Forwarding for exposure - any interest?
-------- Forwarded Message -------- Subject: [OldapWS] -> Proposal of a REST Web Service for CRUD Operations Date: Fri, 16 Sep 2022 13:21:10 +0200 From: Olivier CHATOR olivier.chator15@gmail.com To: openldap-devel@openldap.org
Dear all,
I am a "long time user" of OpenLDAP core parts. If the core is very stable, I often received some request from application developers, complaining about the lack of REST Web Service API to manipulate their Directory objects.
Of course, as far as I could see, there is commercial solution available to do this, or even a project using Spring. But I could not see a simple proposal based on a simple Apache Server and "fully free" of rights.
I also saw (https://www.openldap.org/devel/contributing.html) that "The OpenLDAP Project welcomes contributions of independently-developed stand-alone LDAP-related software packages suitable for distribution separately from existing packages (e.g., OpenLDAP Software, JLDAP, JDBC-LDAP)".
Then, I would like to propose a full Open Source first realease of a CRUD REST Web Service to manipulate OpenLDAP's Directory Objects.
I know that this first release is very limited in term of features, but I think it does the "core job", and may be a common base to be enriched to build a real OpenLDAP REST API ? Package available here: https://drive.google.com/drive/folders/1s4zlTleJ1JWhQWP2kLGHtTRofpWNevS7?usp...
Thanks for your time reading this proposal, do not hesitate to ask if you have any question. Kind regards, Olivier Chator
This would be great If it were based on SCIM (https://www.simplecloud.info/ ) and then expanded for operations that aren't user specific.
JON C KIDDER | ARCHITECT STAFF JCKIDDER@AEP.COM | D:614.716.4970 1 RIVERSIDE PLAZA, COLUMBUS, OH 43215 -----Original Message----- From: Howard Chu hyc@symas.com Sent: Monday, September 19, 2022 12:55 PM To: OpenLDAP Technical openldap-technical@OpenLDAP.org Subject: [EXTERNAL] Fwd: [OldapWS] -> Proposal of a REST Web Service for CRUD Operations
This is an EXTERNAL email. STOP. THINK before you CLICK links or OPEN attachments. If suspicious please click the 'Report to Incidents' button in Outlook or forward to incidents@aep.com from a mobile device.
Forwarding for exposure - any interest?
-------- Forwarded Message -------- Subject: [OldapWS] -> Proposal of a REST Web Service for CRUD Operations Date: Fri, 16 Sep 2022 13:21:10 +0200 From: Olivier CHATOR olivier.chator15@gmail.com To: openldap-devel@openldap.org
Dear all,
I am a "long time user" of OpenLDAP core parts. If the core is very stable, I often received some request from application developers, complaining about the lack of REST Web Service API to manipulate their Directory objects.
Of course, as far as I could see, there is commercial solution available to do this, or even a project using Spring. But I could not see a simple proposal based on a simple Apache Server and "fully free" of rights.
I also saw (https://urldefense.com/v3/__https://www.openldap.org/devel/contributing.html... ) that "The OpenLDAP Project welcomes contributions of independently-developed stand-alone LDAP-related software packages suitable for distribution separately from existing packages (e.g., OpenLDAP Software, JLDAP, JDBC-LDAP)".
Then, I would like to propose a full Open Source first realease of a CRUD REST Web Service to manipulate OpenLDAP's Directory Objects.
I know that this first release is very limited in term of features, but I think it does the "core job", and may be a common base to be enriched to build a real OpenLDAP REST API ? Package available here: https://urldefense.com/v3/__https://drive.google.com/drive/folders/1s4zlTleJ...
Thanks for your time reading this proposal, do not hesitate to ask if you have any question. Kind regards, Olivier Chator
I think it would be a great addition! It's of course way too early for a review, but just to save time later on when you need to update the code for current Perl standards: I would drop something like CGI (it's discouraged nowadays) and use something modern and async like Mojolicious for the web requests. This mostly because when people discover this feature, they will heavily rely on it.
Regards,
C.
Le lun. 19 sept. 2022 à 18:55, Howard Chu hyc@symas.com a écrit :
Forwarding for exposure - any interest?
-------- Forwarded Message -------- Subject: [OldapWS] -> Proposal of a REST Web Service for CRUD Operations Date: Fri, 16 Sep 2022 13:21:10 +0200 From: Olivier CHATOR olivier.chator15@gmail.com To: openldap-devel@openldap.org
Dear all,
I am a "long time user" of OpenLDAP core parts. If the core is very stable, I often received some request from application developers, complaining about the lack of REST Web Service API to manipulate their Directory objects.
Of course, as far as I could see, there is commercial solution available to do this, or even a project using Spring. But I could not see a simple proposal based on a simple Apache Server and "fully free" of rights.
I also saw (https://www.openldap.org/devel/contributing.html) that "The OpenLDAP Project welcomes contributions of independently-developed stand-alone LDAP-related software packages suitable for distribution separately from existing packages (e.g., OpenLDAP Software, JLDAP, JDBC-LDAP)".
Then, I would like to propose a full Open Source first realease of a CRUD REST Web Service to manipulate OpenLDAP's Directory Objects.
I know that this first release is very limited in term of features, but I think it does the "core job", and may be a common base to be enriched to build a real OpenLDAP REST API ? Package available here: https://drive.google.com/drive/folders/1s4zlTleJ1JWhQWP2kLGHtTRofpWNevS7?usp...
Thanks for your time reading this proposal, do not hesitate to ask if you have any question. Kind regards, Olivier Chator
Greetings.
