CN116074100A - Method for realizing unified authentication provided by replacing AD domain based on ldap protocol - Google Patents
Method for realizing unified authentication provided by replacing AD domain based on ldap protocol Download PDFInfo
- Publication number
- CN116074100A CN116074100A CN202310117734.7A CN202310117734A CN116074100A CN 116074100 A CN116074100 A CN 116074100A CN 202310117734 A CN202310117734 A CN 202310117734A CN 116074100 A CN116074100 A CN 116074100A
- Authority
- CN
- China
- Prior art keywords
- user
- ldap
- application program
- module
- service module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000008520 organization Effects 0.000 claims description 13
- 238000007726 management method Methods 0.000 description 21
- 230000009471 action Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000004075 alteration Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000013068 supply chain management Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention belongs to the technical field of network management, in particular to a method for realizing unified authentication based on an ldap protocol to replace an AD domain, which is provided with a login authentication server, wherein the login authentication server is provided with an ldap service module, a user directory information management module is arranged in the ldap service module, and the user directory information management module is used for managing the related information of registered accounts of all users; when a user logs in a first application program and a second application program respectively through the first application program login module and the second application program login module, the user can log in the first application program and the second application program based on the ldap service module and the ldap network access service module, so that the user can log in through a set of account numbers for authentication. Therefore, when group staff logs in various application systems, the account management is more convenient, and the ldap service module is a mature and reliable account management module, so that the phenomenon of login errors is reduced.
Description
Technical Field
The invention belongs to the technical field of network management, and particularly relates to a method for realizing unified authentication by replacing an AD domain based on an ldap protocol.
Background
For large-scale power companies, the digitization and networking construction of enterprises have great promotion effects on improving the working efficiency and improving the management mode, and as the ecological system of the whole group application system is continuously grown, the application systems are various, and the application systems cover various working scenes such as supply chain management, project management, financial management, human resource management, customer service management and the like. At present, enterprises perform unified authentication on users logging in various application systems in an AD domain mode, and errors easily occur in the AD domain authentication, for example, after an account logs in one application, after logging out, a device is changed to log in another application, login unsuccessful phenomenon easily occurs, and in the login process, information such as unknown user names or wrong passwords easily occurs, so that the user is inconvenient to use and the experience is not friendly.
Disclosure of Invention
The invention aims to provide a method for realizing unified authentication by replacing an AD domain based on an ldap protocol, which solves the technical problems that in the prior art, when staff of a group logs in various application systems, account management is inconvenient, authentication on login behaviors of a user is easy to make mistakes through the AD domain, and login authentication fails.
In order to solve the technical problems, the invention adopts the following technical scheme:
the method for realizing the unified authentication for replacing the AD domain based on the ldap protocol comprises the following steps:
a login authentication server is set, wherein an ldap service module is arranged in the login authentication server, a user directory information management module is arranged in the ldap service module, and the user directory information management module is used for managing the related information of the registration account numbers of all users;
the terminal equipment of the user is provided with a first application program login module and a second application program login module which are respectively used for logging in the first application program and the second application program, and the terminal equipment of the user is provided with a ldap network access service module;
when a user logs in the first application program and the second application program respectively through the first application program login module and the second application program login module, based on the ldap service module and the ldap network access service module, the user can log in the first application program and the second application program through a set of account numbers to authenticate.
Preferably, when the user logs in the first application program through the first application program login module, the authentication mode is as follows:
(1) The user inputs an account number and an account password in the first application login module;
(2) The method comprises the steps that an account number and an account password are obtained by the ldap network access service module, and an authentication data packet is sent to the ldap service module by the ldap network access service module, wherein the authentication data packet comprises the account number and the account password;
(3) The ldap service module defaults to bind with the received account number, the ldap service module executes search operation on the user directory information management module according to the account number, and the user directory information management module returns user information related to the account number to the ldap service module;
(4) And the ldap service module carries out a second binding operation according to the obtained user information related to the account number according to the account number and the password, and if the binding is successful, the authentication is successful.
