ForgeRock Identity Platform 7.5

Directory Services

ForgeRock Directory Services 7.5 serves as a foundation for LDAPv3 and RESTful directories.

Directory Services modules:

Overview of capabilities

  • Large-scale, distributed read and write performance

  • Flexible key-value data model for storing users, devices, and things

  • Data storage with confidentiality, integrity, and security

  • High-availability through data replication and proxy services

  • Single logical entry point for use in protecting LDAPv3 directory services

  • Load balancing and failover for LDAPv3 directory services

  • Maximum interoperability and pass-through delegated authentication

  • Adaptable monitoring and auditing services

  • Easy installation, configuration, and management

  • Developer-friendly, rich standards support

  • REST API to access LDAP native capabilities over HTTP

Dependencies

Neither of the Directory Services modules are dependent upon other modules.

Directory Server module

The ForgeRock Directory Server module helps you store store identities for users, devices, and things in a highly available and secure way. This module provides data replication to help you build highly available directory services. It also offers fine-grained access control, password digests, encryption schemes, and customizable password policies to allow you to build very secure directory services. Data may be accessed using LDAP or REST with the same level of security constraints and access control.

Required modules: none.

Feature Description Documentation

LDAPv3

Compliance with the latest LDAP protocol standards.

HDAP

Access LDAP data over HTTP using Directory Access Protocol (HDAP) APIs that transform HTTP operations into LDAP operations.

High-availability multi-master replication

Data replication for always-on services, enabling failover and disaster recovery.

User/object store

Flexible key-value data model for storing users, devices, and things.

Passwords and data security

Password digests, encryption schemes, and customizable rules for password policy compliance to help protect data on disk and shared infrastructure.

REST APIs and REST to LDAP gateway (deprecated)

HTTP-based RESTful access to user data.

DSMLv2 gateway (deprecated)

HTTP-based SOAP access to LDAP operations for web services.

Directory Proxy Server module

The ForgeRock Directory Proxy Server module helps you increase the availability of a Directory Service deployment, providing a single point of access to a large-scale distributed data store. The module offers a choice of strategies for request load balancing and failover. Data may be accessed using LDAP or REST with the same level of security constraints and access control.

Required modules: none.

Feature Description Documentation

Single point of access

Uniform view of underlying LDAPv3 directory services for client applications.

High service availability

LDAP services with reliable crossover and DN-based routing.

Load balancing and failover

Configurable load balancing across directory servers with redundancy, and capabilities to handle referrals, connection failures, and network partitions.

Protection for Directory Services

Secure incoming and outgoing connections, and provide coarse-grained access control.

Scaling out using data distribution

Distribute data across multiple shards.

LDAPv3

Compliance with the latest LDAP protocol standards.

REST APIs

HTTP-based RESTful access to user data.

Copyright © 2010-2024 ForgeRock, all rights reserved.