Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Synchronization with Relational Database Tables, 3 of 3
This section describes the tasks you perform to synchronize an Oracle Internet Directory with a relational database. It also provides an example of creating an integration profile with the appropriate details.
This section contains these topics:
During synchronization from a relational database to Oracle Internet Directory, the additional configuration information file governs the retrieval of data from the database. It provides the Oracle directory integration and provisioning server with the following information:
SELECT
statement to execute
To configure this file, use the sample file DBReader.cfg.master
in the ORACLE_HOME
/ldap/odi/samples/
directory, and edit it to your specifications.
It is very important to follow the correct format of this file. The various sections are divided using TAG names. Every TAG section has a list of parameters and their respective values. The general layout is as follows.
[TAG] PARAMETER1: value PARAMETER2: value [TAG] PARAMETER1: value PARAMETER2: value\ VALUE continuation\ value continuation\ end of value continuation [TAG] PARAMETER1: value PARAMETER2: value\ end of value continuation
For example, following this format, the DBReader.cfg.master
file looks like this:
[DBQUERY] SELECT: SELECT\EMPNO EmpNum,\ ENAME,\ REPLACE(EMAIL),'@ACME.COM','') UID,\ EMAIL,\ TELEPHONE,\ TO_CHAR(LAST_UPDATE_DATE,'YYYYMMDDHH24MISS') Modified_Date\FROM\EMPLOYEE\WHERE\LAST_UPDATE_DATE>TO_DATE (:Modified_Date,'YYYYMMDDHH24MISS')\ORDER BY\ LAST_UPDATE_DATE [SYNC-PARAMS] CHANGEKEY: Modified_Date
Note that the entire SELECT
statement is put as a value in the parameter SELECT
in the section represented by the TAG DBQUERY
. Because it is a lengthy value, the value continuation character is put as the last character in every line until the SELECT
statement ends.
The CHANGEKEY
parameter value is the name of the column(s) to be used while doing incremental synchronization. The value(s) of these column(s) is always stored in the orclOdipLastAppliedChgNum attribute of the profile. Every time the SELECT
statement is executed, the current value(s) of this attribute are put into the SQL statement accordingly. This ensures that the data is always retrieved incrementally.
If there are multiple column names in the CHANGEKEY
--for example, column1:column2
--then the value in the orclOdipLastAppliedChgNum attribute of the profile is stored as value1~value2
and so on, with value1
corresponding to column1
and value2
to column2
.
Column names are retrieved into the Oracle Directory Integration and Provisioning platform as attribute value pairs and subsequently mapped into LDAP attribute values according to set mapping rules. For this reason, all columns names retrieved in the SELECT
statement must be simple names rather than expressions. For example, you can have the expression REPLACE(EMAIL),'@ACME.COM','')
but it retrieves the expression value as UID
.
In this example, the Modified_Date
is the key for incremental synchronization. Because it is a date, it must be represented in a string format.
When the profile is created, the orclOdipLastAppliedChgNum attribute must be set to some value. All changes after this date--that is, rows in the table with LAST_UPDATE_DATE
greater than this value-- are retrieved. For example, if the orclOdipLastAppliedChgNum attribute is set to 20000101000000
, then all employee changes since January 1, 2000 are retrieved.
Because of the ORDER BY
clause, all the database rows returned are in the order of LAST_UPDATE_DATE
--that is, the changes retrieved and applied to the directory are in chronological order. Once the last change is retrieved and applied:
Modified_Date
from the last row retrieved.
Whenever the Oracle Directory Integration and Provisioning platform executes the profile again, it uses the previously stored value.
To configure the mapping rules, follow the instructions in "Mapping Rules and Formats".
You can create the directory integration profile by using either Oracle Directory Manager or the Directory Integration and Provisioning Assistant. If you use Oracle Directory Manager, then you must upload the additional configuration information file and the mapping file by using either the Directory Integration and Provisioning Assistant or the script ldapUploadAgentFile.sh
To configure the directory integration profile, follow the general instructions in "Registration of Connectors into the Oracle Directory Integration and Provisioning Platform", but with these specific instructions in mind:
DB
.
