Skip to content

REST Access to OpenDJ Directory Server

Jump to bottom Edit New page
Valery Kharseko edited this page Jul 22, 2024 · 8 revisions

Check Java 1.8+ requirement

$ java -version

openjdk version "22.0.1" 2024-04-16
OpenJDK Runtime Environment Homebrew (build 22.0.1)
OpenJDK 64-Bit Server VM Homebrew (build 22.0.1, mixed mode, sharing)

Get the Latest Version of the OpenDJ LDAP Server

$ cd /tmp

$ export VERSION="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenDJ/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" && echo "last release: $VERSION"

last release: 4.6.4

$ curl -L https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip --output opendj.zip

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 59.7M  100 59.7M    0     0  6770k      0  0:00:09  0:00:09 --:--:-- 8013k

$ unzip opendj && cd opendj

...
 inflating: opendj/template/config/wordlist.txt

Setup Server With a Sample Data

$ ./setup --sampleData 1000 -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt

Configuring Directory Server ..... Done.
Configuring Certificates ..... Done.
Importing Automatically-Generated Data (1000 Entries) ....... Done.
Starting Directory Server ....... Done.

To see basic server configuration status and configuration, you can launch
/private/tmp/opendj/bin/status

Enable the REST HTTP Connection Handler

$ bin/dsconfig set-connection-handler-prop --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword  password --handler-name "HTTP Connection Handler" --set enabled:true --no-prompt --trustAll

List http-authorization-mechanisms

$ bin/dsconfig list-http-authorization-mechanisms --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --trustAll

HTTP Authorization Mechanism              : Type
------------------------------------------:--------------------------------------------------------
HTTP Anonymous                            : http-anonymous-authorization-mechanism
HTTP Basic                                : http-basic-authorization-mechanism
HTTP OAuth2 CTS                           : http-oauth2-cts-authorization-mechanism
HTTP OAuth2 File                          : http-oauth2-file-authorization-mechanism
HTTP OAuth2 OpenAM                        : http-oauth2-openam-authorization-mechanism
HTTP OAuth2 Token Introspection (RFC7662) : http-oauth2-token-introspection-authorization-mechanism

List http-endpoints

$ bin/dsconfig list-http-endpoints --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --trustAll


HTTP Endpoint : Type               : enabled
--------------:--------------------:--------
/admin        : admin-endpoint     : true
/api          : rest2ldap-endpoint : true

Enable the File-Based HTTP Access Logger

$ bin/dsconfig set-log-publisher-prop --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword  password --publisher-name "File-Based HTTP Access Logger" --set enabled:true --no-prompt --trustAll

Create a User With Read/Write Permissions

$ bin/ldapmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword password

dn: ou=write-rest,ou=people,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: write-rest
description: REST administrators

Processing ADD request for ou=write-rest,ou=people,dc=example,dc=com
ADD operation successful for DN ou=write-rest,ou=people,dc=example,dc=com

dn: uid=admin,ou=write-rest,ou=people,dc=example,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
cn: admin
uid: admin
sn: admin
description: REST admin
userPassword: password

Processing ADD request for uid=admin,ou=write-rest,ou=people,dc=example,dc=com
ADD operation successful for DN
uid=admin,ou=write-rest,ou=people,dc=example,dc=com


^C

Test Reading Other Users

$ curl -u "admin:password"  http://localhost:8080/api/users/user.0?_prettyPrint=true
{
  "_id" : "user.0",
  "_rev" : "00000000595bb0ca",
  "_schema" : "frapi:opendj:rest2ldap:user:1.0",
  "_meta" : { },
  "userName" : "[email protected]",
  "displayName" : [ "Aaccf Amar" ],
  "name" : {
    "givenName" : "Aaccf",
    "familyName" : "Amar"
  },
  "description" : "This is the description for Aaccf Amar.",
  "contactInformation" : {
    "telephoneNumber" : "+1 685 622 6202",
    "emailAddress" : "[email protected]"
  }

For more info about REST operations see Performing RESTful Operations.

To change the configuration modify the default file config/rest2ldap/endpoints/api/example-v1.json

Set User Password via REST API in OpenDJ

How to delegate password reset permissions

OpenDJ Logo

Latest release Build Deploy Issues Last commit License Downloads Docker Top language Code size in bytes

OpenDJ is an LDAPv3 compliant directory service, which has been developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization. Its easy installation process, combined with the power of the Java platform makes OpenDJ the simplest, fastest directory to deploy and manage.

Add a custom sidebar
Clone this wiki locally