9.4.3.2. Installing a Standalone Java Connector Server

It may be necessary to set up a remote Java Connector Server (JSC). This section provides directions for setting up the standalone connecter on Unix/Linux and Windows.

Procedure 9.5. Installing a Standalone Connector Server for Unix/Linux

  1. Download the OPENICF JAVA Connector Server from the OpenIDM download page under the ForgeRock Open Stack download page.

  2. Run the terminal and unpack it. The following command will unzip the file in the current folder, so make sure to move to the appropriate location prior to running the command. 

    unzip openicf--java.zip

  3. Change the directory to OpenICF using the following command: 

    $ cd path/to/openicf

  4. If needed, secure the communication between OpenIDM and JCS. The JCS uses a property called secret key to authenticate the connection. The default secret key value is changeit. To change the value of the secret key enter the following, replacing newkey with the your own string value: 

    java - cp "./lib/framework/*" org.identityconnectors.framework.server.Main 
       -setKey -key <newkey> -properties ./conf/ConnectorServer.properties

  5. Review the ConnectorServer.properties in the /conf directory, and make changes as necessary. The file contains setting information, including things like ports, the allowance of one/all IP addresses, and SSL. The file provides the required information to update these settings.

  6. Run the JCS. 

    java -cp "./lib/framework/*"
org.identityconnectors.framework.server.Main -run -properties 
./conf/ConnectorServer.properties

  7. If necessary, you can stop the JCS by pressing ^C.

Procedure 9.6. Installing a Standalone Connector Server for Windows

  1. Download the OPENICF JAVA Connector Server from the OpenIDM download page under the ForgeRock Open Stack download page.

  2. Unpack the zip file in the desired location, for example C:\openicf.

  3. Run the command line (Start, type cmd, and cmd) and change the working directory to openicf\bin cd c:\openicf\bin

  4. Change the directory to OpenICF using the following command: 

    $ cd path/to/openicf

  5. If needed, secure the communication between OpenIDM and JCS. The JCS uses a property called secret key to authenticate the connection. The default secret key value is changeit.

    To change the value of the secret key enter the following, replacing newkey with the your own string value: 

    /ConnectorServer.bat /setkey <newkey>

  6. Review the ConnectorServer.properties in the /conf directory, and make changes as necessary. The file contains setting information, including things like ports, the allowance of one/all IP addresses, and SSL. The file provides the required information to update these settings.

  7. If you would like the JCS to run as a Windows service, enter the following command. 

    ./ConnecorServer.bat /install (for uninstalling use /uninstall )
    [Note] Note

    If you install JCS as a Windows service you can start/stop it by Microsoft's Service Console (Start, type Service, and Service). The JCS service is called: OpenICFConnectorServerJava.

    Or

    If you would like to run the JCS from command line, enter the following command: 

    .\ConnectorServer.bat /run

  8. If necessary, stop the JCS by pressing ^C.

You can view the log files in the openicf/logs directory.

9.4.3.2.1. MySQL Database Example to Reconcile JCS Users

This sample demonstrates using reconciliation of users stored in a MySQL database on a remote machine. The JCS runs on the same machine as the MySQL database and mediates the connection between OpenIDM and MySQL database.

Procedure 9.7. Configuring JCS

  1. Download MySQL JDBC Driver.

  2. Unpack the MySQL JDBC Driver and copy the mysql-connector-java-5.1.22-bin.jar to the openicf/lib directory.

  3. Go to the /tools directory. The groovy scripts in the folder run on the JCS side. Copy them from path/to/openidm/sample/sample3/tools folder to openicf/.

Procedure 9.8. Configuring OpenIDM for the MySQL Database Example

  1. Start OpenIDM. You can ignore errors like cannot connect to database and cannot find jdbc driver. These errors will be fixed once OpenIDM is configured and restarted.

  2. Go to the provisioner.openicf.connectorinfoprovider.json to see information about your remote connector servers. Copy this file from openidm/samples/provisioners to openidm/conf.

    For Unix/Linux, enter the following in Terminal. 

    $ cd path/to/openidm
$ cp samples/provisioners/provisioner.openicf.connectorinfoprovider.json ./conf

    For Windows, enter the following on the command line. 

    c:\> cd path/to/openidm
.\> copy .\samples\provisioners\provisioner.openicf.connectorinfoprovider.json .\conf

  3. Edit the provisioner.openicf.connectorinfoprovider.json to meet your needs. The following is an example. 

    { 
	    "connectorsLocation" : "connectors", 
	    "remoteConnectorServers" : [ 
	        { 
	            "name" : "mysql", 
	            "host" : "10.0.0.2", 
	            "port" : 8759, 
	            "useSSL" : false, 
	            "timeout" : 0, 
	            "key" : "password" 
	        } 
	    ], 
	}

  4. Copy all of the files from openidm/samples/sample3/conf to openidm/conf.

    For Unix/Linux, enter the following in Terminal. 

