23
Managing Directory Integration Agents and Profiles

This chapter discusses directory integration agents and the operations they perform in the Oracle Directory Integration platform. It explains how to manage partner agents by using either Oracle Directory Manager of command-line tools. It contains these topics:

• About Directory Integration Agents

• Managing Partner Agents

About Directory Integration Agents

This section contains these topics:

• Import and Export Operations

• Synchronization Scenarios

• Types of Agents

• Change Log Interfaces

• Registration of Partner Agents into Oracle Directory Integration Platform

• Agent Configuration Information

• Mapping Rules

• File Naming Conventions

• Location of Files

Import and Export Operations

Agents are programs that perform one or more of the following operations, each of which is discussed in this section:

• Oracle Internet Directory Export Operation--For exporting changes out of Oracle Internet Directory

• Connected Directory Import Operation--For importing changes into a connected directory

• Connected Directory Export Operation--For exporting changes out of a connected directory

• Oracle Internet Directory Import Operation--For importing changes into Oracle Internet Directory

The following diagram shows the direction in which the data flows in each operation between Oracle Internet Directory and a connected directory. The remainder of this section describes each operation.

Text description of the illustration oid81034.gif

Oracle Internet Directory Export Operation

An Oracle Internet Directory export operation consists of:

• Reading all the required changes in Oracle Internet Directory from the time of the last retrieval

• Writing those changes into an export file. If the export file needs to be written in a format other than LDIF, then this task includes converting the LDAP change records into the connected directory change records.

• Keeping track of the last time the changes were extracted from Oracle Internet Directory. This includes ensuring that the changes are retrieved before they are purged from Oracle Internet Directory.

• Ensuring that only those changes required by the connected directory are written to the export file

Connected Directory Import Operation

A connected directory import operation consists of:

• Reading all the Oracle Internet Directory changes that the exporting agent wrote into the export file. If the export file is written in LDIF, then this task includes converting the LDAP change records into the connected directory change records.

• Updating the change records in the connected directory

• After all the changes are updated in the connected directory, moving the export file to an archive directory

Connected Directory Export Operation

A connected directory export operation consists of:

• Reading all the required changes in the connected directory from the time of last retrieval

• Writing those changes into an import file. If the connected directory change records are not written in LDIF, then they are converted into LDAP change records.

• Keeping track of the last time the changes were extracted from the connected directory. This includes ensuring that the changes are retrieved before they are purged from the connected directory.

• Ensuring that only those changes in the connected directory required for synchronization with Oracle Internet Directory are written to the import file

Oracle Internet Directory Import Operation

An Oracle Internet Directory import operation consists of:

• Reading all the connected directory changes that the exporting agent wrote into the import file. If the import file is not written in LDIF, then this task includes converting the connected directory change records into LDAP change records.

• Updating the LDAP change records in Oracle Internet Directory.

• After all the changes are updated in Oracle Internet Directory, moving the import file to an archive directory

Synchronization Scenarios

Synchronization uses combinations of the import and export operations as described in the previous section.

The exact operations involved in a given synchronization depend on whether changes are being applied from Oracle Internet Directory to a connected directory or the reverse.

Synchronizing from a Connected Directory to Oracle Internet Directory

This synchronization involves performing these operations in the following sequence:

1. Connected directory export operation

2. Oracle Internet Directory import operation

The following diagram illustrates the direction in which data flows in each operation, from a connected directory to Oracle Internet Directory.

Text description of the illustration oid81035.gif

Synchronizing from Oracle Internet Directory to a Connected Directory

This synchronization involves performing these operations in the following sequence:

1. Oracle Internet Directory export operation

2. Connected directory import operation

The following diagram illustrates the direction in which data flows in each operation, from Oracle Internet Directory to a connected directory.

Text description of the illustration oid81036.gif

Although an agent can perform one or many of the four operations discussed earlier in this section, it typically performs only connected directory import and connected directory export operations. It relies on the directory integration server to perform the Oracle Internet Directory import and Oracle Internet Directory export operations.

