README revision bf6cd65c9f82497fc6e31697670d42bd65ee0182
3853N/A Steps 1 and 2 are optional, and only necessary if you'd like to receive emailed recon summaries.
3853N/A Edit this file to have your email server SMTP details. See http://openidm.forgerock.org/doc/integrators-guide/index.html#chap-mail for more information.
4153N/A 2. Edit samples/sample5b/script/reconStats.js and change these values to your own email addresses:
3853N/A $ curl -k -H "Content-type: application/json" -u "openidm-admin:openidm-admin" -X POST "https://localhost:8443/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"
4865N/A <icf:OpenICFContainer xmlns:icf="http://openidm.forgerock.com/xml/ns/public/resource/openicf/resource-schema-1.xsd"
2788N/A xmlns:ri="http://openidm.forgerock.com/xml/ns/public/resource/instances/resource-schema-extension"
2788N/A xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2788N/A xsi:schemaLocation="http://openidm.forgerock.com/xml/ns/public/resource/instances/resource-schema-extension samples/sample5b/data/resource-schema-extension.xsd http://openidm.forgerock.com/xml/ns/public/resource/openicf/resource-schema-1.xsd samples/sample5b/data/resource-schema-1.xsd">
2788N/A 7. Login to the UI at https://localhost:8443/openidmui. You can use openidm-admin/openidm-admin for admin access or
2788N/A DDOE1/TestPassw0rd2 for non-admin access. Updates to DDOE1 will be synced backed to both XML files.
2788N/A 8. Now make the LDAP xml file unavailable by renaming it so it is unreadable. You may need to have
2788N/A $ mv /path/to/openidm/samples/sample5b/data/xml_LDAP_Data.xml /path/to/openidm/samples/sample5b/data/xml_LDAP_Data.xml.bak
2788N/A 9. Perform an update to the DDOE1 user. It will be updated in managed/user, the synchronization to AD will be successful,
2788N/A but the synchronization to LDAP should fail. The compensate.js script will be invoked and will attempt to revert
2788N/A the change by performing another update to DDOE1 in managed/user, which will, in turn, perform the sync to AD and LDAP.
2788N/A On the second time through, the sync will again fail to LDAP, which will trigger the compensate.js again. The script
2788N/A this time will recognize we were originally called from compensation and will abort. The original sync error on the first
2788N/A Note that if you are making these updates from the UI, the UI screen does not referesh after the failure. It will still
4865N/A show the "pending update" that has not taken effect. Go back to the Users tab and start over and you will see the old
2788N/A managed/user data has been restored. View the xml_AD_Data.xml file and you will see that DDOE1 has also been reverted