This topic has 3 replies, 3 voices, and was last updated 7 years, 1 month ago by 
.
-
Posts
-
Hello,
OpenIDM communicates with OpenDJ , OpenIDM downloads the LDAP.
If i run “sample2” (one way), just OpenDJ can edit information and OpenIDM read.
If i run “sample2b” (two way), Both can edit information.However, i would like OpenIDM edit information and OpenDJ can read.
I think it is a configuration “one way” ; but i don’t find how to make this configuration.Can anyone help me?
thank you,
regards,Hello,
in samples/sample2b/conf/sync.json, there are the 2 mappings defined (to DJ and from DJ).
If you want to keep only the OpenIDM=>OpenDJ sync, then keep managedUser_systemLdapAccounts mapping and remove systemLdapAccounts_managedUser.Hope this helps,
LaurentI tried your solution; but :
1 : I have one Error java ; that says : “Schedule mapping error systemLdapAccounts_managedUser no found” ; so it’s normal, i removed systemLdapAccounts_managedUser.
2 : I can still create a User in OpenDJ and after the mapping ; read in OpenIDM.
3 : Create User in OpenIDM; read in OpenDJ ; remove in OpenDJ ; the mapping start and the User is still in OpenIDM but nowhere in OpenDJ. However after the mapping the User will be recreate in OpenDJ.
I don’t understand. Can you tell me more about that ?
If you want DJ to truly be read-only for everyone except OpenIDM, then you would have to configure that with proper access controls; I suggest creating a specific user to use in the OpenIDM connection to DJ and make that user the only one capable of making changes.
All that would be left to do is have a single mapping (source:IDM, target:DJ) for each type of object you are managing (accounts, groups, etc…). This would make IDM the authoritative source for those records.
You must be logged in to reply to this topic.
