| Oracle® Mail Administrator's Guide 10g Release 1 (10.1.2) Part Number B25499-04 |
|
|
View PDF |
| Oracle® Mail Administrator's Guide 10g Release 1 (10.1.2) Part Number B25499-04 |
|
|
View PDF |
This appendix contains information necessary for using a plug-in for Oracle Mail user provisioning. It contains examples of various provisioning operations, including:
To make customizations during Oracle Mail user creation through a centralized provisioning framework, administrators must implement additional code. This code must be in a class called EmailCustomPolicyPlugin contained in the oracle.mail.provisioning.policy package. This class must implement the oracle.mail.provisioning.plugin.EmailPolicyPluginInterface policy interface present in the $ORACLE_HOME/jlib/esprovisioning.jar file.
Customizations similar to the following examples, according to customer requirements, can be done by implementing this policy interface.
package oracle.mail.provisioning.policy; import oracle.mail.provisioning.plugin.EmailPolicyPluginInterface; import oracle.idm.user.IdmUser; import oracle.idm.provisioning.plugin.ApplicationContext; import oracle.idm.provisioning.plugin.PluginException; import oracle.idm.provisioning.plugin.PluginStatus; import oracle.ldap.util.LDIF; import oracle.ldap.util.ModPropertySet;
Any changes made by administrator implementation will eventually be merged by the centralized provisioning framework and will go into effect when a user is created.
public class EmailCustomPolicyPlugin implements EmailPolicyPluginInterface {
The processPolicy method in the EmailCustomPolicyPlugin class is invoked by the Oracle Mail pre-data-entry plug-in. If customizations are required in a deployment, this method must be implemented.
The centralized provisioning framework passes two ModPropertySet objects containing changes made to baseuser attributes and mailuser attributes so far in the pre-data-entry plug-in. The baseuser attributes and mailuser attributes are the attributes for the base user and Oracle Mail user, respectively. When the Oracle Mail provisioning plug-in invokes the implemented plug-in, it passes the original ModPropertySet for the baseuser attribute containing base user attributes passed by the centralized provisioning framework to the Oracle Mail plug-ins, and two additional ModPropertySet instances for baseuser and mailuser attribute changes, respectively.
If changes must be made to any baseuser attribute, such as deriving a user ID based on first name and last name, those changes must be done in the ModPropertySet for the base user changes.
Similarly, make changes to the mailuser attribute, such as assigning an Oracle Collaboration Suite Database or changing quota, in the ModPropertySet for mail user changes.
The processPolicy method and its parameters are as follows:
public void processPolicy(ApplicationContext appCtx,
IdmUser idmUser,
ModPropertySet originalBaseUserAttrs,
ModPropertySet originalMailUserAttrs,
ModPropertySet modifiedBaseUserAttrs,
ModPropertySet modifiedMailUserAttrs,
PluginStatus pluginStatus)
throws PluginException {
appCtx: This parameter contains the jndi DirContext, type of operation, locale, and logging.
idmUser: This parameter contains base user attributes used in modify and delete operations. In a create operation, if any application needs the global user ID, it can be obtained here.
originalBaseUserAttrs: This parameter contains the original base user attributes that Oracle Delegated Administration Services or Oracle Directory Integration and Provisioning passes to Oracle Mail plug-ins.
originalMailUserAttrs: This parameter contains the original Oracle Mail user attributes that Oracle Delegated Administration Services or Oracle Directory Integration and Provisioning passes to Oracle Mail plug-ins.
modifiedBaseUserAttrs: This parameter contains any changes made to current base user attributes in the e-mail pre-data-entry plug-in. As a part of customization, the baseuser attribute values that need to be modified can be set in this parameter.
modifiedMailUserAttrs: This parameter contains any changes made to current Oracle Mail user attributes in the e-mail pre-data entry plug-in. As a part of customization, the mailuser attribute values that must be modified can be set in this parameter.
PluginStatus: This is the plug-in status object, which can contain provisioning status, description, and an execution status. These values are consumed by the provisioning framework.
PluginException: This exception generates PluginException in case of errors.
|
See Also: Oracle Internet Directory API Reference for more information |
This example generates a user ID, assigns an Oracle Collaboration Suite Database, and establishes mail quota during user creation.
String op_type = appCtx.getCallOp();
if (op_type.equals(ApplicationContext.OP_CREATE)) {
The preceding code checks if it is a create operation.
