OpenDJ offers two ways to give RESTful client applications HTTP access to directory data as JSON resources.
-
Enable the listener on OpenDJ directory server to respond to REST requests.
With this approach, you do not need to install additional software.
-
Configure the external REST LDAP gateway Servlet to access your directory service.
With this approach, you must install the gateway separately.
Procedure 4.7. To Set Up REST Access to OpenDJ Directory Server
OpenDJ directory server has a handler for HTTP connections, where it exposes the RESTful API demonstrated in the chapter on Performing RESTful Operations. The HTTP connection handler is not enabled by default.
You configure the mapping between JSON resources and LDAP entries
by editing the configuration file for the HTTP connection handler, by
default /path/to/opendj/config/http-config.json. The
configuration is described in the appendix, REST LDAP
Configuration. The default mapping works out of the box
with Example.com data generated as part of the setup process and with
Example.ldif.
-
Enable the connection handler.
$ dsconfig set-connection-handler-prop --hostname opendj.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --handler-name "HTTP Connection Handler" --set enabled:true --no-prompt --trustAll
-
Enable the HTTP access log.
$ dsconfig set-log-publisher-prop --hostname opendj.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --publisher-name "File-Based HTTP Access Logger" --set enabled:true --no-prompt --trustAll
This enables the HTTP access log,
opendj/logs/http-access. For details on the format of the HTTP access log, see the section on Server Logs. -
Try reading a resource.
The HTTP connection handler paths start by default at the root context, as shown in the following example.
$ curl http://bjensen:hifalutin@opendj.example.com:8080/users/bjensen ?_prettyPrint=true { "_rev" : "00000000315fb731", "schemas" : [ "urn:scim:schemas:core:1.0" ], "manager" : [ { "_id" : "trigden", "displayName" : "Torrey Rigden" } ], "contactInformation" : { "telephoneNumber" : "+1 408 555 1862", "emailAddress" : "bjensen@example.com" }, "_id" : "bjensen", "name" : { "familyName" : "Jensen", "givenName" : "Barbara" }, "userName" : "bjensen@example.com", "displayName" : "Barbara Jensen" } -
If necessary, change the connection handler configuration using the dsconfig command.
The following example shows how to set the port to 8443, and to configure the connection handler to do SSL (using the default server certificate). If you did not generate a default, self-signed certificate when installing OpenDJ directory server see the instructions, To Create & Install a Self-Signed Certificate, and more generally the section on Preparing For Secure Communications for additional instructions including how to import a CA-signed certificate.
$ dsconfig set-connection-handler-prop --hostname opendj.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --handler-name "HTTP Connection Handler" --set listen-port:8443 --set use-ssl:true --set key-manager-provider:JKS --set trust-manager-provider:"Blind Trust" --no-prompt $ stop-ds --restart Stopping Server... .... The Directory Server has started successfully $ keytool -export -rfc -alias server-cert -keystore /path/to/opendj/config/keystore -storepass `cat /path/to/opendj/config/keystore.pin` -file server-cert.pem Certificate stored in file <server-cert.pem> $ curl --cacert server-cert.pem --user bjensen:hifalutin https://opendj.example.com:8443/users/bjensen?_prettyPrint=true { "_rev" : "0000000018c8b685", "schemas" : [ "urn:scim:schemas:core:1.0" ], "contactInformation" : { "telephoneNumber" : "+1 408 555 1862", "emailAddress" : "bjensen@example.com" }, "_id" : "bjensen", "name" : { "familyName" : "Jensen", "givenName" : "Barbara" }, "userName" : "bjensen@example.com", "displayName" : "Barbara Jensen", "manager" : [ { "_id" : "trigden", "displayName" : "Torrey Rigden" } ] }
Procedure 4.8. To Set Up OpenDJ REST LDAP Gateway
Follow these steps to set up OpenDJ REST LDAP gateway Servlet to access your directory service.
-
Download and install the gateway as described in To Install OpenDJ REST LDAP Gateway.
-
Adjust the configuration for your directory service as described in REST LDAP Configuration.
