Contents

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Documentation Updates
• Conventions

What's New in the Oracle Identity Manager Advanced Connector for IBM RACF?

• Software Updates
• Documentation-Specific Updates

1 About the Connector

• 1.1 Certified Components
• 1.2 Certified Languages
• 1.3 Connector Architecture
  • 1.3.1 Connector Components
  • 1.3.2 Connector Operations
    • 1.3.2.1 Full Reconciliation Process
    • 1.3.2.2 Initial LDAP Population and Reconciliation Process
    • 1.3.2.3 Incremental (Real-Time) Reconciliation Process
    • 1.3.2.4 Provisioning Process
• 1.4 Features of the Connector
  • 1.4.1 Target Resource and Trusted Source Reconciliation
  • 1.4.2 Full and Incremental Reconciliation
  • 1.4.3 Encrypted Communication Between the Target System and Oracle Identity Manager
  • 1.4.4 High Availability Feature of the Connector
• 1.5 Connector Objects Used During Reconciliation and Provisioning
  • 1.5.1 Supported Functions for Target Resource and Trusted Source Reconciliation
  • 1.5.2 Supported Functions for Provisioning
  • 1.5.3 User Attributes for Target Resource Reconciliation and Provisioning
  • 1.5.4 Group Attributes for Target Resource Reconciliation and Provisioning
  • 1.5.5 Dataset Profile Attributes for Target Resource Reconciliation and Provisioning
  • 1.5.6 Resource Profile Attributes for Target Resource Reconciliation and Provisioning
  • 1.5.7 User Attributes for Trusted Source Reconciliation
  • 1.5.8 Reconciliation Rule
  • 1.5.9 Reconciliation Action Rules

2 Deploying the IdF Advanced Adapter for IBM RACF

• 2.1 Prerequisites
  • 2.1.1 Message Transport Requirements
  • 2.1.2 APF Authorization
• 2.2 Mainframe Adapter Installation
  • 2.2.1 Extracting the Files for Deployment from the Distribution Zip Archive File
  • 2.2.2 Uploading Files
  • 2.2.3 Extracting the XMIT Files
  • 2.2.4 Editing the Mainframe Batch Job Files to Match the Settings for the Customer's Site
  • 2.2.5 Submitting Batch Job Streams
  • 2.2.6 Activating and Loading the Exits
  • 2.2.7 Creating a RACF UserID for Pioneer and Voyager with Permissions
  • 2.2.8 Adding Pioneer/Voyager to the Facility Class Profiles (BPX and IRR)
  • 2.2.9 Testing the Installation

3 Connector Deployment on Oracle Identity Manager

• 3.1 Files and Directories That Comprise the Connector
• 3.2 Determining the Release Number of the Connector
• 3.3 Before Running the Connector Installer
• 3.4 Running the Connector Installer
• 3.5 Configuring the IT Resource
• 3.6 Configuring Oracle Identity Manager
  • 3.6.1 Clearing Content Related to Connector Resource Bundles from the Server Cache
  • 3.6.2 Enabling Logging
• 3.7 Configuring Trusted Source Reconciliation
• 3.8 Configuring Oracle Identity Manager for Request-Based Provisioning
  • 3.8.1 Copying Predefined Request Datasets
  • 3.8.2 Importing Request Datasets into the MDS
  • 3.8.3 Enabling the Auto Save Form Feature
  • 3.8.4 Running the PurgeCache Utility
• 3.9 Installing and Configuring the LDAP Gateway

4 Using the Connector

• 4.1 Guidelines on Using the Connector
• 4.2 Performing Provisioning Operations
  • 4.2.1 Provisioning Users
    • 4.2.1.1 Direct Provisioning
    • 4.2.1.2 Request-Based Provisioning
• 4.3 Configuring Full Reconciliation
• 4.4 Switching Between Request-Based Provisioning and Direct Provisioning on Oracle Identity Manager Release 11.1.1
• 4.5 Configuring Resource and Dataset, and Groups Pre-Population Scheduled Tasks

5 Extending the Functionality of the Connector

• 5.1 Adding New Attributes for Target Resource Reconciliation
• 5.2 Adding New Attributes for Provisioning
• 5.3 Removing Attributes Mapped for Target Resource Reconciliation and Provisioning
• 5.4 Using the Provisioning Agent to Run IBM z/OS Batch Jobs
• 5.5 Configuring the Connector for Provisioning to Multiple Installations of the Target System
• 5.6 Configuring the Connector for Reconciliation of Multiple Installations of the Target System
• 5.7 Reconciling User's Datasets
• 5.8 Initial LDAP Gateway Population and Full Reconciliation
  • 5.8.1 Reconcile User Extract File
  • 5.8.2 Reconcile Group Extract File
• 5.9 Use and Build Custom Real-Time Reconciliation Adapter
• 5.10 LDAP Reconciliation Supported Queries

6 Troubleshooting

7 Known Issues

A APF-Authorized Libraries

B Pioneer Datasets

C Reconciliation Agent (Voyager) Messages

D Relationship between the Pioneer (DDs), Voyager (DDs) and the INDDs

E Provisioning Agent (Pioneer) Messages

F Mainframe Problem Source Identification and Problem Determination

G Creating Custom Scheduled Tasks

• G.1 Code for Searching All Users and All User Data
• G.2 Code for Searching All Groups and All Group Data
• G.3 Code for Searching All Datasets and All Dataset Data

H Voyager and Pioneer Control File Parameters

Index