Package org.forgerock.opendj.rest2ldap.schema
package org.forgerock.opendj.rest2ldap.schema
This package contains LDAP schema syntaxes and matching rules for JSON based attributes.
There are two syntaxes, 'Json' and 'Json Query'.
( 1.3.6.1.4.1.36733.2.1.3.1 DESC 'Json' ) ( 1.3.6.1.4.1.36733.2.1.3.2 DESC 'Json Query' )The first of these,
Json
, is an attribute
syntax whose values must conform to the JSON syntax as defined in RFC 7159. The schema option JsonSchema.VALIDATION_POLICY
allows applications to relax the syntax
enforcement. For example, to allow single quotes and comments set the following schema option:
SchemaBuilder builder = ...; builder.setOption(JsonSchema.VALIDATION_POLICY, LENIENT);The second syntax,
Json Query
, is an
attribute syntax whose values are CREST query filters
. This syntax
is also the assertion syntax used by the
caseIgnoreJsonQueryMatch
and
caseExactJsonQueryMatch
matching rules:
( 1.3.6.1.4.1.36733.2.1.4.1 NAME 'caseIgnoreJsonQueryMatch' SYNTAX 1.3.6.1.4.1.36733.2.1.3.2 ) ( 1.3.6.1.4.1.36733.2.1.4.2 NAME 'caseExactJsonQueryMatch' SYNTAX 1.3.6.1.4.1.36733.2.1.3.2 )These syntaxes and matching rules are included by default with the OpenDJ server, but may be added to application code as follows:
SchemaBuilder builder = ...; JsonSchema.addJsonSyntaxesAndMatchingRulesToSchema(schemaBuilder);
Trying it out against OpenDJ server
After install OpenDJ server add the following schema definition to db/schema/99-user.ldif:
dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema attributeTypes: ( 1.3.6.1.4.1.36733.2.1.1.999 NAME 'json' SYNTAX 1.3.6.1.4.1.36733.2.1.3.1 EQUALITY caseIgnoreJsonQueryMatch SINGLE-VALUE ) objectClasses: (1.3.6.1.4.1.36733.2.1.2.999 NAME 'jsonObject' SUP top MUST (cn $ json ) )Start the server and then add the following entries:
path/to/opendj$ ./bin/ldapmodify -a -h localhost -p 1389 -D uid=admin -w password dn: cn=bjensen,ou=people,dc=example,dc=com objectClass: top objectClass: jsonObject cn: bjensen json: { "_id":"bjensen", "_rev":"123", "name": { "first": "Babs", "surname": "Jensen" }, "age": 65, "roles": [ "sales", "admin" ] } dn: cn=scarter,ou=people,dc=example,dc=com objectClass: top objectClass: jsonObject cn: scarter json: { "_id":"scarter", "_rev":"456", "name": { "first": "Sam", "surname": "Carter" }, "age": 48, "roles": [ "manager", "eng" ] }A finally perform some searches:
path/to/opendj$ ./bin/ldapsearch -h localhost -p 1389 -D uid=admin -w password \ -b ou=people,dc=example,dc=com "(json=age lt 60 and name/first sw 's')" dn: cn=scarter,ou=people,dc=example,dc=com objectClass: jsonObject objectClass: top cn: scarter json: { "_id":"scarter", "_rev":"456", "name": { "first": "Sam", "surname": "Car ter" }, "age": 48, "roles": [ "manager", "eng" ] }The JSON query matching rules support indexing which can be enabled using dsconfig against the appropriate attribute index.
-
ClassDescriptionUtility methods for obtaining JSON syntaxes and matching rules.JSON value validation policies.