README revision b55bdee3f12a9ac6ad2d4bfb1210578151016bb1
94bd918b63001277f1b28ae4581645f8a835688fBob HalleySample 6 - LiveSync Between Two LDAP Servers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein--------------------------------------------
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCopyright (c) 2012 ForgeRock AS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThis work is licensed under a Creative Commons Attribution-
94bd918b63001277f1b28ae4581645f8a835688fBob HalleyNonCommercial-NoDerivs 3.0 Unported License. See
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThis sample demonstrates use of two real LDAP connections, and both
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrewsreconciliation and LiveSync. To simplify setup, both provisioners point to the
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrewssame LDAP server, and only use different base DNs, so you can simulate use of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeintwo directory servers with a single OpenDJ directory server, for example.
8a66318e41ed14c5a88130e8c362610e8faa2121Mark AndrewsFor documentation pertaining to this example see:
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrewshttp://openidm.forgerock.org/doc/install-guide/index.html#more-sample6
94bd918b63001277f1b28ae4581645f8a835688fBob HalleyTo prepare to run the sample, download OpenDJ directory server from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinhttp://forgerock.org/opendj.html. Install OpenDJ using QuickSetup:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * Use "password" as the password for cn=Directory Manager.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * When presented with Topology Options, be sure to choose "This server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein will be part of a replication topology" to ensure the change log is set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * Import samples/sample6/data/Example.ldif during installation.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * After OpenDJ installation completes, click Launch Control Panel, then
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein use the New Base DN... window to create ou=people,o=ad and import
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein samples/sample6/data/AD.ldif into the same userRoot database as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein you used by default for Example.ldif.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThe directory server should now show one user under dc=example,dc=com with DN,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinuid=jdoe,ou=People,dc=example,dc=com, and no other entries under ou=people,o=ad.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTo run the sample in OpenIDM, follow these steps.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 1. Copy the sample configuration and data.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 2. Edit conf/provisioner.openicf-ad.json to change the port from 4389 to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 1389 (or other port number where OpenDJ listens for LDAP).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 3. Start OpenIDM.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 4. Run reconciliation.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein $ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request POST "http://localhost:8080/openidm/sync?_action=recon&mapping=systemLdapAccounts_managedUser"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein {"reconId":"d88ca423-d5f2-4eb5-a451-a229399f92af"}
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 5. Check that the user was added under ou=people,o=ad.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein $ ./ldapsearch -p 1389 -b ou=people,o=ad "(uid=jdoe)"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dn: uid=jdoe,ou=people,o=ad
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein objectClass: person
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein objectClass: inetOrgPerson
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein objectClass: organizationalPerson
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein objectClass: top
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein givenName: John
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein description: Created for OpenIDM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein cn: John Doe
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mail: jdoe@example.com
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 6. Edit conf/scheduler-activeSynchroniser_systemLdapAccount.json to set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "enabled" : true. LiveSync causes synchronization to happen as you
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein make changes.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 7. Using the OpenDJ Control Panel, add a new user under
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ou=People,dc=example,dc=com, and then check the result under
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ou=people,o=ad.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein $ ./ldapsearch -p 1389 -b ou=people,o=ad "(uid=*)" cn description
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dn: uid=jdoe,ou=people,o=ad
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein description: Created for OpenIDM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein cn: John Doe
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein dn: uid=bdobbs,ou=people,o=ad
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein description: Created to see LiveSync work
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein cn: Bob Dobbs