To exchange data between itself and the directory integration server, an agent uses import and export files. If an agent is designed to perform a complete synchronization by using its own resources, then it can bypass these files.

The Oracle directory integration server can perform Oracle Internet Directory import and export operations, including attribute mappings. Agents do not need to perform these operations. In addition, the directory integration server can schedule the execution of agents.

Types of Agents

Depending on how it is deployed in the Oracle Directory Integration platform,an agent is known as either a partner agent or an external agent.

Partner Agents

Partner agents use the services of the directory integration server to perform the Oracle Internet Directory import and export operations. Moreover, the directory integration server controls their execution.

In a typical synchronization, a partner agent performs either the connected directory import operation or the connected directory export operation. The Oracle directory integration server performs the Oracle Internet Directory import and export operations. However, agents may also perform tasks that the directory integration server would otherwise do. For example, an agent may itself map attributes instead of relying on the directory integration server to do it.

Before you can use a partner agent with the Oracle Directory Integration platform, you must register it with Oracle Internet Directory. To do this, you create a directory integration profile in Oracle Internet Directory by using either Oracle Directory Manager or command-line tools.

Partner agents performing export operations do not need to worry about changes getting purged before they are consumed. Oracle Internet Directory maintains state information about changes applied by various agents and preserves that information until all partner agents have consumed the changes.

External Agents

Unlike partner agents, external agents are independent of the directory integration server when they perform Oracle Internet Directory export and import operations. Such agents are, for example, those that rely on third-party metadirectory engines for the same kinds of services that the directory integration server performs for partner agents.

Typically, an external agent performs a complete import or export synchronization. An external agent synchronizing from a connected directory to Oracle Internet Directory performs both the connected directory export and the Oracle Internet Directory import operations. Similarly, when synchronizing from Oracle Internet Directory to a connected directory, it performs both the Oracle Internet Directory export and the connected directory import operations.

External agents do not use the services of the directory integration server to synchronize between Oracle Internet Directory and connected directories. You do not need to register them with Oracle Internet Directory.

In export operations, external agents must use the standard LDAP change log interface to access change information from Oracle Internet Directory. It is the responsibility of the external agents to consume the changes in Oracle Internet Directory before those changes are purged.

Change Log Interfaces

To synchronize changes in Oracle Internet Directory with those in connected directories, the Oracle Directory Integration platform uses agents to retrieve changes in Oracle Internet Directory. Changes in Oracle Internet Directory are available in a container, called Change Log Container. Changes in the change log container are uniquely identified by a change log number.

There are two interfaces for retrieving changes from Oracle Internet Directory, one for partner agents and one for external agents.

For partner agents, Oracle Internet Directory and the directory integration server keep track of changes already applied by an agent and those still pending. This is done by maintaining status information for each agent indicating the point up to which it has exported changes to the connected directory. This attribute, called orcllastappliedchangenumber, is in the integration profile for the agent.

Oracle Internet Directory purges changes only after partner agents consume them.

In an export operation, the directory integration server updates the orcllastappliedchangenumber attribute for the agent only after it successfully runs the agent. The directory integration server performs data mappings, then writes changes from Oracle Internet Directory into the export file. Agents then consume the changes by reading the export file.

For external agents, the directory server does not maintain status information. For such agents, the attribute orcllastchangenumber in the root directory specific entry indicates the last change generated by the directory integration server.

Oracle Internet Directory makes changes available to external agents only for a period of time, after which it purges the changes. External agents must maintain their own status information about changes they have consumed and those still pending. They must consume the changes before the changes are purged.

To access changes in Oracle Internet Directory, external agents query the Oracle Internet Directory change log container. Typically, an external agent first retrieves the orcllastchangenumber attribute from the DSE root. Then, based on the value of orcllastchangenumber and the number of the last change applied, the external agent pulls changes not yet applied.

