Sun Identity Manager 8.1 Resources Reference

Usage Notes

This section provides configuration notes related to using the Database Table resource adapter, including:

General Configuration

Use the following steps to set up a new Database Table resource:

ProcedureTo Set Up a New Database Table Adapter: General Steps

  1. Specify the database access parameters. Include the database type, connection information, and the database name where the table to be managed is located.

  2. All of the available tables for that database are displayed on the Database Tables page. Select the table where the resource accounts for this resource are stored.

  3. Select the columns from the table that Identity Manager will manage. One of these columns will be designated as the Key and be used as the account name attribute for the users and one column will be designated as the Password and be used as the account password. Other columns can be selected as attributes to be managed.

  4. The resource schema map page will list just those attributes that were selected to be managed. It will not list the Key and Password attributes. These attributes will be implicitly managed.

  5. The Active Sync Configuration page allows you to optionally specify the Active Sync-related Database Table attributes. If you are not using the adapter as an Active Sync, you can skip these values. See the Active Sync Configuration section for additional details.

  6. Specify the identity template used for this resource. This is the Identity Manager attribute name that will be used for the Key attribute.

  7. Specify the Identity Manager resource parameters for this resource. This includes information like the resource name, Active Sync scheduling and logging, and approvers for the resource.

Active Sync Configuration

Note –

The Active Sync adapter does not detect account deletions. As a result, you must reconcile to detect these deletions.

During its Active Sync poll, the Database Table adapter selects resource accounts (from the specified database table) for passing to the user form (or instead to the workflow if specified).

The Static Search Predicate parameter specifies the optional static predicate used to qualify the accounts to be returned from the database. (A predicate is an SQL expression that is evaluated.) The parameter must be expressed in the native SQL syntax.

The following example illustrates the use of this parameter:

syncState = ”P’

This example requires that a column named syncState exists and that P is a possible value. This value is combined with the Last Fetched Predicate parameter to form the complete qualifier.

The Last Fetched Conjunction parameter is the value AND or OR. It specifies the conjunction prepended to the Last Fetched Predicate.

The Last Fetched Predicate parameter specifies another optional predicate, but this predicate can contain one or more user attributes defined in Identity Manager. This feature allows you to construct a predicate in native SQL syntax that compares values returned in a previous poll to values returned in the current poll. For example, if the lastMod column contains a timestamp, then this value can be compared on each poll. Then, if the value is higher on the current poll than on the previous poll, return information about the database entry. The following expression illustrates this feature:

lastMod > ’$(lastmod)’

The value specified between the parentheses must be an Identity Manager User Attribute defined on the schema map page. The $(lastmod) token will be replaced with the value returned on the previous poll. An example value might be 2004-06-20 6:23:00.

Note –

The first time the adapter polls, the Last Fetched Filter is not applied, because there are no previously fetched values. The filter will be run in all subsequent polls.

The Database Table adapter concatenates the Static Search Predicate, Last Fetched Conjunction, and Last Fetched Predicate resource parameters and sends a search expression similar to the following:

syncState = ’P’ AND lastMod > ’2004-06-20 6:23:00’

The ORDER BY parameter allows you to provide a native SQL ORDER BY clause to force the poll to process the rows in the specified order. Do not include the words ORDER BY in the value. For example, if you specify a value of lastMod, the rows are sorted based on the lastMod column, in an ascending order.

The optional Process to run with changes parameter, if specified, identifies the Identity Manager workflow to launch with each qualified account returned from the database. The map of values passed to the workflow is keyed by the attributes on the left-hand side of the schema map. If this value is not specified, then the update will be performed by the standard Active Sync user form processing.