Rest2LDAP and filtering + paging of group members

This topic has 3 replies, 2 voices, and was last updated 2 years, 9 months ago by GuyPaddock.

  • Author
    Posts
  • #19196
     GuyPaddock
    Participant

    In 3.5, with the newer version of Rest2LDAP that supports nested resources, is there support for filtering and paging of group members?

    The example-v1.json file defines a frapi:opendj:rest2ldap:group:1.0 resource type that lists each of the uniqueMember records when you query for a group under the URL /api/groups/{cn} (e.g. /api/groups/administrators). If that group has, say, thousands of users, are there ways to:

    1. Cull down the result set to only include information on a particular user?
    2. Only show something like 50 users from the group at a time?

    #19245
     JnRouvignac
    Participant

    Hello,

    I think this should answer your question? https://backstage.forgerock.com/docs/opendj/3.5/server-dev-guide/#query-rest

    IIUC, you can use CREST filters, but you cannot use paging.

    #19274
     GuyPaddock
    Participant

    @jnrouvignac Unfortunately, that only works on collection sub-resources. In other words, the list of groups, but not the members _inside_ the group.

    You can use the CREST filters to locate a group based on name, description, etc, but not based on the members inside the group. It does not appear that query operations are supported at all on singletons (i.e. each individual group within the list of groups).

    #19379
     GuyPaddock
    Participant

    As an update to this thread: I’m working on extending OpenDJ with a related feature, as part of a pull request into the Wren:DS project:
    https://github.com/WrenSecurity/wrends/pull/9

    Using this feature, you can create a read-only collection resource that flattens the sub-tree of all users into a single collection, then filter that flat collection of users by their group membership.

    • This reply was modified 2 years, 9 months ago by GuyPaddock.
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?