Sample 2c - Synchronizing LDAP Group Membership

-----------------------------------------------

Copyright (c) 2012 ForgeRock AS

This work is licensed under a Creative Commons Attribution-

NonCommercial-NoDerivs 3.0 Unported License. See

This sample is the same as sample 2b except that it focuses on one special

attribute, ldapGroups, which is used to synchronize LDAP group membership.

To run this sample, launch OpenIDM with the sample configuration as follows:

$ /path/to/openidm/startup.sh -p samples/sample2c

or follow the documentation in the Install Guide:

http://openidm.forgerock.org/doc/install-guide/index.html#more-sample2c

The sample configuration connects to a local OpenDJ with the following parameters:

"host" : "localhost",

"port" : 1389,

"principal" : "cn=Directory Manager",

"credentials" : "password",

Unlike sample 2, this sample sync.json configuration contains two mappings from

OpenDJ to OpenIDM and back. The number of attributes mapped are limited. The

sample contains a schedule configuration which can be used to schedule

reconciliation.

New users are created from LDAP and existing users are updated and back-linked

from OpenIDM to OpenDJ. Changes on OpenIDM are now pushed into the LDAP server.

In addition to sample 2b this sample synchronizes LDAP group membership:

Add a user to an LDAP group and run reconciliation. A new attribute, ldapGroups,

is added to the user's JSON representation in the repo. This attribute contains

a list of the group DNs that the user is a memberOf.