The Univention Directory Manager (UDM) enables access to content in the LDAP directory service, for example viewing, editing, deleting, and moving of objects (users, groups, computers, printers, shares, etc.).
The UDM can be accessed and controlled via both the web interface and the command line. In UCS 4.4-2, a third option has now also been added: the REST API. This interface connects applications with the UCS directory service via HTTPS and supports the maintenance of the user properties or computer objects of the connected systems.
This article begins by explaining the technical background of the REST API and its implementation in UCS.
During the implementation of the REST API, an exciting exchange took place between Univention and the developers at EGroupware GmbH in Kaiserslautern, Germany. As a result, EGroupware became the first solution to employ the new interface in the Univention App Center. In the second section of the article, Ralf Becker from EGroupware explains the implementation of the new API and the advantages it offers providers of third-party applications.
What is a REST API?
REST stands for Representational State Transfer and API for Application Programming Interface. REST defines an architectural style which takes the basic concept of the World Wide Web to heart and describes how distributed services and systems can communicate with each other. The key ideas behind REST are as follows: • All pieces of information on the web are referred to as resources, e.g., users in UCS.
- Each resource can be accessed or named via a unique URI (Uniform Resource Identifier) (e.g.,
/Univention/udm/users/user/uid=administrator
). - The current or a desired new state of a resource is defined via representations in the network, e.g., an HTTP message. The representations are explicitly or implicitly marked as either cacheable or not cacheable.
- Representations consist of data in a MIME media format (e.g.,
text/html, application/hal+json, image/jpeg, or also multipart/form-data
) as well as metadata which describe these data (e.g., MIME media type, links, last modification time, control data, caching information, etc.). - Besides the current state of the resource, representations also contain all the currently available possibilities for interaction.
As such, resources are connected with each other through links and relationship types. For example, if a user were to link to his primary group, the program code would look like this:
<a href="/univention/udm/group/group/cn=Domain+Admins" rel="udm:users/user:primaryGroup">
Possible state changes, for example deletion, editing, and creation, are possible via forms or links to forms. Hypermedia as the Engine of Application State (HATEOAS) is the engine of the applications and contains the logic required for state changes. The communication itself is stateless, meaning that any message can be understood without knowledge of the earlier messages.
No specific, client-side logic or interface definition is required, merely standardized protocols and data formats, since each message describes itself. Possible intermediate layers, such as proxy servers, gateways, or caches, can also understand and expand or change the messages. Optionally, program code such as JavaScript can be supplied to expand the client functionality.
The UDM REST API
The UDM REST interface is a web service developed in Python which supports the asynchronous Tornado framework to provide HTTP resources for the UDM objects. The interface provides the contents of the directory service in the JSON HAL (Hypertext Application Language) foramt. In addition, there is an OpenAPI schematization available for the endpoints. An example of a schema definition for objects of the UDM REST API can be found on our demo instance (user: Administrator, password: univention). Our developer manual explains how to use the interface and what possibilities it offers in detail.
The API is aimed at operators of UCS environments looking to integrate existing systems, for example for the maintenance of user properties using information from HR systems or when comparing computer objects with inventory solutions.
In short: the interface is designed for all those who want read and write access to UDM directly from connected systems.
App providers in the Univention App Center also benefit from the REST API because it allows standardized HTTPS access to the directory service. Since there is no longer a dependency on the UDM Python interface, developers are no longer bound to this programming language and can also integrate the solution in their preferred language. Read on to find out how EGroupware uses the new REST API to connect its own groupware solution to UCS.