OpenIDM - AD Users REST API

Question

I'm new to openIDM, I'm trying to execute the following query, getting zero results, though I have lot of AD users exist, just wondering what I'm doing wrong,

$ curl \

--header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ "https://localhost:8443/openidm/managed/user?_queryId=query-all-ids"

Results:

{"query-time-ms":0,"result":[],"conversion-time-ms":0}

But it works for Groups

$ curl \

--header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ "https://localhost:8443/openidm/managed/group?_queryId=query-all-ids"

Thanks

Answer 1

Modify Sync.json file, to add user related information like showing in the following link, http://docs.forgerock.org/en/openidm/3.1.0/integrators-guide/index/chap-synchronization.html#synchronization-mappings-file

My config looks like,

{ "name" : "managedUser_systemLdapAccounts", "source" : "System/AD/Account", "target" : "managed/user", ... }

Executed the recon job as mentioned in same doc,

$ curl \ --cacert self-signed.crt \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Content-Type: application/json" \ --request POST \ "https://localhost:8443/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"

Also, I added routes in Managed.JSON {"name", "user"}, {"name", "account"}, though I see this doesn't matter much, when you execute a managed object query, you can choose any endpoints defined in this file and execute a different query not related to the endpoint it still works.

Thanks