Rather than creating provisioner files by hand, use the service that
OpenIDM exposes through the REST interface to create basic connector
configuration files named provisioner-openicf- file.
Connector
Name.json
You create a new connector configuration file in three stages.
-
List available connectors.
-
Generate the core configuration.
-
Connect to the target system and generate the final configuration.
List available connectors using the following command.
$ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request POST "http://localhost:8080/openidm/system?_action=CREATECONFIGURATION"
Available connectors are installed in
openidm/connectors. OpenIDM bundles the following
connectors.
-
csvfile
-
ldap
-
scriptedsql
-
xml
The command above therefore should return the following output (formatted here with lines folded to make it easier to read.)
{
"connectorRef": [
{
"connectorName": "org.identityconnectors.ldap.LdapConnector",
"bundleName":
"org.forgerock.openicf.connectors.ldap-connector",
"bundleVersion": ""
},
{
"connectorName": "com.forgerock.openicf.xml.XMLConnector",
"bundleName":
"org.forgerock.openicf.connectors.file.openicf-xml-connector",
"bundleVersion": ""
},
{
"connectorHostRef":
"osgi:service/org.forgerock.openicf.framework.api.osgi.ConnectorManager",
"connectorName": "org.forgerock.openicf.connectors.scriptedsql.ScriptedSQLConnector",
"bundleName":
"org.forgerock.openicf.connectors.scriptedsql-connector",
"bundleVersion": ""
},
{
"connectorHostRef":
"osgi:service/org.forgerock.openicf.framework.api.osgi.ConnectorManager",
"connectorName": "org.forgerock.openicf.csvfile.CSVFileConnector",
"bundleName":
"org.forgerock.openicf.connectors.csvfile-connector",
"bundleVersion": ""
}
]
}To generate the core configuration, choose one of the available connectors by copying JSON objects from the list into the body of the REST command, as shown below for the XML connector.
$ curl
--header "X-OpenIDM-Username: openidm-admin"
--header "X-OpenIDM-Password: openidm-admin"
-d '{"connectorRef":
{"connectorName":"com.forgerock.openicf.xml.XMLConnector",
"bundleName":"org.forgerock.openicf.connectors.file.openicf-xml-connector",
"bundleVersion":""}}'
--request POST "http://localhost:8080/openidm/system?_action=CREATECONFIGURATION"The command returns a core connector configuration. The core connector configuration returned is not yet functional. It does not contain system specific "configurationProperties" such as the host name and port for web based connectors, or the "xmlFilePath" for the XML file based connectors as can be seen below. In addition, the configuration returned does not include complete "objectTypes" and "operationOptions" parts.
{
"connectorRef": {
"connectorName": "com.forgerock.openicf.xml.XMLConnector",
"bundleName":
"org.forgerock.openicf.connectors.file.openicf-xml-connector",
"bundleVersion": ""
},
"poolConfigOption": {
"maxObjects": 10,
"maxIdle": 10,
"maxWait": 150000,
"minEvictableIdleTimeMillis": 120000,
"minIdle": 1
},
"resultsHandlerConfig": {
"enableNormalizingResultsHandler": true,
"enableFilteredResultsHandler": true,
"enableCaseInsensitiveFilter": false,
"enableAttributesToGetSearchResultsHandler": true
},
"operationTimeout": {
"CREATE": -1,
"UPDATE": -1,
"DELETE": -1,
"TEST": -1,
"SCRIPT_ON_CONNECTOR": -1,
"SCRIPT_ON_RESOURCE": -1,
"GET": -1,
"RESOLVEUSERNAME": -1,
"AUTHENTICATE": -1,
"SEARCH": -1,
"VALIDATE": -1,
"SYNC": -1,
"SCHEMA": -1
},
"configurationProperties": {
"xmlFilePath": null,
"xsdFilePath": null,
"xsdIcfFilePath": null
}
}To generate the final configuration, add the missing "configurationProperties" to the core configuration, and use the updated core configuration as the body for the next command.