    $ cp -r ./samples/sample3/conf ./conf

    For Window, enter the following on the command line. 

    .\> copy .\samples\sample3\conf\ .\conf\

  5. Edit the provisioner.openicf-scriptedsql.json to read like the following. 

    { 
	    "name" : "hrdb", 
	    "connectorRef" : { 
	        "connectorHostRef" : "mysql", 
	        "bundleName" : "org.forgerock.openicf.connectors.db.openicf-scriptedsql
	        -connector", 
	        "bundleVersion" : "",
	        "connectorName" : "org.forgerock.openicf.scriptedsql.ScriptedSQLConnector" 
	    }, 
	    "producerBufferSize" : 100, 
	    "connectorPoolingSupported" : true, 
	    "poolConfigOption" : { 
	        "maxObjects" : 10, 
	        "maxIdle" : 10, 
	        "maxWait" : 150000, 
	        "minEvictableIdleTimeMillis" : 120000, 
	        "minIdle" : 1 
	    }, 
	    "operationTimeout" : { 
         "CREATE" : -1, 
	        "TEST" : -1, 
	        "AUTHENTICATE" : -1, 
	        "SEARCH" : -1, 
	        "VALIDATE" : -1, 
	        "GET" : -1, 
	        "UPDATE" : -1, 
	        "DELETE" : -1, 
	        "SCRIPT_ON_CONNECTOR" : -1, 
	        "SCRIPT_ON_RESOURCE" : -1, 
	        "SYNC" : -1, 
	        "SCHEMA" : -1 
	    }, 
	    "configurationProperties" : { 
	        "host" : "10.0.0.2", 
	        "port" : "3306", 
	        "user" : "root", 
	        "password" : { 
	            "$crypto" : { 
	                "value" : { 
	                    "iv" : "dsrEhCU45UakY6Uh9Jxfww==", 
	                    "data" : "X1+77+0I7Yog/6ZirsFSyg==", 
	                    "cipher" : "AES/CBC/PKCS5Padding", 
	                    "key" : "openidm-sym-default" 
	                }, 
	                "type" : "x-simple-encryption" 
	            } 
	        }, 
	        "database" : "HRDB", 
	        "autoCommit" : true, 
	        "reloadScriptOnExecution" : false, 
	        "keyColumn" : "uid", 
	        "jdbcDriver" : "com.mysql.jdbc.Driver", 
	        "jdbcConnectionUrl" : "jdbc:mysql://10.0.0.2:3306/HRDB", 
	        "jdbcUrlTemplate" : "jdbc:mysql://%h:%p/%d", 
	        "createScriptFileName" : "/home/tester/openicf/tools/CreateScript.groovy", 
	        "testScriptFileName" : "/home/tester/openicf/tools/TestScript.groovy", 
	        "searchScriptFileName" : "/home/tester/openicf/tools/SearchScript.groovy", 
	        "deleteScriptFileName" : "/home/tester/openicf/tools/DeleteScript.groovy", 
	        "updateScriptFileName" : "/home/tester/openicf/tools/UpdateScript.groovy", 
	        "syncScriptFileName" : "/home/tester/openicf/tools/SyncScript.groovy" 
	    }, 
	    "objectTypes" : { 
	        "group" : { 
	            "$schema" : "http://json-schema.org/draft-03/schema", 
	            "id" : "__GROUP__", 
	            "type" : "object", 
	            "nativeType" : "__GROUP__", 
	            "properties" : { 
	                "name" : { 
	                    "type" : "string", 
	                    "required" : true, 
	                    "nativeName" : "__NAME__", 
	                    "nativeType" : "string" 
	                }, 
	                "gid" : { 
	                    "type" : "string", 
	                    "required" : true, 
	                    "nativeName" : "gid", 
	                    "nativeType" : "string" 
	                }, 
	                "description" : { 
	                    "type" : "string", 
	                    "required" : false, 
	                    "nativeName" : "description", 
	                    "nativeType" : "string" 
	                } 
	            } 
	        }, 
	        "organization" : { 
	            "$schema" : "http://json-schema.org/draft-03/schema", 
	            "id" : "organization", 
	            "type" : "object", 
	            "nativeType" : "organization", 
	            "properties" : { 
	                "name" : { 
	                    "type" : "string", 
	                    "required" : true, 
	                    "nativeName" : "__NAME__", 
	                    "nativeType" : "string" 
	                }, 
	                "description" : { 
	                    "type" : "string", 
	                    "required" : false, 
	                    "nativeName" : "description", 
	                    "nativeType" : "string" 
	                } 
	            } 
	        }, 
	        "account" : { 
	            "$schema" : "http://json-schema.org/draft-03/schema", 
	            "id" : "__ACCOUNT__", 
	            "type" : "object", 
	            "nativeType" : "__ACCOUNT__", 
	            "properties" : { 
	                "firstName" : { 
	                    "type" : "string", 
	                    "nativeName" : "firstname", 
	                    "nativeType" : "string", 
	                    "required" : true 
	                }, 
	                "email" : { 
	                    "type" : "array", 
	                    "items" : { 
	                        "type" : "string", 
	                        "nativeType" : "string" 
	                    }, 
	                    "nativeName" : "email", 
	                    "nativeType" : "string" 
	                }, 
	                "__PASSWORD__" : { 
	                    "type" : "string", 
	                    "nativeName" : "password", 
	                    "nativeType" : "JAVA_TYPE_GUARDEDSTRING", 
	                    "flags" : [ 
	                        "NOT_READABLE", 
	                        "NOT_RETURNED_BY_DEFAULT" 
	                    ] 
	                }, 
	                "uid" : { 
	                    "type" : "string", 
	                    "nativeName" : "__NAME__", 
	                    "required" : true, 
	                    "nativeType" : "string" 
	                }, 
	                "fullName" : { 
	                    "type" : "string", 
	                    "nativeName" : "fullname", 
	                    "nativeType" : "string" 
	                }, 
	                "lastName" : { 
	                    "type" : "string", 
	                    "required" : true, 
	                    "nativeName" : "lastname", 
	                    "nativeType" : "string" 
	                }, 
	                "organization" : { 
	                    "type" : "string", 
	                    "required" : true, 
	                    "nativeName" : "organization", 
	                    "nativeType" : "string" 
	                } 
	            } 
	        } 
	    }, 
	    "operationOptions" : { } 
	}

