Oracle® Mail Administrator's Guide 10g Release 1 (10.1.1) Part Number B14491-03 |
|
|
View PDF |
This appendix contains information necessary for using a plugin for Oracle Mail user provisioning. It contains examples of various provisioning operations, including:
To use a policy plugin for Oracle Mail user provisioning customizations, implement a class named oracle.mail.provisioning.policy.EmailCustomPolicyPlugin
containing the customization code. This class must implement the interface oracle.mail.provisioning.plugin.EmailPolicyPluginInterface
present in the $ORACLE_HOME/jlib/esprovisioning.jar
file.
Customizations similar to the following examples, according to customer requirements, can be done by implementing this policy interface.
package oracle.mail.provisioning.policy; import oracle.mail.provisioning.plugin.EmailPolicyPluginInterface; import oracle.idm.user.IdmUser; import oracle.idm.provisioning.plugin.ApplicationContext; import oracle.idm.provisioning.plugin.PluginException; import oracle.idm.provisioning.plugin.PluginStatus; import oracle.ldap.util.LDIF; import oracle.ldap.util.ModPropertySet;
In order to make any customizations during Oracle Mail user creation through a centralized provisioning framework, administrators must implement additional code. This code must be in a class called EmailCustomPolicyPlugin
contained in the oracle.mail.provisioning.policy
package. This class must implement the oracle.mail.provisioning.plugin.EmailPolicyPluginInterface
policy interface.
Any changes made by administrator implementation will eventually be merged by the centralized provisioning framework and will go into effect when a user is created.
public class EmailCustomPolicyPlugin implements EmailPolicyPluginInterface {
The processPolicy
method in the EmailCustomPolicyPlugin
class is invoked by the Oracle Mail pre-data entry plugin. If, in a deployment any customizations are required, this method must be implemented.
The centralized provisioning framework passes two ModPropertySet
objects containing changes made to baseuser
attributes and mailuser
attributes so far in the e-mail pre-plugin. The baseuser
attributes and mailuser
attributes are the attributes for the base user and Oracle Mail user, respectively. When the Oracle Mail provisioning plugin invokes the implemented plugin, it passes the original ModPropertySet
for the baseuser
attribute containing base user attributes passed by the centralized provisioning framework to the Oracle Mail plugins, and two additional ModPropertySet
instances for baseuser
and mailuser
attribute changes, respectively.
If changes need to be made to any baseuser
attribute, such as deriving a user ID based on first name and last name, those changes must be done in the ModPropertySet
for the base user changes.
Similarly, make changes to the mailuser
attribute, such as assigning an Oracle Collaboration Suite Database or changing quota, in the ModPropertySet
for mail user changes.
The processPolicy
method and its parameters are, as follows:
public void processPolicy(ApplicationContext appCtx, IdmUser idmUser, ModPropertySet originalBaseUserAttrs, ModPropertySet originalMailUserAttrs, ModPropertySet modifiedBaseUserAttrs, ModPropertySet modifiedMailUserAttrs, PluginStatus pluginStatus) throws PluginException {
appCtx
: This parameter contains the jndi DirContext
, type of operation, locale and logging.
idmUser
: This parameter contains base user attributes used in modify and delete operations. In the case of a create operation, if any application needs the global user ID, it can be obtained from here.
originalBaseUserAttrs
: This parameter contains the original base user attributes that Oracle Delegated Administration Services or Oracle Directory Integration and Provisioning passes to Oracle Mail plugins.
originalMailUserAttrs
: This parameter contains the original Oracle Mail user attributes that Oracle Delegated Administration Services or Oracle Directory Integration and Provisioning passes to Oracle Mail plugins.
modifiedBaseUserAttrs
: This parameter contains any changes made to current base user attributes in the e-mail pre-data entry plugin. As a part of customization, the baseuser
attribute values that need to be modified can be set in this parameter.
mailUserAttrs
: This parameter contains any changes made to current Oracle Mail user attributes in the e-mail pre-data entry plugin. As a part of customization, the mailuser
attribute values that need to be modified can be set in this parameter.
pluginStatus
: This is the plugin status object, which can contain provisioning status, description, and an execution status. These values are consumed by the provisioning framework.
PluginException
: This exception generates PluginException
in case of errors.
See Also:
Oracle Internet Directory API Reference for more informationGenerating a User ID Based on User's First and Last Names
This example generates a user ID, assigns an Oracle Collaboration Suite Database, and establishes mail quota during user creation.
String op_type = appCtx.getCallOp(); if (op_type.equals(ApplicationContext.OP_CREATE)) {
The preceding code checks if it is a create operation.
