Cross Reference: /forgerock/openidm-v4/openidm-zip/src/main/resources/samples/sample2b/README

	README revision 245d622535c32563b59ef5027b1171167ba9b451
Sample 2b - Bi-directional LDAP <-> Internal Repository
-------------------------------------------------------
Copyright (c) 2012 ForgeRock AS
This work is licensed under a Creative Commons Attribution-
NonCommercial-NoDerivs 3.0 Unported License. See
http://creativecommons.org/licenses/by-nc-nd/3.0/

The sample shows you reconciliation between the OpenIDM internal repository
and a local LDAP directory server, such as OpenDJ, with data flowing from
OpenDJ into the internal repository, and from OpenDJ into the internal
repository.

To run this sample, launch OpenIDM with the sample configuration as follows:
$ /path/to/openidm/startup.sh -p samples/sample2b

or follow the documentation in the Install Guide:
http://openidm.forgerock.org/doc/install-guide/index.html#more-sample2b

Data for this sample is stored in data/Example.ldif. After you import
the data, ou=People,dc=example,dc=com contains a single user entry. Although
all attributes to synchronize can be multi-valued in LDAP, this sample
defines only mail as a multi-valued attribute in OpenIDM.

The sample includes these configuration files.

*   conf/provisioner.openicf-ldap.json configures the LDAP connector.
    By default, the LDAP connector uses the following parameters:
    "host" : "localhost",
    "port" : 1389,
    "principal" : "cn=Directory Manager",
    "credentials" : "password",
    "baseContextsToSynchronize" : [ "ou=People,dc=example,dc=com" ],
    "attributesToSynchronize" : [ "uid", "sn", "cn", "givenName", "mail", "description" ],
*   conf/scheduler-recon.json configures a scheduler you can use to run
    reconciliation periodically.
*   conf/sync.json describes how identities in the directory server map to
    identities in the internal repository target.

This sample includes the script script/ldapBackCorrelationQuery.js which
correlates entries in the directory with identities in OpenIDM.

The following curl command runs reconciliation once, creating users defined
in OpenDJ in OpenIDM's internal repository:

$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request POST "http://localhost:8080/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"

Create or update a user on the directory server, for example using OpenDJ
Control Panel > Manage Entries, and then run reconciliation. Reconciliation
flows your changes to the OpenIDM repository.

The following curl command requests all identifiers in OpenIDM's internal
repository. Use it to see the results after reconciliation for example.

$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" "http://localhost:8080/openidm/managed/user/?_queryId=query-all-ids"