5.1. Directory objects flow#

This section gives an overview about Directory objects in Nubus for Kubernetes, and provides information for the following aspects:

Nubus for Kubernetes uses an LDAP directory service. From an architectural perspective, this documentation uses the more general term Directory objects which refers to LDAP objects.

See also

Identity Store and Directory Service in the functional components section

for more information about the use of directory objects.

Directory objects in data objects section

for information about Directory objects.

5.1.1. Consumers of directory objects#

Internal Nubus components and Third-party applications, not part of Nubus consume Directory objects, as shown in Fig. 5.1. Third-party application send their requests for directory objects directly to the LDAP server.

As shown in the figure below, Nubus functional components with different components access the LDAP Server.

Consumers of directory objects

Fig. 5.1 Flow relationships for Directory objects from the LDAP Server to various consumers#

To enlarge the figure, follow the tips in How to use the document.

5.1.2. Data flow - Read directory objects#

Fig. 5.2 shows the flow relationships for directory objects on a detailed level looking at the component behaviors.

The UMC Server in the Management UI consumes all kinds of Directory objects and doesn’t limit it to user accounts or user account group objects.

The LDAP Server has a functionality to Push object modification to Provisioning that sends Directory objects to the Provisioning Service. There, the UDM Listener reads the events from the directory service and writes them to the directory objects queue that include Directory objects. The UDM Transformer picks up these events with the Directory objects through Consume directory objects queue and Transform directory objects to UDM objects.

The following components read user account and user group information through LDAP directly from the LDAP Server:

  • Third-party applications not part of Nubus

  • Keycloak in the Identity Provider

  • UDM Library in the Directory Manager to Transform UDM objects to and from directory objects.

  • Portal Consumer in the Portal Service to Recreate user group cache.

  • Nubus Directory Importer to Search for user account and user group objects in target and Determine difference between source and target.

Data flow - Read directory objects in detail

Fig. 5.2 Data flow - Read directory objects in detail#

To enlarge the figure, follow the tips in How to use the document.

5.1.3. Data flow - Write directory objects#

Fig. 5.3 shows that two systems have write permission to the Identity Store and Directory Service for directory objects: Management UI and Directory Manager.

Data flow - Write directory objects

Fig. 5.3 Data flow - Write directory objects#

In detail:

Fig. 5.4 shows the behaviors involved in the write operations.

Data flow - Write directory objects in detail

Fig. 5.4 Data flow - Write directory objects in detail#

To enlarge the figure, follow the tips in How to use the document.