Post on 29-Nov-2014
description
2013 Open Stack Identity Summit - France
Directories for the REST of us Ludovic Poitou - Product Manager Matthew Swift - Architect ForgeRock
LDAP ? • Good protocol
• Great products and services
• Main problem : Where are the developers ? • LDAP or directory services at
University ?
• Enjoy the Dev Kits !
• Protocol from another era : ASN1, BER…
(cc) http://www.flickr.com/photos/bloodlessr/
DSMLv2 ?
• Heavyweight
• Too close to LDAP
• Few tools
• Incomplete
So what else ? • HTTP for transport
• JSON for data representation
• Loosely coupled
• Fueling the API economy
⇒ RESTfull APIs
(cc) http://www.flickr.com/photos/iain/
Introducing REST to LDAP • /users
• /groups
• But also any object or collection can be configured • /hosts • /networks …
• All CRUD operations: • Queries, with filters and returned attributes • Put / Post / Delete / Patch…
• Directory specific operations: Modify password…
GET /users/user.0 {!
"_rev" : "000000003a46b19d",!
"schemas" : [ "urn:scim:schemas:core:1.0" ],!
"contactInformation" : {!
"telephoneNumber" : "+1 685 622 6202",!
"emailAddress" : "user.0@maildomain.net"!
},!
"_id" : "user.0",!
"name" : {!
"familyName" : "Amar",!
"givenName" : "Aaccf"!
},!
"userName" : "user.0@maildomain.net",!
"displayName" : "Aaccf Amar"!
}!
2 Options • In OpenDJ server
• Embedded • Direct access to the data and services • More secure
• As a standalone web application • Gateway between HTTP and LDAP • Works with any LDAP server • Can be scaled like any other web application • Network latency
Embedded REST to LDAP • Delivered part of OpenDJ 2.6 by default.
• Just needs to be enabled
• As well as http logs (for auditing and troubleshooting)
• Configuration as a json file • LDAP based configuration is coming
Demo
REST to LDAP vs SCIM • OpenDJ REST to LDAP is inspired by SCIM
• Filters • Queries • Identifiers • Json representation
• SCIM is still a moving target
• SCIM is Identity centric vs REST to LDAP is generic
• SCIM support will be a strip down, hardwired configuration of REST to LDAP
Take the ride to REST !
2013 Open Stack Identity Summit - France
Q & A