$ curl
--header "X-OpenIDM-Username: openidm-admin"
--header "X-OpenIDM-Password: openidm-admin"
--data '{
"connectorRef" :
{
"connectorName" : "com.forgerock.openicf.xml.XMLConnector",
"bundleName" :
"org.forgerock.openicf.connectors.file.openicf-xml-connector",
"bundleVersion" : ""
},
"poolConfigOption" :
{
"maxObjects" : 10,
"maxIdle" : 10,
"maxWait" : 150000,
"minEvictableIdleTimeMillis" : 120000,
"minIdle" : 1
},
"resultsHandlerConfig" :
{
"enableNormalizingResultsHandler" : true,
"enableFilteredResultsHandler" : true,
"enableCaseInsensitiveFilter" : false,
"enableAttributesToGetSearchResultsHandler" : true
},
"operationTimeout" :
{
"CREATE" : -1,
"UPDATE" : -1,
"DELETE" : -1,
"TEST" : -1,
"SCRIPT_ON_CONNECTOR" : -1,
"SCRIPT_ON_RESOURCE" : -1,
"GET" : -1,
"RESOLVEUSERNAME" : -1,
"AUTHENTICATE" : -1,
"SEARCH" : -1,
"VALIDATE" : -1,
"SYNC" : -1,
"SCHEMA" : -1
},
"configurationProperties" :
{
"xsdIcfFilePath" : "samples/sample1/data/resource-schema-1.xsd",
"xsdFilePath" : "samples/sample1/data/resource-schema-extension.xsd",
"xmlFilePath" : "samples/sample1/data/xmlConnectorData.xml"
}
}'
--request POST "http://localhost:8080/openidm/system?_action=CREATECONFIGURATION"![[Note]](common/images/admon/note.png) |
Note |
|---|---|
|
Notice the single quotes around the argument to the
|
OpenIDM attempts to read the schema, if available, from the external resource in order to generate output. OpenIDM then iterates through schema objects and attributes, creating JSON representations for "objectTypes" and "operationOptions" for supported objects and operations.
{
"connectorRef": {
"connectorHostRef": "#LOCAL",
"connectorName": "com.forgerock.openicf.xml.XMLConnector",
"bundleName":
"org.forgerock.openicf.connectors.file.openicf-xml-connector",
"bundleVersion": "-EA"
},
"poolConfigOption": {
"maxObjects": 10,
"maxIdle": 10,
"maxWait": 150000,
"minEvictableIdleTimeMillis": 120000,
"minIdle": 1
},
"resultsHandlerConfig": {
"enableNormalizingResultsHandler": true,
"enableFilteredResultsHandler": true,
"enableCaseInsensitiveFilter": false,
"enableAttributesToGetSearchResultsHandler": true
},
"operationTimeout": {
"CREATE": -1,
"UPDATE": -1,
"DELETE": -1,
"TEST": -1,
"SCRIPT_ON_CONNECTOR": -1,
"SCRIPT_ON_RESOURCE": -1,
"GET": -1,
"RESOLVEUSERNAME": -1,
"AUTHENTICATE": -1,
"SEARCH": -1,
"VALIDATE": -1,
"SYNC": -1,
"SCHEMA": -1
},
"configurationProperties": {
"xmlFilePath": "samples/sample1/data/xmlConnectorData.xml",
"xsdFilePath": "samples/sample1/data/resource-schema-extension.xsd",
"xsdIcfFilePath": "samples/sample1/data/resource-schema-1.xsd"
},
"objectTypes": {
"OrganizationUnit": {
"...": "..."
},
"__GROUP__": {
"$schema": "http://json-schema.org/draft-03/schema",
"id": "__GROUP__",
"type": "object",
"nativeType": "__GROUP__",
"properties": {
"__DESCRIPTION__": {
"type": "string",
"required": true,
"nativeName": "__DESCRIPTION__",
"nativeType": "string"
},
"__NAME__": {
"type": "string",
"required": true,
"nativeName": "__NAME__",
"nativeType": "string"
}
}
},
"__ACCOUNT__": {
"$schema": "http://json-schema.org/draft-03/schema",
"id": "__ACCOUNT__",
"type": "object",
"nativeType": "__ACCOUNT__",
"properties": {
"firstname": {
"type": "string",
"nativeName": "firstname",
"nativeType": "string"
},
"__DESCRIPTION__": {
"type": "string",
"nativeName": "__DESCRIPTION__",
"nativeType": "string"
},
"__UID__": {
"type": "string",
"nativeName": "__UID__",
"nativeType": "string"
},
"__NAME__": {
"type": "string",
"required": true,
"nativeName": "__NAME__",
"nativeType": "string"
}
}
}
},
"operationOptions": {
"CREATE": {
"objectFeatures": {
"OrganizationUnit": {
"...": "..."
},
"__GROUP__": {
"...": "..."
},
"__ACCOUNT__": {
"denied": false,
"onDeny": "DO_NOTHING",
"operationOptionInfo": {
"$schema": "http://json-schema.org/draft-03/schema",
"id": "FIX_ME",
"type": "object",
"properties": {
"...": "..."
}
}
}
}
},
"UPDATE": {
"objectFeatures": {
"__ACCOUNT__": {
"denied": false,
"onDeny": "DO_NOTHING",
"operationOptionInfo": {
"$schema": "http://json-schema.org/draft-03/schema",
"id": "FIX_ME",
"type": "object",
"properties": {
"...": "..."
}
}
}
}
}
}
}As OpenIDM produces a full property set for all attributes and all object types in the schema from the external resource, the resulting configuration can be large. For an LDAP server, OpenIDM can generate a configuration containing several tens of thousands of lines, for example. You might therefore want to reduce the schema to a minimum on the external resource before you run the final command.
