• Software overview
• Json2Ldap
  • Introduction
  • Where to use?
  • Technical specification
  • Quick start
  • Configuration
  • Web API
  • Error codes
  • Reference book
  • FAQ
• JsWorld
  • Online demo
  • Quick start
  • Library design and features
  • Numeric formatting
  • Currency formatting
  • Date/time formatting
  • Parsing
  • Supported locales
• JSON-RPC 2.0
  • Introduction
  • Base Java classes
  • Console client
• Contact
• Download

Lightweight JSON RPC service

The Json2Ldap gateway/proxy is implemented as a lightweight JSON-RPC 2.0 web service which receives its LDAP operation requests via HTTP POST.

Deployment

The software is packaged as a web application archive (WAR) ready for immediate deployment in a Java servlet container, such as the popular open source Apache Tomcat server.

LDAP support

Json2Ldap can connect to directories supporting the current version 3 of the Lightweight Directory Access Protocol (LDAP). Here is a list of some popular directory servers that are LDAP v3 compliant:

• Active Directory from Microsoft
• eDirectory from Novell
• OpenDS, initially started by Sun
• OpenLDAP, the first influential open source implementation
• Tivoli Directory Server from IBM
• Apache DS, project of the Apache Software Foundation
• 389 Directory Server, a RedHat/Fedora project

Available RPC requests

The Json2Ldap gateway/proxy handles JSON remote procedure call (RPC) requests resembling all standard directory operations as well as requests for a few useful LDAP extensions and requests for meta-information about the web service.

Directory connection	Directory authentication	Directory read and search
ldap.connect ldap.isConnected ldap.close	ldap.simpleBind ldap.anonymousBind	ldap.getEntry ldap.search ldap.compare ldap.getRootDSE
Directory write operations	Extended directory operations	Web service information
ldap.add ldap.add (LDIF) ldap.delete ldap.deleteTree ldap.modify ldap.modify (multiple) ldap.modify (LDIF) ldap.modifyDN	ldap.ext.passwordModify ldap.ext.whoAmI	ws.getName ws.getVersion ws.getTime
Directory schema information
ldap.schema.getObjectClass ldap.schema.getObjectClasses ldap.schema.getAttributeType ldap.schema.getAttributeTypes ldap.schema.getMatchingRule ldap.schema.getMatchingRules ldap.schema.getMatchingRuleUse ldap.schema.getMatchingRuleUses ldap.schema.getSyntax ldap.schema.getSyntaxes

Configuration parameters

The Json2Ldap gateway/proxy is configured by a set of parameters located in the standard WEB-INF/web.xml web app descriptor file.

Incoming client connection settings	Outgoing LDAP connection settings
json2ldap.clients.requireAuthentication json2ldap.clients.requireSecureAccess json2ldap.clients.denyWriteRequests json2ldap.clients.denyReadRequests json2ldap.clients.denyBindRequests json2ldap.clients.denyPasswordModifyRequests json2ldap.clients.denyWhoAmIRequests json2ldap.clients.connectionQuotaPerIP json2ldap.clients.connectionQuotaPerBindDN json2ldap.clients.maxIdleTime json2ldap.clients.maxConnectionTime	json2ldap.ldap.allowedLdapServers json2ldap.ldap.requireSecureAccess json2ldap.ldap.autoReconnect
Default connection parameters	Logging
json2ldap.defaultConnection.enable json2ldap.defaultConnection.server json2ldap.defaultConnection.timeout json2ldap.defaultConnection.security json2ldap.defaultConnection.trustSelfSignedCerts	json2ldap.log4j.configurationFile
Custom trust and key store settings for outgoing TLS/SSL LDAP connections
json2ldap.ldap.customTrustStore.enable json2ldap.ldap.customTrustStore.file json2ldap.ldap.customTrustStore.type json2ldap.ldap.customTrustStore.password json2ldap.ldap.customKeyStore.enable json2ldap.ldap.customKeyStore.file json2ldap.ldap.customKeyStore.type json2ldap.ldap.customKeyStore.password

Logging

Json2Ldap uses the popular log4j utility. Here are the event types that can be selectively logged:

• The receipt of a JSON-RPC 2.0 request and the resulting response status (success or error code) after the request is processed. The connection identifier (CID) associated with each request is also logged.
• The creation of a new LDAP connection, along with its CID, and its eventual termination or expiration.
• Any internal Json2Ldap errors and warnings.

