gael

Does your custom connector leverages the scripted REST connector?

your authentication is based at the TLS layer with the certificate?

Your configuration looks ok and the error you get is:
InvalidCredentialException: 401: Unauthorized

So it seems to be a user/password issue.
What kind of test/query you do to validate the user/password ?

Can you share your SCIM provisioner file from openidm/conf folder?

You can try to copy one of the LDAP sample provisioner from samples/ to conf/ folder. The connector should show up in the UI and then you can adapt to your settings

If you manage to get the BearerToken with the Authenticate script, then you can store it in the Configuration propertyBag. It is a concurrent Map shared between connector instances.

In your script you can easily access since the shared configuration object is injected in all scripts

configuration.getPropertyBag().put(“token”,…[Read more]

To create an active user in AD, you need to provide a password and make sure the ‘enabled’ flag is set to true

If you use an http client like curl, a typical json payload would look like:

POST http://localhost:8080/openidm/system/AD/account?_action=create

{
“dn”: “CN=Test CreatefromOpenIDM,OU=create,DC=example,DC=com”,
“__PASSWORD__” :…[Read more]

How do you create the user in AD?

ldapsearch -p 1389 -b “cn=changelog” -D “cn=directory manager” -w password “(changenumber=24)”

dn: changeNumber=24,cn=changelog
objectClass: top
objectClass: changeLogEntry
changeNumber: 24
changeTime: 20160830152329Z
changeType: modify
targetDN: uid=user.0,ou=People,dc=example,dc=com
changes::…[Read more]

Can you share the Json payload you use when creating a user?

correct

IDM 5.5 => LDAP connector 1.4.6.0
IDM 6.0 (~april 2018) => LDAP connector 1.4.7.0

From a technical perspective yes.
LDAP connector does not have much dependencies.

But from a support/QA perspective, I don’t know…

https://bugster.forgerock.org/jira/browse/OPENICF-760

ldap-connector-1.4.7.0

you’re quite right.
The GET which is defined at the API level
https://backstage.forgerock.com/docs/openicf/1.5/apidocs/org/identityconnectors/framework/api/operations/GetApiOp.html
is not defined at the SPI level. ICF will translate a GET to an exact search: __UID__ = XYZ
ICF 1.5 provides a helper method in…[Read more]

without having access to your custom java connector code, it won’t be easy to help…

The key point is to get the Microsoft Java JDBC driver for SQL server, copy it in lib/ folder, and properly configure it in your provisioner file.
=> driverClassName
=> url
=> validationQuery

That done and the TEST action working ok, you may have some MS SQL specific things vs MySQL to review in the scripts but technically speaking, this is…[Read more]

That is a lot of questions…

#1
some attributes were made “special” because some connectors need them and some were made special because they are quite common when dealing with identities.
__ACCOUNT__ and __GROUP__ are common object class since they represent users and groups. But your connector may deal with organizations and roles… These 2…[Read more]

Hi,

we do not use nuget for the .Net connector server. Binaries are available on the Backstage site (https://backstage.forgerock.com/)
When a new version is available, basically uninstall the previous one and install the new one.

Hi,

if you look into the OpenIDM samples, you will see how to write your own REST connector based on our Groovy Scripted REST connector toolkit.

You can also check out OpenIDM documentation

Hi,

if it is a JDBC compliant driver, then it will work either with the DatabaseTable connector (if you have a simple table to manage) or with the ScriptedSQL connector if you need to do more complex queries.