IDM 7.3.0

One-way synchronization from LDAP to IDM

This sample demonstrates one-way synchronization from an LDAP directory to an IDM repository and shows how IDM detects new or changed objects from an external resource.

The sample has been tested with ForgeRock Directory Services (DS) but should work with any LDAPv3-compliant server. The configuration includes one mapping, from the LDAP resource to the IDM repository. The sample does not push any changes made to IDM managed user objects out to the LDAP server.

The mapping configuration file (conf/sync.json) for this sample includes one mapping, systemLdapAccounts_managedUser, which synchronize users from the source LDAP server with the target IDM repository.

Prepare the sample

  1. Set up DS using /path/to/openidm/samples/sync-with-ldap/data/Example.ldif.

  2. Prepare IDM, and start the server using the sample configuration:

    cd /path/to/openidm/
    ./startup.sh -p samples/sync-with-ldap

Run the sample

You can work through the sample using the command line or admin UI:

Use the Command Line
  1. Reconcile the repository:

    curl \
    --header "X-OpenIDM-Username: openidm-admin" \
    --header "X-OpenIDM-Password: openidm-admin" \
    --header "Accept-API-Version: resource=1.0" \
    --request POST \
    "http://localhost:8080/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser&waitForCompletion=true"
    {
      "_id": "b1394d10-29b0-4ccf-81d8-c88948ea121c-4",
      "state": "SUCCESS"
    }

    The reconciliation operation creates the two users from the LDAP server in the IDM repository and assigns the new objects random unique IDs.

  2. Retrieve the users from the repository:

    curl \
    --header "X-OpenIDM-Username: openidm-admin" \
    --header "X-OpenIDM-Password: openidm-admin" \
    --header "Accept-API-Version: resource=1.0" \
    --request GET \
    "http://localhost:8080/openidm/managed/user?_queryFilter=true&_fields=id,userName"
    {
      "result": [
        {
          "_id": "0326cbff-8f6e-4531-97dd-7b1a4c04b23a",
          "_rev": "00000000657c9a27",
          "userName": "bjensen"
        },
        {
          "_id": "9afbf2bc-0323-4cbe-89b3-92f2f47742c3",
          "_rev": "0000000015ae92f5",
          "userName": "jdoe"
        }
      ],
      ...
    }
  3. To retrieve an individual user object, include their ID in the URL. For example:

    curl \
    --header "X-OpenIDM-Username: openidm-admin" \
    --header "X-OpenIDM-Password: openidm-admin" \
    --header "Accept-API-Version: resource=1.0" \
    --request GET \
    "http://localhost:8080/openidm/managed/user/0326cbff-8f6e-4531-97dd-7b1a4c04b23a"
    {
      "_id": "0326cbff-8f6e-4531-97dd-7b1a4c04b23a",
      "_rev": "00000000657c9a27",
      "displayName": "Barbara Jensen",
      "description": "Created for OpenIDM",
      "givenName": "Barbara",
      "mail": "bjensen@example.com",
      "sn": "Jensen",
      "telephoneNumber": "1-360-229-7105",
      "userName": "bjensen",
      "accountStatus": "active",
      "effectiveAssignments": [],
      "effectiveRoles": []
    }
Use the admin UI
  1. Log in to the admin UI at http://localhost:8080/admin as the default administrative user: openidm-admin with password openidm-admin.

  2. Select Configure > Mappings .

    The Mappings page displays one mapping, from the ldap server to the IDM repository (managed/user).

  3. Select the mapping, and click Reconcile .

    The reconciliation operation creates the two users from the LDAP server in the IDM repository.

  4. To verify the new users exist in the repository:

    1. From the navigation bar, click Manage > User .

      IDM displays the two users.

    2. To view the details for a user account, from the User List page, click any username row.

      The User details page displays.

Copyright © 2010-2023 ForgeRock, all rights reserved.