README revision 245d622535c32563b59ef5027b1171167ba9b451
43b4c41fbb07705c9df321221ab9cb9832460407Christian MaederSample 2b - Bi-directional LDAP <-> Internal Repository
c63ebf815c8a874525cf18670ad74847f7fc7b26Christian Maeder-------------------------------------------------------
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian MaederCopyright (c) 2012 ForgeRock AS
25cc5fbba63f84b47e389af749f55abbbde71c8cChristian MaederThis work is licensed under a Creative Commons Attribution-
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederNonCommercial-NoDerivs 3.0 Unported License. See
43b4c41fbb07705c9df321221ab9cb9832460407Christian Maederhttp://creativecommons.org/licenses/by-nc-nd/3.0/
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian MaederThe sample shows you reconciliation between the OpenIDM internal repository
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederand a local LDAP directory server, such as OpenDJ, with data flowing from
43b4c41fbb07705c9df321221ab9cb9832460407Christian MaederOpenDJ into the internal repository, and from OpenDJ into the internal
f2f9df2e17e70674f0bf426ed1763c973ee4cde0Christian MaederTo run this sample, launch OpenIDM with the sample configuration as follows:
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder$ /path/to/openidm/startup.sh -p samples/sample2b
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederor follow the documentation in the Install Guide:
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maederhttp://openidm.forgerock.org/doc/install-guide/index.html#more-sample2b
a53841f6d6e86ac751c12a33dc8aadf53f59d977Klaus LuettichData for this sample is stored in data/Example.ldif. After you import
a53841f6d6e86ac751c12a33dc8aadf53f59d977Klaus Luettichthe data, ou=People,dc=example,dc=com contains a single user entry. Although
a53841f6d6e86ac751c12a33dc8aadf53f59d977Klaus Luettichall attributes to synchronize can be multi-valued in LDAP, this sample
a53841f6d6e86ac751c12a33dc8aadf53f59d977Klaus Luettichdefines only mail as a multi-valued attribute in OpenIDM.
68d10d143f29fcff3c637ba24f90e983995ceae6Christian MaederThe sample includes these configuration files.
01e383014b555bbcf639c0ca60c5810b3eff83c0Christian Maeder* conf/provisioner.openicf-ldap.json configures the LDAP connector.
3b06e23643a9f65390cb8c1caabe83fa7e87a708Till Mossakowski By default, the LDAP connector uses the following parameters:
9dac90ec2be2a72e03893095461960d483fe2fc2Christian Maeder "host" : "localhost",
5e5d3e82af3bc2834f8718a52d9f45da80220273Dominik Luecke "port" : 1389,
d54cd08a4cfa26256c38d8ed12c343adbfe1a0e3Christian Maeder "principal" : "cn=Directory Manager",
ce8b15da31cd181b7e90593cbbca98f47eda29d6Till Mossakowski "credentials" : "password",
e7757995211bd395dc79d26fe017d99375f7d2a6Christian Maeder "baseContextsToSynchronize" : [ "ou=People,dc=example,dc=com" ],
e7757995211bd395dc79d26fe017d99375f7d2a6Christian Maeder "attributesToSynchronize" : [ "uid", "sn", "cn", "givenName", "mail", "description" ],
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder* conf/scheduler-recon.json configures a scheduler you can use to run
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder reconciliation periodically.
a1ed34933c266ce85066acb0d7b20c90cb8eb213Christian Maeder* conf/sync.json describes how identities in the directory server map to
c0c2380bced8159ff0297ece14eba948bd236471Christian Maeder identities in the internal repository target.
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian MaederThis sample includes the script script/ldapBackCorrelationQuery.js which
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maedercorrelates entries in the directory with identities in OpenIDM.
404166b9366552e9ec5abb87a37c76ec8a815fb7Klaus LuettichThe following curl command runs reconciliation once, creating users defined
b1f59a4ea7c96f4c03a4d7cfcb9c5e66871cfbbbChristian Maederin OpenDJ in OpenIDM's internal repository:
4d56f2fa72e4aec20eb827c11ed49c8cbb7014bdChristian Maeder$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request POST "http://localhost:8080/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"
8ef75f1cc0437656bf622cec5ac9e8ea221da8f2Christian MaederCreate or update a user on the directory server, for example using OpenDJ
404166b9366552e9ec5abb87a37c76ec8a815fb7Klaus LuettichControl Panel > Manage Entries, and then run reconciliation. Reconciliation
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maederflows your changes to the OpenIDM repository.
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian MaederThe following curl command requests all identifiers in OpenIDM's internal
8d97ef4f234681b11bb5924bd4d03adef858d2d2Christian Maederrepository. Use it to see the results after reconciliation for example.
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" "http://localhost:8080/openidm/managed/user/?_queryId=query-all-ids"