4.2. UDM objects#

UDM objects are an internal representation of directory object data generated by the corresponding UDM module. For transfer from one service to another, it’s often encoded in JSON format. Various components within Nubus use UDM objects. For information about fields, types, and consumers, see the following sections.

4.2.1. UDM objects fields and types#

UDM objects contain the following fields:

dn:: distinguished name of the directory object.
uuid:: the unique identifier of the object.
objectType:: see the following list.
options:: a list of options to enable certain extended attributes.
policies:: a mapping of policy types to policy reference DNs.
position:: the position of the object in the directory service.
properties:: the payload of the UDM object. It depends on the object type.

Depending on the data type of the UDM object, the contents of the position and properties fields vary. The following list shows examples for UDM object types. The UDM HTTP REST API offers a complete list of all types in the API schema view.

users/user
groups/group
container/cn
container/dc
container/ou
mail/domain

4.2.2. Consumers of UDM objects#

Fig. 4.1 shows the functional components that consume UDM objects.

The functional components use UDM objects for the following purposes:

Support authorization decisions for an actor through the Authorization Service.
Read user data information in the Portal Service.
Write directory objects from UDM objects through the UDM HTTP REST API.
Deliver object data to consumers through the Provisioning Service.
Read and change user objects through the UDM Library in the End User Self Service.
Create, read, update, and delete user and group objects through the UDM Library in the Management UI.
Create, read, update, and delete user and group objects through the UDM HTTP REST API in the Nubus Directory Importer.

Fig. 4.1 Functional components using UDM objects#

4.2.3. Functions for the UDM object#

Fig. 4.2 goes one level deeper and shows the actual behavior within the functional components that use the UDM objects. The UDM Library is the central component. It transforms UDM objects to and from directory objects and it applies business logic before writing to the Directory Service. The following application functions use the UDM objects from the UDM Library:

CRUD operations for UDM objects in the UDM HTTP REST API in the Directory Manager.
Transform directory objects to UDM objects in the UDM Transformer of the Provisioning Service.
Create, read, update, and delete user and group objects in the Management UI.

The UDM HTTP REST API offers UDM objects through it’s CRUD operations for UDM objects to the following application functions:

Retrieve attributes of actor and target in the Guardian Authorization HTTP REST API of the Authorization Service
The Portal Consumer of the Portal Service.
Populate initial data for each consumer in the Prefill Service of the Provisioning Service.
Import objects to Directory Manager in the Nubus Directory Importer.

Fig. 4.2 Overview of functions for the UDM object#

Nubus for Kubernetes - Architecture Manual 1.0.1

UDM objects

Contents

4.2. UDM objects#

4.2.1. UDM objects fields and types#

4.2.2. Consumers of UDM objects#

4.2.3. Functions for the UDM object#