Cross Reference: /forgerock/openidm-v4/openidm-zip/src/main/resources/samples/sample2/README

	README revision 4b3769ce483ece06f60f983193712492b920144f
43b4c41fbb07705c9df321221ab9cb9832460407Christian MaederSample 2 - One-way LDAP -> Internal Repository
25cc5fbba63f84b47e389af749f55abbbde71c8cChristian Maeder----------------------------------------------
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian MaederCopyright (c) 2012-2014 ForgeRock AS
25cc5fbba63f84b47e389af749f55abbbde71c8cChristian MaederThis work is licensed under a Creative Commons Attribution-
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederNonCommercial-NoDerivs 3.0 Unported License. See
43b4c41fbb07705c9df321221ab9cb9832460407Christian Maederhttp://creativecommons.org/licenses/by-nc-nd/3.0/
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederThe sample shows you reconciliation between the OpenIDM internal repository
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederand a local LDAP directory server, such as OpenDJ, with data flowing from
43b4c41fbb07705c9df321221ab9cb9832460407Christian MaederOpenDJ into the internal repository. No changes are pushed from OpenIDM
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederto OpenDJ.
d8c71aacc9f1c8cd40a8ad8dcdad9be8854b849fChristian Maeder
f2f9df2e17e70674f0bf426ed1763c973ee4cde0Christian MaederTo run this sample, launch OpenIDM with the sample configuration as follows:
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder$ /path/to/openidm/startup.sh -p samples/sample2
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederor follow the documentation in the Install Guide:
96646aed2ae087b942ae23f15bbe729a8f7c43d3Christian Maederhttp://openidm.forgerock.org/doc/install-guide/index.html#more-sample2
c90087f49069855bf684b699f9ca1e2d65eac20bChristian Maeder
96646aed2ae087b942ae23f15bbe729a8f7c43d3Christian MaederThe sample includes these configuration files.
01e383014b555bbcf639c0ca60c5810b3eff83c0Christian Maeder
83394c6b6e6de128e71b67c9251ed7a84485d082Christian Maeder*   conf/provisioner.openicf-ldap.json configures the LDAP connector.
83394c6b6e6de128e71b67c9251ed7a84485d082Christian Maeder    By default, the LDAP connector uses the following parameters:
abf2487c3aece95c371ea89ac64319370dcb6483Klaus Luettich    "host" : "localhost",
ce8b15da31cd181b7e90593cbbca98f47eda29d6Till Mossakowski    "port" : 1389,
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder    "principal" : "cn=Directory Manager",
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder    "credentials" : "password",
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder    "baseContextsToSynchronize" : [ "ou=People,dc=example,dc=com" ],
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder    "attributesToSynchronize" : [ "uid", "sn", "cn", "givenName", "mail", "description", "telephoneNumber" ],
ac0bbbcb2774629bb87986e69cf53d3402c5f575Christian Maeder*   conf/scheduler-recon.json configures a scheduler you can use to run
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder    reconciliation periodically.
2e2094a642e3775b0d76b890556407941d3a53b6Christian Maeder*   conf/sync.json describes how identities in the directory server map to
2e2094a642e3775b0d76b890556407941d3a53b6Christian Maeder    identities in the internal repository target.
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder*   conf/authentication.json specifies an additional "authModule" entry for "PASSTHROUGH"
2e2094a642e3775b0d76b890556407941d3a53b6Christian Maeder    authentication. This is used to allow the managed/user entries created from LDAP to
c0c2380bced8159ff0297ece14eba948bd236471Christian Maeder    login with the credentials which remain in LDAP.
8410667510a76409aca9bb24ff0eda0420088274Christian Maeder
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian MaederData for this sample is stored in data/Example.ldif. After you import
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maederthe data, ou=People,dc=example,dc=com contains a single user entry for
8410667510a76409aca9bb24ff0eda0420088274Christian Maederthe user from the first sample. Although all attributes to synchronize
404166b9366552e9ec5abb87a37c76ec8a815fb7Klaus Luettichcan be multi-valued in LDAP, this sample defines only mail as a multi-
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian Maedervalued attribute in OpenIDM, in order to match the definition in the
4d56f2fa72e4aec20eb827c11ed49c8cbb7014bdChristian Maederfirst sample.
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian Maeder
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian MaederThe following curl command runs reconciliation once, creating users defined
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian Maederin OpenDJ in OpenIDM's internal repository:
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian Maeder
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian Maeder$ curl -k --header "Content-type: application/json" -u "openidm-admin:openidm-admin" -X POST "https://localhost:8443/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian Maeder
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian MaederAlternatively, edit conf/scheduler-recon.json to enable scheduled
d4892fa7401ceef014ea59d2d900773eaf88fcbdChristian Maederreconciliation:
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian Maeder
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian Maeder    "enabled" : true,
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian Maeder
eee4b2ee739f163e09d6af6e45c025681e6c01a0Christian MaederThe following curl command requests all identifiers in OpenIDM's internal
404166b9366552e9ec5abb87a37c76ec8a815fb7Klaus Luettichrepository. Use it to see the results after reconciliation for example.
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder$ curl -k -u "openidm-admin:openidm-admin" "https://localhost:8443/openidm/managed/user?_queryId=query-all-ids&_prettyPrint=true"
55adfe57a4de1f36adc3e3bfc16f342e44a7d444Christian Maeder{
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder  "result" : [ {
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder    "_id" : "678eb8f7-5e3f-4bef-b001-bc0f01353dae",
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder    "_rev" : "0"
e593b89bfd4952698dc37feced21cefe869d87a2Christian Maeder  }, {
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder    "_id" : "5e9534cb-c37e-48c0-9c1f-0782a7e2a9c0",
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder    "_rev" : "0"
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder  } ],
2e2094a642e3775b0d76b890556407941d3a53b6Christian Maeder  "resultCount" : 2,
f13d1e86e58da53680e78043e8df182eed867efbChristian Maeder  "pagedResultsCookie" : null,
96646aed2ae087b942ae23f15bbe729a8f7c43d3Christian Maeder  "remainingPagedResults" : -1
96646aed2ae087b942ae23f15bbe729a8f7c43d3Christian Maeder}
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder
a2d6702f18737cc5fff8e8631c08f221f8375c4bChristian MaederAfter you have created the managed/user entries you can use them to login to the UI at https://localhost:8443/openidmui/
c6fcd42c6d6d9dae8c7835c24fcb7ce8531a9050Christian Maeder