Does LDAP support JSON object as an input for storage?

This topic has 7 replies, 4 voices, and was last updated 5 years, 11 months ago by Ludo.

  • Author
  • #11301

    Problem statement: Does LDAP support JSON object as an input for storage?

    Description: I wanted to store json in opendj ldap server. Is there any datatype(or syntax decriptor) for storing it?
    Since when we use DirectoryString for storing json, it does not consumes it.



    There is no specific support for JSON as of today.
    Today you need to store JSON as a directory string, but OpenDJ does nothing beyond that, no special indexing, etc.

    JSON support will be implemented in Last time I heard about it (a long time ago) it was scheduled for 4.0.0. I do not know if this is still the case.


    Thanks for the input.

     Bill Nelson

    @jnrouvignac is correct that you would implement this as a DirectoryString. We have found the need to do this in a couple different use cases but it comes with a certain considerations when taking this approach.

    First, as @jnrouvignac mentions, there is no specific indexing on the data and depending on how large the JSON data is, I would highly recommend that you turn off all indexing on that attribute except for maybe “presence”. Otherwise you will essentially hit your index limit very quickly and make them worthless anyways.

    Second, JSON data is not enforced by any schema rules in OpenDJ. Make sure you do enforcement of attributes, syntax, required/allowed, etc within your application.

    Third, JSON data can grow very quickly – both horizontally (the number of entries w/JSON data) and vertically (the size of the JSON data within an entry). Plan your system resources (JVM heap, file system, etc.) accordingly.

    Finally, be aware that when you make any change to anything in the JSON data (attribute name or value), you are changing the entire value of the OpenDJ attribute. In so doing, you are now replicating the entire “chunk” of information from one server to all peers in your replication topology. Plan your network accordingly.

    As we have learned adding JSON values as DJ data is very flexible, but ultimately it is nothing more than just a big “sock drawer” in which you store stuff.

     Bill Nelson

    Oh, and to respond to the question of whether JSON support is targeted for a future release, the answer is yes. OpenDJ will most likely become a supported (if not the official) repository for OpenIDM. In order to do that, it must support JSON in its native form.


    How to migrate data from one opendj server to another opendj server? version:2.6.2

     Bill Nelson

    You can export the dat using export-ldif and import it using import-ldif.

    Alternately you can enable replication and perform real time data copy.

    Keep in mind that any global acis or policies are not included in this. Only the subentries.


    We’ve added support for storing JSON objects in attributes and also matching through JSON values.
    This can be tested today with the nightly builds.
    The attribute with a JSON Syntax can be indexed like any other attribute, for equality.
    Beware, that right now, this is fresh code and it hasn’t been stressed to the limits. I would strongly recommend it to store small JSON objects. And also, you cannot modify a JSON field, you can only replace the whole value with a new one.
    The JIRA issue has an exemple on how to use JSON Syntaxes and Matching Rules

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?