8df974db6a280f05491e26c4f0f59e7568fe5b02James PhillpottsSample 2c - Synchronizing LDAP Group Membership

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts-----------------------------------------------

8df974db6a280f05491e26c4f0f59e7568fe5b02James PhillpottsCopyright (c) 2012-2014 ForgeRock AS

8df974db6a280f05491e26c4f0f59e7568fe5b02James PhillpottsThis work is licensed under a Creative Commons Attribution-

8df974db6a280f05491e26c4f0f59e7568fe5b02James PhillpottsNonCommercial-NoDerivs 3.0 Unported License. See

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts

8df974db6a280f05491e26c4f0f59e7568fe5b02James PhillpottsThis sample is the same as sample 2b except that it focuses on one special

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpottsattribute, ldapGroups, which is used to synchronize LDAP group membership.

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts

8df974db6a280f05491e26c4f0f59e7568fe5b02James PhillpottsTo run this sample, launch OpenIDM with the sample configuration as follows:

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts$ /path/to/openidm/startup.sh -p samples/sample2c

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpottsor follow the documentation in the Install Guide:

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpottshttp://openidm.forgerock.org/doc/install-guide/index.html#more-sample2c

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts

8df974db6a280f05491e26c4f0f59e7568fe5b02James PhillpottsThe sample configuration connects to a local OpenDJ with the following parameters:

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts"host" : "localhost",

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts"port" : 1389,

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts"principal" : "cn=Directory Manager",

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts"credentials" : "password",

8df974db6a280f05491e26c4f0f59e7568fe5b02James Phillpotts

8df974db6a280f05491e26c4f0f59e7568fe5b02James PhillpottsUnlike sample 2, this sample sync.json configuration contains two mappings from

7d395d5d4197d1648464cb3606f69c23f08ffbd6James PhillpottsOpenDJ to OpenIDM and back. The number of attributes mapped are limited. The

7d395d5d4197d1648464cb3606f69c23f08ffbd6James Phillpottssample contains a schedule configuration which can be used to schedule

7d395d5d4197d1648464cb3606f69c23f08ffbd6James Phillpottsreconciliation.

7d395d5d4197d1648464cb3606f69c23f08ffbd6James Phillpotts

7d395d5d4197d1648464cb3606f69c23f08ffbd6James PhillpottsNew users are created from LDAP and existing users are updated and back-linked

7d395d5d4197d1648464cb3606f69c23f08ffbd6James Phillpottsfrom OpenIDM to OpenDJ. Changes on OpenIDM are now pushed into the LDAP server.

7d395d5d4197d1648464cb3606f69c23f08ffbd6James Phillpotts

7d395d5d4197d1648464cb3606f69c23f08ffbd6James PhillpottsIn addition to sample 2b this sample synchronizes LDAP group membership:

7d395d5d4197d1648464cb3606f69c23f08ffbd6James Phillpotts

7d395d5d4197d1648464cb3606f69c23f08ffbd6James PhillpottsAdd a user to an LDAP group and run reconciliation. A new attribute, ldapGroups,

7d395d5d4197d1648464cb3606f69c23f08ffbd6James Phillpottsis added to the user's JSON representation in the repo. This attribute contains

7d395d5d4197d1648464cb3606f69c23f08ffbd6James Phillpottsa list of the group DNs that the user is a memberOf.