See Also:
In this example, the following relational database table containing employee data is synchronized with Oracle Internet Directory.
You can find a sample profile for this example in the directory ORACLE_HOME
/ldap/odi/samples
. Also present there are the sample configuration and mapping files. In this example:
Employee
TESTDBIMPORT
.
EMPNO
) is used to JOIN a database record with a directory entry. It is specified in the OID Matching Filter (orclOdipOIDMatchingFilter) attribute described in Table B-20.
testsync
/testsyncpwd
schema in a database. The database is located on the host machine.acme.com
, the database listener port is 1526
and the SID is iasdb
. The database URL is machine.acme.com:1526:iasdb
.
orclodipagentname=testdbimport,
cn=subscriber profile,
cn=changelog subscriber,
cn=oracle internet directory
This example uses the same Additional Configuration Information file described earlier in "Task 1: Prepare the Additional Configuration Information File".
The mapping file for this example contains the following:
DomainRules NONLDAP:dc=testdbsync,dc=com:uid=%,dc=testdbsync,dc=com AttributeRules ename: : : :cn: :person ename : : : :sn: :person uid : : : :uid: :inetOrgperson: EMail: : : :mail: :inetOrgperson Telephone: : : :telephonenumber: :inetOrgperson empnum: : : :employeenumber: :inetOrgperson
This mapping file specifies the following:
uid=%,dc=testdbsync,dc=com
. The %
is a placeholder for the actual value of uid
. The uid
must be present in the mapping rules so that it has a value after the mapping. Otherwise the DN construction fails.
cn
and sn
attributes are to have the same value as ename
.
uid
element must have the value of the EMail
prefix, which is the element of the e-mail address prior to the '@' character.
empnum
becomes employeenumber
in the directory entry.
telephone
becomes telephone number
in the directory entry.
The directory integration profile for this example contains the attribute values as described in Table 38-2. A sample integration profile with these values populated and the corresponding mapping and configuration files are available in $
ORACLE_HOME
/ldap/odi/samples
directory. You can create the profile by running the Directory Integration and Provisioning Assistant in the createprofile
mode and specifying the file as the argument. Alternatively, you can create the profile by using Oracle Directory Manager.
See Also:
|
If you used Oracle Directory Manager to create the profile, then enter this command:
ORACLE_HOME/ldap/odi/admin/ldapuploadagentfile.sh -name "TESTDBIMPORT" -config 1 \ -bindpass password -binddn "cn=orcladmin" -attrtype "ATTR" \
-filename full_path_name_of_the_file
If you used Oracle Directory Manager to create the profile, then enter this command:
ORACLE_HOME/ldap/odi/admin/ldapuploadagentfile.sh -name "TESTDBIMPORT" -config 1 \ -bindpass password -binddn "cn=orcladmin" -attrtype "MAP" \
-filename full_path_name_of_the_file
In this example, the sequence of steps in the synchronization process is:
orclodipConDirLastAppliedChgNum
) attribute is updated.
When a row is retrieved from the database, it is in the following form:
EmpNum: 98357 EName: JOHN DOE UID: JOHN.DOE EMAIL: JOHN.DOE@ACME.COM TELEPHONE: 435-324-3455 Modified_Date: 20000102000000
After the mapping is performed on this record, the output is in the following form:
dn: uid=john.doe,dc=testdbsync,dc=com uid: JOHN.DOE cn: JOHN DOE sn: JOHN DOE mail: JOHN.DOE@ACME.COM employeenumber: 98357 telephonenumber: 435-324-3455 objectclass: person objectclass: inetorgperson
A subtree search is made in the directory with the filter employeenumber=98357
under the domain dc=testdbsync,dc=com
. If the search yields an existing entry, then that entry is updated. Otherwise, a new entry is created. Because the OID Matching Filter (orclOdipOIDMatchingFilter) attribute is set to employeenumber
, every database record retrieved must have that column. In this case, it is EmpNum
as it maps to employeenumber
.
Any other attributes in the mapping file that are not in the data retrieved by the SQL are ignored--for example, the attribute birthday
.
After the profile thread processes all the change records from the SQL, it updates the directory with correct values for these attributes:
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|