Friday, October 4, 2013

OpenIDM Custom Endpoints

Let's talk about a very cool OpenIDM feature called custom endpoints.

If you have used OpenIDM you know that objects in the system (be they repository, provisioner, or configuration objects) are available at  RESTful endpoints that accept and return JSON representations. This makes OpenIDM super easy to integrate with and script.

For example, if you add an LDAP adapter called "ldap", a REST endpoint becomes available at /openidm/system/ldap/ that allows you to query, read, write, update and delete LDAP entries. 

 As an aside, most OpenIDM configuration objects are dynamically reloaded when they are modified. This makes development a joy as you do not need to bounce the Felix OSGI container every time you make a change.  The container starts very fast (30 seconds or so on my laptop) - but every second counts!

What you might not know is that you can easily add your own custom endpoints. A custom endpoint is an OpenIDM script that accepts a REST request and uses the underlying APIs to interact with OpenIDM objects.

Check out this wiki entry that shows an example of how easy it is to create your own custom endpoint.

Wednesday, October 2, 2013

Enabling pass through LDAP authentication for OpenIDM

Out of the box OpenIDM uses a local "openidm-admin" account to perform RESTful authentication. This is fine for testing, but for production you probably want to maintain control over the admin accounts in your directory.

This wiki entry will show you how to configure pass through authentication to LDAP.

This will allow you to maintain the OpenIDM administrative accounts used for RESTful access in your directory.  You simply add these accounts to the LDAP group specified in the configuration. Check out the wiki for the full story.