MongoDB Connector
Important
Connectors continue to be released outside the IDM release. For the latest documentation, refer to the ICF documentation.
The MongoDB connector is an implementation of the Scripted Groovy Connector Toolkit. This connector enables you to interact with a MongoDB document database, using Groovy scripts for the ICF operations.
The connector is bundled with IDM in the connectors/
directory (mongodb-connector-1.5.20.8.jar
).
Note
Version 1.5.20.8 of the connector is supported only with MongoDB version 3.6.x.
Before You Start
In a production environment, enable access control on your MongoDB database. If your connector will manage MongoDB users and roles, you must create an administrative user in the admin
database. If your connector will manage collections in a database, this administrative user must create a specific user and role for the connector for the target database.
For information about enabling access control in MongoDB, see the MongoDB documentation.
The commands in this chapter assume an administrative user named myUserAdmin
with password Passw0rd
who has the readWrite
role on the test
database.
Configuring the MongoDB Connector
The easiest way to configure the MongoDB connector is through the Admin UI:
Select Configure > Connectors > New Connector.
Enter a name for the connector configuration, for example,
mongoDB
.Select MongoDB Connector - 1.5.20.8 as the Connector Type.
Enable the connector, and set the Base Configuration Properties. For information about the configurable properties, see "Basic Configuration Properties".
Alternatively, configure the connector with a configuration file.
A sample connector configuration file (provisioner.openicf-mongodb.json
) is provided in the /path/to/openidm/samples/example-configurations/provisioners
directory. Copy the sample connector configuration to your project's conf/
directory, and adjust the configurationProperties
to match your MongoDB instance:
"configurationProperties" : { "connectionURI" : "mongodb://localhost:27017", "host" : "localhost", "port" : "27017", "user" : "myUserAdmin", "password" : "Passw0rd", "userDatabase" : "admin", "database" : "test", ... }
Set "enabled" : true
to enable the connector.
When your connector is configured correctly, you can test its status by running the following command:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system?_action=test"
[ { "name": "mongodb", "enabled": true, "config": "config/provisioner.openicf/mongodb", "connectorRef": { "bundleVersion": "1.5.20.8", "bundleName": "org.forgerock.openicf.connectors.mongodb-connector", "connectorName": "org.forgerock.openicf.connectors.mongodb.MongoDBConnector" }, "displayName": "MongoDB Connector", "objectTypes": [ "__ALL__", "account", "role" ], "ok": true } ]
A status of "ok": true
indicates that the MongoDB connector can connect to the database.
OpenICF Interfaces Implemented by the MongoDB Connector
The MongoDB Connector implements the following OpenICF interfaces.
- Authenticate
Provides simple authentication with two parameters, presumed to be a user name and password.
- Create
Creates an object and its
uid
.- Delete
Deletes an object, referenced by its
uid
.- Resolve Username
Resolves an object by its username and returns the
uid
of the object.- Schema
Describes the object types, operations, and options that the connector supports.
- Script on Connector
Enables an application to run a script in the context of the connector. Any script that runs on the connector has the following characteristics:
The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access.
The script has access to a
connector
variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration.The script has access to any script-arguments passed in by the application.
- Script on Resource
Runs a script on the target resource that is managed by this connector.
- Search
Searches the target resource for all objects that match the specified object class and filter.
- Sync
Polls the target resource for synchronization events, that is, native changes to objects on the target resource.
- Test
Tests the connector configuration. Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid.
This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out).
You can invoke the test operation before a connector configuration has been validated.
- Update
Updates (modifies or replaces) objects on a target resource.
MongoDB Connector Configuration
The MongoDB Connector has the following configurable properties.
