How to use an LDAP directory for central listing and configuration of web services

Json2Ldap iconLDAP – compatible directories such as MS AD and OpenDJ are an excellent tool for bringing order and organising things. Businesses that make extensive use of web services may benefit from having all of them nicely listed and configured in a central location. A directory server can serve this purpose well, and with a gateway such as Json2Ldap, this can be done over the web too.

Basic web service listing

At a basic level, the directory may just list the available web services with their key usage details, such as their name, protocol and the URLs where web clients can access them.

The example below shows one such case where the services are listed under a directory branch named ou=Services,dc=NimbusDS,dc=com. Each entry is a webService class which supports attributes for storing a service’s name, URL, protocol and other detail. Directories allow their schema to be freely extended, so you can define your own class for your web services and the properties you wish to store.

Listing web services in an LDAP directory

The web services entries can be administered from the console or with LDAP GUI tools such as the excellent Apache Directory Studio.

Web service lookup

If you have a Json2Ldap instance installed the service listings may be queried by web clients, for example to dynamically look up the URL for a particular web service.

Here is a Json2Ldap ldap.getEntry request to obtain the URL of a TransactionCenter service:

{
  "method"  : "ldap.getEntry",
  "params"  : { "CID"        : "1f52b0c4-5d0d-4812-8688-8bf90b70eebf",
                "DN"         : "wsName=TransactionCenter,ou=Services,dc=NimbusDS,dc=com",
                "attributes" : "wsURL" },
  "id"      : "001",
  "jsonrpc" : "2.0"
}

The resulting JSON response:

{ "result" : { "DN"    : "wsName=TransactionCenter,ou=Services,dc=NimbusDS,dc=com",
               "wsURL" : [ "https:\/\/n1.cloudbase.net:8080\/tcenter\/"] },
  "id"      : "001",
  "jsonrpc" : "2.0" 
}

Centralised web service configuration

The administration of web services can be further centralised by storing their configuration variables in their own directory entries instead. In effect, this means projecting all configurations from your directory server. The web services would then only need to know the LDAP URL of the directory server and be provided with the appropriate credentials (username/password pair or X.509 certificate) to connect and authenticate to it.

If done on a consistent basis, having all configurations in a single place may greatly improve the manageability of your services and simplify the work of your IT administrators.

To accomplish this each web service must be provided with a set of credentials for accessing its configuration variables. ACLs may be judiciously used to limit read access to these attributes to the web service only and allow only the authorised administrator to edit them.

For the actual configuration variables, the LDAP protocol provides fair flexibility and allows storage of virtually arbitrary key/value pairs. As with the basic details example above, you can create your own schema for storing the configuration parameters of your particular web services.

Below is one such example for the TransactionCenter payment web service configuration. The directory entry contains attributes for configuring the back-end database connection as well as various variables pertaining to the web service itself.

Storing the web service configuration in its directory entry

In a future article I’ll share a few useful ideas how SaaS providers can utilise a central LDAP directory for managing subscriber accounts and multi-tenant app configurations.