| Oracle® Identity Manager Connector Guide for IBM i5/OS (OS/400) Advanced Release 9.0.3 Part Number B32447-01 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for IBM i5/OS (OS/400) Advanced Release 9.0.3 Part Number B32447-01 |
|
|
View PDF |
After you deploy the connector, you must test it to ensure that it functions as expected. This chapter contains information on the following types of testing:
Provisioning Testing: This type of test involves using Oracle Identity Manager for provisioning or de-provisioning one of its users or organizations with a target resource. In other words, Oracle Identity Manager is the starting point of the connector, and the target resource is the end point.
Reconciliation Testing: In this type of test, you reconcile Oracle Identity Manager with the target resource. In other words, the target resource is the starting point of the connector, and Oracle Identity Manager is the end point.
This chapter contains the following sections:
This section focuses on the functional and performance test cases that are associated with this connector. The following table includes information on running test cases on the IBM i5/OS (OS/400) Advanced connector:
| Test Case | Test Type | Description/Comment |
|---|---|---|
| Test to change IBM i5/OS (OS/400) Password | Provisioning | A user password is changed, with the change posted to i5/OS (OS/400) through the connector. |
| Test to reset IBM i5/OS (OS/400) Password | Provisioning | A user password is reset, with the change posted to i5/OS (OS/400) through the connector. |
| Test to create IBM i5/OS (OS/400) user | Provisioning | A user is created, with the change posted to i5/OS (OS/400) through the connector. |
| Test to revoke or disable IBM i5/OS (OS/400) user account | Provisioning | A user account is revoked, with the change posted to i5/OS (OS/400) through the connector. |
| Test to resume IBM i5/OS (OS/400) user account | Provisioning | A user account is resumed from a revoked status, with the change posted to i5/OS (OS/400) through the connector. |
| Test to list IBM i5/OS (OS/400) users | Provisioning | A list of users is retrieved from i5/OS (OS/400) i5/OS (OS/400) repository. |
| Test to permit IBM i5/OS (OS/400) user access to resource profile | Provisioning | A user is authorized to access i5/OS (OS/400) resources, with change posted to i5/OS (OS/400) through the connector. |
| Test to permit IBM i5/OS (OS/400) user access to TSO | Provisioning | A user is provisioned to log on to i5/OS (OS/400) through TSO, with the change posted to i5/OS (OS/400) through the connector. |
| Test to remove IBM i5/OS (OS/400) user access to dataset | Provisioning | A user is removed from access to an i5/OS (OS/400) dataset, with the change posted to i5/OS (OS/400) through the connector. |
| Test to remove IBM i5/OS (OS/400) user access to resource profile | Provisioning | A user is removed from access to an i5/OS (OS/400) resource, with the change posted to i5/OS (OS/400) through the connector. |
| Test to detect and report native IBM i5/OS (OS/400) password change event | Reconciliation | A native password change is made on i5/OS (OS/400) and subsequently detected by the connector. |
| Test to detect and report native IBM i5/OS (OS/400) password reset event | Reconciliation | A native password reset is made on i5/OS (OS/400) and subsequently detected by the connector. |
| Test to detect and report Native IBM i5/OS (OS/400) create user data event | Reconciliation | user creation is done by an administrator natively on i5/OS (OS/400) and subsequently detected by the connector. |
| Test to detect and report native IBM i5/OS (OS/400) revoke user event | Reconciliation | A user account password is revoked through native i5/OS (OS/400) events, which is subsequently detected by the connector. |
| Test to detect and report native IBM i5/OS (OS/400) delete user event | Reconciliation | A user account is deleted through native i5/OS (OS/400) events, which is subsequently detected by the connector. |
| Test to detect and report native IBM i5/OS (OS/400) resume user event | Reconciliation | A user account is resumed from a revoke status through native i5/OS (OS/400) events, which is subsequently detected by the connector. |
The following table lists solutions to some commonly encountered issues associated with the IBM i5/OS (OS/400) Advanced Connector.
| Problem Description | Solution |
|---|---|
| Oracle Identity Manager cannot establish a connection to the IBM i5/OS (OS/400) Server. |
|
| i5/OS (OS/400) does not appear to respond. |
|
| A particular use case does not appear to be functioning. |
|
The IBM i5/OS (OS/400) Advanced Connector architecture has been engineered for enterprise-level performance. When an identity event passes through an exit, the Reconciliation Agent analyzes the event, and then creates a message, allowing the command to complete its routine without loss of time.
The LDAP Gateway is engineered to detect when a given event originates from Oracle Identity Manager, when it passes through the Reconciliation Connector. Provisioning Agent events also create a native exit event that is detected. To prevent a feedback loop, events that originate from the LDAP Gateway are logged, but are not reported again to Oracle Identity Manager. By contrast, events that originate outside Oracle Identity Manager are treated as native events, and recorded for future auditing.
The LDAP Gateway and Reconciliation securely capture, filter, and log the identity events from the host system, publishing them for use by Oracle Identity Manager.
