Contents

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Documentation Updates
• Conventions

What's New in Oracle Identity Manager Connector for UNIX?

• Software Updates
  • Software Updates in Release 11.1.1.7.0
  • Software Updates in Release 11.1.1.6.0
  • Software Updates in Release 11.1.1.5.0
    • ICF Based Connector
    • Support for Switching Between SSH and Telnet Protocols
    • Support for Running Custom Scripts
    • Support for Configuring the Connector for a New Target System
    • Support for Multiple Instances and Multiple Versions of UNIX
    • Support for Addition of New Fields
    • Support for Resource Exclusion Lists
    • Support for Transformation and Validation of Data
    • Support for Connection Pooling
• Documentation-Specific Updates
  • Documentation-Specific Updates in Release 11.1.1.7.0
  • Documentation-Specific Updates in Release 11.1.1.6.0
  • Documentation-Specific Updates in Release 11.1.1.5.0

1 About the Connector

• 1.1 Certified Components
• 1.2 Usage Recommendation for the UNIX Connector
• 1.3 Certified Languages for the UNIX Connector
• 1.4 Architecture of the UNIX Connector
  • 1.4.1 Reconciliation Process for the UNIX Connector
  • 1.4.2 Provisioning Process for the UNIX Connector
  • 1.4.3 Provisioning Functions of the UNIX Connector
• 1.5 Features of the UNIX Connector
  • 1.5.1 Support for Switching Between SSH and Telnet Protocols
  • 1.5.2 Support for Running Custom Scripts
  • 1.5.3 Support for Configuring the Connector for a New Target System
  • 1.5.4 Support for Multiple Instances and Multiple Versions of UNIX
  • 1.5.5 Support for Both Target Resource and Trusted Source Reconciliation
  • 1.5.6 Support for Both Full and Incremental Reconciliation
  • 1.5.7 Support for Limited Reconciliation
  • 1.5.8 Support for Batched Reconciliation
  • 1.5.9 Support for Reconciliation of User Status from the Target System
  • 1.5.10 Support for Adding Custom Attributes for Reconciliation and Provisioning
  • 1.5.11 Transformation of Data
  • 1.5.12 Support for Resource Exclusion Lists
• 1.6 User Attributes for Target Resource Reconciliation and Provisioning
• 1.7 User Attributes for Trusted Source Reconciliation
• 1.8 Roadmap for Deploying and Using the Connector

2 Deploying the Connector

• 2.1 Preinstallation
  • 2.1.1 Files and Directories on the Installation Media
  • 2.1.2 Configuring the Target System
    • 2.1.2.1 Configuring Solaris and Linux
    • 2.1.2.2 Configuring AIX
    • 2.1.2.3 Configuring HP-UX
    • 2.1.2.4 Installing OpenSSH
    • 2.1.2.5 Creating a Target System SUDO User Account for Connector Operations
    • 2.1.2.6 Creating an RBAC User Account for Connector Operations on Solaris
    • 2.1.2.7 Configuring Public Key Authentication
    • 2.1.2.8 Configuring SSH Public Key Authentication
• 2.2 Installation
  • 2.2.1 Installing the Connector in Oracle Identity Manager
  • 2.2.2 Deploying the Connector Bundle in a Connector Server
• 2.3 Postinstallation
  • 2.3.1 Configuring Oracle Identity Manager 11.1.2 or Later
    • 2.3.1.1 Creating and Activating a Sandbox
    • 2.3.1.2 Creating a New UI Form
    • 2.3.1.3 Creating an Application Instance
    • 2.3.1.4 Publishing a Sandbox
    • 2.3.1.5 Harvesting Entitlements and Sync Catalog
    • 2.3.1.6 Updating an Existing Application Instance with a New Form
  • 2.3.2 Configuring the IT Resource for the Target System
  • 2.3.3 Configuring the IT Resource for the Connector Server
  • 2.3.4 Setting up the Lookup Definitions for Connector Configuration
  • 2.3.5 Setting up the Lookup Definition for Connection Pooling
  • 2.3.6 Setting up the Lookup Definitions for User Operations
    • 2.3.6.1 Lookup.UNIX.UM.Configuration
    • 2.3.6.2 Lookup.UNIX.UM.Configuration.Trusted
  • 2.3.7 Setting up the Lookup Definitions for Attribute Mappings
    • 2.3.7.1 Lookup.UNIX.UM.ProvAttrMap
    • 2.3.7.2 Lookup.UNIX.UM.ReconAttrMap
    • 2.3.7.3 Lookup.UNIX.UM.ReconAttrMap.Trusted
    • 2.3.7.4 Lookup.UNIX.UM.ReconAttrMap.TrustedDefaults
    • 2.3.7.5 Lookup.UNIX.YesNo.Options
  • 2.3.8 Enabling Logging
  • 2.3.9 Changing to the Required Input Locale
  • 2.3.10 Clearing Content Related to Connector Resource Bundles from the Server Cache
  • 2.3.11 Localizing Field Labels in UI Forms
• 2.4 Upgrading the Connector
  • 2.4.1 Preupgrade Steps
  • 2.4.2 Upgrade the UNIX Connector from Release 11.1.1.6.0 to 11.1.1.7.0
    • 2.4.2.1 Setting Entitlement Tagging
    • 2.4.2.2 Setting IT Resource, Account ID, and Account Name Tagging
    • 2.4.2.3 Setting the Status of Task to Object Status Mapping of the Secondary Group Update Process Task to None
    • 2.4.2.4 Updating the Connector Bundle
  • 2.4.3 Upgrade Steps
  • 2.4.4 Postupgrade Steps
• 2.5 Postcloning Steps

