Since creating a provisioner configuration from scratch is pretty much work, OpenIDM offers a service on the REST interface which should help to get a basic configuration for a provisioner-openicf-<Connection Name>.json file. In further releases of OpenIDM this wizard like communication will be available on the command line too.

The procedure of creating a new provisioner configuration comprises of thee steps: Get all available connectors Generate the core configuration. Connect to the end system and generate the final configuration. The first step is executed by sending a simple REST command to the server: $ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" --request POST "http://localhost:8080/openidm/system?_action=CREATECONFIGURATION" This will return a list of already available connectors. Available connectors are those which are installed in openidm/connectors. In OpenIDM 2.0.1 this is currently: csvfile ldap scriptedsql xml The expected return value of the curl command above is therefore: { "connectorRef" : [ { "connectorName" : "org.identityconnectors.ldap.LdapConnector", "bundleName" : "org.forgerock.openicf.connectors.ldap.openicf-ldap-connector", "bundleVersion" : "1.1.0.0" }, { "connectorName" : "com.forgerock.openicf.xml.XMLConnector", "bundleName" : "org.forgerock.openicf.connectors.file.openicf-xml-connector", "bundleVersion" : "1.1.0.0" }, { "connectorHostRef" : "osgi:service/org.forgerock.openicf.framework.api.osgi.ConnectorManager", "connectorName" : "org.forgerock.openicf.scriptedsql.ScriptedSQLConnector", "bundleName" : "org.forgerock.openicf.connectors.db.openicf-scriptedsql-connector", "bundleVersion" : "1.1.0.0" }, { "connectorHostRef" : "osgi:service/org.forgerock.openicf.framework.api.osgi.ConnectorManager", "connectorName" : "org.forgerock.openicf.csvfile.CSVFileConnector", "bundleName" : "org.forgerock.openicf.connectors.file.openicf-csvfile-connector", "bundleVersion" : "1.1.0.0" } ] } All return values are pretty unformatted when using curl. Transform them into a better readable format can be acheved by using a json formatter like JSON Formatter & Validator which can be found here. For the next step one of the connectors above must be chosen by copying the result above into the body of the REST command, like shown below for the xml connector $ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" -d '{"connectorRef": {"connectorName":"com.forgerock.openicf.xml.XMLConnector", "bundleName":"org.forgerock.openicf.connectors.file.openicf-xml-connector", "bundleVersion":"1.1.0.0"}}' --request POST "http://localhost:8080/openidm/system?_action=CREATECONFIGURATION" This curl command will return a core connector configuration. It is not functional since it does not contain system specific parameters, the so called "configurationProperties" like hostname or port for web based connectors, or "xmlFilePath" for the file based connectrs as can be seen below. In addition it is missing the complete "objectTypes" and "operationOptions" parts. { "connectorRef" : { "connectorName" : "com.forgerock.openicf.xml.XMLConnector", "bundleName" : "org.forgerock.openicf.connectors.file.openicf-xml-connector", "bundleVersion" : "1.1.0.0" }, "poolConfigOption" : { "maxObjects" : 10, "maxIdle" : 10, "maxWait" : 150000, "minEvictableIdleTimeMillis" : 120000, "minIdle" : 1 }, "resultsHandlerConfig" : { "enableNormalizingResultsHandler" : true, "enableFilteredResultsHandler" : true, "enableCaseInsensitiveFilter" : false, "enableAttributesToGetSearchResultsHandler" : true }, "operationTimeout" : { "CREATE" : -1, "UPDATE" : -1, "DELETE" : -1, "TEST" : -1, "SCRIPT_ON_CONNECTOR" : -1, "SCRIPT_ON_RESOURCE" : -1, "GET" : -1, "RESOLVEUSERNAME" : -1, "AUTHENTICATE" : -1, "SEARCH" : -1, "VALIDATE" : -1, "SYNC" : -1, "SCHEMA" : -1 }, "configurationProperties" : { "xmlFilePath" : null, "xsdFilePath" : null, "xsdIcfFilePath" : null } } For performing the final step, the missing "configurationProperties" must be filled into the core configuration and the core configuration must be sent sent to the server as the body of a new REST commend: $ curl --header "X-OpenIDM-Username: openidm-admin" --header "X-OpenIDM-Password: openidm-admin" -d '{ "connectorRef" : { "connectorName" : "com.forgerock.openicf.xml.XMLConnector", "bundleName" : "org.forgerock.openicf.connectors.file.openicf-xml-connector", "bundleVersion" : "1.1.0.0" }, "poolConfigOption" : { "maxObjects" : 