5.1. Directory objects flow

This section gives an overview about Directory objects in Nubus for Kubernetes, and provides information for the following aspects:

• Consumers of directory objects

• Data flow - Read directory objects

• Data flow - Write directory objects

Nubus for Kubernetes uses an LDAP directory service. From an architectural perspective, this documentation uses the more general term Directory objects which refers to LDAP objects.

See also

Identity Store and Directory Service in the functional components section

for more information about the use of directory objects.

Directory objects in data objects section

for information about Directory objects.

5.1.1. Consumers of directory objects

Internal Nubus components and Third-party applications, not part of Nubus consume Directory objects, as shown in Fig. 5.1. Third-party application send their requests for directory objects directly to the LDAP server.

As shown in the figure below, Nubus functional components with different components access the LDAP Server.

• The Management UI receives directory objects through the UMC Server.

• The Portal Service receives directory objects through the Portal Consumer.

• The Provisioning Service receives directory objects through the UDM Listener.

• The Directory Manager uses the UDM Library for directory objects.

• The Identity Provider uses directory objects in Keycloak.

• The Nubus Directory Importer reads directory objects for synchronization.

Fig. 5.1 Flow relationships for Directory objects from the LDAP Server to various consumers

5.1.2. Data flow - Read directory objects

Fig. 5.2 shows the flow relationships for directory objects on a detailed level looking at the component behaviors.

The UMC Server in the Management UI consumes all kinds of Directory objects and doesn’t limit it to user accounts or user account group objects.

The LDAP Server has a functionality to Push object modification to Provisioning that sends Directory objects to the Provisioning Service. There, the UDM Listener reads the events from the directory service and writes them to the directory objects queue that include Directory objects. The UDM Transformer picks up these events with the Directory objects through Consume directory objects queue and Transform directory objects to UDM objects.

The following components read user account and user group information through LDAP directly from the LDAP Server:

• Third-party applications not part of Nubus

• Keycloak in the Identity Provider

• UDM Library in the Directory Manager to Transform UDM objects to and from directory objects.

• Portal Consumer in the Portal Service to Recreate user group cache.

• Nubus Directory Importer to Search for user account and user group objects in target and Determine difference between source and target.

Fig. 5.2 Data flow - Read directory objects in detail

5.1.3. Data flow - Write directory objects

Fig. 5.3 shows that two systems have write permission to the Identity Store and Directory Service for directory objects: Management UI and Directory Manager.

Fig. 5.3 Data flow - Write directory objects

In detail:

• The Management UI writes directly to the Identity Store and Directory Service using the UMC Server. The UMC Server runs the UDM Library internally.

• The Directory Manager writes directly to the Identity Store and Directory Service using the UDM Library.

Fig. 5.4 shows the behaviors involved in the write operations.

Fig. 5.4 Data flow - Write directory objects in detail