To find the last change number in Oracle Internet Directory, search the Oracle Internet Directory DSE root with a required attribute of orcllastchangenumber. Use these specifications for the search:

SCOPE : BASE 
BASEDN : ""
FILTER: `(objectclass=*)'
REQUIRED ATTRIBUTE: orcllastchangenumber

To read a change log from Oracle Internet Directory, search with these specifications:

SCOPE : BASE
BASEDN : "cn=changelog"
FILTER: 
`(&(objectclass=changelogentry)(server=server-name)(changenumber>=change#))'

Registration of Partner Agents into Oracle Directory Integration Platform

Before deploying a partner agent, you register it in Oracle Internet Directory. This registration involves creating a directory integration profile in the directory. This integration profile is stored as an LDAP entry in the directory. To create it, you can use either Oracle Directory Manager or command-line tools.

Attributes in an integration profile entry belong to an object class called orclodiProfile. The only exception is the orcllastChangeLogNumber attribute, which belongs to the object class orclChangeSubscriber.

The Object ID prefix 2.16.840.1.113894.7 is assigned to platform-related classes and attributes. The following table lists all the attributes in the Oracle Directory Integration platform profile.

Table 23-1 Attributes in the Oracle Directory Integration Platform Profile

Attribute	Description
General Information
Agent Name (orclODIPAgentName)	Name of the agent. This is used as an RDN component of the DN that identifies the integration profile. The name can contain only alpha-numeric characters.
Agent Control (orclODIPAgentControl)	Indicator of whether the agent is enabled or disabled. Valid values are ENABLE and DISABLE.
Agent Password (orclODIPAgentPassword)	Password that the directory integration server uses to bind to Oracle Internet Directory on behalf of the agent
Agent Host Name (orclODIPAgentHostName)	Host on which the agent runs
Synchronization Mode (orclODIPSynchronizationMode)	Direction of synchronization between Oracle Internet Directory and a connected directory. IMPORT indicates importing changes from the connected directory to Oracle Internet Directory. EXPORT indicates exporting changes from Oracle Internet Directory
Scheduling Interval (orclODIPSchedulingInterval)	Number of seconds after which a connected directory is synchronized with Oracle Internet Directory
Number of Retries (orclODIPSyncRetryCount)	Maximum number of retries that the directory integration server performs before disabling synchronization.
Execution Information
Agent Execution Command (orclODIPAgentExeCommand)	Agent executable name and argument list used by the directory integration server
Connected Directory Account (orclODIPConDirAccessAccount)	Account used by the agent for accessing the connected directory. It is passed by the directory integration server to the agent specified at the command line when the agent is invoked.
Connected Directory Account Password (orclODIPConDirAccessPassword)	Password to be used by the agent when accessing the connected directory. It is passed by the directory integration server to the agent specified at the command line when the agent is invoked.
Agent Configuration Information (orclODIPAgentConfigInfo)	Any configuration information which an agent wishes to store in Oracle Internet Directory. It is passed by the directory integration server to the agent specified at the command line when the agent is invoked. This information is stored as a binary attribute. The directory integration server does not modify this attribute, but passes it directly to the specified agent.
Datafile Format (orclODIPDatafileType)	The type of the import or export file, either LDIF or TAGGED
Mapping Information
Subscribed Domain (orclODIPChangeSubscriptionDomain)	DN of the subtree in Oracle Internet Directory to which an agent subscribes for all the changes it is to export
DN Construct Rule (orclODIPEntryDNConstructRule)	Rule for generating the DN of an entry in Oracle Internet Directory from its RDN during an import operation. For example, you could specify that, for entries of the form cn=%s, dc=my_company, dc=com, the %s is to be replaced by the actual RDN value.
Synchronization Key (orclODIPSynchronizationKey)	Attribute that uniquely identifies records in a connected directory. This is used as a key to synchronize Oracle Internet Directory and the connected directory.
Attribute Mapping Rules (orclODIPAttributeMappingRules)	Mapping rules for converting data from a connected directory to Oracle Internet Directory. This information is stored as a binary attribute. See Also: "Default Oracle Human Resources Agent Mapping Rules" for an example of mapping rules
Mapping Filter (orclODIPMappingFilter)	Filter for excluding changes in Oracle Internet Directory that a connected directory does not require
Status Information
Next Synchronization Time (orclODIPNextSynchronizationTime)	Time when the agent is to be executed next. Its format is dd-mon-yyyy hh:mm:ss, where hh is the time of day in a 24-hour format.
Synchronization Status (orclODIPSynchronizationStatus)	Execution status of the agent
Synchronization Errors (orclODIPSynchronizationErrors	Error message for the last error encountered. This is a multivalued attribute.
Con Dir Last Applied Change Time (orclodipConDirLastAppliedChgTime)	Time when the last change from the connected directory was applied to Oracle Internet Directory.Its format is dd-mon-yyyy hh24:mi:ss. The default is 01-Jan-2001 00:00:00 This attribute is mandatory. You can modify this attribute.
Con Dir Last Applied Change Num (orclodipConDirLastAppliedChgNum)	For agents performing import operations, indicates the last change from the connected directory that has been applied to Oracle Internet Directory.
OID Last Applied Change Number (orclOIDLastAppliedChgNum)	For export agents, the last change from Oracle Internet Directory that has been applied to the connected directory

