Skip to end of metadata
Go to start of metadata


Here is a custom endpoint sample that shows you how to provision to the repository as well as to an LDAP resource.  A sample use case for this script would be if you wanted to maintain a small subset of data in the repository in comparison to what is in LDAP, and furthermore the stored attributes might be quite different between the two targets.  Using a custom endpoint allows explicit control over what gets saved to each target. 

This example assumes we have an ldap provisioner configured at system/ldap/account. 

Under your conf/ directory, create a custom endpoint config file. 


    "context" : "endpoint/demo",
    "type" : "text/javascript",
    "file" : "script/demo.js"


Next create the script that will handle the incoming endpoint request


script/demo.js"Endpoint Request {}", request);
/* Take the values passed in and map them to ldap attributes */

function createLDAPProfile(u) {
	var i = {
		  "dn": "uid=" + u._id + ",ou=People,dc=example,dc=com",
		  "cn": u.givenName + " " + u.familyName,
		  "sn": u.familyName,
	return i;
(function () { 
	var u = request.value;
	var id = "managed/user/" + u._id;"Looking for existing managed user " + u._id);
	var old =;"existing object {}", old);

	// for this demo we delete the user if we find them and then re-create
	if( old != null ) {"****** Deleting existing user {}", id);
	var ldapAttrs = createLDAPProfile(u);	
	var ldapPath =  "system/ldap/account/" + ldapAttrs.dn;
	var ldap =;

	// delete the ldap entry if it exists
	if( ldap != null ) {"Delete Existing LDAP entry !! {} ", ldap.dn);
	var r = openidm.create("managed/user", request.value);
	var r2 = openidm.create("system/ldap/account", ldapAttrs );"managed user result = {} ldap create result = {}", r,r2);
    return r2; 


Send your a new endpoint a POST message to test it out. 

curl -X POST --header "X-OpenIDM-Username: $USERNAME" --header "X-OpenIDM-Password: $PASSWORD"  \
        -d @u1.json $URL



The file @u1.json contains sample data to POST:

  "employeeNumber": "0987654321",
  "userName" : "u1",  
  "stateProvince": "Manchester",
  "roles": "openidm-authorized",
  "accountStatus": "active",
  "country": "UK",
  "givenName": "Created",
  "address2": "",
  "familyName": "Test",
  "passwordAttempts": "0",
  "_rev": "0",
  "lastPasswordSet": "",
  "postalCode": "",
  "_id": "u1",
  "phoneNumber": "123456789",
  "email": ""
  • No labels


  1. Looks good Warren.  Could you elaborate a bit on the use case that this was needed for?


  2. Updated with use case.