Status: Dev backlog
Rest2Ldap's mapping configuration defines JSON resource types, their relationships (inheritance, composition and aggregation) and their attributes. In effect, the mapping configuration is a description of the REST data model or schema.
LDAP schema is equally expressive:
- Object Classes define the resource types, their inheritance and attributes
- Attribute Types define the syntax and matching rules for attributes
- DIT Structure Rules and Name Forms control composition (parent - child).
It has been observed that:
- aligning the Rest2Ldap configuration with the LDAP schema is painful, especially when the Rest2Ldap configuration is managed in the client and the LDAP schema managed in DS
- users would like a RESTful API for managing LDAP schema.
The LDAP schema should be the single source of truth. Expose a REST API for managing the LDAP schema in a RESTful way where LDAP schema elements are exposed in a more natural JSON representation. The REST schema endpoint also acts as the Rest2Ldap mapping configuration.
- we should continue to support the existing configuration model for backwards compatibility
- Rest2Ldap should be able to read its configuration from the remote schema endpoint
- special consideration should be given to the fact that LDAP schema defines attribute types in their own name space, whereas attributes in JSON schema - and Rest2Ldap - are coupled to their respective resource type. For example, two JSON resource types might both define an id field but this field may have a different syntax in each resource type. From a mapping point of view, each id field may map to different LDAP attributes, such as uid and ou.
- it must be possible to transform a JSON schema - which is what IDM uses - to an LDAP schema. This may involve mangling of attribute names in order to avoid name clashes (see previous point).
This issue can be closed once we have implemented and demoed a design spike in order to test the feasibility of this approach.