The Research And Implementation Of Unified Identity System Based On LDAP

With the rapid development of campus network, various applications are used in campus network and the services increase gradually, the drawbacks of the independent authentication have appeared. Therefore, it is an important measure in the information safe system to set up a unified identity system, with which to manage the network users in unison and unifying authentication and authorize.At first, the concept of unified identity system and the three models which are developed with the development of the unified identity system are introduced, especially the performance of the models.Secondly, the LDAP directory protocol is researched all round, and also the models of the LDAP. Based on the comprehensive comparison between the LDAP and the relational database, the availability of the LDAP directory is analyzed. And then the Kerberos is introduced, particularly the certification process of the Kerberos.At last, based on the analyze and introduce above, basis of the requirement of system expansibility, security, convenience to manage ,the unified identity system based on LDAP and Kerberos is designed, it uses centralize authentication model. This system makes up of two parts- server and client. The server is the manage system based on B/S, using the MVC framework. The design implements using LDAP catalog storage resource information, combining RBAC accessing strategy in the system authorization management and the design of LDAP catalog. At the same time, the system adopts Kerberos authentication mechanism to implement users authentication. The client develops client control based on Windows and Web, using the client to parse return data and implement logging in automatically. The client controls based on Windows and Web are separately explored, the returning data are analyzed by these controls and automation of login is realized. The detailed implementation of every part is given and the authorization management function of the system is presented through offering the authorization service to a CIDA project. In addition, using the client controls based on Windows and Web decreases both the system's modification and the developing difficulty of new system.