chap-sample.xml revision d1a1c16f546ed980d06b400fe4f7a0c050740c52
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! CCPL HEADER START
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! This work is licensed under the Creative Commons
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! Attribution-NonCommercial-NoDerivs 3.0 Unported License.
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! To view a copy of this license, visit
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! http://creativecommons.org/licenses/by-nc-nd/3.0/
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! or send a letter to Creative Commons, 444 Castro Street,
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! Suite 900, Mountain View, California, 94041, USA.
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! You can also obtain a copy of the license at
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! See the License for the specific language governing permissions
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! and limitations under the License.
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! If applicable, add the following below this CCPL HEADER, with the fields
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! enclosed by brackets "[]" replaced with your own identifying information:
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! Portions Copyright [yyyy] [name of copyright owner]
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! CCPL HEADER END
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ! Copyright 2011 ForgeRock AS
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose xsi:schemaLocation='http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd'
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose xmlns:xinclude='http://www.w3.org/2001/XInclude'>
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher <para>In the current distribution of OpenIDM the sample
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher in <filename>openidm/samples/sample1</filename> is configured and enabled by
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher default. This chapter provides an overview of the sample and how it is
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher configured. To see a listing and an overview of the rest of the samples
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher provided see the README found in <filename>openidm/samples</filename>.
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher <section xml:id="before-you-begin-sample">
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher <para>Install OpenIDM as described in the chapter on <link
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher xlink:role="http://docbook.org/xlink/role/olink"><citetitle>Installing
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher OpenIDM Services</citetitle></link>.</para>
48a038d077ed2de18a5211e010c18ab680107293Stephen Gallagher <para>If you want to query the internal noSQL database (OrientDB), download
7bfc287b693d3696bd5b3c60bdb7e543eb230f9bStephen Gallagher and unzip <link xlink:href='http://code.google.com/p/orient/wiki/Download'
7bfc287b693d3696bd5b3c60bdb7e543eb230f9bStephen Gallagher xlink:show="new">OrientDB 1.0</link>. Once you have downloaded and unzipped
63fb0857378c450d9806b1a3c6bb5657f00a8ba1Jakub Hrozek OrientDB, you can find the shell console in the <filename>bin</filename>
63fb0857378c450d9806b1a3c6bb5657f00a8ba1Jakub Hrozek directory. Start OrientDB console using either <command>console.sh</command>
01248645166911f3b3c19723f44a84c5a0599e34Stephen Gallagher or <command>console.bat</command>, and then connect to the running OpenIDM
01248645166911f3b3c19723f44a84c5a0599e34Stephen Gallagher with the <command>connect</command> command.</para>
3662413d65e9ba2a899e8ce98ec9c3a549be20c8Jan Zeleny <screen>$ /path/to/orientdb-1.0rc6/bin/console.sh
7bfc287b693d3696bd5b3c60bdb7e543eb230f9bStephen GallagherConnecting to database [remote:localhost/openidm] with user 'admin'...OK
7bfc287b693d3696bd5b3c60bdb7e543eb230f9bStephen Gallagher <variablelist>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>Once connected to the database, you might find the following
7bfc287b693d3696bd5b3c60bdb7e543eb230f9bStephen Gallagher commands useful.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <listitem><para>Shows classes and records</para></listitem>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <term><command>select * from managed_user</command></term>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <listitem><para>Shows all users in the OpenIDM repository</para></listitem>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <term><command>select * from audit_activity</command></term>
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov <listitem><para>Shows all activity audit records</para></listitem>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </varlistentry>
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov <varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <term><command>select * from audit_recon</command></term>
b9303e06737e6a024239e9c9a6f05fb9ed0a977eStephen Gallagher <listitem><para>Shows all reconciliation audit records</para></listitem>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </variablelist>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>OpenIDM connects identity data objects held in different data resources
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose by mapping one object to another. To connect to different data resources,
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose OpenIDM uses <link xlink:href="http://openicf.forgerock.org">OpenICF</link>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose connectors configured for use with the data resources.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>When objects in one data resource change, OpenIDM determines how the
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose changes affect other objects, and can make the changes as necessary. This
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov sample demonstrates how OpenIDM does this by using
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov <firstterm>reconciliation</firstterm> and
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov <firstterm>synchronization</firstterm>. OpenIDM reconciliation compares
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose objects in one object set to mapped objects in another object set.
