--- title: System objects description: System objects are objects stored in remote systems and are exposed under the /openidm/system context. IDM provides access to system objects over REST, as listed in the following table: component: pingidm version: 8.1 page_id: pingidm:rest-api-reference:endpoints/rest-system-objects canonical_url: https://docs.pingidentity.com/pingidm/8.1/rest-api-reference/endpoints/rest-system-objects.html keywords: ["REST API"] section_ids: list_available_connector_configurations: List available connector configurations: list_remote_systems_and_their_status: List remote systems, and their status: run_livesync_on_a_specified_system_object: Run liveSync on a specified system object: script-system-object: Run a script on a system object: authenticate_to_a_system_object: Authenticate to a system object create_a_new_system_object: Create a new system object rename_a_system_object: Rename a system object list_ids_associated_with_a_specific_system_object: List IDs associated with a specific system object: --- # System objects System objects are objects stored in remote systems and are exposed under the `/openidm/system` context. IDM provides access to system objects over REST, as listed in the following table: | URI | HTTP Operation | Description | | --------------------------------------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | /openidm/system?\_action=action-name | POST | `_action=availableConnectors` returns a list of the connectors that are available in `openidm/connectors` or in `openidm/bundle`.`_action=createCoreConfig` takes the supplied connector reference (`connectorRef`) and adds the configuration properties required for that connector. This generates a core connector configuration that you can use to create a full configuration with the `createFullConfig` action.`_action=createFullConfig` generates a complete connector configuration, using the configuration properties from the `createCoreConfig` action, and retrieving the object types and operation options from the resource, to complete the configuration.`_action=test` returns a list of all remote systems, with their status, and supported object types.`_action=testConfig` validates the connector configuration provided in the POST body.`_action=liveSync` triggers a liveSync operation on the specified source object. | | /openidm/system/system-name?\_action=action-name | POST | `_action=test` tests the status of the specified system. | | /openidm/system/system-name/system-object?\_action=action-name | POST | `_action=liveSync` triggers a liveSync operation on the specified system object.`_action=authenticate` authenticates to the specified system object, with the provided credentials.`_action=create` creates a new system object. | | /openidm/system/system-name?\_action=script\&scriptId=script-name\&scriptExecuteMode=resource | POST | `_action=script` runs the specified script on the system object. | | /openidm/system/system-name/system-object?\_queryId=query-all-ids | GET | Lists all IDs related to the specified system object, such as users, and groups. | | /openidm/system/system-name/system-object?\_queryFilter=filter | GET | Lists the item(s) associated with the query filter. | | /openidm/system/system-name/system-object/id | PUT | Creates a system object, or updates the system object, if it exists (replaces the entire object). | | /openidm/system/system-name/system-object/id | PATCH | Updates the specified fields of a system object. | | /openidm/system/system-name/system-object/id | DELETE | Deletes a system object. | | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When you create a system object with a PUT request (that is, specifying a client-assigned ID), you should specify the ID in the URL only and not in the JSON payload. If you specify a different ID in the URL and in the JSON payload, the request will fail, with an error similar to the following:```json { "code":500, "reason":"Internal Server Error", "message":"The uid attribute is not single value attribute." } ```A `POST` request with a `patch` action is not currently supported on system objects. To patch a system object, you must send a `PATCH` request. | ## List available connector configurations: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system?_action=availableConnectors" ``` ## List remote systems, and their status: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system?_action=test" [ { "name": "ldap", "enabled": true, "config": "config/provisioner.openicf/ldap", "connectorRef": { "bundleVersion": "[1.4.0.0,1.6.0.0)", "bundleName": "org.forgerock.openicf.connectors.ldap-connector", "connectorName": "org.identityconnectors.ldap.LdapConnector" }, "displayName": "LDAP Connector", "objectTypes": [ "ALL", "account", "group" ], "ok": true } ] ``` ## Run liveSync on a specified system object: * Source Parameter * Endpoint ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system?_action=liveSync&source=system/ldap/account" { "connectorData": { "nativeType": "integer", "syncToken": 0 }, "_rev": "00000000a92657c7", "_id": "SYSTEMLDAPACCOUNT" } ``` ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system/ldap/account?_action=liveSync" { "connectorData": { "nativeType": "integer", "syncToken": 0 }, "_rev": "00000000a92657c7", "_id": "SYSTEMLDAPACCOUNT" } ``` ## Run a script on a system object: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/system/ldap/account?_action=script&_scriptId=addUser" ``` ## Authenticate to a system object ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --header "Content-Type: application/json" \ --request POST \ --data '{ "username" : "bjensen", "password" : "Passw0rd" }' \ "http://localhost:8080/openidm/system/ldap/account?_action=authenticate" { "_id": "fc252fd9-b982-3ed6-b42a-c76d2546312c" } ``` ## Create a new system object ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --header "Accept-API-Version: resource=1.0" \ --data '{ "cn": "James Smith", "dn": "uid=jsmith,ou=people,dc=example,dc=com", "uid": "jsmith", "sn": "Smith", "givenName":"James", "mail": "jsmith@example.com", "description": "Created by IDM REST"}' \ --request POST \ "http://localhost:8080/openidm/system/ldap/account?_action=create" { "telephoneNumber": null, "description": "Created by IDM REST", "mail": "jsmith@example.com", "givenName": "James", "cn": "James Smith", "dn": "uid=jsmith,ou=people,dc=example,dc=com", "uid": "jsmith", "ldapGroups": [], "sn": "Smith", "_id": "07b46858-56eb-457c-b935-cfe6ddf769c7" } ``` ## Rename a system object You can rename a system object simply by supplying a new naming attribute value in a PUT request. The PUT request replaces the entire object. The naming attribute depends on the external resource. The following example renames an object on an LDAP server, by changing the DN of the LDAP object (effectively performing a modDN operation on that object). The example renames the user created in the previous example: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --header "Accept-API-Version: resource=1.0" \ --header "If-Match: *" \ --data '{ "cn": "James Smith", "dn": "uid=jimmysmith,ou=people,dc=example,dc=com", "uid": "jimmysmith", "sn": "Smith", "givenName": "James", "mail": "jsmith@example.com"}' \ --request PUT \ "http://localhost:8080/openidm/system/ldap/account/07b46858-56eb-457c-b935-cfe6ddf769c7" { "mail": "jsmith@example.com", "cn": "James Smith", "sn": "Smith", "dn": "uid=jimmysmith,ou=people,dc=example,dc=com", "ldapGroups": [], "telephoneNumber": null, "description": "Created by IDM REST", "givenName": "James", "uid": "jimmysmith", "_id": "07b46858-56eb-457c-b935-cfe6ddf769c7" } ``` ## List IDs associated with a specific system object: ``` curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request GET \ "http://localhost:8080/openidm/system/ldap/account?_queryId=query-all-ids" { "remainingPagedResults": -1, "pagedResultsCookie": null, "resultCount": 3, "result": [ { "dn": "uid=jdoe,ou=People,dc=example,dc=com", "_id": "1ff2e78f-4c4c-300c-b8f7-c2ab160061e0" }, { "dn": "uid=bjensen,ou=People,dc=example,dc=com", "_id": "fc252fd9-b982-3ed6-b42a-c76d2546312c" }, { "dn": "uid=jimmysmith,ou=people,dc=example,dc=com", "_id": "07b46858-56eb-457c-b935-cfe6ddf769c7" } ] } ```