: 0
Related Questions
- Spring ldapTemplate: how to lookup fully qualified DN with configured base DN?
- spring.data.ldap with multiple spring.ldap.urls in application.properties
- Spring LDAP using Java Configuration
- Setting spring ldap base dynamically for a new connection each usage
- Ldap Query - Configuration using Spring Boot
- Dynamically Configure LDAP Server using Spring Security
- Spring LDAP: InvalidNameException: /: [LDAP: error code 34
- Spring LDAP with dynamic base DN
- Spring Security and multiple LDAP
- Spring Security and multiple ldap configuration