Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
55 lines (38 sloc) 3.04 KB

User Admin Sample

Sample application demonstrating how to do some real work with Spring LDAP. This is a fully functional LDAP user administration application. It uses many of the useful concepts in Spring LDAP and would serve as a good example for best practices and various useful tricks.

Users and Groups in LDAP

Users in LDAP are usually represented as organizationalPerson or inetOrgPerson entries in the LDAP tree. The attributes in these entries represent the basic information on the users, e.g. (subset of available attributes):

  • cn: Common Name, or full name of the user
  • sn: Surname
  • mail: Email address
  • telephoneNumber: Phone number
  • ...several more attributes are available

Groups in LDAP are typically organized in groupOfName or groupOfUniqueName entries. These entries have a name, an optional description, and an attribute containing the distinguished names (i.e. the unique identifiers) of all members of the group. This attribute is named member and uniqueMember respectively.

Thus, user administration in LDAP typically involves creating and manipulating orgalizationalPerson or inetOrgPerson entries and adding or removing references to these entries in groupOfName or groupOfUniqueName entries.

This application demonstrates to do this easily and efficiently using Spring LDAP.

Application Structure

The core Spring application context of the sample is defined in resources/applicationContext.xml. By default this ApplicationContext will start an in-process Apache Directory Server instance, automatically populated with some test data. The data will be reset every time the application is restarted.

Running the Example

To run the example, do gradle jettyRun, or mvn jetty:run, and then navigate to http://localhost:8080/spring-ldap-user-admin-sample

It is also possible to run this sample application against a remote LDAP server as opposed to starting an in-process LDAP server. To do this, use the following system properties:

  • - set this to no-apacheds to prevent the in-process ApacheDs to be launched
  • sample.ldap.url - the URL of the target LDAP server
  • sample.ldap.userDn - principal to use for authentication against the LDAP server
  • sample.ldap.password - authentication password
  • sample.ldap.base - the directory root to use - note that by default all data under this node will be deleted and replaced with test data
  • sample.ldap.clean - set this property to false to not clear the root node
  • - NORMAL or AD. Specify AD if running against Active Directory in order to enable some particular AD tweaks


gradle jettyRun -Dsample.ldap.url=ldaps:// \
 -Dsample.ldap.userDn=CN=ldaptest,CN=Users,DC=261consulting,DC=local -Dsample.ldap.password=secret \

This sample uses Bootstrap to present a decent web design - copyright 2013 Twitter, Inc; distributed under the Apache 2 License.

You can’t perform that action at this time.