10, "maxIdle" : 10, "maxWait" : 150000, "minEvictableIdleTimeMillis" : 120000, "minIdle" : 1 }, "resultsHandlerConfig" : { "enableNormalizingResultsHandler" : true, "enableFilteredResultsHandler" : true, "enableCaseInsensitiveFilter" : false, "enableAttributesToGetSearchResultsHandler" : true }, "operationTimeout" : { "CREATE" : -1, "UPDATE" : -1, "DELETE" : -1, "TEST" : -1, "SCRIPT_ON_CONNECTOR" : -1, "SCRIPT_ON_RESOURCE" : -1, "GET" : -1, "RESOLVEUSERNAME" : -1, "AUTHENTICATE" : -1, "SEARCH" : -1, "VALIDATE" : -1, "SYNC" : -1, "SCHEMA" : -1 }, "configurationProperties" : { "xsdIcfFilePath" : "samples/sample1/data/resource-schema-1.xsd", "xsdFilePath" : "samples/sample1/data/resource-schema-extension.xsd", "xmlFilePath" : "samples/sample1/data/xmlConnectorData.xml" } }' --request POST "http://localhost:8080/openidm/system?_action=CREATECONFIGURATION" On most UNIX shells the single quote which is used on the -d option above will hide all formatting from being executed. Therefore there is no need to transform the -d '...' part to a single line. For producing the result of the last REST command OpenIDM will try to query the schema from the external system, if such a schema is available. It will then iterate through the objects and attributes in the schema and add the create representations in the "objectTypes" and "operationOptions" for the supported objects and operations. { "connectorRef" : { "connectorHostRef" : "#LOCAL", "connectorName" : "com.forgerock.openicf.xml.XMLConnector", "bundleName" : "org.forgerock.openicf.connectors.file.openicf-xml-connector", "bundleVersion" : "1.1.0.0-EA" }, "poolConfigOption" : { "maxObjects" : 10, "maxIdle" : 10, "maxWait" : 150000, "minEvictableIdleTimeMillis" : 120000, "minIdle" : 1 }, "resultsHandlerConfig" : { "enableNormalizingResultsHandler" : true, "enableFilteredResultsHandler" : true, "enableCaseInsensitiveFilter" : false, "enableAttributesToGetSearchResultsHandler" : true }, "operationTimeout" : { "CREATE" : -1, "UPDATE" : -1, "DELETE" : -1, "TEST" : -1, "SCRIPT_ON_CONNECTOR" : -1, "SCRIPT_ON_RESOURCE" : -1, "GET" : -1, "RESOLVEUSERNAME" : -1, "AUTHENTICATE" : -1, "SEARCH" : -1, "VALIDATE" : -1, "SYNC" : -1, "SCHEMA" : -1 }, "configurationProperties" : { "xmlFilePath" : "samples/sample1/data/xmlConnectorData.xml", "xsdFilePath" : "samples/sample1/data/resource-schema-extension.xsd", "xsdIcfFilePath" : "samples/sample1/data/resource-schema-1.xsd" }, "objectTypes" : { "OrganizationUnit" : {... }, "__GROUP__" : { "$schema" : "http://json-schema.org/draft-03/schema", "id" : "__GROUP__", "type" : "object", "nativeType" : "__GROUP__", "properties" : { "__DESCRIPTION__" : { "type" : "string", "required" : true, "nativeName" : "__DESCRIPTION__", "nativeType" : "string" }, "__NAME__" : { "type" : "string", "required" : true, "nativeName" : "__NAME__", "nativeType" : "string" }, ... } }, "__ACCOUNT__" : { "$schema" : "http://json-schema.org/draft-03/schema", "id" : "__ACCOUNT__", "type" : "object", "nativeType" : "__ACCOUNT__", "properties" : { "firstname" : { "type" : "string", "nativeName" : "firstname", "nativeType" : "string" }, "__DESCRIPTION__" : { "type" : "string", "nativeName" : "__DESCRIPTION__", "nativeType" : "string" }, "__UID__" : { "type" : "string", "nativeName" : "__UID__", "nativeType" : "string" }, "__NAME__" : { "type" : "string", "required" : true, "nativeName" : "__NAME__", "nativeType" : "string" }, ... } } }, "operationOptions" : { "CREATE" : { "objectFeatures" : { "OrganizationUnit" : {... }, "__GROUP__" : {... }, "__ACCOUNT__" : { "denied" : false, "onDeny" : "DO_NOTHING", "operationOptionInfo" : { "$schema" : "http://json-schema.org/draft-03/schema", "id" : "FIX_ME", "type" : "object", "properties" : { } } } } }, "UPDATE" : { "objectFeatures" : { "__ACCOUNT__" : { "denied" : false, "onDeny" : "DO_NOTHING", "operationOptionInfo" : { "$schema" : "http://json-schema.org/draft-03/schema", "id" : "FIX_ME", "type" : "object", "properties" : { } } } } }, ... } } Due to downloading the schema from the resource and producing a full property set for all attributes in all object types of the resource schema, the result can be a rather long configuration file. Several 10000 lines in case of an LDAP server, for instance. Therefore it might be desirable to reduce the schema to the minimum required on the resource before running this command.