IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory Version 2.0 Content Pack for OpenLDAP and Microsoft Active Directory
IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory Version 2.0 Content Pack for OpenLDAP and Microsoft Active Directory
Note Before using this information and the product it supports, read the information in Notices on page 15.
Contents Preface............... v Audience............... v IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory.............. 1 Overview of an LDAP server and common parameters of functions........... 1 Installing and configuring.......... 2 Upgrading.............. 2 Toolkit scenarios............. 2 Register a Directory Server configuration.... 3 Unregister a Directory Server configuration... 3 Modify a Directory Server configuration.... 4 Perform an Active Directory user operation... 4 Perform a Active Directory group operation... 5 Perform an Active Directory rename user operation.............. 5 Perform an OpenLDAP user operation..... 5 Toolkit developer's reference......... 6 Environmental variables......... 6 storehouse_ldap_int_path........ 6 FactoryCtx............. 6 Referral.............. 6 Business objects............ 6 ldapserver............. 7 ldapserverregistrationdata....... 7 ldapserverunregistrationdata....... 7 ldapserverupdatedata......... 7 ldapjndiconnection.......... 7 MSldapUser............ 7 MSldapGroup............ 7 MSldapObject............ 7 OpenLdapUser........... 7 MSLdapComputer.......... 7 Human services............ 7 Modify LDAP Server......... 7 Register LDAP Server......... 7 Unregister LDAP Server........ 7 Sample Active Directory Rename User Operation............. 8 Sample Active Directory Group Operation.. 8 Sample Active Directory User Operation... 8 Sample OpenLDAP User Operation..... 8 Business processes........... 8 Modify LDAP Server......... 8 Register LDAP Server......... 8 Sample LDAP Operation........ 8 Unregister LDAP Server........ 8 Implementation services......... 8 LDAPSearch............ 8 Return Values of LDAPSearch..... 9 LDAPUpdate............ 9 Return Values of LDAPUpdate..... 10 LDAPDelete............ 10 LDAPInsert............ 10 LDAPRename........... 11 Set_CnDependend_UserFields...... 11 Samples............... 11 Importing XML into IBM Cloud Orchestrator... 12 Notices.............. 15 Trademarks and Service Marks.... 17 Copyright IBM Corp. 2014 iii
iv IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
Preface This publication documents how to use the IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory. Audience This information is intended for content developers of IBM Cloud Orchestrator who implement or customize the content pack for OpenLDAP and Microsoft Active Directory. Copyright IBM Corp. 2014 v
vi IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory The IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory toolkit provides basic functionality through integration services to access an LDAP server from within Business Process Manager processes. Supported versions v IBM Cloud Orchestrator version 2.4 v Microsoft Active Directory Windows 2008 and higher v OpenLDAP version 2.4 and higher How the toolkit works The toolkit uses Business Process Manager data objects to buffer, store, and access the LDAP objects of the LDAP server. For each LDAP data object, a BPM data object can be defined. Samples of User and Group Business data are provided but they must be extended and customized based on your needs. Each implementation service delivers or requires these Business Process Manager objects as data containers. The implementation service works with an attached Java-class, which handles this Business Process Manager data object and the rest of the given parameters. It can immediately use a newly defined Business Process Manager data object. This custom data type must be provided to the corresponding implementation service by its name. The service provides this data type name to the underlying Java implementation, which can instantiate this object. Customizing and defining data object type For each customer and LDAP server there are other requirements of LDAP objects and their attributes. It is important to customize the business-process centric data objects. The user must define their own data object type, which contains all required attributes to provide this business process. The attributes of its object must be defined to the respect of the LDAP data structure. The decision between Single Values or List-Values for each attribute have been taken into account. Overview of an LDAP server and common parameters of functions Understand the LDAP server and the common parameters of the functions. LDAP servers are accessible by their primary protocol type, their IP, and their port number. LDAP-URL: "ldap://10.102.91.12:389" Each LDAP server provides a basic node, which must be used internally by the toolkit to complete the URL for accessing the data which is provided by the LDAP server. LDAP-Base-DN: "CN=DOMAIN1,DC=MYCOM,DC=COM" Copyright IBM Corp. 2014 1