String firstname = originalBaseUserAttrs.getModPropertyValue("givenname");
String lastname = originalBaseUserAttrs.getModPropertyValue("sn");
if ((firstname != null) && (lastname != null)) {
String mailid = firstname + "." + lastname + "@foo.com";
The preceding code generates the user ID from the firstname and lastname of the base user.
modifiedBaseUserAttrs.deleteProperty("mail");
modifiedBaseUserAttrs.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"mail", mailid);
}
This example assigns an Oracle Collaboration Suite Database based on the country in which the user resides or works. This example assumes the following:
c attribute of the base userusdb.foo.comindb.foo.comocsms.foo.comString country = originalBaseUserAttrs.getModPropertyValue("c");
if (country != null) {
String mailstore = "ocsms.foo.com";
if (country.equalsIgnoreCase("usa"))
mailstore = "usdb.foo.com";
if (country.equalsIgnoreCase("india"))
mailstore = "indb.foo.com";
modifiedMailUserAttrs.deleteProperty("orclmailstore");
modifiedMailUserAttrs.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"orclmailstore", mailstore);
}
This example assigns higher mail quota to managers, while for all other users, the default mail quota that is set at the domain level applies. This example assumes the following:
title attribute of the base user is Manager for managersString title = originalBaseUserAttrs.getModPropertyValue("title");
if ((title != null) && (title.equalsIgnoreCase("manager"))) {
modifiedMailUserAttrs.deleteProperty("orclmailquota");
modifiedMailUserAttrs.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"orclmailquota", "200");
}
This example provisions users selectively. This example assumes the following:
title attribute of the base user is temporary, do not provision.if ((title != null) && (title.equalsIgnoreCase("temporary"))) {
pluginStatus.setProvStatus(IdmUser.PROVISION_NOT_REQUIRED);
}
}
}
}
Setting the provisioning status to PROVISION_NOT_REQUIRED causes Oracle Delegated Administration Services to show no provisioning for Oracle Mail, and Oracle Directory Integration and Provisioning does not create an Oracle Mail user.
If the custom plug-in requires any base user attributes other than mail, run the oidprovtool utility in the Applications tier or Oracle Collaboration Suite Infrastructure (Infrastructure) $ORACLE_HOME to add the additional attributes, as in the following example, where cn and sn attributes are added:
oidprovtool operation=modify ldap_host=OID_HOST ldap_port=OID_PORT ldap_user_dn='cn=orcladmin'ldap_user_password=ORCLADMIN_PASSWORD application_type=EMAIL application_dn='cn=EmailServerContainer,cn=Products,cn=OracleContext' application_name=EMAIL event_subscription='USER:ANY:MODIFY(mail,dn,orcluserApplnProvStatus;email)' event_subscription='USER:ANY:ADD (mail,dn,orclguid,cn,sn)' event_subscription='USER:ANY:DELETE' interface_version=3.0
This example assumes the following:
OID_HOST is the Infrastructure Oracle Internet Directory host nameOID_PORT is the Infrastructure Oracle Internet Directory port numberORCLADMIN_PASSWORD is the password for cn=orcladmin
|
Note: Ensure thatmail,dn,orclguid attributes are always included in the list of subscribed attributes. Otherwise, e-mail provisioning will not work as expected. |
To compile and load the policy jar file, follow these instructions on an Applications tier $ORACLE_HOME. In multiple Applications tiers, these steps must be performed on the Applications tier that contains the latest Oracle Mail provisioning patches.
To compile EmailCustomPolicyPlugin.java, the CLASSPATH must include the following jar files:
$ORACLE_HOME/jlib/esprovisioning.jar$ORACLE_HOME/jlib/ldapjclnt10.jarCompile the policy plug-in.
$ORACLE_HOME/jdk/bin/javac oracle/mail/provisioning/policy/EmailCustomPolicyPlugin.java
Create the policy plug-in jar file.
$ORACLE_HOME/jdk/bin/jar cvf $ORACLE_HOME/oes/provisioning_policyplugin/policyplugin.jar oracle/mail/provisioning/policy/*.class
Load the policy jar file into the provisioning framework.
Substitute $ORACLE_HOME with the full path of the Applications tier $ORACLE_HOME and create an ldif file with following lines:
dn: cn=Plugins, cn=EMAIL, cn=Applications, cn=Provisioning,cn=Directory Integration Platform,cn=Products,cn=OracleContext changetype: modify replace: orclODIPPluginExecData orclODIPPluginExecData: $ORACLE_HOME/jlib/esprovisioning.jar dn: cn=Plugins, cn=EMAIL, cn=Applications, cn=Provisioning,cn=Directory Integration Platform,cn=Products,cn=OracleContext changetype: modify add: orclODIPPluginExecData orclODIPPluginExecData: $ORACLE_HOME/oes/provisioning_policyplugin/policyplugin.jar
Assuming the ldif file is $ORACLE_HOME/oes/provisioning_policyplugin/loadpolicy.ldif, run the following command to upload the policy jar file into the provisioning framework:
$ORACLE_HOME/bin/ldapmodify -b -v -Dcn=orcladmin -w orcladmin_password -h oid_host -p oid_port -f $ORACLE_HOME/oes/provisioning_policyplugin/loadpolicy.ldif
