Skip Headers
Oracle® Identity Manager Connector Guide for IBM i5/OS (OS/400) Advanced
Release 9.0.3
Part Number B32447-01
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

4 Initial Reconciliation Run

Reconciliation with the IBM i5/OS (OS/400) Advanced connector is carried out in real time. This implies that after you have imported the initial load of user information, you need not perform reconciliation as a scheduled task. The initial reconciliation run involves obtaining user information from the target system, to allow extension of enterprise user management of profiles and authorization of resources.

The initialization process is run from the command line on the Oracle Identity Manager server. The commands are run from the oim_home/xellerate/JavaTasks directory. There are non-trusted example scripts for initial provisioning and initial disabling at the following location:

IBM i5 Advanced Rev 9.0.3/scripts

These non-trusted scripts are:

run_initial_recon_provisioning.bat 
run_initial_recon_disable.bat

The controls for the commands in these files are specified in the initialAs400Adv.properties file. The following is a sample set of values for these parameters:

xlAdminId:xelsysadm
xlAdminPwd:xelsysadm
xlJndiUrl:jnp://localhost:1099
xlJndiFactory:org.jnp.interfaces.NamingContextFactory
idfTrusted:false
isFileRecon:true
userFile:/tmp/user.txt
idfServerUrl:ldap://localhost:5389
idfAdminDn:cn=idfAs400Admin, dc=as400,dc=com
idfAdminPwd:idfAs400Pwd
ouPeople:ou=People
ouGroups:ou=Files
ouBaseDn:dc=as400,dc=com
idfSystemAdminDn:cn=Directory Manager, dc=system,dc=backend
idfSystemAdminPwd:testpass
idfSystemDn:dc=system,dc=backend
XellerateUserResourceObject:Xellerate User
As400AdvancedResourceObjecct:OIMAS400AdvResourceObject
xlJndiUrlWebSphere:corbaloc:iiop:localhost:2809
xlJndiFactoryWebsphere:com.ibm.websphere.naming.WsnInitialContextFactory

To include or exclude specific users during initial reconciliation, modify the following lines:

idfIgnoreIdList:start1,start2,private
idfDoOnlyIdList:jdoe81,jdoe82,jdoe83

Note:

This control does not support wildcards and is designed for processing or excluding a limited number of users.

Configuring Trusted Source Reconciliation

To configure the connector to perform trusted source reconciliation, set the idfTrusted control in the connection.properties file to true, as follows:

idfTrusted:true

This control toggles trusted source reconciliation in the connector. Set this to false if you are not performing reconciliation with a trusted source.

Also, make a copy of the non-trusted scripts and change the JV parameter first to –X then to –R. These scripts can now be used for trusted source reconciliation.

Note:

Reconciliation updates to Oracle Identity Manager are in real-time. Therefore, you do not need to configure reconciliation as a scheduled task on Oracle Identity Manager after you have performed the initial reconciliation run.

Refer to Oracle Identity Manager Connector Framework Guide for conceptual information about reconciliation configurations.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us