Give a REST to your LDAP directory services

4,817 views
4,475 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,817
On SlideShare
0
From Embeds
0
Number of Embeds
860
Actions
Shares
0
Downloads
43
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Give a REST to your LDAP directory services

  1. 1. Directories for the REST of us Ludovic Poitou OpenDJ Product Manager - ForgeRock
  2. 2. About me Director ForgeRock France OpenDJ Product Manager Also community manager, contributor and blogger 15 Years at Sun Mostly on Sun Directory Services Developer, Tech lead, Architect Ludovic Poitou! Community Manager for OpenDS
  3. 3. LDAP ? Good protocol Great products and services Main problem : Where are the developers ? LDAP or directory services at University ? Enjoy the Dev Kits ! Protocol from another era : ASN1, BER… (cc) http://www.flickr.com/photos/bloodlessr/
  4. 4. DSMLv2 ? Heavyweight Too close to LDAP Few tools Incomplete
  5. 5. So what else ? HTTP for transport JSON for data representation Loosely coupled Fueling the API economy ⇒ RESTfull APIs (cc) http://www.flickr.com/photos/iain/
  6. 6. Introducing REST to LDAP /users /groups But also any object or collection can be configured /hosts /networks … All CRUD operations: Queries, with filters and returned attributes Put / Post / Delete / Patch… Directory specific operations: Modify password…
  7. 7. GET /users/user.0 {! "_rev" : "000000003a46b19d",! "schemas" : [ "urn:scim:schemas:core:1.0" ],! "contactInformation" : {! "telephoneNumber" : "+1 685 622 6202",! "emailAddress" : "user.0@maildomain.net"! },! "_id" : "user.0",! "name" : {! "familyName" : "Amar",! "givenName" : "Aaccf"! },! "userName" : "user.0@maildomain.net",! "displayName" : "Aaccf Amar"! }!
  8. 8. 2 Options In OpenDJ server Embedded Direct access to the data and services More secure As a standalone web application Gateway between HTTP and LDAP Works with any LDAP server Can be scaled like any other web application Network latency
  9. 9. Embedded REST to LDAP Delivered part of OpenDJ 2.6 by default. Just needs to be enabled As well as http logs (for auditing and troubleshooting) Configuration as a json file LDAP based configuration is coming
  10. 10. Demo
  11. 11. REST to LDAP vs SCIM OpenDJ REST to LDAP is inspired by SCIM Filters Queries Identifiers Json representation SCIM is still a moving target SCIM is Identity centric vs REST to LDAP is generic SCIM support will be a strip down, hardwired configuration of REST to LDAP
  12. 12. Take the ride to REST ! http://opendj.forgerock.org
  13. 13. Thanks! Ludovic Poitou Ludovic.poitou@forgerock.com @ludomp http://ludopoitou.wordpress.com

×