How to get the OpenIDM-OpenDJ sync working for a custom schema?

This topic has 3 replies, 3 voices, and was last updated 7 years, 6 months ago by Mike Jang.

  • Author
  • #2807

    I am trying to get the bi-directional sync working. I could run the related examples sample2b and sample2c and see the sync working.

    I need to get this working for my set-up having an OpenDJ with BaseDN as dc=cas,dc=mj,dc=go. Under this base DN, I have a top level organisational unit IDUsers with dn as ou=IDUsers,dc=cas,dc=mj,dc=go. The IDUsers has a number of users of a custom object type. An example user is: uid=john.miller,ou=IDUsers,dc=cas,dc=mj,dc=go. I am able to do the CRUD on these using OpenDJ REST API and through control panel UI.

    But, I am not able to get the bi-directional sync working as explained in sample2b and sample2c.

    Please could anyone explain what all to change to get this working? I could not get a clear documentation on what files to change.

    Many thanks.



    before having sync working, you might want to check that you can access your OpenDJ object via the OpenIDM REST API with call like this:

    $ curl \
     --cacert self-signed.crt \
     --header "X-OpenIDM-Username: openidm-admin" \
     --header "X-OpenIDM-Password: openidm-admin" \
     --request GET \


    If that does not work, then you have to configure your connexion to OpenDJ.
    This is explained in this section of the doc: Configuring Connectors


    Thank you Laurent.

    For the REST call for a user, I get {"code":404,"reason":"Not Found","message":""}.
    I think I need to modify my URL https://localhost:8443/openidm/system/ldap/account/ for the part system/ldap/account/ but I don’t know what to change it to.
    What are system, ldap and account in system/ldap/account? Where are these defined? I guess the system and ldap would be same for my case but account is different.

    I think I need to modify sync.json, openicf.openicf-ldap.json and change parts like "source" : "system/ldap/account". But, no able to find what to change to from the documentation.

    Please suggest.

    • This reply was modified 7 years, 6 months ago by jean.austin.
     Mike Jang

    Hi Jean,

    If you use a non-existent UID at the end of the system/ldap/account endpoint, you would get a 404. One alternative to Laurent’s command is

    curl \
    –cacert self-signed.crt \
    –header “X-OpenIDM-Username: openidm-admin” \
    –header “X-OpenIDM-Password: openidm-admin” \
    –request GET \

    For more information on sync.json, refer to the chapter on Configuring Synchronization. It includes several examples of how you can modify sync.json.

    As for openicf.openicf-ldap.json, I’m not sure. Are you referring to the provisioner.openicf-ldap.json file? If so, you can find more information in the section on the Generic LDAP Connector.

    Let us know if this helps.


Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?