Configuring "one way" OpenIDM to OpenDJ

This topic has 3 replies, 3 voices, and was last updated 7 years, 1 month ago by Jake Feasel.

  • Author
    Posts
  • #4458
     monginm
    Participant

    Hello,

    OpenIDM communicates with OpenDJ , OpenIDM downloads the LDAP.

    If i run “sample2” (one way), just OpenDJ can edit information and OpenIDM read.
    If i run “sample2b” (two way), Both can edit information.

    However, i would like OpenIDM edit information and OpenDJ can read.
    I think it is a configuration “one way” ; but i don’t find how to make this configuration.

    Can anyone help me?
    thank you,
    regards,

    #4460
     laurent.bristiel
    Participant

    Hello,

    in samples/sample2b/conf/sync.json, there are the 2 mappings defined (to DJ and from DJ).
    If you want to keep only the OpenIDM=>OpenDJ sync, then keep managedUser_systemLdapAccounts mapping and remove systemLdapAccounts_managedUser.

    Hope this helps,
    Laurent

    #4464
     monginm
    Participant

    I tried your solution; but :

    1 : I have one Error java ; that says : “Schedule mapping error systemLdapAccounts_managedUser no found” ; so it’s normal, i removed systemLdapAccounts_managedUser.

    2 : I can still create a User in OpenDJ and after the mapping ; read in OpenIDM.

    3 : Create User in OpenIDM; read in OpenDJ ; remove in OpenDJ ; the mapping start and the User is still in OpenIDM but nowhere in OpenDJ. However after the mapping the User will be recreate in OpenDJ.

    I don’t understand. Can you tell me more about that ?

    #4465
     Jake Feasel
    Moderator

    If you want DJ to truly be read-only for everyone except OpenIDM, then you would have to configure that with proper access controls; I suggest creating a specific user to use in the OpenIDM connection to DJ and make that user the only one capable of making changes.

    All that would be left to do is have a single mapping (source:IDM, target:DJ) for each type of object you are managing (accounts, groups, etc…). This would make IDM the authoritative source for those records.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?