Package org.forgerock.opendj.rest2ldap.schema


package org.forgerock.opendj.rest2ldap.schema
This package contains LDAP schema syntaxes and matching rules for JSON based attributes.

There are two syntaxes, 'Json' and 'Json Query'.

 ( 1.3.6.1.4.1.36733.2.1.3.1 DESC 'Json' )
 ( 1.3.6.1.4.1.36733.2.1.3.2 DESC 'Json Query' )
 
The first of these, Json, is an attribute syntax whose values must conform to the JSON syntax as defined in RFC 7159. The schema option JsonSchema.VALIDATION_POLICY allows applications to relax the syntax enforcement. For example, to allow single quotes and comments set the following schema option:
 SchemaBuilder builder = ...;
 builder.setOption(JsonSchema.VALIDATION_POLICY, LENIENT);
 
The second syntax, Json Query, is an attribute syntax whose values are CREST query filters. This syntax is also the assertion syntax used by the caseIgnoreJsonQueryMatch and caseExactJsonQueryMatch matching rules:
 ( 1.3.6.1.4.1.36733.2.1.4.1 NAME 'caseIgnoreJsonQueryMatch' SYNTAX 1.3.6.1.4.1.36733.2.1.3.2 )
 ( 1.3.6.1.4.1.36733.2.1.4.2 NAME 'caseExactJsonQueryMatch' SYNTAX 1.3.6.1.4.1.36733.2.1.3.2 )
 
These syntaxes and matching rules are included by default with the OpenDJ server, but may be added to application code as follows:
 SchemaBuilder builder = ...;
 JsonSchema.addJsonSyntaxesAndMatchingRulesToSchema(schemaBuilder);
 

Trying it out against OpenDJ server

After install OpenDJ server add the following schema definition to db/schema/99-user.ldif:

 dn: cn=schema
 objectClass: top
 objectClass: ldapSubentry
 objectClass: subschema
 attributeTypes: ( 1.3.6.1.4.1.36733.2.1.1.999 NAME 'json'
   SYNTAX 1.3.6.1.4.1.36733.2.1.3.1 EQUALITY caseIgnoreJsonQueryMatch SINGLE-VALUE )
 objectClasses: (1.3.6.1.4.1.36733.2.1.2.999 NAME 'jsonObject' SUP top
   MUST (cn $ json ) )
 
Start the server and then add the following entries:
 path/to/opendj$ ./bin/ldapmodify -a -h localhost -p 1389 -D uid=admin -w password
 dn: cn=bjensen,ou=people,dc=example,dc=com
 objectClass: top
 objectClass: jsonObject
 cn: bjensen
 json: { "_id":"bjensen", "_rev":"123", "name": { "first": "Babs", "surname": "Jensen" }, "age": 65, "roles": [
   "sales", "admin" ] }

 dn: cn=scarter,ou=people,dc=example,dc=com
 objectClass: top
 objectClass: jsonObject
 cn: scarter
 json: { "_id":"scarter", "_rev":"456", "name": { "first": "Sam", "surname": "Carter" }, "age": 48, "roles": [
   "manager", "eng" ] }
 
A finally perform some searches:
 path/to/opendj$ ./bin/ldapsearch -h localhost -p 1389 -D uid=admin -w password \
   -b ou=people,dc=example,dc=com "(json=age lt 60 and name/first sw 's')"
 dn: cn=scarter,ou=people,dc=example,dc=com
 objectClass: jsonObject
 objectClass: top
 cn: scarter
 json: { "_id":"scarter", "_rev":"456", "name": { "first": "Sam", "surname": "Car
   ter" }, "age": 48, "roles": [ "manager", "eng" ] }
 
The JSON query matching rules support indexing which can be enabled using dsconfig against the appropriate attribute index.