Cross Reference: /forgerock/openidm-v4/openidm-zip/src/main/resources/samples/sample6/README

	README revision 4b3769ce483ece06f60f983193712492b920144f
Sample 6 - LiveSync Between Two LDAP Servers
--------------------------------------------
Copyright (c) 2012-2014 ForgeRock AS
This work is licensed under a Creative Commons Attribution-
NonCommercial-NoDerivs 3.0 Unported License. See
http://creativecommons.org/licenses/by-nc-nd/3.0/

This sample demonstrates use of two real LDAP connections, and both
reconciliation and LiveSync. To simplify setup, both provisioners point to the
same LDAP server, and only use different base DNs, so you can simulate use of
two directory servers with a single OpenDJ directory server, for example.

For documentation pertaining to this example see:
http://openidm.forgerock.org/doc/install-guide/index.html#more-sample6

To prepare to run the sample, download OpenDJ directory server from
http://forgerock.org/opendj.html. Install OpenDJ using QuickSetup:

    * Use "password" as the password for cn=Directory Manager.
    * When presented with Topology Options, be sure to choose "This server
      will be part of a replication topology" to ensure the change log is set
      up.
    * Import samples/sample6/data/Example.ldif during installation.
    * After OpenDJ installation completes, click Launch Control Panel, then
      use the New Base DN... window to create ou=people,o=ad and import
      samples/sample6/data/AD.ldif into the same userRoot database as
      you used by default for Example.ldif.

The directory server should now show one user under dc=example,dc=com with DN,
uid=jdoe,ou=People,dc=example,dc=com, and no other entries under ou=people,o=ad.

To run the sample in OpenIDM, follow these steps.

    1. Edit /path/to/openidm/samples/sample6/conf/provisioner.openicf-ad.json
       to change the port from 4389 to 1389 (or other port number where OpenDJ
       listens for LDAP).

    2. Start OpenIDM with the configuration for sample 6.

    $ cd /path/to/openidm
    $ ./startup.sh -p samples/sample6

    3. Run reconciliation.

    $ curl -k --header "Content-type: application/json" -u "openidm-admin:openidm-admin" -X POST "https://localhost:8443/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"
    {"reconId":"d88ca423-d5f2-4eb5-a451-a229399f92af"}

    4. Check that the user was added under ou=people,o=ad.

    $ cd /path/to/OpenDJ/bin
    $ ./ldapsearch -p 1389 -b ou=people,o=ad "(uid=jdoe)"
    dn: uid=jdoe,ou=people,o=ad
    objectClass: person
    objectClass: inetOrgPerson
    objectClass: organizationalPerson
    objectClass: top
    givenName: John
    description: Created for OpenIDM
    uid: jdoe
    cn: John Doe
    sn: Doe
    mail: jdoe@example.com

    5. Edit samples/sample6/conf/schedule-activeSynchroniser_systemLdapAccount.json
    to set "enabled" : true. LiveSync causes synchronization to happen as you
    make changes.

    6. Using ./ldapmodify, create a new user in
       ou=People,dc=example,dc=com, and then check the result under
       ou=people,o=ad.

       An example would be to create a bdobbs.ldif file and paste the following in it.
           dn: uid=bdobbs,ou=People,dc=example,dc=com
           objectClass: person
           objectClass: inetOrgPerson
           objectClass: organizationalPerson
           objectClass: top
           givenName: Bob
           description: Created to see LiveSync work
           uid: bdobbs
           cn: Bob Dobbs
           sn: Dobbs
           mail: bdobbs@example.com

       Then use ./ldapmodify -p 1389 -a -D "cn=Directory Manager" -w password -f ~/path/to/bdobbs.ldif

    $ ./ldapsearch -p 1389 -b ou=people,o=ad "(uid=*)" cn description
    dn: uid=jdoe,ou=people,o=ad
    description: Created for OpenIDM
    cn: John Doe

    dn: uid=bdobbs,ou=people,o=ad
    description: Created to see LiveSync work
    cn: Bob Dobbs