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose Reconciliation can work in write mode, where OpenIDM writes changes to
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose affected objects, or in report mode, where OpenIDM reports on what changes
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose would be written without making the changes. OpenIDM synchronization reflects
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose changes in objects to any mapped objects, making changes as necessary to
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov create or remove mapped objects and links to associate them.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>This sample connects to an XML file holding sample user data. The XML
b36dfa237c0d9ad3a1c9d59790d6aab3b1e2e82dJakub Hrozek file is configured as the authoritative source. In this sample, users are
99dd40a885ed3d42af4bbbde7ee2fc98830544d0Pavel Březina created in the local repository to show you how you can manage local users
b36dfa237c0d9ad3a1c9d59790d6aab3b1e2e82dJakub Hrozek through the REST APIs. You can also use OpenIDM without storing managed
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov objects for users in the local repository, instead reconciling and
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov synchronizing objects directly through connectors to external data
b36dfa237c0d9ad3a1c9d59790d6aab3b1e2e82dJakub Hrozek resources.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>Furthermore, this sample involves only one data resource. In practice,
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose you can connect as many resources as needed for your deployment.</para>
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov <variablelist xml:id="about-the-sample-configuration">
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>You can find configuration files for the sample under the
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <filename>openidm/samples/sample1/conf</filename> directory. As you review
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose the samples, keep the following in mind.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <orderedlist>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>OpenIDM regularly scans for any scheduler configuration files in the
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov <filename>conf</filename> directory.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>OpenIDM's reconciliation service reads the mappings and actions for
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose the source and target users from <filename>conf/sync.json</filename>.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>Reconciliation runs, querying all users in the source, and then
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose creating, deleting, or modifying users in the local OpenIDM repository
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose according to the synchronization mappings.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>OpenIDM writes all operations to the audit logs in both the internal
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose database and also the flat files in the <filename>openidm/audit</filename>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose directory.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </orderedlist>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <term><filename>conf/provisioner.openicf-xml.json</filename></term>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>This connector configuration file serves for the XML file resource.
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose In this sample, this connector instance acts as the authoritative source
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose for users. In the configuration file you can see that the
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <filename>samples/sample1/data/xmlConnectorData.xml</filename>, which
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose contains users in XML format.</para>
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov <para>For details on the OpenICF connector configuration files see the
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov ><citetitle>Provisioning</citetitle></link> chapter in the
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <term><filename>conf/repo.orientdb.json</filename></term>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>This local repository configuration file maps the data and queries
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov for use with OrientDB.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <term><filename>conf/scheduler-reconcile_systemXmlAccounts_managedUser.json</filename></term>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>The sample scheduler configuration file defines a reconciliation
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose job that, if enabled by setting <literal>"enabled" : true</literal>,
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose starts a reconciliation each minute for the mapping named
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <literal>systemXmlAccounts_managedUser</literal>. The mapping is defined
6480abbd1bba71efa8a834fada6505d1767fabfcJakub Hrozek in the configuration file, <filename>conf/sync.json</filename>.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "enabled" : false,
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "type": "cron",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "schedule": "0 0/1 * * * ?",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "invokeService": "org.forgerock.openidm.sync",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "invokeContext": {
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "action": "reconcile",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "mapping": "systemXmlfileAccounts_managedUser"
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov}</programlisting>
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov <para>You can also start reconciliation through the REST interface. The
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose call to the REST interface is an HTTP POST such as the following.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose --user admin:admin
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose --request POST
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "http://localhost:8080/openidm/sync?_action=recon&mapping=systemXmlfileAccounts_managedUser"</screen>
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov <para>For details on the scheduler configuration please refer to the <link
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ><citetitle>Scheduling</citetitle></link> chapter in the
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>This sample configuration file defines the configuration for
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose reconciliation and synchronization. The
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <literal>systemXmlAccounts_managedUser</literal> is the mapping for
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose the reconciliation in the scheduler configuration. This entry in
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <filename>conf/sync.json</filename> defines the synchronization mappings
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov between the XML file connector (source) and the local repository
