samples/sample2c/README.md

	README.md revision c1bed58d59da76132e7b960e74825f038c282555
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay    /**
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     *
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * Copyright 2014 ForgeRock AS. All rights reserved.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     *
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * The contents of this file are subject to the terms
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * of the Common Development and Distribution License
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * (the License). You may not use this file except in
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * compliance with the License.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     *
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * You can obtain a copy of the License at
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * http://forgerock.org/license/CDDLv1.0.html
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * See the License for the specific language governing
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * permission and limitations under the License.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     *
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * When distributing Covered Code, include this CDDL
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * Header Notice in each file and include the License file
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * at http://forgerock.org/license/CDDLv1.0.html
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * If applicable, add the following below the CDDL Header,
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * with the fields enclosed by brackets [] replaced by
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * your own identifying information:
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     * "Portions Copyrighted [year] [name of copyright owner]"
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay     */
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason LemaySample 2c - Synchronizing LDAP Group Membership
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay===============================================
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason LemayThis sample is the same as sample 2b except that it focuses on one special
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemayattribute, ldapGroups, which is used to synchronize LDAP group membership.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason LemayUnlike sample 2, this sample sync.json configuration contains two mappings from
a20efbd22b33014647993674c901e85b7aca2c42Jason LemayOpenDJ to OpenIDM and back. The number of attributes mapped are limited. The
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemaysample contains a schedule configuration which can be used to schedule
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemayreconciliation.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason LemayNew users are created from LDAP and existing users are updated and back-linked
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemayfrom OpenIDM to OpenDJ. Changes on OpenIDM are now pushed into the LDAP server.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason LemayIn addition to sample 2b this sample synchronizes LDAP group membership:
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason LemaySetup OpenDJ
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay------------
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay1.  Extract OpenDJ to a folder called opendj.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay2.  Run the following command to initialize OpenDJ.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        $ opendj/setup --cli --hostname localhost --ldapPort 1389 --rootUserDN "cn=Directory Manager" \
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        --rootUserPassword password --adminConnectorPort 4444 --baseDN dc=com --acceptLicense --addBaseEntry \
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        --no-prompt --quiet
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay3.  Load the Example.ldif file supplied in the data folder into OpenDJ.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        $ opendj/bin/ldapmodify -a -c --bindDN "cn=Directory Manager" --bindPassword password --hostname localhost \
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        --port 1389 --filename /path/to/openidm/samples/sample2c/data/Example.ldif
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason LemayRun The Sample In OpenIDM
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay-------------------------
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay1.  Launch OpenIDM with the sample configuration as follows.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        $ /path/to/openidm/startup.sh -p samples/sample2c
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay2.  Run reconciliation once, creating users defined in OpenDJ in OpenIDM's internal repository.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        $ curl -k -H "Content-type: application/json" -u "openidm-admin:openidm-admin" -X POST \
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        "https://localhost:8443/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay3.  Request all identifiers in OpenIDM's internal repository. Use this command to see the results after reconciliation.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        $ curl -k -u "openidm-admin:openidm-admin" "https://localhost:8443/openidm/managed/user?_queryId=query-all-ids&_prettyPrint=true"
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        {
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "result" : [ {
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay            "_id" : "455b1cd5-ae51-41c0-ade9-0dfcc6dee265",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay            "_rev" : "0"
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          }, {
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay            "_id" : "bdd64b1a-015b-4a00-a979-1d699bca2f6b",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay            "_rev" : "0"
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          },
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "resultCount" : 2,
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "pagedResultsCookie" : null,
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "remainingPagedResults" : -1
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        }
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay4.  Request a user in OpenIDM's internal repository.
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        $ curl -k -u "openidm-admin:openidm-admin" "https://localhost:8443/openidm/managed/user/455b1cd5-ae51-41c0-ade9-0dfcc6dee265?_prettyPrint=true"
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        {
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "mail" : "bjensen@example.com",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "sn" : "Jensen",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "passwordAttempts" : "0",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "lastPasswordAttempt" : "Wed Nov 19 2014 15:12:14 GMT-0800 (PST)",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "address2" : "",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "givenName" : "Barbara",
c1bed58d59da76132e7b960e74825f038c282555Jon Branch          "effectiveRoles" : [ ],
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "country" : "",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "city" : "",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "lastPasswordSet" : "",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "postalCode" : "",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "_id" : "9e64ca24-fac8-40e3-8a1c-52ba14ae6017",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "_rev" : "1",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "description" : "Created for OpenIDM",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "accountStatus" : "active",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "telephoneNumber" : "1-360-229-7105",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "roles" : [ "openidm-authorized" ],
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "effectiveAssignments" : { },
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "ldapGroups" : [ "cn=openidm2,ou=Groups,dc=example,dc=com" ],
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "postalAddress" : "",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "stateProvince" : "",
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay          "userName" : "bjensen",
786c8a76edf4275c0c85b200563c8f318641b088Laurent Bristiel          "displayName" : "Barbara Jensen"
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        }
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay    You will see the user is in group "openidm2".
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay        "ldapGroups" : [ "cn=openidm2,ou=Groups,dc=example,dc=com" ],
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemay
a20efbd22b33014647993674c901e85b7aca2c42Jason LemayNow you can login to the UI with the credentials from any of the DJ users. They
a20efbd22b33014647993674c901e85b7aca2c42Jason Lemaycan update their profile or their password; the changes will be synced back to LDAP.