This topic has 3 replies, 2 voices, and was last updated 5 years, 8 months ago by 
.
-
Posts
-
Is it possible to create a new organizational unit(ou), new organization(o),group(cn) and new domain(dc) from OpenIDM with REST API? If so, what are the mapping parameters? Please help.
Yes, this is a common use case and requires both understanding of openidm and opendj. To do this, you need to:
a) create a provisioner in openidm to opendj that exposes the attributes that you want to manage (those you listed)
b) (optional) create a managed object to reflect these attributes in openidm
c) create a mapping from openidm to opendj to manage the objects that you listed
d) make a REST call to openidm/managed/yourobject to update the managed object and the data will flow to opend via implicit sync, or
d) make a rest call to openidm/system/yourldap to update the opendj system object directlyOkay but can we specify the groupObjectClasses in the REST API call? Why I am asking this because by default the groupObjectClasses in a connector is groupOfUniqueNames. If I want to create an organizatinalUnit, I can specify that class in the connector. But the issue is I cannot use that together. I mean, I cannot use multiple groupObjectClasses in the connector conf. So, what I need to know is, Can we overcome this situation with a REST API call, so that we can specify the required groupObjectClasses and create anything(organizationalUnit or groupOfuniqueNames)accordingly?
can we specify the groupObjectClasses in the REST API call?
What kind of REST call are you trying to make? Are you trying to manage the provisioner configuration or are you trying to manage a group object in openidm (and subsequently opendj)?
If I want to create an organizatinalUnit, I can specify that class in the connector.
Just to be sure we are on the same page, there are two types of things that it appears you are trying to manage in openidm based on the questions you are posting in these forums – 1) configuration data (which only applies to openidm) and managed object data (which applies to opendj). Based on your questions in this particular post, I assume you are referring to configuration data so I will respond in that regard.
First of all, take a look a the schema definition for the groupofuniquenames group.
objectClasses: ( 2.5.6.17 NAME ‘groupOfUniqueNames’
DESC ‘RFC2256: a group of unique names (DN and Unique Identifier)’
SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )I do not know how much you know about ldap schema, but it appears that you are confusing an object class from an attribute. I may be wrong, but that seems to be the case based on your question.
Note that in the objectclass definition, groupofuniquenames is the object class and ou (or organizationalUnit) is an allowable attribute for that object class. In terms of openidm, groupofuniquenames maps to the groupobjectclasses property in the provisioner configurationproperties section as follows:
“groupObjectClasses” : [
“groupofuniquenames”
]and the group related attributes appear in the “properties” section of the “group” object, itself. Of which you can see that ou is already there by default (or can be added as you see fit).
“o” : {
“type” : “array”,
“items” : {
“type” : “string”,
“nativeType” : “string”
},
“nativeName” : “o”,
“nativeType” : “string”
},
“ou” : {
“type” : “array”,
“items” : {
“type” : “string”,
“nativeType” : “string”
},
“nativeName” : “ou”,
“nativeType” : “string”
},
“businessCategory” : {
“type” : “array”,
“items” : {
“type” : “string”,
“nativeType” : “string”
},
“nativeName” : “businessCategory”,
“nativeType” : “string”
},Can you manage the opendj configuration data included in the provisioner file? Absolutely. But if you are trying to add ou as a group objectclass in OpenIDM and then try to manage group entries in opendj using this definition, then you will receive a schema violation from OpenDJ.
Does this help?
BTW, if you want to learn more about LDAP schema, here is a really nice online resource: http://www.zytrax.com/books/ldap/ch3/.
You must be logged in to reply to this topic.