  6. Verify that the following settings are correct.

    • The value of connectorHostRef : mysql points to the property name of provisioner.openicf.connectorinfoprovider.json. This indicates which connectorinfoprovider to use.

    • The bundleVersion : must be exactly the same as openicf-scriptedsql-connector-.jar. on JCS /bundles. Unpack the .jar file, open META-INF/MANIFEST.MF, and search for the Bundle-Version property.

    • The path to groovy scripts should be createScriptFileName : /home/tester/openicf/tools/CreateScript.groovy.

      For Windows, the path will follow Unix notation. For example the path could be Program Files (x86)/openicf/tools/CreateScript.groovy, which in Windows notation would be C:\Program Files (x86)\openicf\tools\CreateScript.groovy.

    • All instances of the connection setting must be properly set, for example, jdbcConnectionUrl : jdbc:mysql://10.0.0.2:3306/HRDB.

  7. Restart OpenIDM to verify that all of the configuration changes have occurred. There should be no error message when OpenIDM is restarted. To check run the following. 

    src list

    This returns a list of installed modules, including the following: 

    [  17] [active       ] org.forgerock.openidm.provisioner.openicf
    [Note] Note

    The number may differ. Make sure to note the number returned.

    When you have installed more connectors, there will be more OpenICF modules. If the state of the module is active, the module is installed properly. If the state is unsatisfied, then you have not configured it correctly and you must check your configuration. You can also check the content of installed module (which could be handy if you have unsatisfied state and you want to see if the content is the same as in *.json – to verify that the configuration you just set was picked up). To list the content of the module use the following with the number returned from the previous step: 

    scr info 17 <your number>
    [Note] Note

    You can also check the provisioner.openicf.connectorinfoprovider

  8. Run reconciliation with the following command: 

    $ curl --header "X-OpenIDM-Username: openidm-admin"  
--header "X-OpenIDM-Password: openidm-admin"  --request POST 
"http://localhost:8080/openidm/recon?_action=recon&mapping=systemHrdb_managedUser"

    This will return a reconciliation id similar to the following: 

    {"_id":"a5346543-db9a-4f8b-ba25-af2a1b576a54"}

  9. Check the internal repository (OrientDB or MySQL) to make sure that the users were reconciled. For information about connecting to OrientDB, see Before You Begin in the Installation Guide. For information about using MySQL as a repository, see Installing a Repository For Production in the Installation Guide.