Directory Services

ForgeRock Directory Services 7.4 serves as a foundation for LDAPv3 and RESTful directories.

Directory Services modules:

Directory Server

Directory Proxy Server

Overview of capabilities

Large-scale, distributed read and write performance
Flexible key-value data model for storing users, devices, and things
Data storage with confidentiality, integrity, and security
High-availability through data replication and proxy services
Single logical entry point for use in protecting LDAPv3 directory services
Load balancing and failover for LDAPv3 directory services
Maximum interoperability and pass-through delegated authentication
Adaptable monitoring and auditing services
Easy installation, configuration, and management
Developer-friendly, rich standards support
REST API to access LDAP native capabilities over HTTP

Dependencies

Neither of the Directory Services modules are dependent upon other modules.

Directory Server module

The ForgeRock Directory Server module helps you store store identities for users, devices, and things in a highly available and secure way. This module provides data replication to help you build highly available directory services. It also offers fine-grained access control, password digests, encryption schemes, and customizable password policies to allow you to build very secure directory services. Data may be accessed using LDAP or REST with the same level of security constraints and access control.

Required modules: none.

Feature	Description	Documentation
LDAPv3	Compliance with the latest LDAP protocol standards.	About directories
HDAP	Access LDAP data over HTTP using Directory Access Protocol (HDAP) APIs that transform HTTP operations into LDAP operations.	Learn HDAP
High-availability multi-master replication	Data replication for always-on services, enabling failover and disaster recovery.	Replication
User/object store	Flexible key-value data model for storing users, devices, and things.	Use LDAP
Passwords and data security	Password digests, encryption schemes, and customizable rules for password policy compliance to help protect data on disk and shared infrastructure.	Data encryption, Passwords
REST APIs and REST to LDAP gateway (deprecated)	HTTP-based RESTful access to user data.	Use REST/HTTP
DSMLv2 gateway (deprecated)	HTTP-based SOAP access to LDAP operations for web services.	Install a DSML gateway

Feature

Description

Documentation

LDAPv3

Compliance with the latest LDAP protocol standards.

About directories

HDAP

Access LDAP data over HTTP using Directory Access Protocol (HDAP) APIs that transform HTTP operations into LDAP operations.

Learn HDAP

High-availability multi-master replication

Data replication for always-on services, enabling failover and disaster recovery.

Replication

User/object store

Flexible key-value data model for storing users, devices, and things.

Use LDAP

Passwords and data security

Password digests, encryption schemes, and customizable rules for password policy compliance to help protect data on disk and shared infrastructure.

Data encryption, Passwords

REST APIs and REST to LDAP gateway (deprecated)

HTTP-based RESTful access to user data.

Use REST/HTTP

DSMLv2 gateway (deprecated)

HTTP-based SOAP access to LDAP operations for web services.

Install a DSML gateway

Directory Proxy Server module

The ForgeRock Directory Proxy Server module helps you increase the availability of a Directory Service deployment, providing a single point of access to a large-scale distributed data store. The module offers a choice of strategies for request load balancing and failover. Data may be accessed using LDAP or REST with the same level of security constraints and access control.

Required modules: none.

Feature	Description	Documentation
Single point of access	Uniform view of underlying LDAPv3 directory services for client applications.	Single point of access
High service availability	LDAP services with reliable crossover and DN-based routing.	High availability
Load balancing and failover	Configurable load balancing across directory servers with redundancy, and capabilities to handle referrals, connection failures, and network partitions.	Load balancing
Protection for Directory Services	Secure incoming and outgoing connections, and provide coarse-grained access control.	Secure connections and Proxy global policies
Scaling out using data distribution	Distribute data across multiple shards.	Data distribution
LDAPv3	Compliance with the latest LDAP protocol standards.	Supported standards
REST APIs	HTTP-based RESTful access to user data.	Use HDAP

Feature

Description

Documentation

Single point of access

Uniform view of underlying LDAPv3 directory services for client applications.

Single point of access

High service availability

LDAP services with reliable crossover and DN-based routing.

High availability

Load balancing and failover

Configurable load balancing across directory servers with redundancy, and capabilities to handle referrals, connection failures, and network partitions.

Load balancing

Protection for Directory Services

Secure incoming and outgoing connections, and provide coarse-grained access control.

Secure connections and Proxy global policies

Scaling out using data distribution

Distribute data across multiple shards.

Data distribution

LDAPv3

Compliance with the latest LDAP protocol standards.

Supported standards

REST APIs

HTTP-based RESTful access to user data.