directories for the rest of us: rest to ldap in opendj 2.6
DESCRIPTION
A Hands-On Workshop session with OpenDJ Product Manager Ludovic Poitou, and OpenDJ Architect Matt Swift.TRANSCRIPT
![Page 1: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/1.jpg)
2013 Open Stack Identity Summit - France
Directories for the REST of us Ludovic Poitou - Product Manager Matthew Swift - Architect ForgeRock
![Page 2: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/2.jpg)
LDAP ? • Good protocol
• Great products and services
• Main problem : Where are the developers ? • LDAP or directory services at
University ?
• Enjoy the Dev Kits !
• Protocol from another era : ASN1, BER…
(cc) http://www.flickr.com/photos/bloodlessr/
![Page 3: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/3.jpg)
DSMLv2 ?
• Heavyweight
• Too close to LDAP
• Few tools
• Incomplete
![Page 4: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/4.jpg)
So what else ? • HTTP for transport
• JSON for data representation
• Loosely coupled
• Fueling the API economy
⇒ RESTfull APIs
(cc) http://www.flickr.com/photos/iain/
![Page 5: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/5.jpg)
Introducing REST to LDAP • /users
• /groups
• But also any object or collection can be configured • /hosts • /networks …
• All CRUD operations: • Queries, with filters and returned attributes • Put / Post / Delete / Patch…
• Directory specific operations: Modify password…
![Page 6: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/6.jpg)
GET /users/user.0 {!
"_rev" : "000000003a46b19d",!
"schemas" : [ "urn:scim:schemas:core:1.0" ],!
"contactInformation" : {!
"telephoneNumber" : "+1 685 622 6202",!
"emailAddress" : "[email protected]"!
},!
"_id" : "user.0",!
"name" : {!
"familyName" : "Amar",!
"givenName" : "Aaccf"!
},!
"userName" : "[email protected]",!
"displayName" : "Aaccf Amar"!
}!
![Page 7: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/7.jpg)
2 Options • In OpenDJ server
• Embedded • Direct access to the data and services • More secure
• As a standalone web application • Gateway between HTTP and LDAP • Works with any LDAP server • Can be scaled like any other web application • Network latency
![Page 8: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/8.jpg)
Embedded REST to LDAP • Delivered part of OpenDJ 2.6 by default.
• Just needs to be enabled
• As well as http logs (for auditing and troubleshooting)
• Configuration as a json file • LDAP based configuration is coming
![Page 9: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/9.jpg)
Demo
![Page 10: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/10.jpg)
REST to LDAP vs SCIM • OpenDJ REST to LDAP is inspired by SCIM
• Filters • Queries • Identifiers • Json representation
• SCIM is still a moving target
• SCIM is Identity centric vs REST to LDAP is generic
• SCIM support will be a strip down, hardwired configuration of REST to LDAP
![Page 11: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/11.jpg)
Take the ride to REST !
![Page 12: Directories for the REST of Us: REST to LDAP in OpenDJ 2.6](https://reader031.vdocuments.mx/reader031/viewer/2022020217/547bcd56b37959a22b8b4dd8/html5/thumbnails/12.jpg)
2013 Open Stack Identity Summit - France
Q & A