Installing and configuring Combined URL, used in the toolkit results in: "ldap://10.102.91.12:389/cn=domain1,dc=mycom,dc=com To be able to connect to the LDAP server, a login user and password must be provided: Login User: "cn=user01,cn=users,cn=domain1,dc=mycom,dc=com" Login-Password: xxxx This set of parameters in combination with the Environment-Parameters, which are needed for every access to the LDAP server, must be combined as a Map Object and attached to every function call as one single parameter. Anonymous authentication, where no user name or password must be provided, is supported. In this case, "java.naming.security.authentication" must be set to "none". The sample UI stores this set of properties in the variable jndipropertiesmap. A good knowledge of IBM Cloud Orchestrator and of the Business Process Manager programming model is required for using the toolkit as a software development kit (SDK) for building new content. The content pack contains the following items: v The IBM Cloud Orchestrator Directory Server toolkit: SCOrchestrator_Directory_Services_Toolkit_<YYYYMMDD>.twx v The XML definition file for the Directory Server Offerings and Actions to be automatically created through the IBM Cloud Orchestrator Self-Service Catalog Population Tool: directory-services-offerings.xml v Product documentation The following basic operations are provided: v Search Object by query v Update object v Delete Object v Insert Object v Rename Object It contains UI samples which lead you through the usage of the implementation services. Upgrading If you already have the toolkit installed and are upgrading from SmartCloud Orchestrator V2.3 to IBM Cloud Orchestrator V2.4, because of changes in the structure of the self-service catalog and new version 2.4 architecture, you must make some adjustments manually to clean up the environment so that the toolkits can run. Make the following adjustments: v Remove all the offerings under the category "Directory Services". v Register all the LDAP servers again. Toolkit scenarios There are a number of scenarios that are immediately available from the toolkit. 2 IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
First, you register the required Self-Service Offerings and Orchestrator Actions, based on the configuration parameters specified in each of the scenarios. The following scenarios are available: v Register a Directory Server configuration v Unregister a Directory Server configuration v Modify a Directory Server configuration on page 4 v Perform an Active Directory user operation on page 4 v Perform a Active Directory group operation on page 5 v Perform an Active Directory rename user operation on page 5 v Perform an OpenLDAP user operation on page 5 Register a Directory Server configuration You can register the basic configuration parameters in IBM Cloud Orchestrator to access a Microsoft Active Directory server. To run this scenario, perform the following steps: 1. Go to the Self-Service Catalog and open the Directory Services category. 2. Start the Register Directory Server offering. After the offering starts: a. Specify the Directory Server URL, for example ldap://<ip or hostname>. b. Specify the Directory Server port. c. Specify the base Distinguished Name. d. Specify if the Server Authentication is anonymous or not. If the authentication is not anonymous, provide: v The user name to connect to the Microsoft Active Directory server v The password for the specified user e. Submit the offering. Table 1. Configuration of the offering Name Category Process User interface Register LDAP Server Directory Services Register LDAP Server (SCOrchestrator_Directory_Server_Toolkit) Register LDAP Server (SCOrchestrator_Directory_Server_Toolkit) Unregister a Directory Server configuration You can unregister the basic configuration parameters to access a configured Directory Server server from IBM Cloud Orchestrator. To run this scenario, perform the following steps: 1. Go to the Self-Service Catalog and open the Directory Services category. 2. Start the Unregister Directory Server offering. After the offering starts: a. Select the Directory Server server configuration to be removed. b. Submit the offering. Table 2. Configuration of the offering Name Category Unregister LDAP Server Directory Services IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory 3
