README.md revision ffea5f78721036ac91332c90c48133b6af63909d
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * Copyright 2015 ForgeRock AS. All rights reserved.
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * The contents of this file are subject to the terms
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * of the Common Development and Distribution License
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * (the License). You may not use this file except in
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * compliance with the License.
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * You can obtain a copy of the License at
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * http://forgerock.org/license/CDDLv1.0.html
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * See the License for the specific language governing
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * permission and limitations under the License.
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * When distributing Covered Code, include this CDDL
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * Header Notice in each file and include the License file
Note : the Example.ldif provided with this sample should be loaded to OpenDJ,
$ opendj/bin/ldapmodify -a -c --bindDN "cn=Directory Manager" --bindPassword password --hostname localhost --port 1389 --filename openidm/samples/roles/provrole/data/Example.ldif
--header "Content-type: application/json" \
--header "Content-type: application/json" \
{"properties":{"name":"Employee","description":"Role assigned to workers on the payroll."},"_id":"Employee","_rev":"2","assignments":{"ldap":{"attributes":[{"name":"employeeType","value":"Employee","assignmentOperation":"mergeWithTarget","unassignmentOperation":"removeFromTarget"}]}}}
--header "Content-type: application/json" \
--header "Content-type: application/json" \
--header "Content-type: application/json" \
'https://localhost:8443/openidm/managed/user?_queryFilter=/userName+eq+"bjensen"&_fields=_id&_prettyPrint=true'
--header "Content-type: application/json" \
"value" : "managed/role/Employee"
{"displayName":"Barbara Jensen","description":"Created for OpenIDM","givenName":"Barbara","mail":"bjensen@example.com","telephoneNumber":"1-360-229-7105","sn":"Jensen","userName":"bjensen","ldapGroups":["cn=openidm2,ou=Groups,dc=example,dc=com"],"accountStatus":"active","roles":["openidm-authorized","managed/role/Employee"],"lastPasswordSet":"","postalCode":"","stateProvince":"","passwordAttempts":"0","lastPasswordAttempt":"Fri Apr 17 2015 16:57:21 GMT-0000 (UTC)","postalAddress":"","address2":"","country":"","city":"","effectiveRoles":["openidm-authorized","managed/role/Employee"],"_id":"8ff9639f-2a89-48a2-a0fd-9df4d5297eeb","_rev":"4","effectiveAssignments":{"ldap":{"attributes":[{"name":"employeeType","value":"Employee","assignmentOperation":"mergeWithTarget","unassignmentOperation":"removeFromTarget","assignedThrough":"managed/role/Employee"}]}}}
in, i.e. the roles, effective roles and effective assignments :
--header "Content-type: application/json" \
'https://localhost:8443/openidm/managed/user?_queryFilter=/userName+eq+"bjensen"&_fields=_id,userName,roles,effectiveRoles,effectiveAssignments&_prettyPrint=true'
"roles" : [ "openidm-authorized", "managed/role/Employee" ],
"effectiveRoles" : [ "openidm-authorized", "managed/role/Employee" ],
"assignedThrough" : "managed/role/Employee"
This sample's sync.json adds on to _sample2b_'s mapping by incorporating an
"source" : "managed/user",
"target" : "system/ldap/account",
$ ldapsearch -p 1389 -h localhost -b "dc=example,dc=com" -D "cn=Directory Manager" -w - -s sub uid=bjensen dn uid employeeType
# bjensen, People, example.com
--header "Content-type: application/json" \
--header "Content-type: application/json" \
"field" : "/assignments/ldap/attributes/-",
