OpenDJ: REST to LDAP Gateway, part 2

OpenDJ Community LogoThe REST to LDAP gateway that you read about a few days ago is continuing to improve. If you look at the latest configuration, you will notice some changes:

  • DN reference mapping lets you map LDAP attributes like manager and uniqueMember that take DN values.
  • The "/users" mapping adds "manager" and "groups" fields, taking advantage of the reference mapping capability.
  • The default configuration now also includes a "/groups" mapping.
  • The "/users" and "/groups" mappings add "meta" fields to JSON resources. In the default configuration the "meta" field shows information about when the underlying entry was created and last modified.
  • ID and revision attributes in the default config are now "_id" and "_rev" as in OpenIDM.

The reference mapping prevents RESTful client applications from having to understand LDAP DNs. For example, if you look at Babs Jensen’s entry through LDAP, you notice that her manager is trigden.

$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=bjensen)" cn manager
dn: uid=bjensen,ou=People,dc=example,dc=com
cn: Barbara Jensen
cn: Babs Jensen
manager: uid=trigden, ou=People, dc=example,dc=com

In the JSON resource for Babs Jensen, trigden is mapped to "_id", and the manager’s name is pulled out of the referenced entry, so you can now see who trigden is without doing another search.

$ curl 'http://opendj.example.com:8080/rest2ldap/users/bjensen?_fields=displayName,manager&_prettyPrint=true'
{
  "displayName" : "Barbara Jensen",
  "manager" : [ {
    "_id" : "trigden",
    "displayName" : "Torrey Rigden"
  } ]
}

If you look at Torrey Rigden’s entry through LDAP, you see the groups that Torrey is a member of are also referenced by DN.

$ ldapsearch -p 1389 -b dc=example,dc=com "(uid=trigden)" cn isMemberOf
dn: uid=trigden,ou=People,dc=example,dc=com
cn: Torrey Rigden
isMemberOf: cn=PD Managers,ou=groups,dc=example,dc=com

The REST to LDAP gateway uses the reference mapping for this as well.

$ curl 'http://opendj.example.com:8080/rest2ldap/users/trigden?_fields=displayName,groups&_prettyPrint=true'
{
  "displayName" : "Torrey Rigden",
  "groups" : [ {
    "_id" : "PD Managers"
  } ]
}

The "/groups" mapping gives you what you would expect, using the reference mapping for members.

$ curl 'http://opendj.example.com:8080/rest2ldap/groups?_filter=true&_fields=displayName,members&_prettyPrint=true'
{
  "result" : [ {
    "displayName" : "Accounting Managers",
    "members" : [ {
      "_id" : "scarter",
      "displayName" : "Sam Carter"
    }, {
      "_id" : "tmorris",
      "displayName" : "Ted Morris"
    } ]
  }, {
    "displayName" : "Directory Administrators",
    "members" : [ {
      "_id" : "kvaughan",
      "displayName" : "Kirsten Vaughan"
    }, {
      "_id" : "hmiller",
      "displayName" : "Harry Miller"
    }, {
      "_id" : "rdaugherty",
      "displayName" : "Robert Daugherty"
    } ]
  }, {
    "displayName" : "HR Managers",
    "members" : [ {
      "_id" : "kvaughan",
      "displayName" : "Kirsten Vaughan"
    }, {
      "_id" : "cschmith",
      "displayName" : "Chris Schmith"
    } ]
  }, {
    "displayName" : "PD Managers",
    "members" : [ {
      "_id" : "kwinters",
      "displayName" : "Kelly Winters"
    }, {
      "_id" : "trigden",
      "displayName" : "Torrey Rigden"
    } ]
  }, {
    "displayName" : "QA Managers",
    "members" : [ {
      "_id" : "abergin",
      "displayName" : "Andy Bergin"
    }, {
      "_id" : "jwalker",
      "displayName" : "John Walker"
    } ]
  } ],
  "resultCount" : 5,
  "pagedResultsCookie" : null,
  "remainingPagedResults" : -1
}

Get the updated REST to LDAP gateway for yourself and look at opendj-rest2ldap-servlet.json to see how this works in the configuration. Updates to the doc for these changes are in review.

Still more to come…

About these ads

2 Comments

Filed under Directory Services and LDAP

2 responses to “OpenDJ: REST to LDAP Gateway, part 2

  1. Pingback: OpenDJ: REST to LDAP, part 3 | Margin Notes 2.0

  2. Amit Doshi

    Hi Mark,
    I am right now working on the rest2ldap gateway of oepndj. But i am facing some issues. I am not able to understand why i required manager username & password in order for creating/deleting/updating user in opendj…… In my opendj structure there is no manager or anything like that.

    So my question is while creating/deleting/updating users, what username & password should i pass?

    I wasted my 2 days & I will really appreciate if you provide some solution for it.
    Thanks & Regards,
    Amit Doshi
    amitccet@gmail.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s