give a rest to your ldap directory services

License CC-BY-SA 1

Directories for the REST of us

Ludovic Poitou OpenDJ Product Manager - ForgeRock

About me

Director ForgeRock France OpenDJ Product Manager

Also community manager, contributor and blogger

15 Years at Sun Mostly on Sun Directory Services

Developer, Tech lead, Architect

Community Manager for OpenDS Ludovic Poitou!

LDAP ?

Good protocol Great products and services Main problem : Where are

the developers ? LDAP or directory services at

University ? Enjoy the Dev Kits !

Protocol from another era : ASN1, BER…

(cc) http://www.flickr.com/photos/bloodlessr/

DSMLv2 ?

Heavyweight Too close to LDAP Few tools Incomplete

So what else ?

HTTP for transport JSON for data

representation Loosely coupled Fueling the API economy ⇒ RESTfull APIs

(cc) http://www.flickr.com/photos/iain/

Introducing REST to LDAP

/users /groups But also any object or collection can be configured

/hosts /networks …

All CRUD operations: Queries, with filters and returned attributes Put / Post / Delete / Patch…

Directory specific operations: Modify password…

GET /users/user.0 {! "_rev" : "000000003a46b19d",! "schemas" : [ "urn:scim:schemas:core:1.0" ],! "contactInformation" : {! "telephoneNumber" : "+1 685 622 6202",! "emailAddress" : "user.0@maildomain.net"! },! "_id" : "user.0",! "name" : {! "familyName" : "Amar",! "givenName" : "Aaccf"! },! "userName" : "user.0@maildomain.net",! "displayName" : "Aaccf Amar"!}!

2 Options

In OpenDJ server Embedded Direct access to the data and services More secure

As a standalone web application Gateway between HTTP and LDAP Works with any LDAP server Can be scaled like any other web application Network latency

Embedded REST to LDAP

Delivered part of OpenDJ 2.6 by default. Just needs to be enabled As well as http logs (for auditing and

troubleshooting) Configuration as a json file

LDAP based configuration is coming

Demo

REST to LDAP vs SCIM

OpenDJ REST to LDAP is inspired by SCIM Filters Queries Identifiers Json representation

SCIM is still a moving target SCIM is Identity centric vs REST to LDAP is generic SCIM support will be a strip down, hardwired

configuration of REST to LDAP

Take the ride to REST !

http://opendj.forgerock.org

Thanks!

Ludovic Poitou

Ludovic.poitou@forgerock.com

@ludomp

http://ludopoitou.wordpress.com

License CC-BY-SA 32