MongoDB Connector

Important

Connectors continue to be released outside the IDM release. For the latest documentation, refer to the ICF documentation.

The MongoDB connector is an implementation of the Scripted Groovy Connector Toolkit. This connector enables you to interact with a MongoDB document database, using Groovy scripts for the ICF operations.

The connector is bundled with IDM in the connectors/ directory (mongodb-connector-1.5.20.8.jar).

Note

Version 1.5.20.8 of the connector is supported only with MongoDB version 3.6.x.

Before You Start

In a production environment, enable access control on your MongoDB database. If your connector will manage MongoDB users and roles, you must create an administrative user in the admin database. If your connector will manage collections in a database, this administrative user must create a specific user and role for the connector for the target database.

For information about enabling access control in MongoDB, see the MongoDB documentation.

The commands in this chapter assume an administrative user named myUserAdmin with password Passw0rd who has the readWrite role on the test database.

Configuring the MongoDB Connector

The easiest way to configure the MongoDB connector is through the Admin UI:

  1. Select Configure > Connectors > New Connector.

  2. Enter a name for the connector configuration, for example, mongoDB.

  3. Select MongoDB Connector - 1.5.20.8 as the Connector Type.

  4. Enable the connector, and set the Base Configuration Properties. For information about the configurable properties, see "Basic Configuration Properties".

Alternatively, configure the connector with a configuration file.

A sample connector configuration file (provisioner.openicf-mongodb.json) is provided in the /path/to/openidm/samples/example-configurations/provisioners directory. Copy the sample connector configuration to your project's conf/ directory, and adjust the configurationProperties to match your MongoDB instance:

"configurationProperties" : {
    "connectionURI" : "mongodb://localhost:27017",
    "host" : "localhost",
    "port" : "27017",
    "user" : "myUserAdmin",
    "password" : "Passw0rd",
    "userDatabase" : "admin",
    "database" : "test",
    ...
}

Set "enabled" : true to enable the connector.

When your connector is configured correctly, you can test its status by running the following command:

curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system?_action=test"
[
  {
    "name": "mongodb",
    "enabled": true,
    "config": "config/provisioner.openicf/mongodb",
    "connectorRef": {
      "bundleVersion": "1.5.20.8",
      "bundleName": "org.forgerock.openicf.connectors.mongodb-connector",
      "connectorName": "org.forgerock.openicf.connectors.mongodb.MongoDBConnector"
    },
    "displayName": "MongoDB Connector",
    "objectTypes": [
      "__ALL__",
      "account",
      "role"
    ],
    "ok": true
  }
]

A status of "ok": true indicates that the MongoDB connector can connect to the database.

OpenICF Interfaces Implemented by the MongoDB Connector

The MongoDB Connector implements the following OpenICF interfaces.

Authenticate

Provides simple authentication with two parameters, presumed to be a user name and password.

Create

Creates an object and its uid.

Delete

Deletes an object, referenced by its uid.

Resolve Username

Resolves an object by its username and returns the uid of the object.

Schema

Describes the object types, operations, and options that the connector supports.

Script on Connector

Enables an application to run a script in the context of the connector. Any script that runs on the connector has the following characteristics:

  • The script runs in the same execution environment as the connector and has access to all the classes to which the connector has access.

  • The script has access to a connector variable that is equivalent to an initialized instance of the connector. At a minimum, the script can access the connector configuration.

  • The script has access to any script-arguments passed in by the application.

Script on Resource

Runs a script on the target resource that is managed by this connector.

Search

Searches the target resource for all objects that match the specified object class and filter.

Sync

Polls the target resource for synchronization events, that is, native changes to objects on the target resource.

Test

Tests the connector configuration. Testing a configuration checks all elements of the environment that are referred to by the configuration are available. For example, the connector might make a physical connection to a host that is specified in the configuration to verify that it exists and that the credentials that are specified in the configuration are valid.

This operation might need to connect to a resource, and, as such, might take some time. Do not invoke this operation too often, such as before every provisioning operation. The test operation is not intended to check that the connector is alive (that is, that its physical connection to the resource has not timed out).

You can invoke the test operation before a connector configuration has been validated.

Update

Updates (modifies or replaces) objects on a target resource.

MongoDB Connector Configuration

The MongoDB Connector has the following configurable properties.

Configuration properties

PropertyTypeDefault Encrypted [a] Required [b]
customSensitiveConfiguration GuardedString null

Custom Sensitive Configuration script for Groovy ConfigSlurper

customConfiguration String null

Custom Configuration script for Groovy ConfigSlurper

[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM.

[b] A list of operations in this column indicates that the property is required for those operations.

