External system status
After you configure an external connection, you can access those systems and their data objects using the REST interface at http://localhost:8080/openidm/system/connectorName. You can also test external system availability.
To list the external systems that are connected to an IDM instance, use the test action on the URL http://localhost:8080/openidm/system/. The following example shows an IDM system with two connected LDAP systems:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system?_action=test"
[
{
"name": "ldap",
"enabled": true,
"config": "config/provisioner.openicf/ldap",
"connectorRef": {
"bundleVersion": "[1.5.0.0,1.6.0.0)",
"bundleName": "org.forgerock.openicf.connectors.ldap-connector",
"connectorName": "org.identityconnectors.ldap.LdapConnector"
},
"displayName": "LDAP Connector",
"objectTypes": [
"__ALL__",
"account",
"group"
],
"ok": true
},
{
"name": "ldap2",
"enabled": true,
"config": "config/provisioner.openicf/ldap2",
"connectorRef": {
"bundleVersion": "[1.5.0.0,1.6.0.0)",
"bundleName": "org.forgerock.openicf.connectors.ldap-connector",
"connectorName": "org.identityconnectors.ldap.LdapConnector"
},
"displayName": "LDAP Connector",
"objectTypes": [
"__ALL__",
"account",
"group"
],
"ok": true
}
]
The status of the system is provided by the ok parameter. If the connection is available, the value of this parameter is true.
To obtain the status for a single system, include the name of the connector in the URL, for example:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system/ldap?_action=test"
{
"name": "ldap",
"enabled": true,
"config": "config/provisioner.openicf/ldap",
"connectorRef": {
"bundleVersion": "[1.5.0.0,1.6.0.0)",
"bundleName": "org.forgerock.openicf.connectors.ldap-connector",
"connectorName": "org.identityconnectors.ldap.LdapConnector"
},
"displayName": "LDAP Connector",
"objectTypes": [
"__ALL__",
"account",
"group"
],
"ok": true
}
If there is a problem with the connection, the ok parameter returns false, with an indication of the error. In the following example, the LDAP server named ldap, running on localhost:1389, is down:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system/ldap?_action=test"
{
"name": "ldap",
"enabled": true,
"config": "config/provisioner.openicf/ldap",
"connectorRef": {
"bundleVersion": "[1.5.0.0,1.6.0.0)",
"bundleName": "org.forgerock.openicf.connectors.ldap-connector",
"connectorName": "org.identityconnectors.ldap.LdapConnector"
},
"displayName": "LDAP Connector",
"objectTypes": [
"__ALL__",
"account",
"group"
],
"error": "javax.naming.CommunicationException: localhost:1389 [Root exception
is java.net.ConnectException: Connection refused (Connection refused)]",
"ok": false
}
To test the validity of a connector configuration, use the testConfig action and include the configuration in the command. For example:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--header "Content-Type: application/json" \
--request POST \
--data '{
"configurationProperties": {
"headerPassword": "password",
"csvFile": "&{idm.instance.dir}/data/csvConnectorData.csv",
"newlineString": "\n",
"headerUid": "uid",
"quoteCharacter": "\"",
"fieldDelimiter": ",",
"syncFileRetentionCount": 3
},
"connectorRef": {
"systemType": "provisioner.openicf",
"bundleName": "org.forgerock.openicf.connectors.csvfile-connector",
"connectorName": "org.forgerock.openicf.csvfile.CSVFileConnector",
"displayName": "CSV File Connector",
"bundleVersion": "[1.5.0.0,1.6.0.0)"
},
"poolConfigOption": {
"maxObjects": 10,
"maxIdle": 10,
"maxWait": 150000,
"minEvictableIdleTimeMillis": 120000,
"minIdle": 1
},
"resultsHandlerConfig": {
"enableNormalizingResultsHandler": true,
"enableFilteredResultsHandler": true,
"enableCaseInsensitiveFilter": false,
"enableAttributesToGetSearchResultsHandler": true
},
"operationTimeout": {
"CREATE": -1,
"UPDATE": -1,
"DELETE": -1,
"TEST": -1,
"SCRIPT_ON_CONNECTOR": -1,
"SCRIPT_ON_RESOURCE": -1,
"GET": -1,
"RESOLVEUSERNAME": -1,
"AUTHENTICATE": -1,
"SEARCH": -1,
"VALIDATE": -1,
"SYNC": -1,
"SCHEMA": -1
}
}' \
"http://localhost:8080/openidm/system?_action=testConfig"
If the configuration is valid, the command returns "ok": true, for example:
{
"ok": true
}
If the configuration is not valid, the command returns an error, indicating the problem with the configuration. For example, the following result is returned when the LDAP connector configuration is missing a required property (in this case, the baseContexts to synchronize):
{
"error": "org.identityconnectors.framework.common.exceptions.ConfigurationException: The list of base contexts cannot be empty",
"name": "ldap",
"ok": false
}
The testConfig action requires a running IDM instance, as it uses the REST API, but does not require an active connector instance for the connector whose configuration you want to test.
Test connector servers
You can test the availability of connector servers using the testConnectorServers action on the http://localhost:8080/openidm/system endpoint.
The following example shows a single connected RCS:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--request POST \
"http://localhost:8080/openidm/system?_action=testConnectorServers"{
"openicf": [
{
"name": "rcs1",
"type": "remoteConnectorServer",
"ok": true
}
]
}