mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: abcaee7c | patch | commit | show whitespace
Mark Craig
04.34.2014 8d3092ae7db8d949d2c755a3eea6dfc5e2e2e9b9 
Backport CR-3951 Fix for OPENDJ-1499: Note that REST mappings/namingStrategies are single-level
2 files modified
48 ■■■■■ changed files
opends/src/main/docbkx/admin-guide/appendix-rest2ldap.xml 24 ●●●●● patch | view | raw | blame | history
opends/src/main/docbkx/admin-guide/chap-rest-operations.xml 24 ●●●● patch | view | raw | blame | history 
 opends/src/main/docbkx/admin-guide/appendix-rest2ldap.xml


@@ -20,20 +20,18 @@


  !


  ! CCPL HEADER END


  !


  !      Copyright 2013 ForgeRock AS


  !      Copyright 2013-2014 ForgeRock AS


  !


-->


<appendix xml:id='appendix-rest2ldap'


          xmlns='http://docbook.org/ns/docbook' version='5.0' xml:lang='en'


          xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'


          xsi:schemaLocation='http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd'


          xmlns:xlink='http://www.w3.org/1999/xlink'


          xmlns:xinclude='http://www.w3.org/2001/XInclude'>


          xsi:schemaLocation='http://docbook.org/ns/docbook


                              http://docbook.org/xml/5.0/xsd/docbook.xsd'


          xmlns:xlink='http://www.w3.org/1999/xlink'>


 <title>REST LDAP Configuration</title>


 <indexterm><primary>REST</primary></indexterm>


 <indexterm><primary>HTTP</primary></indexterm>


 <!-- This belongs in an OpenDJ reference. Ultimately this doc should


      be generated, too, rather than written by hand. CREST-71? -->




 <itemizedlist>


  <para>OpenDJ offers two alternatives for RESTful access to directory


@@ -664,8 +662,18 @@


        <varlistentry>


         <term>"namingStrategy" (required)</term>


         <listitem>


          <para>The approach used to map LDAP entry names to JSON resources. The


          following naming strategies are supported.</para>


          <para>


           The approach used to map LDAP entry names to JSON resources.


          </para>




          <para>


           LDAP entries mapped to JSON resources


           must be immediate subordinates of the mapping's "baseDN".


          </para>




          <para>


           The following naming strategies are supported.


          </para>




          <itemizedlist>


           <listitem>




 opends/src/main/docbkx/admin-guide/chap-rest-operations.xml


@@ -193,13 +193,23 @@


uid: bjensen


  </programlisting>




  <para>Given this pattern in the user entries, the default REST to LDAP


  configuration assumes that the user name on the HTTP side is the value of


  the user ID, and that user entries can be found under


  <literal>ou=People,dc=example,dc=com</literal>. In other words, Babs Jensen


  authenticates as <literal>bjensen</literal> (password:


  <literal>hifalutin</literal>) over HTTP. This is mapped for an LDAP bind


  to the bind DN <literal>uid=bjensen,ou=People,dc=example,dc=com</literal>.</para>


  <para>


   Given this pattern in the user entries,


   the default REST to LDAP configuration assumes that the user name


   on the HTTP side is the value of the user ID,


   and that user entries can be found directly under


   <literal>ou=People,dc=example,dc=com</literal>.<footnote>


    <para>


     In general, REST to LDAP mappings require


     that LDAP entries mapped to JSON resources


     be immediate subordinates of the mapping's baseDN.


    </para>


   </footnote>


   In other words, Babs Jensen authenticates as <literal>bjensen</literal>


   (password: <literal>hifalutin</literal>) over HTTP.


   This is mapped for an LDAP bind to the bind DN


   <literal>uid=bjensen,ou=People,dc=example,dc=com</literal>.


  </para>




  <para>With HTTP Basic authentication, it looks like this.</para>