{"id":5851,"date":"2012-09-05T16:47:24","date_gmt":"2012-09-05T21:47:24","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=5851"},"modified":"2012-10-11T14:40:17","modified_gmt":"2012-10-11T19:40:17","slug":"openidm2-examples","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=5851","title":{"rendered":"OpenIDM2: Examples"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tSetup OpenDJ LDAP Server<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tStart OpenDJ<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    2. \n\t\tLDAP to OpenIDM<\/a>\n\t<\/li>\n\t
    3. \n\t\tOpenIDM <- to\/from -> LDAP<\/a>\n\t\t
        \n\t\t\t
      1. \n\t\t\t\tCopy Scripts<\/a>\n\t\t\t<\/li>\n\t\t\t
      2. \n\t\t\t\tSynchronize<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
      3. \n\t\tLDAP <- to\/from -> LDAP<\/a>\n\t<\/li>\n\t
      4. \n\t\tCSV to OpenIDM<\/a>\n\t<\/li>\n\t
      5. \n\t\tReferences<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
         <\/div>\n

        Setup OpenDJ LDAP Server<\/h2><\/span>\n

        * See this post<\/a><\/p>\n

        Start OpenDJ<\/h3><\/span>\n

        * Start OpenDJ: OpenDJ_Home\/bin\/start-ds<\/p>\n

        LDAP to OpenIDM<\/h2><\/span>\n

        * Go to OpenIDM home directory:<\/p>\n

        \r\n$ ls\r\naudit   cli.sh      curl         logs     security     startup.sh\r\nbin     conf        db           samples  shutdown.sh  workflow\r\nbundle  connectors  felix-cache  script   startup.bat\r\n<\/pre>\n
        * Shutdown OpenIDM if running.
        \n* Copy configuration files from sampes\/sample2<\/em> directory:<\/p>\n
        \r\ncp -r samples\/sample2\/conf .\r\n<\/pre>\n
        * Startup OpenIDM<\/p>\n
        \r\n.\/startup.sh\r\n<\/pre>\n
        * Retrieve all users before<\/em> reconciliation:<\/p>\n
        \r\ncurl \\\r\n  --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n  --header \"X-OpenIDM-Password: openidm-admin\" http:\/\/localhost:8080\/openidm\/managed\/user\/?_query-id=query-all-ids\r\n\r\n{\"query-time-ms\":0,\"result\":[],\"conversion-time-ms\":0}\r\n<\/pre>\n
        * Initiate reconciliation:<\/p>\n
        \r\ncurl \\\r\n  --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n  --header \"X-OpenIDM-Password: openidm-admin\" \\\r\n  --request POST \"http:\/\/localhost:8080\/openidm\/sync?_action=recon&mapping=systemLdapAccounts_managedUser\"\r\n\r\n{\"reconId\":\"edcec6d0-bf75-42fe-9aef-9f40d6d1e7fc\"}\r\n<\/pre>\n
        * Retrieve all users after reconciliation:<\/p>\n
        \r\ncurl \\\r\n  --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n  --header \"X-OpenIDM-Password: openidm-admin\" http:\/\/localhost:8080\/openidm\/managed\/user\/?_query-id=query-all-ids\r\n\r\n{\"query-time-ms\":1,\"result\":[{\"_id\":\"9fcd9018-37d1-4a48-9ee5-b9c14fd4cc2d\",\"_rev\":\"0\"}],\"conversion-time-ms\":0}\r\n<\/pre>\n
        OpenIDM <- to\/from -> LDAP<\/h2><\/span>\n
        Copy Scripts<\/h3><\/span>\n
        * Go to OpenIDM home directory.
        \n* Shutdown OpenIDM if running.
        \n* Copy sample scripts:<\/p>\n
        \r\ncp -r samples\/sample2b\/conf .\r\ncp -r samples\/sample2b\/script .\r\n\r\n# Alernatively:\r\ncp samples\/sample2b\/script\/ldapBackCorrelationQuery.js script\/\r\nmanually append \"managedUser_systemLdapAccounts\" section from samples\/sample2b\/conf\/sync.json to conf\/sync.json\r\n<\/pre>\n
        * conf\/sync.json<\/em> specifies mappings:
        \n– ldap – to -> OpenIDM:<\/p>\n
        \r\n{\r\n    \"mappings\" : [\r\n        {\r\n            \"name\" : \"systemLdapAccounts_managedUser\",\r\n            \"source\" : \"system\/ldap\/account\",\r\n            \"target\" : \"managed\/user\",\r\n            \"properties\" : [\r\n                {\r\n            \"source\" : \"cn\",\r\n            \"target\" : \"displayName\"\r\n                },\r\n...\r\n}\r\n<\/pre>\n
        – OpendIDM – to -> ldap:<\/p>\n
