Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-7923

Spike: unified Rest2Ldap configuration and LDAP schema REST endpoint



    • Task
    • Status: Dev backlog
    • Major
    • Resolution: Unresolved
    • 7.2.0
    • None
    • rest
    • None



      Rest2Ldap's mapping configuration defines JSON resource types, their relationships (inheritance, composition and aggregation) and their attributes. In effect, the mapping configuration is a description of the REST data model or schema.

      LDAP schema is equally expressive:

      • Object Classes define the resource types, their inheritance and attributes
      • Attribute Types define the syntax and matching rules for attributes
      • DIT Structure Rules and Name Forms control composition (parent - child).

      It has been observed that:

      • aligning the Rest2Ldap configuration with the LDAP schema is painful, especially when the Rest2Ldap configuration is managed in the client and the LDAP schema managed in DS
      • users would like a RESTful API for managing LDAP schema.

      Suggested fix:

      The LDAP schema should be the single source of truth. Expose a REST API for managing the LDAP schema in a RESTful way where LDAP schema elements are exposed in a more natural JSON representation. The REST schema endpoint also acts as the Rest2Ldap mapping configuration.

      Other considerations:

      • we should continue to support the existing configuration model for backwards compatibility
      • Rest2Ldap should be able to read its configuration from the remote schema endpoint
      • special consideration should be given to the fact that LDAP schema defines attribute types in their own name space, whereas attributes in JSON schema - and Rest2Ldap - are coupled to their respective resource type. For example, two JSON resource types might both define an id field but this field may have a different syntax in each resource type. From a mapping point of view, each id field may map to different LDAP attributes, such as uid and ou.
      • it must be possible to transform a JSON schema - which is what IDM uses - to an LDAP schema. This may involve mangling of attribute names in order to avoid name clashes (see previous point).

      Acceptance criteria:

      This issue can be closed once we have implemented and demoed a design spike in order to test the feasibility of this approach.




            Unassigned Unassigned
            matthew Matthew Swift
            0 Vote for this issue
            0 Start watching this issue