README revision baf15352a4774619a416d0c0b567ed834d349513
d5b7ba26785d7494166d48876362ba30ff30b98awroweSample 2b - Bi-directional LDAP <-> Internal Repository
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregames-------------------------------------------------------
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregamesCopyright (c) 2012-2013 ForgeRock AS
14763a0db22322626dd8cd59dfbc3a4fcc655d99trawickThis work is licensed under a Creative Commons Attribution-
89ea31761658f422cf21cd3b0224dc5fe95cccd3ndNonCommercial-NoDerivs 3.0 Unported License. See
22e2a4e366bf541a07188005e46c88c86de56775ndThe sample shows you reconciliation between the OpenIDM internal repository
22e2a4e366bf541a07188005e46c88c86de56775ndand a local LDAP directory server, such as OpenDJ, with data flowing from
22e2a4e366bf541a07188005e46c88c86de56775ndOpenDJ into the internal repository, and from the internal repository into
67a4d05bab3fc19c1b87fb9042977975bf27cdbdndTo run this sample, launch OpenIDM with the sample configuration as follows:
210817da3118a900388980e4481e4aec6a58f101ndor follow the documentation in the Install Guide:
46c99ed700a996f84dee6b1fe42d22ce9f27b5a0ndhttp://openidm.forgerock.org/doc/install-guide/index.html#more-sample2b
46c99ed700a996f84dee6b1fe42d22ce9f27b5a0ndData for this sample is stored in data/Example.ldif. After you import
d7c7669331357296719d67d1963d40d713ed455atrawickthe data, ou=People,dc=example,dc=com contains a single user entry. Although
d7c7669331357296719d67d1963d40d713ed455atrawickall attributes to synchronize can be multi-valued in LDAP, this sample
d7c7669331357296719d67d1963d40d713ed455atrawickdefines only mail as a multi-valued attribute in OpenIDM.
54d0abb38e1a2ba503250495e4c3476b348f1a74madhumThe sample includes these configuration files.
54d0abb38e1a2ba503250495e4c3476b348f1a74madhum* conf/provisioner.openicf-ldap.json configures the LDAP connector.
781888a651637edc0b043a6787cb0c2acf30a187geoff By default, the LDAP connector uses the following parameters:
781888a651637edc0b043a6787cb0c2acf30a187geoff "host" : "localhost",
781888a651637edc0b043a6787cb0c2acf30a187geoff "port" : 1389,
781888a651637edc0b043a6787cb0c2acf30a187geoff "principal" : "cn=Directory Manager",
82418a946182d550955bde2daae409766544c544trawick "credentials" : "password",
82418a946182d550955bde2daae409766544c544trawick "baseContextsToSynchronize" : [ "ou=People,dc=example,dc=com" ],
82418a946182d550955bde2daae409766544c544trawick "attributesToSynchronize" : [ "uid", "sn", "cn", "givenName", "mail", "description" ],
5d3e5520c34648220ed0cd9dc01c2c203257c86fnd* conf/scheduler-recon.json configures a scheduler you can use to run
5d3e5520c34648220ed0cd9dc01c2c203257c86fnd reconciliation periodically.
5d3e5520c34648220ed0cd9dc01c2c203257c86fnd* conf/sync.json describes how identities in the directory server map to
15240541412d9584f72016c353296e95b7339236thommay identities in the internal repository target.
15240541412d9584f72016c353296e95b7339236thommayThis sample includes the script script/ldapBackCorrelationQuery.js which
92d95be777d4365eb79444a7a558355a7a92081ajortoncorrelates entries in the directory with identities in OpenIDM.
92d95be777d4365eb79444a7a558355a7a92081ajortonThe following curl command runs reconciliation once, creating users defined
92d95be777d4365eb79444a7a558355a7a92081ajortonin OpenDJ in OpenIDM's internal repository:
af8dee354a287249dd9f3f77bbe850108e5afe43trawick$ curl --header "Content-type: application/json" --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request POST "http://localhost:8080/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"
af8dee354a287249dd9f3f77bbe850108e5afe43trawickCreate or update a user on the directory server, for example using OpenDJ
af8dee354a287249dd9f3f77bbe850108e5afe43trawickControl Panel > Manage Entries, and then run reconciliation. Reconciliation
14763a0db22322626dd8cd59dfbc3a4fcc655d99trawickflows your changes to the OpenIDM repository.
fb82af0f0cd7b58eef19c54b086131b7e1e1e749madhumThe following curl command requests all identifiers in OpenIDM's internal
fb82af0f0cd7b58eef19c54b086131b7e1e1e749madhumrepository. Use it to see the results after reconciliation for example.
bcccfc984c481af611fa4ffc3e2732400b041cfend$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" "http://localhost:8080/openidm/managed/user/?_queryId=query-all-ids"