        \r\n        {\r\n        \"name\" : \"managedUser_systemLdapAccounts\",\r\n        \"source\" : \"managed\/user\",\r\n        \"target\" : \"system\/ldap\/account\",\r\n        \"links\" : \"systemLdapAccounts_managedUser\",\r\n        \"correlationQuery\" : {\r\n            \"type\" : \"text\/javascript\",\r\n            \"file\" : \"script\/ldapBackCorrelationQuery.js\"\r\n        },\r\n            \"properties\" : [\r\n                {\r\n            \"source\" : \"givenName\",\r\n            \"target\" : \"givenName\"\r\n                },\r\n...\r\n<\/pre>\n
        Synchronize<\/h3><\/span>\n
        * Start OpenIDM.
        \n* Retrieve all users before synchronization:<\/p>\n
        \r\ncurl \\\r\n  --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n  --header \"X-OpenIDM-Password: openidm-admin\" http:\/\/localhost:8080\/openidm\/managed\/user\/?_query-id=query-all-ids\r\n<\/pre>\n
        * Synchronize:<\/p>\n
        \r\ncurl \\\r\n  --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n  --header \"X-OpenIDM-Password: openidm-admin\" \\\r\n  --request POST \\\r\n  \"http:\/\/localhost:8080\/openidm\/sync?_action=recon&mapping=systemLdapAccounts_managedUser\"\r\n\r\n{\"reconId\":\"e0e7fcd0-c8f1-4960-8fb2-d34b9ba2c8bd\"}\r\n<\/pre>\n
        * Retrieve all users after synchronization:<\/p>\n
        \r\ncurl \\\r\n --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n --header \"X-OpenIDM-Password: openidm-admin\" http:\/\/localhost:8080\/openidm\/managed\/user\/?_query-id=query-all-ids\r\n\r\n{\"query-time-ms\":1,\"result\":[{\"_id\":\"9fcd9018-37d1-4a48-9ee5-b9c14fd4cc2d\",\"_rev\":\"0\"}],\"conversion-time-ms\":0}\r\n<\/pre>\n
        * Manually add a user to OpenIDM:<\/p>\n
        \r\ncurl \\\r\n  --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n  --header \"X-OpenIDM-Password: openidm-admin\" \\\r\n  --request PUT \\\r\n  --data \"{\\\"email\\\":\\\"fdoe@example.com\\\",\\\"familyName\\\":\\\"Doe\\\",\\\"userName\\\":\\\"fdoe\\\", \\\r\n  \\\"givenName\\\":\\\"Felicitas\\\",\\\"displayName\\\":\\\"Felicitas Doe\\\"}\" \"http:\/\/localhost:8080\/openidm\/managed\/user\/repoUser1\"\r\n\r\n{\"_id\":\"repoUser1\",\"_rev\":\"0\"}\r\n<\/pre>\n
        * Synchronize again:<\/p>\n
        \r\ncurl \\\r\n  --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n  --header \"X-OpenIDM-Password: openidm-admin\" \\\r\n  --request POST \"http:\/\/localhost:8080\/openidm\/sync?_action=recon&mapping=systemLdapAccounts_managedUser\"\r\n\r\n{\"reconId\":\"6b5d31ff-199f-48c6-b00a-d705ab943759\"}\r\n<\/pre>\n
        * Check LDAP for new user synched from OpenIDM<\/p>\n
        \"\"<\/a><\/h6><\/span>\n
        LDAP <- to\/from -> LDAP<\/h2><\/span>\n
        \r\n[jli@openidmbox Desktop]$ cd \/opt\/openidm\/openidm\/\r\n[jli@openidmbox openidm]$ ls\r\naudit   cli.sh      curl         --header   samples   shutdown.sh  workflow\r\nbin     conf        db           logs       script    startup.bat\r\nbundle  connectors  felix-cache  --request  security  startup.sh\r\n[jli@openidmbox openidm]$ cp -r samples\/sample6\/conf .\r\n<\/pre>\n
        CSV to OpenIDM<\/h2><\/span>\n
        * Copy $OPENIDM_HOME\/samples\/sample4\/conf\/provisioner.openicf-csv.json to $OPENIDM_HOME\/conf<\/p>\n
        \r\ncd $OPENIDM_HOME\/\r\ncp samples\/sample4\/conf\/provisioner.openicf-csv.json conf\r\n<\/pre>\n
