553N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
0N/A * Copyright 2014 ForgeRock AS. All rights reserved.
0N/A * The contents of this file are subject to the terms
0N/A * of the Common Development and Distribution License
0N/A * (the License). You may not use this file except in
0N/A * compliance with the License.
0N/A * You can obtain a copy of the License at
0N/A * See the License for the specific language governing
0N/A * permission and limitations under the License.
0N/A * When distributing Covered Code, include this CDDL
0N/A * Header Notice in each file and include the License file
553N/A * If applicable, add the following below the CDDL Header,
553N/A * with the fields enclosed by brackets [] replaced by
553N/A * your own identifying information:
0N/A * "Portions Copyrighted [year] [name of copyright owner]"
0N/ASample 2c - Synchronizing LDAP Group Membership
0N/A===============================================
0N/AThis sample is the same as sample 2b except that it focuses on one special
0N/Aattribute, ldapGroups, which is used to synchronize LDAP group membership.
0N/AUnlike sample 2, this sample
sync.json configuration contains two mappings from
0N/AOpenDJ to OpenIDM and back. The number of attributes mapped are limited. The
0N/Asample contains a schedule configuration which can be used to schedule
0N/ANew users are created from LDAP and existing users are updated and back-linked
0N/Afrom OpenIDM to OpenDJ. Changes on OpenIDM are now pushed into the LDAP server.
0N/AIn addition to sample 2b this sample synchronizes LDAP group membership:
1. Extract OpenDJ to a folder called opendj.
2. Run the following command to initialize OpenDJ.
$
opendj/setup --cli --hostname localhost --ldapPort 1389 --rootUserDN "cn=Directory Manager" \
--rootUserPassword password --adminConnectorPort 4444 --baseDN dc=com --acceptLicense --addBaseEntry \
3. Load the
Example.ldif file supplied in the data folder into OpenDJ.
$
opendj/bin/ldapmodify -a -c --bindDN "cn=Directory Manager" --bindPassword password --hostname localhost \
Run The Sample In OpenIDM
-------------------------
1. Launch OpenIDM with the sample configuration as follows.
2. Run reconciliation once, creating users defined in OpenDJ in OpenIDM's internal repository.
$ curl -k -H "Content-type:
application/json" -u "openidm-admin:openidm-admin" -X POST \
3. Request all identifiers in OpenIDM's internal repository. Use this command to see the results after reconciliation.
"_id" : "455b1cd5-ae51-41c0-ade9-0dfcc6dee265",
"_id" : "bdd64b1a-015b-4a00-a979-1d699bca2f6b",
"pagedResultsCookie" : null,
"remainingPagedResults" : -1
4. Request a user in OpenIDM's internal repository.
"mail" : "bjensen@example.com",
"passwordAttempts" : "0",
"lastPasswordAttempt" : "Wed Nov 19 2014 15:12:14 GMT-0800 (PST)",
"_id" : "9e64ca24-fac8-40e3-8a1c-52ba14ae6017",
"description" : "Created for OpenIDM",
"accountStatus" : "active",
"telephoneNumber" : "1-360-229-7105",
"roles" : [ "openidm-authorized" ],
"effectiveAssignments" : { },
"ldapGroups" : [ "cn=openidm2,ou=Groups,dc=example,dc=com" ],
"displayName" : "Barbara Jensen"
You will see the user is in group "openidm2".
"ldapGroups" : [ "cn=openidm2,ou=Groups,dc=example,dc=com" ],
Now you can login to the UI with the credentials from any of the DJ users. They
can update their profile or their password; the changes will be synced back to LDAP.