feat(jans-config-api): need API to test LDAP connection of another source LDAP servers

JanssenProject / jans

An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO

https://docs.jans.io

Apache License 2.0

457 stars 74 forks source link

feat(jans-config-api): need API to test LDAP connection of another source LDAP servers #5818

Closed duttarnab closed 1 year ago

duttarnab commented 1 year ago

In jans-link we can add the LDAP configuration of source LDAP servers. We need API in config-api to test the connection of added source LDAP servers.

NOTE: We already have https://{hostname}/jans-config-api/api/v1/config/database/ldap/test to test added LDAP configurations of auth server. For jans-link, this endpoint throws an error if the auth server uses non-LDAP persistence (like MySql).

pujavs commented 1 year ago

@duttarnab, two queries:

I am confused you say that the In jans-link we can add the LDAP configuration of source LDAP servers. We need API in config-api to test the connection of added source LDAP servers. is it possible to add non LDAP server to LDAP configuration? and is it right?
Apart from LDAP we have following backends supported, MYSQL,PGSQL, COUCHBASE and CLOUD_SPANNER Do we need the test functionality for all these? and shouldn't the endpoint be new say https://{hostname}/jans-config-api/api/v1/config/database/test rather than https://{hostname}/jans-config-api/api/v1/config/database/ldap/test?

duttarnab commented 1 year ago

The jans-link can pull records from a source LDAP server to your Jans persistence (any supported persistenceLDAP, mysql, couchbase etc).
So Janssen server with any supported persistence should be able to test the source LDAP server connection.

and shouldn't the endpoint be new say https://{hostname}/jans-config-api/api/v1/config/database/test rather than https://{hostname}/jans-config-api/api/v1/config/database/ldap/test?

Ans: Well, currently jans-link supports pulling records from source LDAP servers. It doesn't support other source persistence. In future, we are going to allow sync users not only from LDAP but also other forms of persistence. So, based on this statement you can name the test endpoint.

pujavs commented 1 year ago

@yurem , as i understand form above is that, jans-link can pull records from a source LDAP server from any machine other than the one on which jans-auth server is installed and that too for any of the persistence that is LDAP, MySql, CB etc. And source LDAP server can be standalone that is without jans-auth server. In such a case there might not be any mechanism to decrypt the LDAP pwd I am not sure if the requirement itself is correct.

pujavs commented 1 year ago

Issue replication:

pujavs commented 1 year ago

Fixed via PR 5840