IDM 7.2.1

MongoDB connector

The MongoDB connector is an implementation of the Scripted Groovy Connector. This connector lets you interact with a MongoDB document database, using Groovy scripts for the ICF operations.

Before you start

In a production environment, enable access control on your MongoDB database. If your connector will manage MongoDB users and roles, you must create an administrative user in the admin database. If your connector will manage collections in a database, this administrative user must create a specific user and role for the connector for the target database.

For information about enabling access control in MongoDB, see the MongoDB documentation.

The commands in this chapter assume an administrative user named myUserAdmin with password Passw0rd who has the readWrite role on the test database.

Configure the MongoDB connector

Create a connector configuration using the admin UI:

  1. From the navigation bar, click Configure > Connectors.

  2. On the Connectors page, click New Connector.

  3. On the New Connector page, type a Connector Name.

  4. From the Connector Type drop-down list, select MongoDB Connector - 1.5.20.9.

  5. Complete the Base Connector Details. For information about the configurable properties, see MongoDB Basic Configuration Properties.

  6. Click Save.

Alternatively, configure the connector with a configuration file. A sample connector configuration file (provisioner.openicf-mongodb.json) is provided in the /path/to/openidm/samples/example-configurations/provisioners directory. Copy the sample connector configuration to your project’s conf/ directory, and adjust the configurationProperties to match your MongoDB instance:

"configurationProperties" : {
    "connectionURI" : "mongodb://localhost:27017",
    "host" : "localhost",
    "port" : "27017",
    "user" : "myUserAdmin",
    "password" : "Passw0rd",
    "userDatabase" : "admin",
    "database" : "test",
    ...
}

Set "enabled" : true to enable the connector.

When your connector is configured correctly, you can test its status by running the following command:

curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system?_action=test"
[
  {
    "name": "mongodb",
    "enabled": true,
    "config": "config/provisioner.openicf/mongodb",
    "connectorRef": {
      "bundleVersion": "[1.5.0.0,1.6.0.0)",
      "bundleName": "org.forgerock.openicf.connectors.mongodb-connector",
      "connectorName": "org.forgerock.openicf.connectors.mongodb.MongoDBConnector"
    },
    "displayName": "MongoDB Connector",
    "objectTypes": [
      "__ALL__",
      "account",
      "role"
    ],
    "ok": true
  }
]

A status of "ok": true indicates that the MongoDB connector can connect to the database.

OpenICF Interfaces Implemented by the MongoDB Connector

The MongoDB Connector implements the following OpenICF interfaces. For additional details, see ICF interfaces:

Authenticate

Provides simple authentication with two parameters, presumed to be a user name and password.

Create

Creates an object and its uid.

Delete

Deletes an object, referenced by its uid.

Resolve Username

Resolves an object by its username and returns the uid of the object.

Schema

Describes the object types, operations, and options that the connector supports.

Script on Connector

Enables an application to run a script in the context of the connector.

Any script that runs on the connector has the following characteristics:

  • The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access.

  • The script has access to a connector variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration.

  • The script has access to any script arguments passed in by the application.

Script on Resource

Runs a script on the target resource that is managed by this connector.

Search

Searches the target resource for all objects that match the specified object class and filter.

Sync

Polls the target resource for synchronization events, that is, native changes to objects on the target resource.

Test

Tests the connector configuration.

Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid.

This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out).

You can invoke the test operation before a connector configuration has been validated.

Update

Updates (modifies or replaces) objects on a target resource.

MongoDB Connector Configuration

The MongoDB Connector has the following configurable properties:

Configuration properties

Property Type Default Encrypted(1) Required(2)

customSensitiveConfiguration

GuardedString

null

Yes

No

Custom Sensitive Configuration script for Groovy ConfigSlurper

customConfiguration

String

null

No

Custom Configuration script for Groovy ConfigSlurper

(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.

(2) A list of operations in this column indicates that the property is required for those operations.

