Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7853

Implement a new virtual sub-resource for "reference" DN only property mapper



    • Improvement
    • Status: Dev in Progress
    • Blocker
    • Resolution: Unresolved
    • 7.0.0
    • None
    • common-repo, rest
    • None


      Description of the problem

      For the big searches work on Rest2LDAP for IDM, we would like to define a subresource collection URL path like this: managed/user/{id}/role.
      This could also translate to "managed/user/{id}/role/{id}", for example when accessing the "administrator" role of the user "bob".
      To that end, we modified the definition of the user resource, to add a subresource collection named "role".
      Unfortunately we have not found how to make it do what we want.

      Example LDAP data:
      User bob's DN is uid=bob,ou=user,ou=managed,dc=openidm
      He has two roles:

      • uid=role-5,ou=role,ou=managed,dc=openidm
      • uid=role-2,ou=role,ou=managed,dc=openidm
        the user entry has a fr-idm-managed-user-roles attribute which contains the DN of its roles.

      We can access the two roles fine from rest2ldap with a query like managed/user/bob?_fields=/roles and roles being declared as a reference in the rest2ldap config.
      However, we cannot make it work with a query like managed/user/bob/roles because the role entry is not part of the subtree of the user: it lives in a different subtree while rest2ldap seem to be build around the idea of a hierarchical representation IIUC.

      We also wondered if we could directly build a subresource with a path like "managed/user/{id}/role/{id}" at the root of rest2ldap json config, but it does not seem possible to describe how to map these two ids onto LDAP by the look of things.
      It seems like what we want to achieve is not possible with today's code in rest2ldap.


      Implement a new type of SubResource: reference. This is a virtual sub resource, i.e. it cannot be manually added to the rest2ldap configuration. Whenever a reference property mapper is added to a resource, rest2ldap will automatically add a sub resource whose URL template is the same as the property name.
      It should support CRUD and Query operations. Query operations must support paging, sorting and expansion of the references.
      Read and Query are the most important type of operations right now according to OPENDJ-7789.

      Acceptance criteria

      The JSON responses returned by the virtual sub-resource must comply with the specification defined in https://stash.forgerock.org/projects/OPENDJ/repos/opendj/browse/docs/architecture/rest2ldap_virtual_subresources.md


          Issue Links



              cedric.tran-xuan Cedric Tran-Xuan
              JnRouvignac Jean-Noël Rouvignac
              Cedric Tran-Xuan Cedric Tran-Xuan
              0 Vote for this issue
              0 Start watching this issue