The various integration profile entries in the directory are created under the container cn=subscriber profile, cn=changelog subscriber, cn=oracle internet directory. For example, an agent called OracleHRAgent is stored in the directory as
orclodipagentname=OracleHRAgent,
cn=subscriber profile,cn=changelog subscriber,cn=oracle internet directory.

Agent Configuration Information

An agent may need some configuration information at runtime for performing various operations. For example, to make it easier for users to specify which connected directory attributes are to be synchronized with Oracle Internet Directory, you may want an agent to store a list of these attributes as part of its configuration information. This kind of information is called agent configuration information.

You can store agent configuration information wherever and however you want. However, the Oracle Directory Integration platform enables you to store it as a binary attribute, called orclODIPAgentConfigInfo, in the integration profile. The Oracle directory integration server passes this information as a temporary file to the agent at the time of the agent's invocation.

Agent configuration information is optional. If an agent does not require such information, then the corresponding attribute in the integration profile is left empty.

This configuration information can pertain to the agent or the connected directory or both. Oracle Internet Directory and the directory integration server do not read or modify this information, but pass it directly to the agent.

See Also: "File Naming Conventions" for the names of these files "Location of Files" for the location of these files

Mapping Rules

Mapping rules govern the conversion of attributes between a connected directory and Oracle Internet Directory. There is one set of mapping rules for each connected directory. This set is stored as a binary value in an attribute called orclODIPAttributeMappingRules in the integration profile in Oracle Internet Directory.

The directory integration server uses these rules to map attributes, as necessary, when generating an export file or interpreting an import file. When the directory integration server imports changes into Oracle Internet Directory, it converts the connected directory change records into LDAP change records, following the mapping rules specified in the integration profile. Similarly, when the directory integration server exports changes from Oracle Internet Directory, it converts the Oracle Internet Directory change records into connected directory change records, following the mapping rules specified in the integration profile.

An agent is not required to use the mapping function of the directory integration server. This could be the case, for example, when an agent does not use the import or export file interfaces, or when it does use import or export files of type LDIF. In such cases, the agent performs its own mappings and the orclODIPAttributeMappingRules attribute in the integration profile is left empty.

The Oracle Directory Integration platform supports both one-to-many and many-to-one mappings.

One-to-many mapping	One attribute in a connected directory can map to many attributes in Oracle Internet Directory. For example, suppose an attribute in the connected directory is Address:123 Main Street/MyTown, MyState 12345. You can map this attribute in Oracle Internet Directory to both the LDAP attribute homeAddress and the LDAP attribute postalAddress.
Many-to-one mapping	Multiple attributes in a connected directory may map to one attribute in Oracle Internet Directory. For example, suppose that the Human Resources directory represents Anne Smith by using two attributes: firstname=Anne and lastname=Smith. You can map these two attributes to one attribute in Oracle Internet Directory: cn=Anne Smith.

Mapping Rules Format

Mapping rules are organized in a fixed tabular format, and you must follow that format carefully. The fields are delimited by a colon (:). The first line consists of fixed column headers. Do not change the column names. For each conndirattrname and oidattrname pair, you define only one mapping.

