README revision 245d622535c32563b59ef5027b1171167ba9b451
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesSample 2 - One-way LDAP -> Internal Repository
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes----------------------------------------------
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesCopyright (c) 2012 ForgeRock AS
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesThis work is licensed under a Creative Commons Attribution-
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesNonCommercial-NoDerivs 3.0 Unported License. See
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesThe sample shows you reconciliation between the OpenIDM internal repository
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesand a local LDAP directory server, such as OpenDJ, with data flowing from
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesOpenDJ into the internal repository. No changes are pushed from OpenIDM
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesTo run this sample, launch OpenIDM with the sample configuration as follows:
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesor follow the documentation in the Install Guide:
bb2b38cd44b032118359afbc743efbea12f48e61bnicholeshttp://openidm.forgerock.org/doc/install-guide/index.html#more-sample2
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesThe sample includes these configuration files.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes* conf/provisioner.openicf-ldap.json configures the LDAP connector.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes By default, the LDAP connector uses the following parameters:
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes "host" : "localhost",
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes "port" : 1389,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes "principal" : "cn=Directory Manager",
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes "credentials" : "password",
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes "baseContextsToSynchronize" : [ "ou=People,dc=example,dc=com" ],
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes "attributesToSynchronize" : [ "uid", "sn", "cn", "givenName", "mail", "description" ],
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes* conf/scheduler-recon.json configures a scheduler you can use to run
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes reconciliation periodically.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes* conf/sync.json describes how identities in the directory server map to
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes identities in the internal repository target.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesData for this sample is stored in data/Example.ldif. After you import
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesthe data, ou=People,dc=example,dc=com contains a single user entry for
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesthe user from the first sample. Although all attributes to synchronize
bb2b38cd44b032118359afbc743efbea12f48e61bnicholescan be multi-valued in LDAP, this sample defines only mail as a multi-
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesvalued attribute in OpenIDM, in order to match the definition in the
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesfirst sample.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesThe following curl command runs reconciliation once, creating users defined
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesin OpenDJ in OpenIDM's internal repository:
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request POST "http://localhost:8080/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesAlternatively, edit conf/scheduler-recon.json to enable scheduled
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesreconciliation:
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes "enabled" : true,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesThe following curl command requests all identifiers in OpenIDM's internal
bb2b38cd44b032118359afbc743efbea12f48e61bnicholesrepository. Use it to see the results after reconciliation for example.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" "http://localhost:8080/openidm/managed/user/?_queryId=query-all-ids"