How to enable opendj rest call

Tagged: , ,

This topic has 8 replies, 3 voices, and was last updated 7 years, 5 months ago by Ludo.

  • Author
    Posts
  • #3287
     sohanb
    Participant

    Hi,

    I am using openAM 12.0.0. with embedded openDJ.
    I want to access openDJ data using openDJ rest api’s. I was following this document to add http connection handler before i can access the rest call
    http://opendj.forgerock.org/opendj-server/doc/bootstrap/admin-guide/index.html#setup-rest2ldap-connection-handler

    But when i followed the instruction with this command
    ./dsconfig set-connection-handler-prop –hostname punvm-core06.example.net –port 5444 –bindDN “cn=Directory Manager” –bindPassword “welcome321” –handler-name “HTTP Connection Handler” –set enabled:true –no-prompt –trustAll

    I am getting following response,
    Unable to continue since there are no “HTTP Connection Handler” currently
    configured on the server.

    I am not under standing what is wrong.
    Can you please suggest .

    Thanks!

    • This topic was modified 7 years, 5 months ago by sohanb.
    #3289
     Ludo
    Moderator

    Hi,

    I don’t think it is wise to enable the REST end-point in the OpenAM embedded version of OpenDJ. Remember, OpenAM runs in a container which is supposed to handle all web traffic. Enabling the REST end-point in OpenDJ will open a port that will not be known by the container. This is why it’s default configuration has been removed from the OpenAM delivery.

    #3290
     sohanb
    Participant

    Installing external openDJ will work without any issues you mean to say?
    Also tell me what you suggest doing?

    #3291
     Mark Craig
    Participant

    If you use an external OpenDJ server for user data with OpenAM, then you can enable REST access as you tried to enable it for the embedded directory.

    There’s more information in the OpenDJ Administration Guide at http://docs.forgerock.org/en/opendj/2.6.0/admin-guide/#setup-rest2ldap-connection-handler.

    You must of course configure OpenAM to use the external directory server for user data. You can either do that when you configure the OpenAM server, or afterwards by setting up a new data store for your realm. Here are some hints: http://docs.forgerock.org/en/openam/12.0.0/admin-guide/#sec-data-stores-opendj.

    • This reply was modified 7 years, 5 months ago by Mark Craig.
    #3295
     sohanb
    Participant

    Ok go it it. Can you tell me how this can be worked with embedded openDJ
    Also while doing on external openDJ there is port issues of HTTP; The default HTTP port configured is in use with openAM server. I want to enable and change the http port

    Address:Port : Protocol : State
    ————-:———-:———
    — : LDIF : Disabled
    0.0.0.0:161 : SNMP : Disabled
    0.0.0.0:636 : LDAPS : Disabled
    0.0.0.0:1389 : LDAP : Enabled
    0.0.0.0:1689 : JMX : Enabled
    0.0.0.0:8080 : HTTP : Disabled // change and enable this

    #3296
     Mark Craig
    Participant

    You can use --set listen-port when configuring the HTTP Connection Handler.

    I tried setting this up with the embedded server in OpenAM, starting by creating the handler… and it does not seem to work.

    $ ~/openam/opends/bin/dsconfig create-connection-handler --hostname opendj.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --handler-name "HTTP Connection Handler" --type http --set enabled:true --set listen-port:8090 --no-prompt --trustAll
    $ ~/openam/opends/bin/dsconfig set-log-publisher-prop --hostname opendj.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --publisher-name "File-Based HTTP Access Logger" --set enabled:true --no-prompt --trustAll
    $ curl http://demo:[email protected]m:8090/users/demo
    curl: (7) Failed to connect to openam.example.com port 8090: Connection refused
    

    Looking in the log, I found a missing dependency:

    $ more ~/openam/opends/logs/errors
    ...
    [02/Mar/2015:11:58:37 +0100] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.api.DirectoryThread (alert type org.opends.server.UncaughtException, alert ID 327820):  An uncaught exception during processing for thread HTTP Connection Handler 0.0.0.0 port 8090 has caused it to terminate abnormally.  The stack trace for that exception is:  java.lang.NoClassDefFoundError: org/glassfish/grizzly/http/server/HttpServer
      org.opends.server.protocols.http.HTTPConnectionHandler.createHttpServer(HTTPConnectionHandler.java:817)
      org.opends.server.protocols.http.HTTPConnectionHandler.startHttpServer(HTTPConnectionHandler.java:804)
      org.opends.server.protocols.http.HTTPConnectionHandler.run(HTTPConnectionHandler.java:749)
    Caused by java.lang.ClassNotFoundException: org.glassfish.grizzly.http.server.HttpServer
      org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1720)
      org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
      org.opends.server.protocols.http.HTTPConnectionHandler.createHttpServer(HTTPConnectionHandler.java:817)
      org.opends.server.protocols.http.HTTPConnectionHandler.startHttpServer(HTTPConnectionHandler.java:804)
      org.opends.server.protocols.http.HTTPConnectionHandler.run(HTTPConnectionHandler.java:749)
    

    I’m not sure that what you’re trying to do is intended for the OpenAM embedded OpenDJ server. Definitely look at using an external OpenDJ directory server for this.

    • This reply was modified 7 years, 5 months ago by Mark Craig.
    #3300
     sohanb
    Participant

    That worked for me .
    I can see rest call of openDJ are different compared to openAM
    Can you tell me how read different values under different DN. Currently i can read values under only DN:groups and DN:people. i.e /groups and /users .

    Can i read different resources except from users or groups?
    I am following this document :
    http://opendj.forgerock.org/opendj-server/doc/bootstrap/admin-guide/index.html#understand-rest

    Thanks!

    #3301
     Mark Craig
    Participant

    The default configuration has users and groups, but you can change the configuration.

    You’ll find the documentation about the configuration in an appendix, http://opendj.forgerock.org/opendj-server/doc/bootstrap/reference/#appendix-rest2ldap.

    #3311
     Ludo
    Moderator

    Mark,

    As you’ve pointed out, the version of OpenDJ shipped with OpenAM doesn’t have the necessary dependancy libraries required for the HTTP Connection Handler. I think it’s done to prevent running into conflicting libraries with the container (as the HTTP Connection Handler uses Grizzly and a set of other HTTP / JSON / Servlet libraries).

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?