Each record in the mapping configuration file uses the following format:

OIDCLASSNAME:OIDATTRNAME:OIDATTRTYPE:CONNDIRCLASSNAME:CONNDIRATTRNAME:CONNDIRATT
RTYPE:MAPPINGRULE

Table 23-2 describes the columns.

Table 23-2 Columns in the Mapping Configuration File

Column Name	Description
OIDCLASSNAME	Object class of the Oracle Internet Directory attributes
OIDATTRNAME	Attribute name of the attribute in Oracle Internet Directory
OIDATTRTYPE	Attribute type of the Oracle Internet Directory attribute
CONNDIRCLASSNAME	Object class of the connected directory attributes
CONNDIRATTRNAME	Attribute name of the connected directory attribute
CONNDIRATTRTYPE	Attribute type of the connected directory attributes
MAPPINGRULE	Mapping rule to use when importing or exporting data

The following table lists and describes the mapping rules for importing into Oracle Internet Directory:

Mapping Rule	Description
COPY_STRING	Copy the source attribute value string (as indicated by localAppAttrName) to the destination attribute value (as indicated by ldapAttrName).
COPY_STRING,arg1	Copy the source attribute value string indicated by the argument arg1 after the comma (,) to the destination attribute indicated by the ldapAttrName value.
COPY_STRING_LOWER	Copy the source attribute from localAppAttrName to the destination attribute ldapAttrName value after converting it to lowercase.
COPY_STRING_LOWER,arg1	Copy the source attribute from arg1 value string to the destination attribute ldapAttrName after converting it to lowercase.
COPY_STRING_UPPER	Copy the source attribute localAppAttrName to the destination attribute ldapAttrName value after converting it to uppercase.
COPY_STRING_UPPER,arg1	Copy the source attribute arg1 to the destination attribute ldapAttrName after converting it to uppercase.
APPEND_STRING,arg1,arg2	Append the value of source attribute arg1 to the already existing destination attribute value by using concatenation separator arg2.
TRIM_STRING,arg1,arg2	Copy the value generated by truncating the value of source attribute arg1 at character arg2 to the destination attribute ldapAttrName.
LITERAL	Copy the literal value indicated by the argument after the comma (,) value string to the destination attribute ldapAttrName value.

See Also: "Default Oracle Human Resources Agent Mapping Rules" for an example of mapping rules

Import and Export Files

These files store data extracted from either a connected directory or Oracle Internet Directory. The platform uses them to exchange data between Oracle Internet Directory and connected directories.

Import files contain changes from the connected directory. Export files contain changes from Oracle Internet Directory.

Oracle Internet Directory release 3.0.1 supports tagged and LDIF files only.

Tagged Files

In these files, each record consists of a tag and value pair separated by a colon (:). A multivalued attribute is represented by multiple rows with the same tag.

The following example of a tagged file contains attributes of an employee record:

FirstName:John
LastName:Liu
EmployeeNumber:12345
Title:Mr.
Sex:M
MaritalStatus:Married
TelephoneNumber:123-456-7891
Mail:Jliu@my_company.com
Address:100 Jones Parkway
City:MyTown

LDIF Files

A partner agent can exchange data with the directory integration server by using an LDIF file. In this case, the agent--not the directory integration server--performs the attribute mappings.

In an import operation from a connected directory into Oracle Internet Directory, the agent can map attributes and generate the import file in LDIF for the directory integration server. In an export operation from Oracle Internet Directory into a connected directory, the directory integration server can create an export file in LDIF, leaving the agent to map the attributes.

File Naming Conventions

All filenames correspond to the name of the agent, as in the following table:

File	Filename
Data file	Agent_Name.data
Error file	Agent_Name.err
Agent configuration file	Agent_Name.conf
Mapping rules file	Agent_Name.map

For example, the datafile name of the Oracle Human Resources agent is oraclehragent.data.