        \r\n$ pwd\r\n\/opt\/openidm\/builtFromSrc\/openidm\r\n$ cp samples\/sample4\/conf\/provisioner.openicf-csv.json conf\r\n$ cat conf\/provisioner.openicf-csv.json \r\n{\r\n    \"name\" : \"HR\",\r\n    \"connectorRef\" : {\r\n        \"connectorHostRef\" : \"#LOCAL\",\r\n        \"connectorName\" : \"org.forgerock.openicf.csvfile.CSVFileConnector\",\r\n        \"bundleName\" : \"org.forgerock.openicf.connectors.file.openicf-csvfile-connector\",\r\n        \"bundleVersion\" : \"1.1.0.0\"\r\n    },\r\n    \"poolConfigOption\" : {\r\n        \"maxObjects\" : 10,\r\n        \"maxIdle\" : 10,\r\n        \"maxWait\" : 150000,\r\n        \"minEvictableIdleTimeMillis\" : 120000,\r\n        \"minIdle\" : 1\r\n    },\r\n    \"operationTimeout\" : {\r\n        \"CREATE\" : -1,\r\n        \"VALIDATE\" : -1,\r\n        \"TEST\" : -1,\r\n        \"SCRIPT_ON_CONNECTOR\" : -1,\r\n        \"SCHEMA\" : -1,\r\n        \"DELETE\" : -1,\r\n        \"UPDATE\" : -1,\r\n        \"SYNC\" : -1,\r\n        \"AUTHENTICATE\" : -1,\r\n        \"GET\" : -1,\r\n        \"SCRIPT_ON_RESOURCE\" : -1,\r\n        \"SEARCH\" : -1\r\n    },\r\n    \"configurationProperties\" : {\r\n        \"filePath\" : \"data\/hr.csv\",\r\n        \"uniqueAttribute\" : \"uid\",\r\n        \"nameAttribute\" : \"uid\",\r\n        \"passwordAttribute\" : \"password\"\r\n    },\r\n    \"objectTypes\" : {\r\n        \"account\" : {\r\n            \"$schema\" : \"http:\/\/json-schema.org\/draft-03\/schema\",\r\n            \"id\" : \"__ACCOUNT__\",\r\n            \"type\" : \"object\",\r\n            \"nativeType\" : \"__ACCOUNT__\",\r\n            \"properties\" : {\r\n                \"employeeNumber\" : {\r\n                    \"type\" : \"string\",\r\n                    \"nativeName\" : \"employeeNumber\",\r\n                    \"nativeType\" : \"string\"\r\n                },\r\n                \"mail\" : {\r\n                    \"type\" : \"string\",\r\n                    \"nativeName\" : \"email\",\r\n                    \"nativeType\" : \"string\"\r\n                },\r\n                \"uid\" : {\r\n                    \"type\" : \"string\",\r\n                    \"required\" : true,\r\n                    \"nativeName\" : \"__NAME__\",\r\n                    \"nativeType\" : \"string\"\r\n                },\r\n                \"password\" : {\r\n                    \"type\" : \"string\",\r\n                    \"nativeName\" : \"__PASSWORD__\",\r\n                    \"nativeType\" : \"JAVA_TYPE_GUARDEDSTRING\",\r\n                    \"flags\" : [ ]\r\n                },\r\n                \"lastName\" : {\r\n                    \"type\" : \"string\",\r\n                    \"required\" : true,\r\n                    \"nativeName\" : \"lastName\",\r\n                    \"nativeType\" : \"string\"\r\n                },\r\n                \"givenName\" : {\r\n                    \"type\" : \"string\",\r\n                    \"nativeName\" : \"firstName\",\r\n                    \"nativeType\" : \"string\"\r\n                }\r\n            }\r\n        }\r\n    },\r\n    \"operationOptions\" : { }\r\n}\r\n<\/pre>\n
        * Add systemHrAccounts_managedUser<\/strong> mapping to conf\/sync.json<\/em><\/p>\n
        \r\n        {\r\n        \"name\" : \"systemHrAccounts_managedUser\",\r\n        \"source\" : \"system\/HR\/account\",\r\n        \"target\" : \"managed\/user\",\r\n            \"properties\" : [\r\n                {\r\n                    \"source\" : \"employeeNumber\",\r\n                    \"target\" : \"employeeNumber\"\r\n                },\r\n                {\r\n                    \"source\" : \"mail\",\r\n                    \"target\" : \"email\"\r\n                },\r\n                {\r\n                    \"source\" : \"uid\",\r\n                    \"target\" : \"userName\"\r\n                },\r\n                {\r\n                    \"source\" : \"uid\",\r\n                    \"target\" : \"_id\"\r\n                },\r\n                {\r\n                    \"source\" : \"lastName\",\r\n                    \"target\" : \"familyName\"\r\n                },\r\n                {\r\n                    \"source\" : \"givenName\",\r\n                    \"target\" : \"givenName\"\r\n                },\r\n                {\r\n                    \"source\" : \"password\",\r\n                    \"target\" : \"password\"\r\n                }\r\n            ],\r\n            \"policies\" : [\r\n                {\r\n                    \"situation\" : \"CONFIRMED\",\r\n                    \"action\" : \"UPDATE\"\r\n                },\r\n                {\r\n                    \"situation\" : \"FOUND\",\r\n                    \"action\" : \"UPDATE\"\r\n                },\r\n                {\r\n                    \"situation\" : \"ABSENT\",\r\n                    \"action\" : \"CREATE\"\r\n                },\r\n                {\r\n                    \"situation\" : \"AMBIGUOUS\",\r\n                    \"action\" : \"EXCEPTION\"\r\n                },\r\n                {\r\n                    \"situation\" : \"MISSING\",\r\n                    \"action\" : \"UNLINK\"\r\n                },\r\n                {\r\n                    \"situation\" : \"SOURCE_MISSING\",\r\n                    \"action\" : \"IGNORE\"\r\n                },\r\n                {\r\n                    \"situation\" : \"UNQUALIFIED\",\r\n                    \"action\" : \"IGNORE\"\r\n                },\r\n                {\r\n                    \"situation\" : \"UNASSIGNED\",\r\n                    \"action\" : \"IGNORE\"\r\n                }\r\n            ]\r\n        }\r\n<\/pre>\n
        * Copy $OPENIDM_HOME\/samples\/sample4\/data\/hr.csv<\/em> to $OPENIDM_HOME\/data<\/em> directory<\/p>\n
        \r\ncd $OPENIDM_HOME\r\nmkdir data\r\ncp samples\/sample4\/data\/hr.csv data\r\n<\/pre>\n
        * Restart OpenIDM
        \n* Query all ids:<\/p>\n
        \r\ncurl \\\r\n  --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n  --header \"X-OpenIDM-Password: openidm-admin\" http:\/\/localhost:8080\/openidm\/managed\/user\/?_query-id=query-all-ids\r\n\r\n{\"query-time-ms\":1,\"result\":[{\"_id\":\"3A066F86-D822-488F-9A21-FEA8E1A03C43\",\"_rev\":\"0\"}],\"conversion-time-ms\":0}\r\n<\/pre>\n
        * Run reconciliation<\/p>\n
        \r\ncurl \\\r\n --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n --header \"X-OpenIDM-Password: openidm-admin\" \\\r\n --request POST \"http:\/\/localhost:8080\/openidm\/sync?_action=recon&mapping=systemHrAccounts_managedUser\"\r\n\r\n{\"reconId\":\"926af8c3-3751-492e-b2d6-406a9fe735db\"}\r\n<\/pre>\n
        * Query all ids again and should get a new id: “_id”:”DDOE”<\/p>\n
        \r\ncurl \\\r\n  --header \"X-OpenIDM-Username: openidm-admin\" \\\r\n  --header \"X-OpenIDM-Password: openidm-admin\" http:\/\/localhost:8080\/openidm\/managed\/user\/?_query-id=query-all-ids\r\n\r\n{\"query-time-ms\":7,\"result\":[{\"_id\":\"3A066F86-D822-488F-9A21-FEA8E1A03C43\",\"_rev\":\"0\"},{\"_id\":\"DDOE\",\"_rev\":\"0\"},{\"_id\":\"VDART\",\"_rev\":\"0\"}],\"conversion-time-ms\":0}\r\n<\/pre>\n
        References<\/h2><\/span>\n
        * OpenIDM 2.1.0 Installation Guide: Chapter 3. More OpenIDM Samples<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
        Setup OpenDJ LDAP Server * See this post Start OpenDJ * Start OpenDJ: OpenDJ_Home\/bin\/start-ds LDAP to OpenIDM * Go to OpenIDM home directory: $ ls audit cli.sh curl logs security startup.sh bin conf db samples shutdown.sh workflow bundle connectors felix-cache … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[203],"tags":[226,204],"class_list":["post-5851","post","type-post","status-publish","format-standard","hentry","category-openidm","tag-example","tag-openidm-2"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-1wn","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/5851","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5851"}],"version-history":[{"count":13,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/5851\/revisions"}],"predecessor-version":[{"id":6242,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/5851\/revisions\/6242"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5851"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5851"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5851"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}