Datasheet

JSON-RPC web service for LDAP directory access

The Json2Ldap is a JSON-RPC 2.0 web gateway for LDAP directory access.

Supported LDAP operations and controls

Json2Ldap supports all core LDAP operations (RFC 4510):

It also supports a number of popular LDAP controls and extensions:

LDAP controls:

Authorisation identity bind control (RFC 3829).
Server-side sorting of search results (RFC 2891).
Simple paged results (RFC 2696).
Virtual-list-view search control (draft-ietf-ldapext-ldapv3-vlv-09)
Sub-tree delete (draft-armijo-ldap-treedelete-02).

Extended LDAP operations:

Directory server compatibility

Json2Ldap is compatible with any directory supporting the current version 3 of the Lightweight Directory Access Protocol (LDAP).

Popular directory servers:

Web API

Json2Ldap handles JSON remote procedure call (RPC) requests for all standard directory operations as well as requests for a few useful LDAP extensions. See the Json2Ldap web API.

Directory connection »	Directory authentication »	Directory read and search »
ldap.connect ldap.isConnected ldap.close	ldap.simpleBind ldap.anonymousBind ldap.plainBind ldap.digestMD5Bind	ldap.getEntry ldap.search ldap.compare ldap.getRootDSE
Directory write operations »	Extended directory operations »	Utility functions »
ldap.add ldap.add (LDIF) ldap.delete ldap.delete (LDIF) ldap.deleteTree ldap.modify ldap.modify (multiple) ldap.modify (LDIF) ldap.modifyDN	ldap.ext.passwordModify ldap.ext.whoAmI	ldap.util.isValidDN ldap.util.normalizeDN ldap.util.compareDNs ldap.util.isValidFilter ldap.util.encodeFilterValue
Directory schema information »		SRP-6a authentication »
ldap.schema.getObjectClass ldap.schema.getObjectClasses ldap.schema.getAttributeType ldap.schema.getAttributeTypes ldap.schema.getMatchingRule ldap.schema.getMatchingRules ldap.schema.getMatchingRuleUse ldap.schema.getMatchingRuleUses ldap.schema.getSyntax ldap.schema.getSyntaxes		x.srp6.getSettings x.srp6.bind (step 1) x.srp6.bind (step 2) x.srp6.setVerifier
		Web service information »
		ws.getName ws.getVersion ws.getTime

Deployment

Json2Ldap is packaged as a standard web application archive (WAR) ready for deployment in a Java servlet container, such as the popular open source Apache Tomcat server.

Configuration

Json2Ldap is configured by properties located in the /WEB-INF/json2ldap.properties file. Any configuration property can be overridden by a Java system property.

Access control »	Web API settings »
Client access control: SSL / X.509 security, client IP whitelist, API keys. json2ldap.access.https.require json2ldap.access.https.requireClientCert json2ldap.access.https.clientCertPrincipal json2ldap.access.hosts.allow json2ldap.access.apiKeys.require json2ldap.access.apiKeys.exemptedMethods json2ldap.access.apiKeys.map.*	Enable / disable Json2Ldap calls, exception reporting, HTTP response content type. json2ldap.api.requireAuthentication json2ldap.api.denyWriteRequests json2ldap.api.denyReadRequests json2ldap.api.denyBindRequests json2ldap.api.denyPasswordModifyRequests json2ldap.api.denyWhoAmIRequests json2ldap.api.connectionQuotaPerIP json2ldap.api.connectionQuotaPerUser json2ldap.api.disableErrorCodeMapping json2ldap.api.exposeExceptions json2ldap.api.responseContentType json2ldap.api.reportRequestProcTime
LDAP connections »	Default LDAP server »
LDAP connection settings: directory server whitelists, security, auto-reconnect, time limits. json2ldap.ldap.allowedServerURLs json2ldap.ldap.requireSecureAccess json2ldap.ldap.autoReconnect json2ldap.ldap.maxIdleTime json2ldap.ldap.maxConnectionTime	Specify a default LDAP directory server (single / replicated) for ldap.connect requests. json2ldap.defaultLDAPServer.enable json2ldap.defaultLDAPServer.url json2ldap.defaultLDAPServer.selectionAlgorithm json2ldap.defaultLDAPServer.security json2ldap.defaultLDAPServer.connectTimeout json2ldap.defaultLDAPServer.trustSelfSignedCerts
Custom trust / key store for TLS/SSL LDAP »	SRP-6a authentication »
Custom trust and / or key store for TLS / SSL LDAP connections. json2ldap.ldap.customTrustStore.enable json2ldap.ldap.customTrustStore.file json2ldap.ldap.customTrustStore.type json2ldap.ldap.customTrustStore.password json2ldap.ldap.customKeyStore.enable json2ldap.ldap.customKeyStore.file json2ldap.ldap.customKeyStore.type json2ldap.ldap.customKeyStore.password	Optional settings for Secure Remote Password (SRP-6a) authentication. json2ldap.x.srp6.enable json2ldap.x.srp6.dn json2ldap.x.srp6.password json2ldap.x.srp6.attribute json2ldap.x.srp6.primeSize json2ldap.x.srp6.saltSize json2ldap.x.srp6.hashAlgorithm json2ldap.x.srp6.timeout

Logging

Json2Ldap uses the popular Log4j framework. The following event types can be selectively logged:

On a HTTP request: method name, client IP, CORS origin (if applicable).
On a JSON-RPC 2.0 request: method name, LDAP connection identifier (CID) (if applicable), response status (success or error code).
The creation, termination and expiration of LDAP connections.
Internal Json2Ldap exceptions.

Logging is configured by the /WEB-INF/log4j.properties file.

Sample LDAP directory server

A sample LDAP directory server is included in the Json2Ldap WAR to enable evaluation and testing of the service without an external directory. The sample directory is enabled / disabled and configured through the /WEB-INF/sampleDirectory.properties file.

System requirements

Java 8+
Java servlet API 4.0.1+

The web service requires about 150 megabytes of memory to boot, then about 1 kilobyte for every open LDAP connection.