• Software overview
• Json2Ldap
  • Introduction
  • Where to use?
  • Technical specification
  • Quick start
  • Configuration
  • Web API
  • Error codes
  • Reference book
  • FAQ
• JsWorld
  • Online demo
  • Quick start
  • Library design and features
  • Numeric formatting
  • Currency formatting
  • Date/time formatting
  • Parsing
  • Supported locales
• JSON-RPC 2.0
  • Introduction
  • Base Java classes
  • Console client
• Contact
• Download

How did Json2Ldap come about?

Json2Ldap is actually a by-product, of a larger software project. Its life began as a component in a portal business application where a key selling point was making identity data available as a separate web resource. Directories, however, speak LDAP, which is a special binary protocol. This interfacing problem was solved by putting a lightweight web service in front of the back-end directory to translate JSON/HTTP-based messages to the LDAP protocol and then back.

Making the directory appear as a web service turned out to be a clever decision. It enabled UI engineers to easily link up and mix user data into web pages - in the exact spot and degree of detail the particular screen or form requires, directly at the presentation level using a few lines of JavaScript.

Early 2010 I invested time to spin off the LDAP gateway/proxy code into a product on its own, and called it Json2Ldap. I believe it can serve well in many other applications of the Ajax/Cloud/Mashup/Web 2.0 spirit that would benefit from web-friendly access to directory data and search.

Why JSON-RPC 2.0?

Instead of inventing yet another ad-hoc JSON schema for Json2Ldap, I decided to use standard JSON-RPC, which is gradually gaining acceptance now. I chose version 2.0 over 1.0 of JSON-RPC because it allows for named parameters, improving API clarity and making it easy to add new request parameters in future without breaking backward compatibility. JSON-RPC 2.0 also has better error reporting.

How about DSML?

DSML is, well, what the acronym implies - it's dismal :-) The first version of this protocol was devised in 1999, but it didn't really pick up, and even the subsequent revision in 2001 wasn't particularly successful.

Using JSON-RPC to talk to directory servers over the web has strong advantages: In terms of format, JSON encoded messages are terse and easily consumed by JavaScript programs on the browser side. In terms of API, Json2Ldap keeps a close mapping to the LDAP protocol, so programmers who have previously worked with directories would feel at home.

What are the implications of exposing a directory server on the web?

Use of the LDAP protocol is typically confined within the corporate intranets and isn't really suited to work over the internet. The Json2Ldap gateway/proxy is not just about rewriting the incoming JSON messages as LDAP requests. It also offers mechanisms to ensure that sensitive information is protected and chances of denial-of-service attacks are minimised:

• LDAP server whitelists.
• Connection quotas per client IP and bind DN.
• Use of secure connection identifiers.
• Clients may be required to authenticate using LDAP "bind" at connection time.
• Allowing for default connect requests where the hostname/IP address of the back-end LDAP server remain hidden to users.
• TLS/SSL may be required for the client-gateway and/or the gateway/LDAP server connections.
• Directory access may be limited to read-only or authenticate-only.

How does Json2Ldap apply to cloud computing?

The web-friendly JSON + HTTP interface of Json2Ldap can turn any LDAP v3 compatible server into a "cloud directory". Contact me if you have interest in such a solution.

Why was the ldap.presetBind request removed from Json2Ldap in version 1.3?

The ldap.presetBind command was removed for the sake of simplicity. During the most recent rewrite of the documentation I noticed that explaining the various security and configuration implications of this RPC request was rather complicated. In the end I decided to make life simpler for all of us and scrapped it from the Json2Ldap API.

Why do I get an LDAP error 11 (Admin Limit Exceeded) when making searches?

This error is raised when the so-called "look through" limit is exceeded. If you're using OpenDS set the ds-cfg-lookthrough-limit configuration parameter to a value that is greater than the total number of entries in your directory.