IDP support in graphman is partial. As of now, support is limited to Internal, Federated and some level to LDAP (i.e., GenericLdap sub types). This will be addressed soon in future releases.
Original Message:
Sent: Mar 13, 2024 12:27 PM
From: Jeferson Diaz
Subject: export identity Provider with Graphman
Hi @Raju Gurram, I have postman collection but i use the query ldap by name, in this query i see the bind password
query ldapByName($name : String!) {
ldapByName(name : $name) {
goid
name
checksum
ldapUrls
ldapsClientAuthEnabled
ldapsClientKeystoreId
ldapsClientKeyAlias
searchBase
writable
bindDn
bindPassword
userMappings {
objClass
nameAttrName
loginAttrName
passwdAttrName
firstNameAttrName
lastNameAttrName
emailNameAttrName
kerberosAttrName
kerberosEnterpriseAttrName
userCertAttrName
passwdType { val }
}
groupMappings {
objClass
nameAttrName
memberAttrName
memberStrategy { val }
}
}
}
response
{
"data": {
"ldapByName": {
"goid": "f866e2c5bb5940c667d2f83c402117e2",
"name": "BHDL_AD_CFBHD",
"checksum": "371c44d61807bf7528db4fe8f806c0aaf8830bfb",
"ldapUrls": [
"ldaps://xxxxxx",
"ldaps://xxxxxx"
],
"ldapsClientAuthEnabled": false,
"searchBase": "DC=bhdlpre,DC=local",
"writable": false,
"bindDn": "USERV_BRK_01",
"bindPassword": "JEw3RXYwMiQ2zgLMEJLff97LlgpG9GP9T1C3A4h9MOuiH8nsi276YagzxS+AwUjXYPiMZ2AM1xx=",
"userMappings": [
{
"objClass": "user",
"nameAttrName": "cn",
"loginAttrName": "sAMAccountName",
"passwdAttrName": "userPassword",
"firstNameAttrName": "givenName",
"lastNameAttrName": "sn",
"emailNameAttrName": "mail",
"kerberosAttrName": "sAMAccountName",
"kerberosEnterpriseAttrName": "userPrincipalName",
"userCertAttrName": "userCertificate",
"passwdType": {
"val": 0
}
}
],
"groupMappings": [
{
"objClass": "group",
"nameAttrName": "cn",
"memberAttrName": "member",
"memberStrategy": {
"val": 0
}
}
]
}
}
}
But the Provider Type only value is GenericLdap, i need the value MicrosoftActiveDirectory but i don't have change the value and you can't see it in the query's response, how to change the value ?, thanks
Original Message:
Sent: Mar 13, 2024 05:04 AM
From: Raju Gurram
Subject: export identity Provider with Graphman
If the query is made using graphman-client, it is bit complex. At the same time, it was not recommended as well. Consider the below solution is temporary.
- Edit the schema/idp.graphql file and remove passwdType field from the UserMapping type definition.
- Delete the schema/metadata.json file.
- NOTE: Do not delete the schema/metadata-base.json file.
As we are ignoring the passwdType field from querying, make sure this field is populated with the default value (passwdType: {val: 0}) for all the exported ldap entities.
Original Message:
Sent: Mar 13, 2024 04:09 AM
From: Sebastian van Voorn
Subject: export identity Provider with Graphman
How can you avoid using passwdType field?
I just do an export --using all with graphmanclient.
------------------------------
Greetings,
Sebastian van Voorn.
[JobTitle]
[CompanyName]
Original Message:
Sent: Mar 13, 2024 01:50 AM
From: Raju Gurram
Subject: export identity Provider with Graphman
@Jeferson Diaz This is known issue, schema needs correction.
For now, avoid specifying the passwdType field from the query.
Original Message:
Sent: Mar 12, 2024 12:03 PM
From: Jeferson Diaz
Subject: export identity Provider with Graphman
Hi, I use graphman to export identity Provider configuration but in the moment use query see the next error with BindPassword
{
"errors": [
{
"message": "The field at path '/ldapByName/userMappings[0]/passwdType' was declared as a non null type, but the code involved in retrieving data has wrongly returned a null value. The graphql specification requires that the parent field be set to null, or if that is non nullable that it bubble up null to its parent and so on. The non-nullable type is 'PasswdStrategy' within parent type 'UserMapping'",
"path": [
"ldapByName",
"userMappings",
0,
"passwdType"
],
"extensions": {
"classification": "NullValueInNonNullableField"
}
}
],
"data": {}
}
The bindpassword not export or null data, how to resolve this problem?