README
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2014 ForgeRock AS. All rights reserved.
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* http://forgerock.org/license/CDDLv1.0.html
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at http://forgerock.org/license/CDDLv1.0.html
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*/
Sample 2c - Synchronizing LDAP Group Membership
-----------------------------------------------
This sample is the same as sample 2b except that it focuses on one special
attribute, ldapGroups, which is used to synchronize LDAP group membership.
To run this sample, launch OpenIDM with the sample configuration as follows:
$ /path/to/openidm/startup.sh -p samples/sample2c
or follow the documentation in the Install Guide:
http://openidm.forgerock.org/doc/install-guide/index.html#more-sample2c
The sample configuration connects to a local OpenDJ with the following parameters:
"host" : "localhost",
"port" : 1389,
"principal" : "cn=Directory Manager",
"credentials" : "password",
Unlike sample 2, this sample sync.json configuration contains two mappings from
OpenDJ to OpenIDM and back. The number of attributes mapped are limited. The
sample contains a schedule configuration which can be used to schedule
reconciliation.
New users are created from LDAP and existing users are updated and back-linked
from OpenIDM to OpenDJ. Changes on OpenIDM are now pushed into the LDAP server.
In addition to sample 2b this sample synchronizes LDAP group membership:
Add a user to an LDAP group and run reconciliation. A new attribute, ldapGroups,
is added to the user's JSON representation in the repo. This attribute contains
a list of the group DNs that the user is a memberOf.