LDAP—— Realize unified login management of users

One 、 What is it? ？

LDAP（Light Directory Access Protocol Lightweight directory access agreement ）, It is a storage method of directory database .

image MySQL database , The data is stored in the table one by one . and LDAP database , Organize the data into a 「 A tree structure 」, The data is stored on the leaf node .

1.1 LDAP Information organization form of database , Applicable scenario

It uses 「 Tree mode 」 Store the data .

• His biggest advantage is that he has a strong query （ read ） function , It is suitable for retrieving a large amount of data .
• Its disadvantage is that it can only perform simple updates （ Write ） operation , Transaction processing functions required for batch updates are not supported . But it doesn't matter , Because its usage scenario is a multi query scenario .

1.2 Some noun explanations

Entry term

LDAP It stores data in a tree structure , Each node is called an item .

dc（Domain Component）

dc Domain organization （ You can think of it as a relational Library ）

For example, will http://zaq.test Such domain name , It can be disassembled into dc=zaq,dc=test Form like this .

dn（Distinguished Name）

It is used for Unique identification One 「 term 」, And its position in the directory information tree .（ One dn It is similar to a piece of data in a relational database ）

dn Example ：ou=group,dc=zaq,dc=test、cn=dev,ou=group,dc=zaq,dc=test

dn String from left to right , Each component is close to the root of the tree in turn .

rdn（Relative Distinguished Name）

Rdn Namely 「 Key value pair 」.dn By a number of rdn form , Separated by commas .

Like the one above dn in dc=zaq It's just one. rdn

ou（Organization Unit）

stay dn It may contain ou= XX Department Such components , there ou Refers to the organizational unit 、 department .

Object Classes

Every 「 term 」 It contains several Object Classes, Equivalent to the attribute of the item .（ One dn These attributes in are similar to the fields of a piece of data in a relational database ）

Two 、 Can do ？

In the development process, we inevitably need to use a variety of development tools , Each system has its own set of passwords , This makes us helpless , How to remember ？ And the administrator also has a headache when allocating accounts , Every time a team member joins, he will add an account for this member in each system , It's very troublesome to manage . Is there a unified management of user information of multiple systems ？ That's it LDAP.（ It can also realize single sign on ）

Overall goal ： Realize unified login management of users

LDAP The purpose of is to provide a unified standard authentication mechanism for all kinds of software , All software can no longer use unique user management methods , But through this unified authentication mechanism for user authentication .

• OpenLDAP It can run on Linux Upper LDAP Open source implementation of the protocol .
• Microsoft ActiveDirectory yes LDAP stay Windows The realization of .

---

• Just support LDAP The system of the protocol can be integrated LDAP Realize unified authentication management .

Here is OpenLDAP Installation and integration of third-party systems tutorial >>>

Reference resources ：

• https://zhuanlan.zhihu.com/p/445690193
• https://zhuanlan.zhihu.com/p/147768058
• https://blog.csdn.net/joeybrown/article/details/118027917