README revision 4b4c3a2028eea921136be5b4717c69c074b4982e
fa9e4066f08beec538e775443c5be79dd423fcabahrensSample 2 - One-way LDAP -> Internal Repository
fa9e4066f08beec538e775443c5be79dd423fcabahrens----------------------------------------------
fa9e4066f08beec538e775443c5be79dd423fcabahrensCopyright (c) 2012 ForgeRock AS
fa9e4066f08beec538e775443c5be79dd423fcabahrensThis work is licensed under a Creative Commons Attribution-
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrockNonCommercial-NoDerivs 3.0 Unported License. See
fa9e4066f08beec538e775443c5be79dd423fcabahrensThe sample shows you reconciliation between the OpenIDM internal repository
fa9e4066f08beec538e775443c5be79dd423fcabahrensand a local LDAP directory server, such as OpenDJ, with data flowing from
fa9e4066f08beec538e775443c5be79dd423fcabahrensOpenDJ into the internal repository. No changes are pushed from OpenIDM
fa9e4066f08beec538e775443c5be79dd423fcabahrensTo run this sample, launch OpenIDM with the sample configuration as follows:
fa9e4066f08beec538e775443c5be79dd423fcabahrensor follow the documentation in the Install Guide:
fa9e4066f08beec538e775443c5be79dd423fcabahrenshttp://openidm.forgerock.org/doc/install-guide/index.html#more-sample2
fa9e4066f08beec538e775443c5be79dd423fcabahrensThe sample includes these configuration files.
fa9e4066f08beec538e775443c5be79dd423fcabahrens* conf/provisioner.openicf-ldap.json configures the LDAP connector.
5aba80db367b061758a29154d304977d00d8e4f4ck By default, the LDAP connector uses the following parameters:
fa9e4066f08beec538e775443c5be79dd423fcabahrens "host" : "localhost",
fa9e4066f08beec538e775443c5be79dd423fcabahrens "port" : 1389,
fa9e4066f08beec538e775443c5be79dd423fcabahrens "principal" : "cn=Directory Manager",
fa9e4066f08beec538e775443c5be79dd423fcabahrens "credentials" : "password",
fa9e4066f08beec538e775443c5be79dd423fcabahrens "baseContextsToSynchronize" : [ "ou=People,dc=example,dc=com" ],
fa9e4066f08beec538e775443c5be79dd423fcabahrens "attributesToSynchronize" : [ "uid", "sn", "cn", "givenName", "mail", "description" ],
fa9e4066f08beec538e775443c5be79dd423fcabahrens* conf/scheduler-recon.json configures a scheduler you can use to run
fa9e4066f08beec538e775443c5be79dd423fcabahrens reconciliation periodically.
fa9e4066f08beec538e775443c5be79dd423fcabahrens* conf/sync.json describes how identities in the directory server map to
fa9e4066f08beec538e775443c5be79dd423fcabahrens identities in the internal repository target.
fa9e4066f08beec538e775443c5be79dd423fcabahrensData for this sample is stored in data/Example.ldif. After you import
fa9e4066f08beec538e775443c5be79dd423fcabahrensthe data, ou=People,dc=example,dc=com contains a single user entry for
fa9e4066f08beec538e775443c5be79dd423fcabahrensthe user from the first sample. Although all attributes to synchronize
fa9e4066f08beec538e775443c5be79dd423fcabahrenscan be multi-valued in LDAP, this sample defines only mail as a multi-
fa9e4066f08beec538e775443c5be79dd423fcabahrensvalued attribute in OpenIDM, in order to match the definition in the
fa9e4066f08beec538e775443c5be79dd423fcabahrensfirst sample.
990b4856d0eaada6f8140335733a1b1771ed2746llingThe following curl command runs reconciliation once, creating users defined
fa9e4066f08beec538e775443c5be79dd423fcabahrensin OpenDJ in OpenIDM's internal repository:
5aba80db367b061758a29154d304977d00d8e4f4ck$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request POST "http://localhost:8080/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"
fa9e4066f08beec538e775443c5be79dd423fcabahrensAlternatively, edit conf/scheduler-recon.json to enable scheduled
fa9e4066f08beec538e775443c5be79dd423fcabahrensreconciliation:
91ebeef555ce7f899b6270a3c2df47b51f7ad59aahrens "enabled" : true,
99653d4ee642c6528e88224f12409a5f23060994eschrockThe following curl command requests all identifiers in OpenIDM's internal
99653d4ee642c6528e88224f12409a5f23060994eschrockrepository. Use it to see the results after reconciliation for example.
99653d4ee642c6528e88224f12409a5f23060994eschrock$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" "http://localhost:8080/openidm/managed/user/?_queryId=query-all-ids"