Directories for the REST of Us: REST to LDAP in OpenDJ 2.6
-
Upload
forgerock -
Category
Technology
-
view
1.009 -
download
0
description
Transcript of Directories for the REST of Us: REST to LDAP in OpenDJ 2.6
Open Identity Summit
Directories for the REST of us
Ludovic Poitou Product Manager Matthew Swift Architect ForgeRock
Open Identity Summit
LDAP ? ! Good protocol
! Great products and services
! Main problem : Where are the developers ?
! No one learns LDAP or directory services at University
! Poor and complex client development kits
! Protocol from another era : ASN1, BER…
(cc) http://www.flickr.com/photos/bloodlessr/
Open Identity Summit
DSMLv2 ? ! Heavyweight
! Too close to LDAP
! Few tools
! Incomplete
Open Identity Summit
So what else ? ! HTTP for transport
! JSON for data representation
! Loosely coupled
! Fueling the API economy
⇒ RESTfull APIs
(cc) http://www.flickr.com/photos/iain/
Open Identity Summit
Introducing REST to LDAP ! /users
! /groups
! But also any object or collection can be configured ! /hosts
! /networks …
! All CRUD operations: ! Queries, with filters and returned attributes
! Put / Post / Delete / Patch…
! Directory specific operations: Modify password…
Open Identity Summit
GET /users/user.0 {! "_rev" : "000000003a46b19d",!
"schemas" : [ "urn:scim:schemas:core:1.0" ],!
"contactInformation" : {!
"telephoneNumber" : "+1 685 622 6202",! "emailAddress" : "[email protected]"!
},!
"_id" : "user.0",!
"name" : {! "familyName" : "Amar",!
"givenName" : "Aaccf"!
},!
"userName" : "[email protected]",! "displayName" : "Aaccf Amar"!
}!
Open Identity Summit
2 Options ! In OpenDJ server
! Embedded
! Direct access to the data and services
! More secure
! As a standalone web application ! Gateway between HTTP and LDAP
! Works with any LDAP server
! Can be scaled like any other web application
! Network latency
Open Identity Summit
Embedded REST to LDAP ! Delivered part of OpenDJ 2.6 by default.
! Just needs to be enabled
! As well as http logs (for auditing and troubleshooting)
! Configuration as a json file ! LDAP based configuration is coming
Open Identity Summit
Demo
Open Identity Summit
REST to LDAP vs SCIM ! OpenDJ REST to LDAP is inspired by SCIM
! Filters
! Queries
! Identifiers
! Json representation
! SCIM is still a moving target
! SCIM is Identity centric vs REST to LDAP is generic
! SCIM support will be a strip down, hardwired configuration of REST to LDAP
Open Identity Summit
Take the ride to REST !
Q & A
Logo of Presenter Company HERE