Table 2. Configuration of the offering (continued) Process User interface Unregister LDAP Server (SCOrchestrator_Directory_Server_Toolkit) Unregister LDAP Server (SCOrchestrator_Directory_Server_Toolkit) Modify a Directory Server configuration You can update the basic configuration parameters to access a configured Directory Server server in IBM Cloud Orchestrator. To run this scenario, perform the following steps: 1. Go to the Self-Service Catalog and open the Directory Services category. 2. Start the Modify Directory Server offering. After the offering starts: a. Select the Directory Server server configuration to be modified. b. Review and modify the Directory Server server URL. c. Review and modify the Directory Server server port. d. Review and modify the Directory Server Distinguished name. e. Review and modify the username to connect to the Directory Server server. f. Review and modify the password for the specified user. g. Submit the offering. Table 3. Configuration of the offering Name Category Process User interface Modify LDAP Server Directory Services Modify LDAP Server (SCOrchestrator_Directory_Server_Toolkit) Modify LDAP Server (SCOrchestrator_Directory_Server_Toolkit) Perform an Active Directory user operation You can perform sample Directory Server user operations. To run this scenario, perform the following steps: 1. Go to the Self-Service Catalog and open the Directory Services category. 2. Start the Perform an Active Directory User Operation offering. After the offering starts: a. Select the Directory Server used by the user for various operations, for example, rename, update, insert, and delete. b. Select the search base for CN= Users and click Search. c. Select the user and perform the operation. Table 4. Configuration of the offering Name Category Process User interface Perform an Active Directory User Operation Directory Services Sample LDAP Operation (SCOrchestrator_Directory_Server_Toolkit) Sample Active Directory User Operation (SCOrchestrator_Directory_Server_Toolkit) 4 IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
Perform a Active Directory group operation You can perform sample Directory Server group operations. To run this scenario, perform the following steps: 1. Go to the Self-Service Catalog and open the Directory Services category. 2. Start the Perform an Active Directory Group Operation offering. After the offering starts: a. Select the Directory Server used by the user for various operations, for example, rename, update, insert, and delete. b. Select the search base for CN= Group and click Search. c. Select the user and perform the operation. Table 5. Configuration of the offering Name Category Process User interface Perform an Active Directory Group Operation Directory Services Sample LDAP Operation (SCOrchestrator_Directory_Server_Toolkit) Sample Active Directory Group Operation (SCOrchestrator_Directory_Server_Toolkit) Perform an Active Directory rename user operation You can perform Active Directory rename user operations. To run this scenario, perform the following steps: 1. Go to the Self-Service Catalog and open the Directory Services category. 2. Start the Sample Active Directory Rename User Operation offering. After the offering starts: a. Select the Directory Server used by the user for various operations, for example, rename, update, insert, and delete. b. Select the search base for CN= Users and click Search. c. Select the user and perform the operation. Table 6. Configuration of the offering Name Category Process User interface Sample Active Directory Rename User Operation Directory Services Sample LDAP Operation (SCOrchestrator_Directory_Server_Toolkit) Sample Active Directory Rename User Operation (SCOrchestrator_Directory_Server_Toolkit) Perform an OpenLDAP user operation You can manage user objects in OpenLDAP. To run this scenario, perform the following steps: 1. Go to the Self-Service Catalog and open the Directory Services category. 2. Start the Perform an OpenLDAP User Operation offering. After the offering starts: IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory 5
a. Select the Directory Server used by the user for various operations, for example, rename, update, insert, and delete. b. Select the search base for CN= Users and click Search. c. Select the user and perform the operation. Table 7. Configuration of the offering Name Category Process User interface Perform an OpenLDAP User Operation Directory Services Sample LDAP Operation (SCOrchestrator_Directory_Server_Toolkit) Perform an OpenLDAP User Operation (SCOrchestrator_Directory_Server_Toolkit) Toolkit developer's reference This section contains reference information about the Business Process Manager artifacts exposed in the toolkit contained in the content pack. It is intended to be used by IBM Cloud Orchestrator content developers to extend the already available scenarios or to write new scenarios leveraging the building blocks available from the toolkit. The following items are the main building blocks of the toolkit: v Environmental variables v Business objects v Human services on page 7 v Business processes on page 8 v