Configuration properties
Property | Type | Default | Encrypted [a] | Required [b] |
---|---|---|---|---|
customSensitiveConfiguration | GuardedString | null | ||
Custom Sensitive Configuration script for Groovy ConfigSlurper | ||||
| ||||
customConfiguration | String | null | ||
Custom Configuration script for Groovy ConfigSlurper | ||||
| ||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. |
Operation Script Files
Property | Type | Default | Encrypted [a] | Required [b] | ||
---|---|---|---|---|---|---|
createScriptFileName | String | null |
| |||
The name of the file used to perform the CREATE operation. | ||||||
| ||||||
customizerScriptFileName | String | null | ||||
The script used to customize some function of the connector. Read the documentation for more details. | ||||||
| ||||||
authenticateScriptFileName | String | null |
| |||
The name of the file used to perform the AUTHENTICATE operation. | ||||||
| ||||||
scriptOnResourceScriptFileName | String | null |
| |||
The name of the file used to perform the RUNSCRIPTONRESOURCE operation. | ||||||
| ||||||
deleteScriptFileName | String | null |
| |||
The name of the file used to perform the DELETE operation. | ||||||
| ||||||
resolveUsernameScriptFileName | String | null |
| |||
The name of the file used to perform the RESOLVE_USERNAME operation. | ||||||
| ||||||
searchScriptFileName | String | null |
| |||
The name of the file used to perform the SEARCH operation. | ||||||
| ||||||
updateScriptFileName | String | null |
| |||
The name of the file used to perform the UPDATE operation. | ||||||
| ||||||
schemaScriptFileName | String | null |
| |||
The name of the file used to perform the SCHEMA operation. | ||||||
| ||||||
testScriptFileName | String | null |
| |||
The name of the file used to perform the TEST operation. | ||||||
| ||||||
syncScriptFileName | String | null |
| |||
The name of the file used to perform the SYNC operation. | ||||||
| ||||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. |
Groovy Engine configuration
Property | Type | Default | Encrypted [a] | Required [b] |
---|---|---|---|---|
targetDirectory | File | null | ||
Directory into which to write classes. | ||||
| ||||
warningLevel | int | 1 | ||
Warning Level of the compiler | ||||
| ||||
scriptExtensions | String[] | ['groovy'] | ||
Gets the extensions used to find groovy files | ||||
| ||||
minimumRecompilationInterval | int | 100 | ||
Sets the minimum of time after a script can be recompiled. | ||||
| ||||
scriptBaseClass | String | null | ||
Base class name for scripts (must derive from Script) | ||||
| ||||
scriptRoots | String[] | null | ||
The root folder to load the scripts from. If the value is null or empty the classpath value is used. | ||||
| ||||
tolerance | int | 10 | ||
The error tolerance, which is the number of non-fatal errors (per unit) that should be tolerated before compilation is aborted. | ||||
| ||||
debug | boolean | false | ||
If true, debugging code should be activated | ||||
| ||||
classpath | String[] | [] | ||
Classpath for use during compilation. | ||||
| ||||
disabledGlobalASTTransformations | String[] | null | ||
Sets a list of global AST transformations which should not be loaded even if they are defined in META-INF/org.codehaus.groovy.transform.ASTTransformation files. By default, none is disabled. | ||||
| ||||
verbose | boolean | false | ||
If true, the compiler should produce action information | ||||
| ||||
sourceEncoding | String | UTF-8 | ||
Encoding for source files | ||||
| ||||
recompileGroovySource | boolean | false | ||
If set to true recompilation is enabled | ||||
| ||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. |
Basic Configuration Properties
Property | Type | Default | Encrypted [a] | Required [b] |
---|---|---|---|---|
connectionURI | String | null | ||
The MongoDB client connection URI, for example "mongodb://localhost:27017". Overides other connection parameters | ||||
| ||||
host | String | localhost | ||
The MongoDB server host name (localhost by default). | ||||
| ||||
port | int | 27017 | ||
The MongoDB server port number (27017 by default). | ||||
| ||||
user | String | null | ||
The MongoDB username | ||||
| ||||
password | GuardedString | null | ||
The password used to connect to MongoDB | ||||
| ||||
userDatabase | String | null | ||
The name of the database in which the MongoDB user is defined | ||||
| ||||
clusterAddresses | String[] | null | ||
A list of additional mongodbDB servers when connecting to a MongoDB cluster (["host1:27017","host2:27017",...]") | ||||
| ||||
dateAttributes | String[] | [] | ||
Defines the list of attributes to convert to MongoDB BSON Date type on create/update. | ||||
| ||||
database | String | null | ||
The database to use | ||||
| ||||
arrayAttributes | String[] | [] | ||
Defines the list of attributes that should be considered as BSON Arrays. | ||||
| ||||
includeNullValue | boolean | false | ||
If set to true, retains null values in the target MongoDB document (false by default). | ||||
| ||||
includeEmptyList | boolean | false | ||
If set to true, retains null values in the target MongoDB document (false by default). | ||||
| ||||
dateFormat | String | yyyy-MM-dd'T'HH:mm:ss'Z' | ||
Defines the date format to use for MongoDB Date attributes (defaults to ISO 8601 "yyyy-MM-ddTHH:mm:ssZ"). | ||||
| ||||
timeZone | String | UTC | ||
Defines the timezone to use for MongoDB Date attributes. | ||||
| ||||
ICFName | String | name | ||
Defines the name to use in the target MongoDB document for the ICF __NAME__ attribute. | ||||
| ||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. |
Connection Configuration Properties
Property | Type | Default | Encrypted [a] | Required [b] |
---|---|---|---|---|
sslEnabled | boolean | true | ||
Use secure socket layer to connect to MongoDB (true by default) | ||||
| ||||
sslHostNameValidation | boolean | true | ||
Defines if host name should be validated when SSL is enabled | ||||
| ||||
maxConnectionIdleTime | int | 0 | ||
The maximum idle time for a pooled connection in ms (0 means no limit) | ||||
| ||||
maxConnectionLifeTime | int | 0 | ||
The maximum life time for a pooled connection in ms (0 means no limit) | ||||
| ||||
minConnectionsPerHost | int | 0 | ||
The minimum number of connections per host (must be >= 0) | ||||
| ||||
maxConnectionsPerHost | int | 5 | ||
The maximum number of connections per host (must be > 0) | ||||
| ||||
[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM. [b] A list of operations in this column indicates that the property is required for those operations. |