On 19 Sep 2022, at 17:54, Howard Chu wrote:
Then, I would like to propose a full Open Source first realease of a CRUD REST Web Service to manipulate OpenLDAP's Directory Objects.
This is a nice idea!
However, as something of a terminology quibble, I'd say this was a 'web service', rather than a 'REST web service'.
As I understand the term, I take 'REST' to refer to a web service which, at a minimum,
* describes a URL-based scheme for _naming_ the things being manipulated, and * retrieves and manipulates those things via the HTTP verbs, GET, POST, PUT, DELETE, etc.
Thus the 'JSON query string' sent to the server via HTTP POST wouldn't qualify as 'REST'.
For a REST scheme, I can imagine something like supporting service objects named, eg
https://ldapcrud.service/dc=fr/dc=oldapws/cn=Olivier%20Chator
Calling GET on that obtains the attributes of the corresponding object; calling PUT on it replaces or creates it; calling DELETE deletes it, and so on.
One might also have
.../cn=Olivier%20Chator/cn
to name a single attribute of the object (retrieved or edited with GET/POST/PUT/DELETE).
Parameters such as 'nbbypage' might naturally fit in using URL path parameters. RFC 3986, Sect.3.3 'Path', gestures towards these without committing itself to a particular standard, but
.../dc=fr/dc=oldapws;nbbypage=10;numpage=2
might work as a way of naming, and thus retrieving, the second 10 results which <.../dc=fr/dc=oldaps> would produce (ie, paging through the results of <.../dc=fr/dc=oldapws>).
The Accept header in the HTTP query, containing a MIME type, can be used to request a result format.
I'm not 100% sure that this scheme is optimal (is it unambiguous when distinguishing 'I want an entry' from 'I want attribute "x" from an entry'?), but this sort of scheme is very easy to use: no creating query strings, just retrieve a URL. The obligation to think about the naming of objects, and to separate that from the understanding of the HTTP verbs, produces in my experience a great deal of design clarity.
It also gets a fair amount of specification for free, in that the semantics of the HTTP verbs are well-defined, in terms of idempotency and the like.
Best wishes,
Norman
Norman Gray gray@nxg.name schrieb am 19.09.2022 um 20:44 in Nachricht
55D788C7-F3D6-4389-BC24-A26318AF0C08@nxg.name:
Greetings.
On 19 Sep 2022, at 17:54, Howard Chu wrote:
Then, I would like to propose a full Open Source first realease of a CRUD
REST Web Service to manipulate OpenLDAP's Directory Objects.
This is a nice idea!
However, as something of a terminology quibble, I'd say this was a 'web service', rather than a 'REST web service'.
As I understand the term, I take 'REST' to refer to a web service which, at
a minimum,
- describes a URL‑based scheme for _naming_ the things being manipulated,
and
- retrieves and manipulates those things via the HTTP verbs, GET, POST,
PUT, DELETE, etc.
Thus the 'JSON query string' sent to the server via HTTP POST wouldn't qualify as 'REST'.
OTOH it will help to keep URIs short and allow easy encoding of structured data.
...
Regards, Ulrich
Ulrich, hello.
On 20 Sep 2022, at 8:36, Ulrich Windl wrote:
Thus the 'JSON query string' sent to the server via HTTP POST wouldn't qualify as 'REST'.
OTOH it will help to keep URIs short and allow easy encoding of structured data.
True -- I wasn't primarily criticising the API design as such, merely noting that the term 'REST' has a fairly narrow definition.
That said, as a separate point, I think the REST design paradigm is a good one, in the sense that it decomposes the problem in a way that I, for one, find useful. It does lead to longer URIs, yes, but that's surely a very minor inconvenience, if it's an inconvenience at all.
Best wishes,
Norman
Le 19/09/2022 à 18:54, Howard Chu a écrit :
Forwarding for exposure - any interest?
Hello,
I confirm my interest too.
We are currently working with FusionDirectory which offers a REST API : https://rest-api.fusiondirectory.org/
The advantage is that FD has triggers which can be used to run a script on entry creation/modification/deletion. But this may be too high-level for an OpenLDAP server.
That would be great feature.
Actually I've been investigating fusion directory and ldap-account-manager.
Both are written in PHP, and it's been hard to me to get start on both of them in development.
At this point, should the rest be part of openldap or development a third part that will wrap the LDAP protolocol and connect to any server?
Em 20/09/2022 05:07, Clément OUDOT escreveu:
Le 19/09/2022 à 18:54, Howard Chu a écrit :
Forwarding for exposure - any interest?
Hello,
I confirm my interest too.
We are currently working with FusionDirectory which offers a REST API : https://rest-api.fusiondirectory.org/
The advantage is that FD has triggers which can be used to run a script on entry creation/modification/deletion. But this may be too high-level for an OpenLDAP server.
Hello,
Just in case, I share another opensource project that offer REST API for this type of modification :
LdapSaisie https://ldapsaisie.org
The REST API is a quite new feature (one or two years, I don't remember) but this project was started in 2007. I'm the main developer of this application and I maintain it as part of my job at Easter-eggs (and in my spare time).
For more information about the project and it's API feature, you could take a look at the documentation (in french, sorry) :
https://ldapsaisie.org/doc/all-in-one/LdapSaisie.html#api
Freely,
openldap-technical@openldap.org
-
Benjamin Renard -
C R -
Clément OUDOT -
Howard Chu -
Jon C Kidder -
Lucas Castro -
Norman Gray -
Ulrich Windl