Check external system status over REST
Connectors continue to be released outside the IDM release. For the latest documentation, refer to the ICF documentation. |
After a connection has been configured, external systems are accessible over the REST interface at the URL http://localhost:8080/openidm/system/connector-name
. Aside from accessing the data objects within the external systems, you can test the availability of the systems themselves.
To list the external systems that are connected to an IDM instance, use the test
action on the URL http://localhost:8080/openidm/system/
. The following example shows an IDM system with two connected LDAP systems:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system?_action=test" [ { "name": "ldap", "enabled": true, "config": "config/provisioner.openicf/ldap", "connectorRef": { "bundleVersion": "[1.5.0.0,1.6.0.0)", "bundleName": "org.forgerock.openicf.connectors.ldap-connector", "connectorName": "org.identityconnectors.ldap.LdapConnector" }, "displayName": "LDAP Connector", "objectTypes": [ "__ALL__", "account", "group" ], "ok": true }, { "name": "ldap2", "enabled": true, "config": "config/provisioner.openicf/ldap2", "connectorRef": { "bundleVersion": "[1.5.0.0,1.6.0.0)", "bundleName": "org.forgerock.openicf.connectors.ldap-connector", "connectorName": "org.identityconnectors.ldap.LdapConnector" }, "displayName": "LDAP Connector", "objectTypes": [ "__ALL__", "account", "group" ], "ok": true } ]
The status of the system is provided by the ok
parameter. If the connection is available, the value of this parameter is true
.
To obtain the status for a single system, include the name of the connector in the URL, for example:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system/ldap?_action=test" { "name": "ldap", "enabled": true, "config": "config/provisioner.openicf/ldap", "connectorRef": { "bundleVersion": "[1.5.0.0,1.6.0.0)", "bundleName": "org.forgerock.openicf.connectors.ldap-connector", "connectorName": "org.identityconnectors.ldap.LdapConnector" }, "displayName": "LDAP Connector", "objectTypes": [ "__ALL__", "account", "group" ], "ok": true }
If there is a problem with the connection, the ok
parameter returns false
, with an indication of the error. In the following example, the LDAP server named ldap
, running on localhost:1389
, is down:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system/ldap?_action=test" { "name": "ldap", "enabled": true, "config": "config/provisioner.openicf/ldap", "connectorRef": { "bundleVersion": "[1.5.0.0,1.6.0.0)", "bundleName": "org.forgerock.openicf.connectors.ldap-connector", "connectorName": "org.identityconnectors.ldap.LdapConnector" }, "displayName": "LDAP Connector", "objectTypes": [ "__ALL__", "account", "group" ], "error": "javax.naming.CommunicationException: localhost:1389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]", "ok": false }
To test the validity of a connector configuration, use the testConfig
action and include the configuration in the command. For example:
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --header "Content-Type: application/json" \ --request POST \ --data '{ "configurationProperties": { "headerPassword": "password", "csvFile": "&{idm.instance.dir}/data/csvConnectorData.csv", "newlineString": "\n", "headerUid": "uid", "quoteCharacter": "\"", "fieldDelimiter": ",", "syncFileRetentionCount": 3 }, "connectorRef": { "systemType": "provisioner.openicf", "bundleName": "org.forgerock.openicf.connectors.csvfile-connector", "connectorName": "org.forgerock.openicf.csvfile.CSVFileConnector", "displayName": "CSV File Connector", "bundleVersion": "[1.5.0.0,1.6.0.0)" }, "poolConfigOption": { "maxObjects": 10, "maxIdle": 10, "maxWait": 150000, "minEvictableIdleTimeMillis": 120000, "minIdle": 1 }, "resultsHandlerConfig": { "enableNormalizingResultsHandler": true, "enableFilteredResultsHandler": true, "enableCaseInsensitiveFilter": false, "enableAttributesToGetSearchResultsHandler": true }, "operationTimeout": { "CREATE": -1, "UPDATE": -1, "DELETE": -1, "TEST": -1, "SCRIPT_ON_CONNECTOR": -1, "SCRIPT_ON_RESOURCE": -1, "GET": -1, "RESOLVEUSERNAME": -1, "AUTHENTICATE": -1, "SEARCH": -1, "VALIDATE": -1, "SYNC": -1, "SCHEMA": -1 } }' \ "http://localhost:8080/openidm/system?_action=testConfig"
If the configuration is valid, the command returns "ok": true
, for example:
{ "ok": true }
If the configuration is not valid, the command returns an error, indicating the problem with the configuration. For example, the following result is returned when the LDAP connector configuration is missing a required property (in this case, the baseContexts
to synchronize):
{ "error": "org.identityconnectors.framework.common.exceptions.ConfigurationException: The list of base contexts cannot be empty", "name": "ldap", "ok": false }
The testConfig
action requires a running IDM instance, as it uses the REST API, but does not require an active connector instance for the connector whose configuration you want to test.