REST Access to OpenDJ Directory Server - OpenIdentityPlatform/OpenDJ GitHub Wiki

Check Java 1.8+ requirement

$ java -version

openjdk version "22.0.1" 2024-04-16
OpenJDK Runtime Environment Homebrew (build 22.0.1)
OpenJDK 64-Bit Server VM Homebrew (build 22.0.1, mixed mode, sharing)

Get the Latest Version of the OpenDJ LDAP Server

$ cd /tmp

$ export VERSION="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenDJ/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" && echo "last release: $VERSION"

last release: 4.6.4

$ curl -L https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip --output opendj.zip

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 59.7M  100 59.7M    0     0  6770k      0  0:00:09  0:00:09 --:--:-- 8013k

$ unzip opendj && cd opendj

...
 inflating: opendj/template/config/wordlist.txt

Setup Server With a Sample Data

$ ./setup --sampleData 1000 -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt

Configuring Directory Server ..... Done.
Configuring Certificates ..... Done.
Importing Automatically-Generated Data (1000 Entries) ....... Done.
Starting Directory Server ....... Done.

To see basic server configuration status and configuration, you can launch
/private/tmp/opendj/bin/status

Enable the REST HTTP Connection Handler

$ bin/dsconfig set-connection-handler-prop --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword  password --handler-name "HTTP Connection Handler" --set enabled:true --no-prompt --trustAll

List http-authorization-mechanisms

$ bin/dsconfig list-http-authorization-mechanisms --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --trustAll

HTTP Authorization Mechanism              : Type
------------------------------------------:--------------------------------------------------------
HTTP Anonymous                            : http-anonymous-authorization-mechanism
HTTP Basic                                : http-basic-authorization-mechanism
HTTP OAuth2 CTS                           : http-oauth2-cts-authorization-mechanism
HTTP OAuth2 File                          : http-oauth2-file-authorization-mechanism
HTTP OAuth2 OpenAM                        : http-oauth2-openam-authorization-mechanism
HTTP OAuth2 Token Introspection (RFC7662) : http-oauth2-token-introspection-authorization-mechanism

List http-endpoints

$ bin/dsconfig list-http-endpoints --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --trustAll


HTTP Endpoint : Type               : enabled
--------------:--------------------:--------
/admin        : admin-endpoint     : true
/api          : rest2ldap-endpoint : true

Enable the File-Based HTTP Access Logger

$ bin/dsconfig set-log-publisher-prop --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword  password --publisher-name "File-Based HTTP Access Logger" --set enabled:true --no-prompt --trustAll

Create a User With Read/Write Permissions

$ bin/ldapmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword password

dn: ou=write-rest,ou=people,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: write-rest
description: REST administrators

Processing ADD request for ou=write-rest,ou=people,dc=example,dc=com
ADD operation successful for DN ou=write-rest,ou=people,dc=example,dc=com

dn: uid=admin,ou=write-rest,ou=people,dc=example,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
cn: admin
uid: admin
sn: admin
description: REST admin
userPassword: password

Processing ADD request for uid=admin,ou=write-rest,ou=people,dc=example,dc=com
ADD operation successful for DN
uid=admin,ou=write-rest,ou=people,dc=example,dc=com


^C

Test Reading Other Users

$ curl -u "admin:password"  http://localhost:8080/api/users/user.0?_prettyPrint=true
{
  "_id" : "user.0",
  "_rev" : "00000000595bb0ca",
  "_schema" : "frapi:opendj:rest2ldap:user:1.0",
  "_meta" : { },
  "userName" : "[email protected]",
  "displayName" : [ "Aaccf Amar" ],
  "name" : {
    "givenName" : "Aaccf",
    "familyName" : "Amar"
  },
  "description" : "This is the description for Aaccf Amar.",
  "contactInformation" : {
    "telephoneNumber" : "+1 685 622 6202",
    "emailAddress" : "[email protected]"
  }

For more info about REST operations see Performing RESTful Operations.

To change the configuration modify the default file config/rest2ldap/endpoints/api/example-v1.json

Set User Password via REST API in OpenDJ

How to delegate password reset permissions