Implementation services on page 8 Environmental variables Some environment variables are available so you can customize some behaviors when you run the use cases. Environmental variables are defined in the toolkit in Toolkit Settings > Environment. storehouse_ldap_int_path This variable specifies the default path on Storehouse where the LDAP server configurations get stored. The value of this variable must never be changed. FactoryCtx This variable specifies the default JNDI connection factory. The value of this variable must never be changed. Referral This variable specifies the JNDI service providers how to handle referral. Possible values are ignore and follow. Business objects There are Business Process Manager business objects defined in the toolkit. 6 IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
ldapserver This object is used to handle the configuration information required to allow Business Process Manager to connect to a LDAP environment, for example host name, credentials, and so on. ldapserverregistrationdata This object is used to hold the input parameters of the Register LDAP Server offering. ldapserverunregistrationdata This object is used to hold the input parameters of the Unregister LDAP Server offering. ldapserverupdatedata This object is used to hold the input parameters of the Update LDAP Server offering. ldapjndiconnection This object is used to hold JNDI connection parameter and it is used in the Integration Services. MSldapUser This object is used as sample to hold MS LDAP User and it is used in the Integration Services. MSldapGroup This object is used as sample to hold MS LDAP Group and it is used in the Integration Services. MSldapObject This object is used as sample to hold MS generic LDAP Object and it is used in the Integration Services. OpenLdapUser This object is used as sample to hold Open LDAP User and it is used in the Integration Services. MSLdapComputer This object is used as sample to hold MS LDAP Computer and it is used in the Integration Services. Human services There are a number of Human Services artifacts available in the toolkit. Modify LDAP Server This is the Human Service that is used to collect the parameters required to edit an LDAP server configuration already stored in IBM Cloud Orchestrator. Register LDAP Server This is the Human Service that is used to collect the parameters corresponding to an LDAP server configuration to be created in IBM Cloud Orchestrator. Unregister LDAP Server This is the Human Service that is used to collect the parameters required to delete an LDAP server configuration already stored in IBM Cloud Orchestrator. IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory 7
Sample Active Directory Rename User Operation This is the Sample Human Service that shows how to perform LDAP User Rename Operation works. Sample Active Directory Group Operation This is the Sample Human Service that shows how to perform LDAP Group Operations. Sample Active Directory User Operation This is the Sample Human Service that shows how to perform LDAP User Operations. Sample OpenLDAP User Operation This is the Sample Human Service that shows how to perform Open LDAP User Operations. Business processes There are a number of the business processes available in the toolkit. Modify LDAP Server This business process update in IBM Cloud Orchestrator an already available configuration containing the parameters needed to connect to a LDAP Server. Register LDAP Server This business process registers in IBM Cloud Orchestrator a new configuration containing the parameters needed to connect to an LDAP Server. Sample LDAP Operation This business process is a sample that shows how to perform sample LDAP operation. Unregister LDAP Server This business process delete from IBM Cloud Orchestrator an already available configuration containing the parameters needed to connect to a LDAP Server. Implementation services There are a number of the implementation services available in the toolkit. LDAPSearch This function provides the ability to search every kind of LDAP objects, defined by the search query. Note: Anonymous authentication, where no user name or password must be provided, is supported. In this case, "java.naming.security.authentication" must be set to "none". 8 IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