Preferably, the user directory information management module is provided with an account number storage directory, an account password storage directory, a user domain name directory, a user ID directory and a user organization unit directory.
Preferably, the user information related to the account number includes an account number, an account password, a user domain name, a user ID, and a user organization unit.
Preferably, the authentication data packet further includes a user domain name, a user ID, and a user organization unit of the terminal device.
Compared with the prior art, the invention has the beneficial effects that: the method for realizing unified authentication by replacing an AD domain based on the ldap protocol is characterized in that a login authentication server is arranged, an ldap service module is arranged in the login authentication server, a user directory information management module is arranged in the ldap service module, and the user directory information management module is used for managing relevant information of registered accounts of all users; a first application program login module and a second application program login module are arranged on the terminal equipment of the user and are respectively used for logging in the first application program and the second application program, and a ldap network access service module is arranged on the terminal equipment of the user; when a user logs in a first application program and a second application program respectively through the first application program login module and the second application program login module, the user can log in the first application program and the second application program based on the ldap service module and the ldap network access service module, so that the user can log in through a set of account numbers for authentication. Therefore, when group staff logs in various application systems, the account management is more convenient, and the ldap service module is a mature and reliable account management module, so that the phenomenon of login errors is reduced.
Drawings
Fig. 1 is a flowchart of an embodiment of a method for implementing a unified authentication based on the ldap protocol to replace an AD domain according to the present invention.
Fig. 2 is a block diagram of a user directory information management module in an embodiment of a method for implementing a unified authentication for replacing an AD domain based on the ldap protocol according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
A method for implementing a unified authentication for replacing an AD domain based on ldap protocol, refer to fig. 1 and fig. 2.
As shown in fig. 1, the method for implementing the unified authentication based on the ldap protocol to replace the AD domain includes:
setting a third-party independent login authentication server, wherein an ldap service module is arranged in the login authentication server, and a user directory information management module is arranged in the ldap service module and used for managing the related information of the registration account numbers of all users. As shown in fig. 2, the user directory information management module is provided with an account number storage directory, an account password storage directory, a user domain name directory, a user ID directory, and a user organization unit directory.
The system comprises an account number storage directory, an account password storage directory, a user domain name directory, a user ID directory, a user organization unit directory and an organization unit directory, wherein the account number storage directory is used for storing account numbers, the account password storage directory is used for storing account passwords, the user domain name directory is used for storing domain names of terminal equipment, the user ID directory is used for storing addresses of the terminal equipment, and the user organization unit directory is used for storing organization units corresponding to the terminal equipment.
The terminal equipment of the user is provided with a first application program login module and a second application program login module which are respectively used for logging in the first application program and the second application program, and the terminal equipment of the user is provided with an ldap network access service module, when the user logs in the first application program and the second application program respectively through the first application program login module and the second application program login module, the user can log in the first application program and the second application program based on the ldap service module and the ldap network access service module, so that the user can log in the first application program and the second application program through a set of account numbers for authentication.
Specifically, when a user logs in a first application program through a first application program login module, the authentication mode is as follows:
(1) A user inputs an account number and an account password in a first application login module;
(2) The method comprises the steps that an ldap network access service module obtains an account number and an account password, and sends an authentication data packet to the ldap service module, wherein the authentication data packet comprises the account number and the account password;
(3) The ldap service module defaults to bind with the received account number, performs search operation on the user directory information management module according to the account number, and returns user information related to the account number to the ldap service module;
(4) The ldap service module carries out the second binding operation according to the acquired user information related to the account number and the account number, and if the binding is successful, the authentication is successful.
