Give a REST to your LDAP directory services
4 likes8,856 views
This document introduces RESTful APIs as an alternative to traditional LDAP and DSML protocols for accessing directory services like OpenDJ. It describes how RESTful APIs using HTTP, JSON, and CRUD operations can provide a loosely coupled and scalable way to access directory data and services. The document then provides details on OpenDJ's implementation of REST to LDAP, including running it embedded in OpenDJ or as a standalone gateway. It demos the RESTful APIs and compares them to the SCIM standard. Finally, it encourages adopting RESTful approaches and provides contact information.
![GET /users/user.0
{!
"_rev" : "000000003a46b19d",!
"schemas" : [ "urn:scim:schemas:core:1.0" ],!
"contactInformation" : {!
"telephoneNumber" : "+1 685 622 6202",!
"emailAddress" : "user.0@maildomain.net"!
},!
"_id" : "user.0",!
"name" : {!
"familyName" : "Amar",!
"givenName" : "Aaccf"!
},!
"userName" : "user.0@maildomain.net",!
"displayName" : "Aaccf Amar"!
}!](https://image.slidesharecdn.com/ldapconopendjrest-131119094051-phpapp02/85/Give-a-REST-to-your-LDAP-directory-services-7-320.jpg)
Give a REST to your LDAP directory services
- 1. Directories for the REST of us Ludovic Poitou OpenDJ Product Manager - ForgeRock
- 2. About me Director ForgeRock France OpenDJ Product Manager Also community manager, contributor and blogger 15 Years at Sun Mostly on Sun Directory Services Developer, Tech lead, Architect Ludovic Poitou! Community Manager for OpenDS
- 3. LDAP ? Good protocol Great products and services Main problem : Where are the developers ? LDAP or directory services at University ? Enjoy the Dev Kits ! Protocol from another era : ASN1, BER… (cc) http://www.flickr.com/photos/bloodlessr/
- 4. DSMLv2 ? Heavyweight Too close to LDAP Few tools Incomplete
- 5. So what else ? HTTP for transport JSON for data representation Loosely coupled Fueling the API economy ⇒ RESTfull APIs (cc) http://www.flickr.com/photos/iain/
- 6. Introducing REST to LDAP /users /groups But also any object or collection can be configured /hosts /networks … All CRUD operations: Queries, with filters and returned attributes Put / Post / Delete / Patch… Directory specific operations: Modify password…
- 7. GET /users/user.0 {! "_rev" : "000000003a46b19d",! "schemas" : [ "urn:scim:schemas:core:1.0" ],! "contactInformation" : {! "telephoneNumber" : "+1 685 622 6202",! "emailAddress" : "user.0@maildomain.net"! },! "_id" : "user.0",! "name" : {! "familyName" : "Amar",! "givenName" : "Aaccf"! },! "userName" : "user.0@maildomain.net",! "displayName" : "Aaccf Amar"! }!
- 8. 2 Options In OpenDJ server Embedded Direct access to the data and services More secure As a standalone web application Gateway between HTTP and LDAP Works with any LDAP server Can be scaled like any other web application Network latency
- 9. Embedded REST to LDAP Delivered part of OpenDJ 2.6 by default. Just needs to be enabled As well as http logs (for auditing and troubleshooting) Configuration as a json file LDAP based configuration is coming
- 10. Demo
- 30. REST to LDAP vs SCIM OpenDJ REST to LDAP is inspired by SCIM Filters Queries Identifiers Json representation SCIM is still a moving target SCIM is Identity centric vs REST to LDAP is generic SCIM support will be a strip down, hardwired configuration of REST to LDAP
- 31. Take the ride to REST ! http://opendj.forgerock.org