OpenDJ: REST to LDAP Gateway

OpenDJ Community LogoThe REST to LDAP mapping is a new feature for the next release of OpenDJ. Although it is still early and the features is not finished yet, you can already play with some of the new capabilities.

REST to LDAP exposes directory data over HTTP as JSON resources. This opens up directory data to applications that do not support LDAP.

The initial artifact for serving JSON resources is a REST to LDAP gateway, which is a Servlet. (The Servlet will be followed by a REST to LDAP connection handler within OpenDJ.) To give the gateway a try, run it with an OpenDJ directory server in back.

As of this writing, the gateway .war is not yet posted on the builds page. Try one of these options instead:

  • You can download a build of the .war from the ForgeRock Maven repository under opendj-rest2ldap-servlet/3.0.0-SNAPSHOT/.
  • You can get the code, and then build and run the gateway yourself.
    $ svn co
    $ cd opendj3/opendj-rest2ldap-servlet && mvn jetty:run

    By default, the gateway listens on localhost:8080, and connects to the directory server on localhost:1389 as cn=Directory Manager with password password. The gateway is also configured to work out of the box with sample data (entries under dc=example,dc=com, either those generated at setup time or loaded from Example.ldif).

With a default OpenDJ configuration, you probably only need to start the directory server. (Don’t have OpenDJ? Try the quick install.)

$ /path/to/OpenDJ/bin/start-ds

If the defaults do not work for your setup, know that the configuration file for the gateway is opendj3/opendj-rest2ldap-servlet/src/main/webapp/opendj-rest2ldap-servlet.json. If you downloaded and deployed the gateway .war, then find opendj-rest2ldap-servlet.json under the directory where you deployed the .war. Also see the links to the doc below.

Once the gateway and OpenDJ are configured and started, REST clients can access the gateway to get at directory data, as in the following example.

$ curl http://localhost:8080/users/bjensen?_prettyPrint=true
  "id" : "bjensen",
  "rev" : "000000002f43b789",
  "schemas" : [ "urn:scim:schemas:core:1.0" ],
  "contactInformation" : {
    "telephoneNumber" : "+1 408 555 1862",
    "emailAddress" : ""
  "name" : {
    "familyName" : "Jensen",
    "givenName" : "Barbara"
  "userName" : "",
  "displayName" : "Barbara Jensen"

At this early stage, the gateway supports three of the seven CRUDPAQ verbs: create, read, and query.

There is a bit of documentation for REST to LDAP. All of this is still in progress.

More to come…

6 thoughts on “OpenDJ: REST to LDAP Gateway

  1. Pingback: OpenDJ: REST to LDAP Gateway, part 2 | Margin Notes 2.0

    1. Hi,

      In principle, yes. The REST LDAP gateway does LDAP requests against the directory server.

      I’ve not yet tried with OpenLDAP. It would be interesting to see what you have to change in the configuration file to make it work.


  2. Wayne

    It is mentioned you can download a build of the .war from the ForgeRock Maven repository under opendj-rest2ldap-servlet/3.0.0-SNAPSHOT/. or via the below svn command
    $ svn co

    but both of which were currently inactive for me. Are there any updates on this or could you point me in the direction of the best place to download the .war?

    Thanks for the help,


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.