When a user logs in a second application program through a second application program login module, the authentication mode is as follows:
(1) The user inputs the same set of account number and account password in a second application login module;
(2) The method comprises the steps that an ldap network access service module obtains an account number and an account password, and sends an authentication data packet to the ldap service module, wherein the authentication data packet comprises the account number and the account password;
(3) The ldap service module defaults to bind with the received account number, performs search operation on the user directory information management module according to the account number, and returns user information related to the account number to the ldap service module;
(4) The ldap service module carries out the second binding operation according to the acquired user information related to the account number and the account number, and if the binding is successful, the authentication is successful.
Further, the user information related to the account number includes the account number, the account password, the user domain name, the user ID and the user organization unit, and the authentication data packet further includes the user domain name, the user ID and the user organization unit of the terminal device, so that authentication of multiple factors is performed, and authentication security is ensured.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. A method for implementing a proxy AD domain to provide unified authentication based on ldap protocol, comprising:
a login authentication server is set, wherein an ldap service module is arranged in the login authentication server, a user directory information management module is arranged in the ldap service module, and the user directory information management module is used for managing the related information of the registration account numbers of all users;
the terminal equipment of the user is provided with a first application program login module and a second application program login module which are respectively used for logging in the first application program and the second application program, and the terminal equipment of the user is provided with a ldap network access service module;
when a user logs in the first application program and the second application program respectively through the first application program login module and the second application program login module, the user logs in the first application program or logs in the second application program based on the ldap service module and the ldap network access service module, so that the user can authenticate through a set of account numbers.
2. The method for providing unified authentication based on ldap protocol instead of AD domain according to claim 1, wherein when a user logs in the first application through the first application login module, the authentication mode is as follows:
(1) The user inputs an account number and an account password in the first application login module;
(2) The ldap network access service module acquires an account number and an account password, and the ldap network access service module sends an authentication data packet to the ldap service module;
(3) The ldap service module defaults to bind with the received account number, the ldap service module executes search operation on the user directory information management module according to the account number, and the user directory information management module returns user information related to the account number to the ldap service module;
(4) And the ldap service module carries out a second binding operation according to the obtained user information related to the account number according to the account number and the password, and if the binding is successful, the authentication is successful.
3. The method for realizing the unified authentication based on the ldap protocol for replacing the AD domain according to claim 2, wherein the user directory information management module is provided with an account number storage directory, an account password storage directory, a user domain name directory, a user ID directory and a user organization unit directory.
4. The method for providing unified authentication based on ldap protocol instead of AD domain according to claim 2, wherein the user information related to account number comprises account number, account password, user domain name, user ID and user organization.
5. The method for providing unified authentication based on the ldap protocol instead of the AD domain according to claim 2, wherein the authentication packet includes an account number and an account password.
6. The method for providing unified authentication based on ldap protocol instead of AD domain according to claim 5, wherein the authentication data packet further comprises a user domain name of the terminal device.
7. The method for providing unified authentication based on ldap protocol instead of AD domain according to claim 5, wherein the authentication data packet further comprises a user ID of the terminal device.