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov (target).</para>
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "mappings" : [ {
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "name" : "systemXmlfileAccounts_managedUser",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "properties" : [ {
6480abbd1bba71efa8a834fada6505d1767fabfcJakub Hrozek "source" : "description",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "target" : "description"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "source" : "firstname",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "target" : "firstname"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "source" : "email",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "target" : "email"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "source" : "lastname",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "target" : "lastname"
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "source" : "name",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "target" : "name"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "policies" : [ {
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "situation" : "CONFIRMED",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "action" : "UPDATE"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "situation" : "FOUND",
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "action" : "IGNORE"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "situation" : "ABSENT",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "action" : "CREATE"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "situation" : "AMBIGUOUS",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "action" : "IGNORE"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "situation" : "MISSING",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "action" : "IGNORE"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "situation" : "UNQUALIFIED",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "action" : "IGNORE"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "situation" : "UNASSIGNED",
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose "action" : "IGNORE"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose}</programlisting>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>Source and target paths starting with <literal>managed</literal>,
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose such as <literal>managed/user</literal>, always refer to objects in the
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov local OpenIDM repository, whereas paths starting with
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <literal>system</literal>, such as <literal>system/xml/account</literal>,
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose refer to connector objects, in this case the XML file connector.</para>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>To filter objects from the resource for a particular target, you can
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose use the <literal>validTarget</literal> script in the mapping to ensure
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose only users matching specified criteria are considered part of the
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose reconciliation. You can use an <literal>onCreate</literal> script in a
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose mapping to set default values for a user created in the target resource.
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose For details on scripting see the <link
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ><citetitle>Scripting</citetitle></link> chapter in the
6480abbd1bba71efa8a834fada6505d1767fabfcJakub Hrozek <para>For details on synchronization, reconciliation, and
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov <filename>sync.json</filename>, see the <link
6480abbd1bba71efa8a834fada6505d1767fabfcJakub Hrozek xlink:role="http://docbook.org/xlink/role/olink"
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose ><citetitle>Synchronization</citetitle></link> chapter in the
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </varlistentry>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose </variablelist>
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose <para>If OpenIDM is not running, start it as described in the procedure
5b680ac8ef46fc1714f2ab59a07f68ac386ad89bSumit Bose xlink:role="http://docbook.org/xlink/role/olink"><citetitle>To Start OpenIDM
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose <para>Reconcile the objects in the resources either by editing
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose <filename>conf/sync.json</filename> to set <literal>"enabled" : true</literal>
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose and then waiting until the scheduled reconciliation happens, or by using the
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose REST interface.</para>
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose --user admin:admin
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose --request POST
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose "http://localhost:8080/openidm/sync?_action=recon&mapping=systemXmlfileAccounts_managedUser"
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose{"reconId":"cc0c849b-1ed3-4822-aa47-f44a9fa24489"}</screen>
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose <para>OpenIDM responds with the reconciliation identifier.</para>
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose <para>By default, logging is turned on, so debug messages are displayed on
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose the console.</para>
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov <section xml:id="sample-viewing-users-logs">
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose <para>After reconciliation runs, you can use the REST interface to display
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose all users in the local repository, by performing an HTTP GET on the following
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose xlink:href="http://localhost:8080/openidm/managed/user/?_query-id=query-all-ids"
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose >http://localhost:8080/openidm/managed/user/?_query-id=query-all-ids</link>.</para>
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov <para>OpenIDM returns a JSON file. Depending on your browser, it can display
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov the JSON or download it as a file. Alternatively, you can use the following
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose <link xlink:href="http://curl.haxx.se/"><command>curl</command></link>
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose command to get the JSON file.</para>
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose <screen>$ curl
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose --user admin:admin
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose --request GET
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose http://localhost:8080/openidm/managed/user/?_query-id=query-all-ids
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose "query-time-ms":1,
0eb8bf8c05a5535ed44c71342f4bed5b821cfa06Sumit Bose "_id":"DDOE1",
"79...","UPDATE",...,"d15...", "CONFIRMED","system/xmlfile/account/1",..., "managed/user/DDOE1",...;