3 Using the Connector

• 3.1 Configuring Reconciliation
  • 3.1.1 Full Reconciliation
  • 3.1.2 Limited Reconciliation
  • 3.1.3 Batched Reconciliation
  • 3.1.4 Reconciliation Rule for Target Resource Reconciliation
  • 3.1.5 Reconciliation Action Rules for Target Resource Reconciliation
  • 3.1.6 Configuring the Target System As a Trusted Source
  • 3.1.7 Reconciliation Rule for Trusted Source Reconciliation
  • 3.1.8 Reconciliation Action Rule for Trusted Source Reconciliation
• 3.2 Scheduled Tasks
  • 3.2.1 Scheduled Tasks for Lookup Field Synchronization
  • 3.2.2 Scheduled Tasks for Reconciliation
  • 3.2.3 Configuring Scheduled Tasks
• 3.3 Configuring Provisioning in Oracle Identity Manager Release 11.1.1
  • 3.3.1 Guidelines on Performing Provisioning Operations
  • 3.3.2 Configuring Direct Provisioning
  • 3.3.3 Configuring Request-Based Provisioning
    • 3.3.3.1 About Request-Based Provisioning
    • 3.3.3.2 Enabling Request-Based Provisioning
      • 3.3.3.2.1 End User's Role in Request-Based Provisioning
      • 3.3.3.2.2 Approver's Role in Request-Based Provisioning
      • 3.3.3.2.3 Importing Request Datasets Using Deployment Manager
      • 3.3.3.2.4 Enabling the Auto Save Form Feature
      • 3.3.3.2.5 Running the PurgeCache Utility
  • 3.3.4 Switching Between Request-Based Provisioning and Direct Provisioning
• 3.4 Configuring Provisioning in Oracle Identity Manager Release 11.1.2
• 3.5 Configuring Action Scripts

4 Extending the Functionality of the Connector

• 4.1 Configuring the Connector for a New Target System
• 4.2 Configuring the Connector for Multiple Instances and Multiple Versions of the Target System
• 4.3 Adding Custom Attributes for Target Resource Reconciliation
• 4.4 Adding Custom Attributes for Provisioning
• 4.5 Configuring Validation of Data During Reconciliation and Provisioning
• 4.6 Configuring Transformation of Data During User Reconciliation
• 4.7 Configuring Resource Exclusion Lists

5 Testing and Troubleshooting

• 5.1 Testing the UNIX Connector
• 5.2 Troubleshooting
  • 5.2.1 Connection Errors
  • 5.2.2 Create User Errors
  • 5.2.3 Delete User Errors
  • 5.2.4 Edit User Errors
  • 5.2.5 TimeOut Errors

6 Known Issues

A Privileges Required for Performing Provisioning and Reconciliation

• A.1 Privileges Required for Running Commands on Solaris and Linux
• A.2 Privileges Required for Running Commands on HP-UX
• A.3 Privileges Required for Running Commands on AIX

B Sample Scripts for Updating Default Attributes for Reconciliation

• B.1 Original Sample Script
• B.2 Updated Sample Script

C Sample Scripts for Updating Default Attributes for Provisioning

• C.1 Original Sample Script
• C.2 Updated Sample Script