Parameters ConnectionProperties Data type Description and sample HashMap HashMap containing all required properties. java.naming.security.authentication= simple java.naming.factory.initial= com.sun.jndi.ldap. LdapCtxFactory java.naming.referral= follow LDAPHost= ldap://10.102.91.12:389 BaseDN= CN=DOMAIN1,DC=MYCOM,DC=COM java.naming.security.principal= cn=user01, CN=Users,CN=DOMAIN1,DC=MYCOM,DC=COM java.naming.security.credentials= xxxx querybase String Inner LDAP node, under which the query should start to search for objects. CN=Users QueryFilter String LDAP Query for the search "(objectclass=user)" or "(&(objectclass=user)(displayname=us*))" ReturnType String Name of the BPM data object, which must be filled with the result from the LDAP query. It returns a list of this object type. "MSLdapUser" AttributesRequested CSV String Comma-separated values of attributes, that must be requested and filled in the result data objects. Null/empty if all attributes must be fetched. "displayname,dn,cn" or MaxResults int Number of results that must be returned maximum. 0 if unlimited. "0" SortByAttributesCVS String Comma-separated values of attributes, for which the search result must be ordered. "displayname" or ProxyDN String Value of the ProxyDN. Not supported in this version. "" Return Values of LDAPSearch: The LDAPSearch returns a map of objects (Key,Object), which are identified by their key. The following keys and Objects are available for this function: Key (String) Value data type Description and sample "errcode" String Error Code or SUCCESS "errmsg" String Details about the error, if errcode!= SUCCESS "resultobject" List of BPM data Object The result collection of the specified BPM data type. LDAPUpdate This function provides the ability to update a LDAP objects with values from a given instance of a BPM data object. IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory 9
Parameters Data type Description and sample ConnectionProperties HashMap HashMap containing all required properties. LDAPObject2Update Specific BPM Data Object BPM data object, which contains a presentation of the LDAP data object attributes. Update function uses this attribute to update the LDAP server. Instance of MSLdapUser PropertyIdentKey String Name of the property field that identifies the ID or unique key of the object to be updated. "distinguishedname" or dn KeyAttributes String Comma-separated values of Attribute names that must be updated in the LDAP object. "displayname" ProxyDN String Value of the ProxyDN. Not supported in this version. "" Return Values of LDAPUpdate: The LDAPUpdate returns a map of strings (Key,String), which are identified by their key. The following keys and values are available for this function: Key (String) Value data type Description and sample "errcode" String Error Code or SUCCESS "errmsg" String Details about the error, if errcode!= SUCCESS LDAPDelete This function provides the ability to delete LDAP objects. Data Parameters type Description and sample ConnectionProperties String HashMap containing all required properties. distinguishedname_value String Value of the Distinguished Name, which identifies the object that must be deleted. CN=User4Handle,CN=Users,CN=DOMAIN1, DC=MYCOM,DC=COM ProxyDN String Value of the ProxyDN. Not supported in this version. "" LDAPInsert This function provides the ability to insert LDAP objects with values from a given instance of a BPM data object. Parameters ConnectionProperties Data type Description and sample HashMap HashMap containing all required properties. 10 IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
Parameters LDAPObject2Insert keydistinguished NameName Data type Specific BPM Data Object String Description and sample BPM data object, which contains a presentation of the LDAP data object attributes. Insert function uses this attributes to update the LDAP server. Instance of MSLdapUser Name of the property field that identifies the ID or unique key of the object to be inserted. "distinguishedname" or dn KeyAttributes2InsertCSV String Comma-separated values of Attribute names that must be updated in the LDAP object. "objectclass,displayname,cn" ProxyDN String Value of the ProxyDN. Not supported in this version. "" LDAPRename This function provides the ability to rename an LDAP object. Data Parameters type Description and sample ConnectionProperties String HashMap containing all required properties. keydistinguishedname String Value of the Distinguished Name, which identifies the object that must be renamed. CN=User4Handle,CN=Users,CN=DOMAIN1,DC=MYCOM, DC=COM attributetorenamecsv String Value for rename in place of keydistinguishedname that is to be renamed. CN=RenameValueForUser,CN=Users ProxyDN String Value of the ProxyDN. Not supported in this version. "" Set_CnDependend_UserFields This function coordinates to set all attributes, that are in relation to the CN of a LDAP data object to their corresponding initial value for an Insert command. It is a helper function only and directly acts on the selected BPM data object that must be inserted. For more information, see the Sample-UI Implementation. Samples The toolkit contains one main sample (Sample LDAP Operation) that demonstrates the usage of all functions of the toolkit. It provides the possibility to search, edit, delete, and insert an LDAP user object, as it is normally designed or provided for by the Microsoft LDAP server. It only demonstrates the usage of the toolkit and therefore you can only modify a subset of the par of that object. By using this restriction in the toolkit sample, you can also use this sample to search, edit, and delete other object-types. IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory 11
