managed/user repository, usecase1

This topic has 5 replies, 2 voices, and was last updated 7 years ago by Morten Lømo.

  • Author
  • #4894
     Morten Lømo

    I use MySQL as repository. Then I run usecase1. I run the curl command to reconciliate users from OpenDJ to OpenIDM. The contents of the database for one of the users looks like this:

    mysql> select * from managedobjects;
    | 11 | 4 | user.1 | 0 | {“manager”:{“displayName”:”user.0″,”$ref”:”/managed/user/user.0″,”managerId”:”user.0″},”passwordAttempts”:”0″,”department”:”Human Resources”,”address1″:”70110 Fourth Street”,”address2″:””,”givenName”:”Aaren”,”effectiveRoles”:[“openidm-authorized”],”password”:{“$crypto”:{“value”:{“data”:”6ikd0xXS0WFjD6YhWqXbNQ==”,”cipher”:”AES/CBC/PKCS5Padding”,”iv”:”Le0amoP0dwbuQxgcHxHkZw==”,”key”:”openidm-sym-default”},”type”:”x-simple-encryption”}},”userType”:”employee”,”city”:”New Haven”,”lastPasswordSet”:”2015-07-27T19:52:18.346Z”,”title”:null,”postalCode”:”93694″,”_id”:”user.1″,”accountStatus”:”active”,”stateProvince”:”OH”,”userName”:”user.1″,”mail”:”[email protected]”,”sn”:”Atp”,”accounts”:[“Business”],”lastPasswordAttempt”:”Mon Jul 27 2015 21:52:18 GMT+0200 (CEST)”,”country”:””,”_rev”:”0″,”telephoneNumber”:”+1 680 734 6300″,”roles”:[“openidm-authorized”],”effectiveAssignments”:{},”postalAddress”:””,”employeeNumber”:”1″,”displayName”:”Aaren Atp”}
    23 rows in set (0.00 sec)

    When I look at the sync.json file, I can see that the list of Properties in the file is a subset of the contents of the fullobject column in the database (above). This also agrees with the OpenIDM documentation which says the same thing: ” The contents of the properties table is a subset of the properties in the fullobject column of the main table.”

    I was wandering: Where do you define the contents of the fullobject column? I.e. the list of attributes that goes into a fullobject entry. Mapping in the sync.json file only gives you half the answer as it only contains a subset of all the attributes.

     Morten Lømo

    Example: the attributes “country”and “postalAddress” are contained in the fullobject column in the database but not in sync.json. How does OpenIDM know that it should store “country” and “postalAddress” in fullobject?


    You are right, “country” and “postalAdress” are not part of the mapping defined in sync.json.
    Those properties are created by the script called in managed.json:

    { "objects" : [
                "name" : "user",
                "onCreate" : {
                    "type" : "text/javascript",
                    "file" : "ui/onCreate-user-set-default-fields.js"
                }, (...)

    This means that whenever a manager user is created, the script ui/onCreate-user-set-default-fields.js is called. And this script contains:

    if (!object.postalAddress) {
        object.postalAddress = "";
    if (! { = "";

    There are explanations about this mechanism in the integrator’s guide.
    See the “Managed Objects” section for example.

     Morten Lømo

    Thanks. I find the onCreate..file in two places:


    1. I guess its the first one that is used for usecase1. Am I correct?

    2. If I startup OpenIDM with ./ -p samples/workflow, will OpenIDM pick the other one?


    yes and yes.
    the order in which the script folders are searched for is explained here.

    "sources" : {
        "default" : {
            "directory" : "&{launcher.install.location}/bin/defaults/script"
        "install" : {
            "directory" : "&{launcher.install.location}"
        "project" : {
            "directory" : "&{launcher.project.location}"
        "project-script" : {
            "directory" : "&{launcher.project.location}/script"

    “The order in which locations are listed in the “sources” property is important. Scripts are loaded from the bottom up in this list, that is, scripts found in the last location on the list are loaded first.”

     Morten Lømo

    Thanks. Now I understand :-)

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?