{"properties":{"name":"Employee","description":"Role assigned to workers on the payroll."},"_id":"Employee","_rev":"3","assignments":{"ldap":{"attributes":[{"name":"employeeType","value":"Employee","assignmentOperation":"mergeWithTarget","unassignmentOperation":"removeFromTarget"},{"name":"ldapGroups","value":["cn=Employees,ou=Groups,dc=example,dc=com","cn=Chat User,ou=Groups,dc=example,dc=com"],"assignmentOperation":"mergeWithTarget","unassignmentOperation":"removeFromTarget"}]}}}
$ ldapsearch -p 1389 -h localhost -b "dc=example,dc=com" -D "cn=Directory Manager" -w - -s sub uid=bjensen dn uid employeeType isMemberOf
# bjensen, People, example.com
--header "Content-type: application/json" \
'https://localhost:8443/openidm/system/ldap/account?_queryFilter=/uid+sw+"bjensen"&_fields=dn,uid,employeeType,ldapGroups&_prettyPrint=true'
"ldapGroups" : [ "cn=Chat User,ou=Groups,dc=example,dc=com", "cn=Employees,ou=Groups,dc=example,dc=com" ]
--header "Content-type: application/json" \
"field" : "/assignments/ldap/attributes",
{"properties":{"name":"Contractor","description":"Role assigned to contract workers."},"_id":"Contractor","_rev":"2","assignments":{"ldap":{"attributes":[{"name":"ldapGroups","value":["cn=Contractors,ou=Groups,dc=example,dc=com"],"assignmentOperation":"mergeWithTarget","unassignmentOperation":"removeFromTarget"},{"name":"employeeType","value":"Contractor","assignmentOperation":"mergeWithTarget","unassignmentOperation":"removeFromTarget"}]}}}
--header "Content-type: application/json" \
'https://localhost:8443/openidm/managed/user?_queryFilter=/userName+eq+"jdoe"&_fields=_id&_prettyPrint=true'
--header "Content-type: application/json" \
"value" : "managed/role/Contractor"
{"displayName":"John Doe","description":"Created for OpenIDM","givenName":"John","mail":"jdoe@example.com","telephoneNumber":"1-415-599-1100","sn":"Doe","userName":"jdoe","ldapGroups":["cn=openidm,ou=Groups,dc=example,dc=com"],"accountStatus":"active","roles":["openidm-authorized","managed/role/Contractor"],"lastPasswordSet":"","postalCode":"","stateProvince":"","passwordAttempts":"0","lastPasswordAttempt":"Fri Apr 17 2015 16:57:21 GMT-0000 (UTC)","postalAddress":"","address2":"","country":"","city":"","effectiveRoles":["openidm-authorized","managed/role/Contractor"],"effectiveAssignments":{"ldap":{"attributes":[{"name":"ldapGroups","value":["cn=Contractors,ou=Groups,dc=example,dc=com"],"assignmentOperation":"mergeWithTarget","unassignmentOperation":"removeFromTarget","assignedThrough":"managed/role/Contractor"},{"name":"employeeType","value":"Contractor","assignmentOperation":"mergeWithTarget","unassignmentOperation":"removeFromTarget","assignedThrough":"managed/role/Contractor"}]}},"_id":"3f9ada28-2809-4909-aadf-815567b00a4d","_rev":"2"}
--header "Content-type: application/json" \
'https://localhost:8443/openidm/system/ldap/account?_queryFilter=/uid+sw+"jdoe"&_prettyPrint=true'
"ldapGroups" : [ "cn=openidm,ou=Groups,dc=example,dc=com", "cn=Contractors,ou=Groups,dc=example,dc=com" ],
--header "Content-type: application/json" \
'https://localhost:8443/openidm/managed/user?_queryFilter=/userName+eq+"jdoe"&_fields=_id,roles&_prettyPrint=true'
"roles" : [ "openidm-authorized", "managed/role/Contractor" ]
--header "Content-type: application/json" \
{"displayName":"John Doe","description":"Created for OpenIDM","givenName":"John","mail":"jdoe@example.com","telephoneNumber":"1-415-599-1100","sn":"Doe","userName":"jdoe","ldapGroups":["cn=openidm,ou=Groups,dc=example,dc=com"],"accountStatus":"active","roles":["openidm-authorized"],"lastPasswordSet":"","postalCode":"","stateProvince":"","passwordAttempts":"0","lastPasswordAttempt":"Fri Apr 17 2015 16:57:21 GMT-0000 (UTC)","postalAddress":"","address2":"","country":"","city":"","effectiveRoles":["openidm-authorized"],"_id":"3f9ada28-2809-4909-aadf-815567b00a4d","_rev":"3","effectiveAssignments":{}}
--header "Content-type: application/json" \
'https://localhost:8443/openidm/system/ldap/account?_queryFilter=/uid+sw+"jdoe"&_prettyPrint=true'
--header "Content-type: application/json" \
--header "Content-type: application/json" \