Note that the concepts introduced here are easily applied to another LDAP ( such as OpenDJ ) or even other systems ( also likely to be covered in later blogs ). I have chosen Active Directory because it is a something I have commonly encountered throughout my career. Furthermore I am going to assume you have an Active Directory instance up and running. If not feel free to use OpenDJ or any other LDAP as the steps will be bro
Note: As many of you will be aware OpenIDM 4.5 has recently been released, for now I am going to continue using OpenIDM 4 for this blog but everything we talk about here is still applicable to 4.5, albeit with minor differences. I will likely move to OpenIDM 4.5 (or 5 even) when the beginners series is concluded.
Provisioning in OpenIDM
- Configure an AD connector.
- Configure a mapping from AD accounts to an OpenIDM user object.
- Configure a mapping to AD accounts rom an OpenIDM user object.
- Configure a mapping from AD groups to an OpenIDM group object.
- Configure a mapping to AD groups from an OpenIDM group object.
Configuring the Active Directory Connector
Configuring LDAP over SSL
-----BEGIN CERTIFICATE----- MIIGlTCCBX2gAwIBAgITMwAAAAaMKJH50LLYOAAAAAAABjANBgkqhkiG9w0BAQsF ADB+MRIwEAYKCZImiZPyLGQBGRYCdWsxEjAQBgoJkiaJk/IsZAEZFgJjbzEZMBcG CgmSJomT8ixkARkWCWZvcmdlZGVtbzEaMBgGCgmSJomT8ixkARkWCnRydXN0em9u ZTExHTAbBgNVBAMTFHRydXN0em9uZTEtVFItQUQxLUNBMB4XDTE2MDMxNzIyMDkz .... qHwRsE9CcreG929Ac7rqbuR2KyQz/ZOxQhhI9Ao2kWYwRNEX4/3w0CKkvK4m0D9O kU10BsI0ZRjpsqwTp6p0//476lFP6TnJa1DEgbgx7H6QDmDieNzaFdVPalBm8HbL vYQYw6xfmX/PWxWgEooi5EHoAfA1rbJ9L4Us5yBy+K22visPCzCj289Vac1l6jVk 8HrM8R7OjzKl -----END CERTIFICATE-----
Creating a Mapping
Finally, you can take a closer look at the results in OpenIDM, again navigate to our mapping, view the Associations tab and scroll down. You should see something similar to the following:
This blog post was first published @ http://identity-implementation.blogspot.no/, included here with permission from the author.