Location of Files

This table tells you where to find the various files:

Files	Path Name
Import files	$ORACLE_HOME/ldap/odi/data/import
Export files	$ORACLE_HOME/ldap/odi/data/export
Error files	$ORACLE_HOME/ldap/odi/log
Configuration and mapping files	$ORACLE_HOME/ldap/odi/conf

Managing Partner Agents

This section contains these topics:

• Managing Partner Agents by Using Oracle Directory Manager

• Managing Partner Agents from the Command Line

Managing Partner Agents by Using Oracle Directory Manager

This section tells you how to register and deregister a partner agent by using Oracle Directory Manager.

Registering a Partner Agent by Using Oracle Directory Manager

Oracle Directory Manager enables you to register a partner agent in one of two ways:

• By creating a new configuration set entry, then adding an integration profile to it

• By selecting an existing configuration set entry, then adding an integration profile to it

To register an agent:

1. In the navigator pane, expand Oracle Internet Directory Servers > directory_server_instance > Server Management, then select Directory Integration Server. The Active Processes box appears in the right pane.

2. On the toolbar, click Create. The Configuration Sets dialog box appears.

3. In the Configuration Sets dialog box, click Create. The Integration Profiles dialog box appears. You have two options:
   • To create an integration profile by copying an existing one, select the Oracle Directory Integration platform profile you want to copy, then click Create Like. The Integration Profile dialog box displays the General tab page.

   • To create an integration profile without copying an existing one, click Create New. The Integration Profile dialog box displays the General tab page.

4. In the General tab page, fill in the fields as explained in Table 23-3.

   Table 23-3 Description of Fields on the General Tab Page in Oracle Directory Manager

   Field	Description
   Agent Name	Specify the name of the agent. The name you enter is used as the RDN component of the DN for this integration profile. For example, specifying an agent name MSAccess creates an integration profile named orclmetaconnname=MSAccess, cn=subscriber profile, cn=changelog subscriber,cn=oracle internet directory. This field is mandatory. There is no default.
   Synchronization Mode	Specify whether this is an import or an export operation. An import operation pulls changes from a connected directory into Oracle Internet Directory. An export operation pushes changes from Oracle Internet Directory into a connected directory. This field is mandatory. The default is IMPORT. Note: Oracle Internet Directory release 3.0.1 supports the import synchronization mode only.
   Agent Control	Specify whether the agent is enabled or disabled. This field is mandatory. The default is ENABLED.
   Agent Password	Specify the password that the directory integration server is to use when binding to Oracle Internet Directory on behalf of the agent. This field is mandatory. The default is welcome.
   Host Name	Specify the host on which the agent will run. This field is mandatory and there is no default.
   Number of Retries	Specify the maximum number of times the directory integration server is to attempt synchronization before it disables synchronization. This field is mandatory. The default is 5.
   Scheduling Interval	Specify the number of seconds between synchronization attempts between a connected directory and Oracle Internet Directory. This field is mandatory. The default is 60.

5. Select the Execution tab and fill in the fields as explained inTable 23-4.

   Table 23-4 Description of Fields on the Execution Tab in Oracle Directory Manager

   Field	Description
   Execution Command	Specify the agent executable name and the arguments used by the directory integration server to execute the agent. This field is mandatory. There is no default.
   Connected Directory Account	Specify the account to be used by the agent for accessing the connected directory. For example, if the connected directory is a database, the account might be Scott. If the connected directory is another LDAP-compliant directory, then the account might be cn=Directory Manager. This field is optional. There is no default.
   Connected Directory Account Password	Specify the password the agent is to use when accessing the connected directory. This field is optional. There is no default.
   Agent Config Info	This field displays additional information that the directory integration server passes to an agent. You cannot modify this field. There is no default.
   Datafile Format	The format used by the import or export file. Valid values are LDIF or TAGGED. This field is optional. The default is TAGGED.

