|
| |
| Sun[TM] Identity Manager 8.0 Resources Reference | |
OracleThe Oracle resource adapter is defined in the com.waveset.adapter.OracleResourceAdapter class.
Note
Identity Manager also provides an Oracle ERP resource adapter that supports Oracle E-Business Suite (EBS). For detailed information about this adapter, see Oracle ERP.
Use this adapter to support user accounts for logging into Oracle. If you have a custom Oracle table, see Database Table for information about using the Resource Adapter Wizard to create a custom Oracle table resource.
Resource Configuration Notes
None
Identity Manager Installation Notes
The Oracle resource adapter is a custom adapter. You must perform the following steps to complete the installation process:
- To add an Oracle resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.
com.waveset.adapter.OracleResourceAdapter
- If you are connecting to Oracle Real Application Clusters (RAC) using a thin driver, specify a value in the following format in the Connection URL on the Resource parameters page:
jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)
(ADDRESS=(PROTOCOL=TCP)(HOST=host01)(PORT=1521))
(ADDRESS=(PROTOCOL=TCP)(HOST=host02)(PORT=1521))
(ADDRESS=(PROTOCOL=TCP)(HOST=host03)(PORT=1521))
(CONNECT_DATA=(SERVICE_NAME=PROD)))- If you are using the JDBC thin driver in an environment that does not use Oracle Real Application Clusters, copy the JAR file that contains the JDBC thin driver classes to the %WSHOME%\WEB-INF\lib directory. The JAR file must be compatible with the JDK version of your application server.
- If you are using a different driver, specify the driver and connection URL on the Resource Parameters page.
Usage Notes
This section describes dependencies and limitations related to using the Oracle resource adapter, including information about user types and cascade deletes.
User Types
The Oracle database permits the following types of users:
- Local. Local users are fully managed by Oracle and require a password. Oracle manages these passwords as well. Therefore, the user name and password must fully comply with the standards set within the application.
- External. External users must be authenticated by the operating system or a third-party application. Oracle relies on the login authentication to ensure that a specific operating system user has access to a specific database user.
- Global. Global users must be authenticated by a directory service, such as LDAP or Active Directory. The user’s name must be specified as a full distinguished name (DN) or as a null string. If a null string is used, the directory service will map authenticated global users to the appropriate database features.
If you are managing external or global users, you should place the Oracle resource in a resource group that also includes the machine upon which it is installed or the directory service.
Cascade Deletes
The noCascade account attribute indicates whether to perform cascade drops when deleting users. By default, cascade drops are performed. To disable cascade drops:
- Add an entry to updatableAttributes section of System Configuration Object:
<Attribute name='Delete'>
<Object>
<Attribute name='all'>
<List>
<String>noCascade</String>
</List>
</Attribute>
</Object>
</Attribute>- Add a field to the deprovision form:
<Field name='resourceAccounts.currentResourceAccounts
[MyOracleResource].attributes.noCascade'>
<Display class='Checkbox'>
<Property name='title' value='Do NOT Cascade MyOracleResource Delete'/>
<Property name='alignment' value='left'/>
</Display>
<Disable>
<isnull>
<ref>resourceAccounts.currentResourceAccounts[MyOracleResource ]</ref>
</isnull>
</Disable>
</Field>- Add the noCascade account attribute to Oracle Resource schema.
If the user owns objects and the do not cascade option is selected, Oracle will throw an error. The user will not be deleted.
- Add a noCascade field to the user form so that the attribute can be disabled.
For example:<Field name='global.noCascade'>
<Disable>
<s>TRUE</s>
</Disable>
</Field>Security Notes
This section provides information about supported connections and privilege requirements.
Supported Connections
Identity Manager can use one of the following drivers to communicate with the Oracle adapter:
Required Administrative Privileges
To create an Oracle user, the administrator must have CREATE USER, ALTER USER, and DROP USER system privileges.
For Oracle and Oracle Applications, administrators must have SELECT permissions on the following database views:
Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
Feature
Supported?
Enable/disable account
Yes
Rename account
No
Pass-through authentication
Yes
Before/after actions
No
Data loading methods
Import directly from resource
Account Attributes
The following table lists the Oracle database user account attributes. All attributes are Strings. All attributes are optional.
Resource Object Management
None
Identity Template
$accountId$
Sample Forms
Built-In
None
Troubleshooting
Use the Identity Manager debug pages to set trace options on the following classes: