ForgeRock Blog

Native REST in OpenDJ and the REST2LDAP Gateway

Directory Services are an ideal way to structure and store identity data at exceptional scale.

The long-serving protocol of choice is LDAP. Integrating with or building solutions around directories often involved LDAP SDKs designed some 15 years ago with almost zero standards to build on.  

For Java platform developers, however, the JNDI API emerged. Though the intent was for JNDI to be the standard on the Java platform, it hasn’t evolved with the rest of the platform and lacks basic properties such as Generics and Concurrency support. Development using JNDI is time consuming and far from intuitive even for seasoned engineers. Annoying problems such as the domain separator being a slash instead of a dot results in confusion and difficult debugging, especially as we are dealing with URLs.

ForgeRock’s OpenDJ SDK is the answer to this problem, but it’s still very LDAP-oriented. As we know, the learning curve associated with LDAP operations and data model can be steep. The future of LDAP is often debated because of this learning curve, and because it’s tricky and time consuming to use, which results in higher development costs. However, when we consider that LDAP is nearly unavoidable in today’s enterprises, it’s surprising that fundamental LDAP training is still not part of the required curricula for software engineers.  At great cost, this important knowledge is ignored by most students out of university and is also often neglected by startups building new and innovative solutions.

ForgeRock has made a tremendous effort to provide a RESTful interface around our directory,  OpenDJ, exposing all the power of OpenDJ and the LDAP protocol, but with the simplicity of REST. We maintain the high performance and scalability. Technically, this means that OpenDJ exposes its directory data, such as users, organizations, and groups over HTTP as JSON resources.

Businesses benefit by using the REST interface in OpenDJ because it means that applications relying on directory services are developed and brought to market significantly faster. The simplicity of REST also ensures more thorough testing and higher quality assurance. For example, in only a week’s time, one of our partners built a web application for a hospital that included different viewable information for different personnel (physicians, nurses, etc.) without having to train its staff on LDAP and its best practices. It is clear that using the REST API reduces development costs and accelerates time to revenue for new services and applications.

Give it a try! Cheers!