Operation Script Files

PropertyTypeDefault Encrypted [a] Required [b]
createScriptFileName String null
Create

The name of the file used to perform the CREATE operation.

customizerScriptFileName String null

The script used to customize some function of the connector. Read the documentation for more details.

authenticateScriptFileName String null
Authenticate

The name of the file used to perform the AUTHENTICATE operation.

scriptOnResourceScriptFileName String null
Script On Resource

The name of the file used to perform the RUNSCRIPTONRESOURCE operation.

deleteScriptFileName String null
Delete

The name of the file used to perform the DELETE operation.

resolveUsernameScriptFileName String null
Resolve Username

The name of the file used to perform the RESOLVE_USERNAME operation.

searchScriptFileName String null
Get
Search

The name of the file used to perform the SEARCH operation.

updateScriptFileName String null
Update

The name of the file used to perform the UPDATE operation.

schemaScriptFileName String null
Schema

The name of the file used to perform the SCHEMA operation.

testScriptFileName String null
Test

The name of the file used to perform the TEST operation.

syncScriptFileName String null
Sync

The name of the file used to perform the SYNC operation.

[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM.

[b] A list of operations in this column indicates that the property is required for those operations.

Groovy Engine configuration

PropertyTypeDefault Encrypted [a] Required [b]
targetDirectory File null

Directory into which to write classes.

warningLevel int 1

Warning Level of the compiler

scriptExtensions String[] ['groovy']

Gets the extensions used to find groovy files

minimumRecompilationInterval int 100

Sets the minimum of time after a script can be recompiled.

scriptBaseClass String null

Base class name for scripts (must derive from Script)

scriptRoots String[] null

The root folder to load the scripts from. If the value is null or empty the classpath value is used.

tolerance int 10

The error tolerance, which is the number of non-fatal errors (per unit) that should be tolerated before compilation is aborted.

debug boolean false

If true, debugging code should be activated

classpath String[] []

Classpath for use during compilation.

disabledGlobalASTTransformations String[] null

Sets a list of global AST transformations which should not be loaded even if they are defined in META-INF/org.codehaus.groovy.transform.ASTTransformation files. By default, none is disabled.

verbose boolean false

If true, the compiler should produce action information

sourceEncoding String UTF-8

Encoding for source files

recompileGroovySource boolean false

If set to true recompilation is enabled

[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM.

[b] A list of operations in this column indicates that the property is required for those operations.

Basic Configuration Properties

PropertyTypeDefault Encrypted [a] Required [b]
connectionURI String null

The MongoDB client connection URI, for example "mongodb://localhost:27017". Overides other connection parameters

host String localhost

The MongoDB server host name (localhost by default).

port int 27017

The MongoDB server port number (27017 by default).

user String null

The MongoDB username

password GuardedString null

The password used to connect to MongoDB

userDatabase String null

The name of the database in which the MongoDB user is defined

clusterAddresses String[] null

A list of additional mongodbDB servers when connecting to a MongoDB cluster (["host1:27017","host2:27017",...]")

dateAttributes String[] []

Defines the list of attributes to convert to MongoDB BSON Date type on create/update.

database String null

The database to use

arrayAttributes String[] []

Defines the list of attributes that should be considered as BSON Arrays.

includeNullValue boolean false

If set to true, retains null values in the target MongoDB document (false by default).

includeEmptyList boolean false

If set to true, retains null values in the target MongoDB document (false by default).

dateFormat String yyyy-MM-dd'T'HH:mm:ss'Z'

Defines the date format to use for MongoDB Date attributes (defaults to ISO 8601 "yyyy-MM-ddTHH:mm:ssZ").

timeZone String UTC

Defines the timezone to use for MongoDB Date attributes.

ICFName String name

Defines the name to use in the target MongoDB document for the ICF __NAME__ attribute.

[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM.

[b] A list of operations in this column indicates that the property is required for those operations.

Connection Configuration Properties

PropertyTypeDefault Encrypted [a] Required [b]
sslEnabled boolean true

Use secure socket layer to connect to MongoDB (true by default)

sslHostNameValidation boolean true

Defines if host name should be validated when SSL is enabled

maxConnectionIdleTime int 0

The maximum idle time for a pooled connection in ms (0 means no limit)

maxConnectionLifeTime int 0

The maximum life time for a pooled connection in ms (0 means no limit)

minConnectionsPerHost int 0

The minimum number of connections per host (must be >= 0)

maxConnectionsPerHost int 5

The maximum number of connections per host (must be > 0)

[a] Indicates whether the property value is considered confidential, and therefore encrypted in OpenIDM.

[b] A list of operations in this column indicates that the property is required for those operations.

Read a different version of :