Operation Script Files

Property Type Default Encrypted(1) Required(2)

createScriptFileName

String

null

The name of the file used to perform the CREATE operation.

customizerScriptFileName

String

null

No

The script used to customize some function of the connector. Read the documentation for more details.

authenticateScriptFileName

String

null

The name of the file used to perform the AUTHENTICATE operation.

scriptOnResourceScriptFileName

String

null

The name of the file used to perform the RUNSCRIPTONRESOURCE operation.

deleteScriptFileName

String

null

The name of the file used to perform the DELETE operation.

resolveUsernameScriptFileName

String

null

The name of the file used to perform the RESOLVE_USERNAME operation.

searchScriptFileName

String

null

The name of the file used to perform the SEARCH operation.

updateScriptFileName

String

null

The name of the file used to perform the UPDATE operation.

schemaScriptFileName

String

null

The name of the file used to perform the SCHEMA operation.

testScriptFileName

String

null

The name of the file used to perform the TEST operation.

syncScriptFileName

String

null

The name of the file used to perform the SYNC operation.

(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.

(2) A list of operations in this column indicates that the property is required for those operations.

Groovy Engine configuration

Property Type Default Encrypted(1) Required(2)

targetDirectory

File

null

No

Directory into which to write classes.

warningLevel

int

1

No

Warning Level of the compiler

scriptExtensions

String[]

['groovy']

No

Gets the extensions used to find groovy files

minimumRecompilationInterval

int

100

No

Sets the minimum of time after a script can be recompiled.

scriptBaseClass

String

null

No

Base class name for scripts (must derive from Script)

scriptRoots

String[]

null

Yes

The root folder to load the scripts from. If the value is null or empty the classpath value is used.

tolerance

int

10

No

The error tolerance, which is the number of non-fatal errors (per unit) that should be tolerated before compilation is aborted.

debug

boolean

false

No

If true, debugging code should be activated

classpath

String[]

[]

No

Classpath for use during compilation.

disabledGlobalASTTransformations

String[]

null

No

Sets a list of global AST transformations which should not be loaded even if they are defined in META-INF/org.codehaus.groovy.transform.ASTTransformation files. By default, none is disabled.

verbose

boolean

false

No

If true, the compiler should produce action information

sourceEncoding

String

UTF-8

No

Encoding for source files

recompileGroovySource

boolean

false

No

If set to true recompilation is enabled

(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.

(2) A list of operations in this column indicates that the property is required for those operations.

Basic Configuration Properties

Property Type Default Encrypted(1) Required(2)

connectionURI

String

null

No

The MongoDB client connection URI, for example "mongodb://localhost:27017". Overides other connection parameters

host

String

localhost

No

The MongoDB server host name (localhost by default).

port

int

27017

No

The MongoDB server port number (27017 by default).

user

String

null

No

The MongoDB username

password

GuardedString

null

Yes

No

The password used to connect to MongoDB

userDatabase

String

null

No

The name of the database in which the MongoDB user is defined

clusterAddresses

String[]

null

No

A list of additional mongodbDB servers when connecting to a MongoDB cluster (["host1:27017","host2:27017",…​]")

dateAttributes

String[]

[]

No

Defines the list of attributes to convert to MongoDB BSON Date type on create/update.

database

String

null

No

The database to use

arrayAttributes

String[]

[]

No

Defines the list of attributes that should be considered as BSON Arrays.

includeNullValue

boolean

false

No

If set to true, retains null values in the target MongoDB document (false by default).

includeEmptyList

boolean

false

No

If set to true, retains null values in the target MongoDB document (false by default).

dateFormat

String

yyyy-MM-dd’T’HH:mm:ss’Z'

No

Defines the date format to use for MongoDB Date attributes (defaults to ISO 8601 "yyyy-MM-ddTHH:mm:ssZ").

timeZone

String

UTC

No

Defines the timezone to use for MongoDB Date attributes.

ICFName

String

name

No

Defines the name to use in the target MongoDB document for the ICF NAME attribute.

(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.

(2) A list of operations in this column indicates that the property is required for those operations.

Connection Configuration Properties

Property Type Default Encrypted(1) Required(2)

sslEnabled

boolean

true

No

Use secure socket layer to connect to MongoDB (true by default)

sslHostNameValidation

boolean

true

No

Defines if host name should be validated when SSL is enabled

maxConnectionIdleTime

int

0

No

The maximum idle time for a pooled connection in ms (0 means no limit)

maxConnectionLifeTime

int

0

No

The maximum life time for a pooled connection in ms (0 means no limit)

minConnectionsPerHost

int

0

No

The minimum number of connections per host (must be >= 0)

maxConnectionsPerHost

int

5

No

The maximum number of connections per host (must be > 0)

(1) Whether the property value is considered confidential, and is therefore encrypted in IDM.

(2) A list of operations in this column indicates that the property is required for those operations.

Copyright © 2010-2022 ForgeRock, all rights reserved.