String firstname = originalBaseUserAttrs.getModPropertyValue("givenname"); String lastname = originalBaseUserAttrs.getModPropertyValue("sn"); if ((firstname != null) && (lastname != null)) { String mailid = firstname + "." + lastname + "@foo.com";
The preceding code generates the user ID from the firstname
and lastname
of the base user.
modifiedBaseUserAttrs.deleteProperty("mail"); modifiedBaseUserAttrs.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"mail", mailid); }
Assigning an Oracle Collaboration Suite Database Based on Country
This example assigns an mailstore based on the country in which the user resides or works. This example assumes the following:
c
attribute of the base userusdb.foo.com
indb.foo.com
ocsms.foo.com
String country = originalBaseUserAttrs.getModPropertyValue("c"); if (country != null) { String mailstore = "ocsms.acme.com"; if (country.equalsIgnoreCase("usa")) mailstore = "usdb.acme.com"; if (country.equalsIgnoreCase("india")) mailstore = "indb.acme.com"; modifiedMailUserAttrs.deleteProperty("orclmailstore"); modifiedMailUserAttrs.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"orclmailstore", mailstore); }
Establish Mail Quota Dynamically Based on Title
This example assigns higher mail quota to managers, while for all other users, default mail quota that is set at the domain level applies. This example assumes the following:
title
attribute of the base user is Manager for managersString title = originalBaseUserAttrs.getModPropertyValue("title"); if ((title != null) && (title.equalsIgnoreCase("manager"))) { modifiedMailUserAttrs.deleteProperty("orclmailquota"); modifiedMailUserAttrs.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"orclmailquota", "200"); }
Selectively Provision Users for Oracle Mail
This example provisions users selectively. This example assumes the following:
title
attribute of the base user is temporary, do not provisionif ((title != null) && (title.equalsIgnoreCase("temporary"))) { pluginStatus.setProvStatus(IdmUser.PROVISION_NOT_REQUIRED); } } } }
Setting the provisioning status to PROVISION_NOT_REQUIRED
causes Oracle Delegated Administration Services to show no provisioning for Oracle Mail and Oracle Directory Integration and Provisioning does not create an Oracle Mail user.
If the custom plugin requires any base user attributes other than mail
, run the oidprovtool
utility in the Applications Tier or infrastructure ORACLE HOME to add the additional attributes, as in the following example, where cn
and sn
attributes are added:
oidprovtool operation=modify ldap_host=OID_HOST ldap_port=OID_PORT ldap_user_dn='cn=orcladmin'ldap_user_password=ORCLADMIN_PASSWORD application_type=EMAIL application_dn='cn=EmailServerContainer,cn=Products,cn=OracleContext' application_name=EMAIL event_subscription='USER:ANY:MODIFY(mail,dn,orcluserApplnProvStatus;email)' event_subscription='USER:ANY:ADD (mail,dn,orclguid,cn,sn)' event_subscription='USER:ANY:DELETE' interface_version=3.0
Where:
OID_HOST
is the infrastructure Oracle Internet Directory host nameOID_PORT
is the infrastructure Oracle Internet Directory port numberORCLADMIN_PASSWORD
is the password for cn=orcladmin
Note:
Ensure thatmail,dn,orclguid
attributes are always included in the list of subscribed attributes. Otherwise, e-mail provisioning will not work as expected.To compile and load the policy jar
file, follow these instructions on an Applications Tier $ORACLE_HOME. In the case of multiple Applications Tiers, these steps must be performed on the Applications Tier that contains the latest Oracle Mail provisioning patches.
To compile EmailCustomPolicyPlugin.java
, the CLASSPATH
must include the following jar files:
$ORACLE_HOME/jlib/esprovisioning.jar
$ORACLE_HOME/jlib/ldapjclnt10.jar
Compile the policy plugin.
$ORACLE_HOME/jdk/bin/javac oracle/mail/provisioning/policy/EmailCustomPolicyPlugin.java
Create the policy plugin jar
file.
$ORACLE_HOME/jdk/bin/jar cvf $ORACLE_HOME/oes/provisioning_policyplugin/policyplugin.jar oracle/mail/provisioning/policy/*.class
Load the policy jar file into the provisioning framework.
Substitute $ORACLE_HOME
with the full path of the Applications Tier ORACLE_HOME
and create an ldif
file with following lines:
dn: cn=Plugins, cn=EMAIL, cn=Applications, cn=Provisioning,cn=Directory Integration Platform,cn=Products,cn=OracleContext changetype: modify replace: orclODIPPluginExecData orclODIPPluginExecData: $ORACLE_HOME/jlib/esprovisioning.jar dn: cn=Plugins, cn=EMAIL, cn=Applications, cn=Provisioning,cn=Directory Integration Platform,cn=Products,cn=OracleContext changetype: modify add: orclODIPPluginExecData orclODIPPluginExecData: $ORACLE_HOME/oes/provisioning_policyplugin/policyplugin.jar
Assuming the ldif
file is $ORACLE_HOME/oes/provisioning_policyplugin/loadpolicy.ldif
, run the following command to upload the policy jar
file into the provisioning framework:
$ORACLE_HOME/bin/ldapmodify -b -v -Dcn=orcladmin -w orcladmin_password -h oid_host -p oid_port -f $ORACLE_HOME/oes/provisioning_policyplugin/loadpolicy.ldif