Importing XML into IBM Cloud Orchestrator Refer to this sample XML file that you can use, with the Self-Service Catalog Population Tool, to create all the Offerings and Orchestration Actions required to leverage the capabilities provided by this content pack in IBM Cloud Orchestrator. <?xml version="1.0"?> <catalog version="2.4"> <automation-categories> <category> <name>directory Services</name> <description>a set of offerings to perform Directory Service Operations</description> <icon>application</icon> </category> </automation-categories> <offerings> <offering> <name>register LDAP Server</name> <description>register a new Directory Server configuration.</description> <icon>application</icon> <category-name>directory Services</category-name> <process> <name>register LDAP Server</name> </process> <user-interface> <name>register LDAP Server</name> </user-interface> </offering> <offering> <name>unregister LDAP Server</name> <description>unregister Directory Server configuration.</description> <icon>application</icon> <category-name>directory Services</category-name> <process> <name>unregister LDAP Server</name> </process> <user-interface> <name>unregister LDAP Server</name> </user-interface> </offering> <offering> <name>modify LDAP Server</name> <description>modify a registered Directory Server configuration.</description> <icon>application</icon> <category-name>directory Services</category-name> <process> <name>modify LDAP Server</name> </process> <user-interface> <name>modify LDAP Server</name> </user-interface> </offering> <offering> <name>perform an Active Directory User Operation</name> <description>sample Offering that shows how to manage User Objects in Microsoft Active Directory.</description> <icon>application</icon> <category-name>directory Services</category-name> <process> <name>sample LDAP Operation</name> 12 IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
</process> <user-interface> <name>sample Active Directory User Operation</name> </user-interface> </offering> <offering> <name>perform an Active Directory Group Operation</name> <description>sample Offering that shows how to manage Group Objects in Microsoft Active Directory.</description> <icon>application</icon> <category-name>directory Services</category-name> <process> <name>sample LDAP Operation</name> </process> <user-interface> <name>sample Active Directory Group Operation</name> </user-interface> </offering> <offering> <name>perform an Active Directory Rename User Operation</name> <description>sample Offering that shows how to rename User Objects in Microsoft Active Directory.</description> <icon>application</icon> <category-name>directory Services</category-name> <process> <name>sample LDAP Operation</name> </process> <user-interface> <name>sample Active Directory Rename User Operation</name> </user-interface> </offering> <offering> <name>perform an OpenLDAP User Operation</name> <description>sample Offering that shows how to manage User Objects in OpenLDAP.</description> <icon>application</icon> <category-name>directory Services</category-name> <process> <name>sample LDAP Operation</name> </process> <user-interface> <name>sample OpenLDAP User Operation</name> </user-interface> </offering> </offerings> </catalog> IBM Cloud Orchestrator Content Pack for OpenLDAP and Microsoft Active Directory 13
14 IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte character set (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 1623-14, Shimotsuruma, Yamato-shi Kanagawa 242-8502 Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. Copyright IBM Corp. 2014 15
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/101 11400 Burnet Road Austin, TX 78758 U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. If you are viewing this information softcopy, the photographs and color illustrations may not appear. 16 IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
Trademarks and Service Marks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( or ), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at http://www.ibm.com/legal/copytrade.shtml. Adobe, the Adobe logo, PostScript, and the PostScript logo are trademarks or registered trademarks of Adobe Systems, Incorporated, in the United States and/or other countries. Intel, the Intel logo, Intel Inside, the Intel Inside logo, Intel Centrino, the Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Copyright IBM Corp. 2014 17
18 IBM Cloud Orchestrator: Content Pack for OpenLDAP and Microsoft Active Directory
Printed in USA