8. The method for providing unified authentication based on ldap protocol instead of AD domain according to claim 5, wherein the authentication data packet further comprises a user organization unit of the terminal device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310117734.7A CN116074100A (en) | 2023-02-15 | 2023-02-15 | Method for realizing unified authentication provided by replacing AD domain based on ldap protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310117734.7A CN116074100A (en) | 2023-02-15 | 2023-02-15 | Method for realizing unified authentication provided by replacing AD domain based on ldap protocol |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116074100A true CN116074100A (en) | 2023-05-05 |
Family
ID=86183561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310117734.7A Pending CN116074100A (en) | 2023-02-15 | 2023-02-15 | Method for realizing unified authentication provided by replacing AD domain based on ldap protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116074100A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040002036A (en) * | 2002-06-29 | 2004-01-07 | 주식회사 케이티 | Simple Binding Authorization Method for Strengthening Security |
| CN104717261A (en) * | 2013-12-17 | 2015-06-17 | 华为技术有限公司 | Login method and desktop management device |
| CN106685973A (en) * | 2016-12-30 | 2017-05-17 | 东软集团股份有限公司 | Method and device for remembering log in information, log in control method and device |
| CN111241504A (en) * | 2020-01-16 | 2020-06-05 | 远景智能国际私人投资有限公司 | Identity authentication method and device, electronic equipment and storage medium |
| CN113360862A (en) * | 2021-05-06 | 2021-09-07 | 朗新科技集团股份有限公司 | Unified identity authentication system, method, electronic device and storage medium |
-
2023
- 2023-02-15 CN CN202310117734.7A patent/CN116074100A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040002036A (en) * | 2002-06-29 | 2004-01-07 | 주식회사 케이티 | Simple Binding Authorization Method for Strengthening Security |
| CN104717261A (en) * | 2013-12-17 | 2015-06-17 | 华为技术有限公司 | Login method and desktop management device |
| CN106685973A (en) * | 2016-12-30 | 2017-05-17 | 东软集团股份有限公司 | Method and device for remembering log in information, log in control method and device |
| CN111241504A (en) * | 2020-01-16 | 2020-06-05 | 远景智能国际私人投资有限公司 | Identity authentication method and device, electronic equipment and storage medium |
| CN113360862A (en) * | 2021-05-06 | 2021-09-07 | 朗新科技集团股份有限公司 | Unified identity authentication system, method, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103001999B (en) | For privately owned Cloud Server, intelligent apparatus client and the method for public cloud network | |
| CN102638416B (en) | The method of IM message, client and system is checked when multi-client logs in | |
| CN103475726B (en) | A kind of virtual desktop management, server and client side | |
| CN109413096B (en) | A kind of login method and device more applied | |
| CN102904865B (en) | A kind of management method, system and equipment of the multiple digital certificates based on mobile terminal | |
| Cai et al. | Towards an AS-to-organization Map | |
| CN107959715B (en) | Remote terminal information identification software method based on wireless telecommunications | |
| CN104243154A (en) | Server user authority centralized control system and server use authority centralized control method | |
| CN103414709A (en) | User identity binding and user identity binding assisting method and device | |
| CN104144098A (en) | Information pushing method and system and pushing server equipment | |
| CN109062690A (en) | A kind of request responding method, server, medium and system | |
| CN103905399A (en) | Account registration management method and apparatus | |
| CN110581824A (en) | Quick login management system based on multiple WeChat public numbers | |
| CN102075339A (en) | VPN management platform, and implementation method and system for VPN service | |
| CN104917848A (en) | Smart cloud platform for enterprises based on enterprise management and service | |
| CN102377737B (en) | The system and method for the interactive email access protocol server of a kind of many account access | |
| CN104158710A (en) | Automatic switchover method of service application channel based on open intelligent gateway platform | |
| CN104202365A (en) | Clustered intelligent gateway platform and method thereby for deploying expanded business application | |
| US8719908B1 (en) | Digital certificate management | |
| CN114567553A (en) | Equipment network access method and device based on industrial Internet identification analysis system | |
| CN101202737A (en) | Method and system for managing third party mail account | |
| CN103414732A (en) | Application integration device and application integration processing method | |
| CN108011870B (en) | A kind of remote software online upgrading information automatic identification management method | |
| CN112131544B (en) | Shell script method for user management of springboard machine | |
| CN107154982B (en) | Method and system for auditing log records |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230818 Address after: No.136 Xingqing Road, Beilin District, Xi'an City, Shaanxi Province Applicant after: Xi'an Thermal Power Research Institute Co.,Ltd. Applicant after: Huaneng Group R&D Center Co., Ltd. Applicant after: Wuzhong Hongsibao Xinke Energy Co.,Ltd. Address before: No.136 Xingqing Road, Beilin District, Xi'an City, Shaanxi Province Applicant before: Xi'an Thermal Power Research Institute Co.,Ltd. Applicant before: Huaneng Group R&D Center Co., Ltd. |
|
| TA01 | Transfer of patent application right |