Hello,
I have configured OpenDJ in Docker and have successfully set up the LDAP server using the following command:
docker exec -it opendj-server-ui /opt/opendj/setup \
--cli \
--baseDN "dc=example,dc=com" \
--addBaseEntry \
--ldapPort 389 \
--adminConnectorPort 5444 \
--rootUserDN "cn=Directory Manager" \
--rootUserPassword secret \
--enableStartTLS \
--acceptLicense
I am able to create identities using LDAP with the following command:
ldapmodify -H ldap://opendj.intbrains.com:389 -D "cn=Directory Manager" -w secret -a <<EOF
dn: uid=anees6,ou=people,dc=example,dc=com
objectClass: inetorgperson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Anees6
sn: User6
uid: anees6
mail: anees6@example.com
userPassword: password123
EOF
The identities are created successfully, and I can list them without any issues.
However, I am having trouble setting up the corresponding REST API for identity management. I have enabled the HTTP connection handler with the following command:
sudo docker exec -it opendj-server-ui /opt/opendj/bin/dsconfig set-connection-handler-prop \
--handler-name "HTTP Connection Handler" \
--set enabled:true \
--hostname localhost \
--port 5444 \
--bindDN "cn=Directory Manager" \
--bindPassword "secret" \
--trustAll
When I try to create an identity using the REST API with the following curl command, it fails:
curl -X POST \
-H "Content-Type: application/json" \
-u "cn=Directory Manager:secret" \
-d '{
"dn": "uid=anees7,ou=people,dc=example,dc=com",
"objectClass": ["inetorgperson", "organizationalPerson", "person", "top"],
"cn": "Anees7",
"sn": "User7",
"uid": "anees7",
"mail": "anees7@example.com",
"userPassword": "password123"
}' "http://opendj.intbrains.com:8082/admin/rest/resource?_action=create"
The response I receive is:
{"code":401,"reason":"Unauthorized","message":"Invalid Credentials"}
I have checked the configured endpoints and authorization mechanisms:
sudo docker exec -it opendj-server-ui /opt/opendj/bin/dsconfig list-http-authorization-mechanisms --hostname localhost --port 5444 --bindDN "cn=Directory Manager" --bindPassword secret --trustAll
HTTP Authorization Mechanism : Type
------------------------------------------:--------------------------------------------------------
HTTP Anonymous : http-anonymous-authorization-mechanism
HTTP Basic : http-basic-authorization-mechanism
HTTP OAuth2 CTS : http-oauth2-cts-authorization-mechanism
HTTP OAuth2 File : http-oauth2-file-authorization-mechanism
HTTP OAuth2 OpenAM : http-oauth2-openam-authorization-mechanism
HTTP OAuth2 Token Introspection (RFC7662) : http-oauth2-token-introspection-authorization-mechanism
HTTP_BASIC : http-basic-authorization-mechanism
sudo docker exec -it opendj-server-ui /opt/opendj/bin/dsconfig list-http-endpoints --hostname localhost --port 5444 --bindDN "cn=Directory Manager" --bindPassword secret --trustAll
HTTP Endpoint : Type : enabled
--------------:--------------------:--------
/admin : admin-endpoint : true
/api : rest2ldap-endpoint : true
Could anyone please guide me on how to correctly set up the REST API to create and manage identities? Any help would be greatly appreciated.
Thank you.
Anees