Logging is configured via the WEB-INF/log4j.properties file.

System requirements and dependencies

Json2Ldap can run on any relatively recent Java web server:

• Java 1.6+
• Java servlet container, conforming to version 2.4+ of the servlet API

The gateway/proxy software depends on a number of Java packages, some of them originating in-house, while others coming from third parties. All dependencies are included in the Json2Ldap WAR package, so you don't have to download and deploy them separately!

• UnboundID LDAP SDK - The best library for Java LDAP programming currently available, solid and easy to use, a huge improvement over the cumbersome and outdated JNDI.
• JsonRpc2-Base - Minimalist JSON-RPC 2.0 implementation for Java, developed in-house.
• JsonRpc2-Proc - Minimalist JSON-RPC 2.0 request handling framework, developed in-house.
• JSON.simple - Provides JSON encoding and decoding.
• PropertyUtil - Utility for typed retrieval of properties, developed in-house.
• Apache Commons Lang - Useful java.lang extensions from the Apache Foundation.
• log4j - The popular Java logging utility.

Thanks to UnboundID and the developers behind JSON.simple and the various Apache projects for making those great packages!

Change log

• version 1.0 (2010-04-28)
  • First stable release.
• version 1.1 (2010-05-22)
  • Factors out JSON-RPC 2.0 request processing framework in separate generic package.
• version 1.2 (2010-06-21)
  • Complete review and re-categorisation of the configuration parameters.
  • Adds configuration parameter to set a connection quota per bound DN.
  • Adds configuration parameter to limit total LDAP connection time.
  • Adds configuration parameter to enable automatic LDAP reconnect.
  • Adds configuration parameter to deny "Password Modify" request relay.
  • Adds configuration parameter to deny "Who am I?" request relay.
  • Complete refactoring of the LDAP connection manager and storage.
  • Updates UnboundID SDK from 1.1.3 to 1.1.4
• version 1.3 (2010-06-23)
  • Simplifies the API by removing the "ldap.presetBind" command.
• version 1.3.1 (2010-06-29)
  • Fixes two DTD compatibility errors in WEB-INF/web.xml.
  • Updates the included JsonRpc2-Client to the latest 1.3 version.
• version 1.4 (2010-08-15)
  • Merge ldap.secureConnect and ldap.presetConnect requests into ldap.connect to simplify the Json2Ldap API.
  • New ResultFormat class to streamline parsing of output type params.
  • New Json2LdapConfigurationException class to report bad init parameters on startup.
  • Updates JsonRpc2-Base package to 1.9.3.
• version 1.5 (2010-08-30)
  • ldap.search request allows to specify retrieval of all, none or operational attributes only.
  • Include DN's in ldap.search output formatted as JSON.
  • Updates JsonRpc2-Base package to 1.9.4.
• version 1.5.1 (2010-09-01)
  • Updates UnboundID SDK package to 1.1.5.
• version 1.5.2 (2010-09-02)
  • Includes new fields "timeLimitExceeded" and "sizeLimitExceeded" in ldap.search JSON results to nofity users of partial result sets.
• version 1.5.3 (2010-09-05)
  • Adds support for server-side sorting (RFC 2891) in ldap.search.
  • Includes explicit "DN" property in ldap.getEntry and ldap.search result entries.
  • Revert to strict handling of time|size limit exceeded errors in ldap.search.