6. Select the Mapping tab and fill in the fields as explained in Table 23-5.

   Table 23-5 Description of Fields on the Mapping Tab in Oracle Directory Manager

   Field	Description
   Attribute Mapping Rules	This field displays the mapping rules for converting data between a connected directory and Oracle Internet Directory. There is no default. Note: You cannot edit the mapping rules file by using Oracle Directory Manager. You edit the mapping rules file manually and then upload it to the profile by using the provided script, ldapCreateConn.sh.
   Synchronization Key	Specify the attribute that uniquely identifies records in a connected directory. This is used as a key to synchronize Oracle Internet Directory and the connected directory. This field is optional.
   Subscribed Domain	Specify the DN of the Oracle Internet Directory subtree from which an agent is to export changes. This field is optional. There is no default.
   DN Construct Rule	Specify the rule for generating the DN from the RDN of an Oracle Internet Directory entry. For example, in the rule cn=%s, dc=acme,dc=com, the %s is replaced by an actual RDN value. This field is optional. There is no default.
   Mapping Filter	Specify a filter for excluding changes in Oracle Internet Directory that a connected directory does not require. There is no default.

7. Select the Status tab and fill in the fields as explained in Table 23-6.

   Table 23-6 Description of Fields on the Status Tab in Oracle Directory Manager

   Field	Description
   OID Last Applied Change Number	For export operations, specify the identifier of the last change from Oracle Internet Directory that has been applied to the connected directory. The default is 0.
   Next Synchronization Time	The next absolute time that the agent is to be executed. The default is the time at which the agent is created.
   Synchronization Status	The execution status of the agent. You cannot modify this field. The default is YET TO BE EXECUTED.
   Synchronization Errors	The last error message. You cannot modify this field. There is no default.
   Last Applied Change Number	Pertains to import operations. This field displays the number of the last change applied from a connected directory to Oracle Internet Directory. You cannot modify this field. The default is 0.
   Last Synchronization Time	Pertains to export operations. This field displays the time when the last change from Oracle Internet Directory was applied to the connected directory. The default is the time at which the agent is created.

8. In the Integration Profile dialog box, click OK. This returns you to the Configuration Sets dialog box, which now lists the integration profile you just created.

9. Click OK to exit the Configuration Sets dialog box. The agent you created is now registered with Oracle Internet Directory.

Deregistering a Partner Agent by Using Oracle Directory Manager

To delete an agent:

1. In the navigator pane, expand Oracle Internet Directory Servers > directory_server_instance> Server Management > Directory Integration Server.

2. Select the Configuration Set from which to delete the agent. The Integration Profiles tab page appears in the right pane.

3. In the Integration Profiles tab page, select the agent you want to deregister, then click Delete.

Managing Partner Agents from the Command Line

This section tells you how to register and deregister agents by using the script ldapcreateConn.sh.

Registering a Partner Agent by Using ldapcreateConn.sh

You can register an agent by using the command-line tool ldapcreateConn.sh. This tool is in the directory $ORACLE_HOME/ldap/admin/.

The following example registers an agent named HRMS in configuration set 2 (config 2):

ldapcreateConn.sh name HRMS [ -host MyHost] [port 389] binddn cn=orcladmin pass
welcome data TST -acct apps -pwd apps -ldapctx dc=hr,dc=metadirectory,dc=com
config 2

Table 23-7 Arguments for Registering a Partner Agent by Using ldapcreateConn.sh

Argument	Description
name	Name of the agent. This is used as the RDN of the integration profile entry
-host	Host name of the directory server
-port	Port number on which the directory server is running. Default is 389.
binddn	The bind DN with which the tool binds to the directory. The bind DN must have the privilege to add integration profile entries.
pass	Password of the entry referred by the bind DN
-acct	Account name in the connected directory that will be used by the agent to connect to the connected directory
-pwd	Password of the connected directory account
-ldapctx	The parent DN where the integration profile entry is created
config 2	The configuration set entry of the directory integration server with which this integration file is associated

When the integration server is invoked for configuration set 2, this agent is run. You can see a full description by invoking ldapCreateConn.sh with the -help argument.

Deregistering a Partner Agent Using ldapdeleteConn.sh

You can deregister a agent by using the command-line tool ldapdeleteConn.sh. This tool is in the directory $ORACLE_HOME/ldap/admin/.

The following example deregisters an agent entry and dissociates it from the configuration set 2 (config 2) entry:

ldapdeleteconn.sh name HRMS config 2