Directories for the REST of Us: REST to LDAP in OpenDJ 2.6

2,211 views

Published on

A Hands-On Workshop session with OpenDJ Product Manager Ludovic Poitou, and OpenDJ Architect Matt Swift.

Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/

Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,211
On SlideShare
0
From Embeds
0
Number of Embeds
810
Actions
Shares
0
Downloads
26
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Directories for the REST of Us: REST to LDAP in OpenDJ 2.6

  1. 1. 2013 Open Stack Identity Summit - France Directories for the REST of us Ludovic Poitou - Product Manager Matthew Swift - Architect ForgeRock
  2. 2. LDAP ? •  Good protocol •  Great products and services •  Main problem : Where are the developers ? •  LDAP or directory services at University ? •  Enjoy the Dev Kits ! •  Protocol from another era : ASN1, BER… (cc) http://www.flickr.com/photos/bloodlessr/
  3. 3. DSMLv2 ? •  Heavyweight •  Too close to LDAP •  Few tools •  Incomplete
  4. 4. So what else ? •  HTTP for transport •  JSON for data representation •  Loosely coupled •  Fueling the API economy ⇒ RESTfull APIs (cc) http://www.flickr.com/photos/iain/
  5. 5. Introducing REST to LDAP •  /users •  /groups •  But also any object or collection can be configured •  /hosts •  /networks … •  All CRUD operations: •  Queries, with filters and returned attributes •  Put / Post / Delete / Patch… •  Directory specific operations: Modify password…
  6. 6. GET /users/user.0 {! "_rev" : "000000003a46b19d",! "schemas" : [ "urn:scim:schemas:core:1.0" ],! "contactInformation" : {! "telephoneNumber" : "+1 685 622 6202",! "emailAddress" : "user.0@maildomain.net"! },! "_id" : "user.0",! "name" : {! "familyName" : "Amar",! "givenName" : "Aaccf"! },! "userName" : "user.0@maildomain.net",! "displayName" : "Aaccf Amar"! }!
  7. 7. 2 Options •  In OpenDJ server •  Embedded •  Direct access to the data and services •  More secure •  As a standalone web application •  Gateway between HTTP and LDAP •  Works with any LDAP server •  Can be scaled like any other web application •  Network latency
  8. 8. Embedded REST to LDAP •  Delivered part of OpenDJ 2.6 by default. •  Just needs to be enabled •  As well as http logs (for auditing and troubleshooting) •  Configuration as a json file •  LDAP based configuration is coming
  9. 9. Demo
  10. 10. REST to LDAP vs SCIM •  OpenDJ REST to LDAP is inspired by SCIM •  Filters •  Queries •  Identifiers •  Json representation •  SCIM is still a moving target •  SCIM is Identity centric vs REST to LDAP is generic •  SCIM support will be a strip down, hardwired configuration of REST to LDAP
  11. 11. Take the ride to REST !
  12. 12. 2013 Open Stack Identity Summit - France Q&A

×