Project Architecture
The diagram below shows the components of the ODK-X Sync Endpoint.
Our area of focus is the LDAP User Interface which currently uses phpLDAPadmin, the web-based LDAP administration tool. We aim to replace the current LDAP User Interface with a more user-friendly interface which will communicate with OpenLDAP through a custom representational state transfer (REST) application programming interface (API).
The diagram below shows the application architecture we will develop. It includes the Web UI, Custom REST API and OpenLDAP.
This web UI will include all the necessary components to allow technical and non-technical support team members to onboard users, and groups, initiate the password reset functionality, and edit basic user information. Users will receive real-time updates on any changes in their accounts. Lastly, it is expected that end users will also be redirected to this interface to set or reset their passwords confidentially addressing the sharing of plaintext credentials. We will use a human-centred approach to design in the proposed designs that will be referenced in the development of this UI.
A REST API (also known as RESTful API) is an API that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services.
- The OpenLDAP client API will request the following operations from OpenLDAP:
- StartTLS – use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
- Bind – authenticate and specify LDAP protocol version
- GSearch – search for and/or retrieve directory entries.
- Compare – test if a named entry contains a given attribute value
- Add a new entry.
- Delete an entry.
- Modify an entry.
- Modify Distinguished Name (DN) – move or rename an entry.
- Abandon – abort a previous request.
- Extended Operation – generic operation used to define other operations.
- Unbind – close the connection (not the inverse of Bind). Additionally, the API will be responsible for handling password resets and sending email notifications. More information on the API is referenced in the API Specification document.
OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol developed by the OpenLDAP Project. LDAP is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.