OpenDJ: Getting started with DSML

OpenDJ Community LogoBack when XML was overly popular, DSMLv2 became a standard (.xsd, .doc). Directory Services Markup Language basically lets you do LDAP over HTTP, wrapping messages in SOAP. I won’t advocate unnecessary multiplication of wrappers, but perhaps you do not always have a choice.

OpenDJ provides a DSML .war that you can grab from the download page. The DSML .war is a gateway, so you must have a directory server such as OpenDJ to which the DSML gateway connects when handling client requests. If you do not yet have a directory server, get OpenDJ from the download page, too, and install it in a few clicks. You can either generate sample data during install, or load Example.ldif. The examples below work with Example.ldif.

For the DSML Gateway, deploy the war in your web container, and then edit WEB-INF/web.xml as described in the OpenDJ Admin Guide. (At minimum, you want to make sure the LDAP port number is correct. If you want to be able to HTTP Basic Auth and have the user IDs mapped to entries in the directory, for example, set ldap.authzidtypeisid=true.) Restart to take your changes into account.

For the following examples, I have OpenDJ DSML gateway running in Tomcat on localhost:8080/dsml, and OpenDJ with the entries from Example.ldif on localhost:1389.

Searching the Directory

Here is what I want to do using ldapsearch.

$ /path/to/OpenDJ/bin/ldapsearch -p 1389 -b dc=example,dc=com \
 "(uid=bjensen)" description
dn: uid=bjensen,ou=People,dc=example,dc=com
description: Original description

Here it is in DSML, with the response pretty printed by hand to make it easier to read. Notice that this goes as a POST to http://localhost:8080/dsml/DSMLServlet.

$ cat /path/to/search-request.xml
<?xml version="1.0" encoding="UTF-8"?>
<soap-env:Envelope xmlns:xsd=""
  <batchRequest xmlns="urn:oasis:names:tc:DSML:2:0:core" requestID="search">
   <searchRequest dn="dc=example,dc=com"
     <equalityMatch name="uid">
     <attribute name="description" />

$ curl -X POST --data @/path/to/search-request.xml \
 -H "Content-Type: text/xml" \
<SOAP-ENV:Envelope xmlns:SOAP-ENV="">
  <batchResponse xmlns="urn:oasis:names:tc:DSML:2:0:core" requestID="search">
    <searchResultEntry dn="uid=bjensen,ou=People,dc=example,dc=com">
     <attr name="description">
      <value>Original description</value>
     <resultCode code="0"/>

Updating an Entry

Here is what I want to do using ldapmodify.

$ /path/to/OpenDJ/bin/ldapmodify -p 1389 \
 -D uid=bjensen,ou=people,dc=example,dc=com -w hifalutin
dn: uid=bjensen,ou=people,dc=example,dc=com
changetype: modify
replace: description
description: Going to change this with DSML

Processing MODIFY request for uid=bjensen,ou=people,dc=example,dc=com
MODIFY operation successful for DN uid=bjensen,ou=people,dc=example,dc=com

Here it is in DSML, again with the response pretty printed by hand.

$ cat /path/to/modify-request.xml

<?xml version="1.0" encoding="UTF-8"?>
<soap-env:Envelope xmlns:xsd=""
  <batchRequest xmlns="urn:oasis:names:tc:DSML:2:0:core" requestID="modify">
   <modifyRequest dn="uid=bjensen,ou=people,dc=example,dc=com">
    <modification name="description" operation="replace">
     <value>New description from DSML gateway</value>

$ curl -X POST --data @/path/to/modify-request.xml \
 -H "Content-Type: text/xml" -u bjensen:hifalutin \

<SOAP-ENV:Envelope xmlns:SOAP-ENV="">
  <batchResponse xmlns="urn:oasis:names:tc:DSML:2:0:core" requestID="modify">
    <resultCode code="0"/>


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s