Oracle® Mail Administrator's Guide 10g Release 1 (10.1.2) Part Number B25499-04 |
|
|
View PDF |
This appendix contains information necessary for using a plug-in for Oracle Mail user provisioning. It contains examples of various provisioning operations, including:
To make customizations during Oracle Mail user creation through a centralized provisioning framework, administrators must implement additional code. This code must be in a class called EmailCustomPolicyPlugin
contained in the oracle.mail.provisioning.policy
package. This class must implement the oracle.mail.provisioning.plugin.EmailPolicyPluginInterface
policy interface present in the $ORACLE_HOME/jlib/esprovisioning.jar
file.
Customizations similar to the following examples, according to customer requirements, can be done by implementing this policy interface.
package oracle.mail.provisioning.policy; import oracle.mail.provisioning.plugin.EmailPolicyPluginInterface; import oracle.idm.user.IdmUser; import oracle.idm.provisioning.plugin.ApplicationContext; import oracle.idm.provisioning.plugin.PluginException; import oracle.idm.provisioning.plugin.PluginStatus; import oracle.ldap.util.LDIF; import oracle.ldap.util.ModPropertySet;
Any changes made by administrator implementation will eventually be merged by the centralized provisioning framework and will go into effect when a user is created.
public class EmailCustomPolicyPlugin implements EmailPolicyPluginInterface {
The processPolicy
method in the EmailCustomPolicyPlugin
class is invoked by the Oracle Mail pre-data-entry plug-in. If customizations are required in a deployment, this method must be implemented.
The centralized provisioning framework passes two ModPropertySet
objects containing changes made to baseuser
attributes and mailuser
attributes so far in the pre-data-entry plug-in. The baseuser
attributes and mailuser
attributes are the attributes for the base user and Oracle Mail user, respectively. When the Oracle Mail provisioning plug-in invokes the implemented plug-in, it passes the original ModPropertySet
for the baseuser
attribute containing base user attributes passed by the centralized provisioning framework to the Oracle Mail plug-ins, and two additional ModPropertySet
instances for baseuser
and mailuser
attribute changes, respectively.
If changes must be made to any baseuser
attribute, such as deriving a user ID based on first name and last name, those changes must be done in the ModPropertySet
for the base user changes.
Similarly, make changes to the mailuser
attribute, such as assigning an Oracle Collaboration Suite Database or changing quota, in the ModPropertySet
for mail user changes.
The processPolicy
method and its parameters are as follows:
public void processPolicy(ApplicationContext appCtx, IdmUser idmUser, ModPropertySet originalBaseUserAttrs, ModPropertySet originalMailUserAttrs, ModPropertySet modifiedBaseUserAttrs, ModPropertySet modifiedMailUserAttrs, PluginStatus pluginStatus) throws PluginException {
appCtx
: This parameter contains the jndi DirContext
, type of operation, locale, and logging.
idmUser
: This parameter contains base user attributes used in modify and delete operations. In a create operation, if any application needs the global user ID, it can be obtained here.
originalBaseUserAttrs
: This parameter contains the original base user attributes that Oracle Delegated Administration Services or Oracle Directory Integration and Provisioning passes to Oracle Mail plug-ins.
originalMailUserAttrs
: This parameter contains the original Oracle Mail user attributes that Oracle Delegated Administration Services or Oracle Directory Integration and Provisioning passes to Oracle Mail plug-ins.
modifiedBaseUserAttrs
: This parameter contains any changes made to current base user attributes in the e-mail pre-data-entry plug-in. As a part of customization, the baseuser
attribute values that need to be modified can be set in this parameter.
modifiedMailUserAttrs
: This parameter contains any changes made to current Oracle Mail user attributes in the e-mail pre-data entry plug-in. As a part of customization, the mailuser
attribute values that must be modified can be set in this parameter.
PluginStatus
: This is the plug-in status object, which can contain provisioning status, description, and an execution status. These values are consumed by the provisioning framework.
PluginException
: This exception generates PluginException
in case of errors.
See Also: Oracle Internet Directory API Reference for more information |
This example generates a user ID, assigns an Oracle Collaboration Suite Database, and establishes mail quota during user creation.
String op_type = appCtx.getCallOp(); if (op_type.equals(ApplicationContext.OP_CREATE)) {
The preceding code checks if it is a create operation.
String firstname = originalBaseUserAttrs.getModPropertyValue("givenname"); String lastname = originalBaseUserAttrs.getModPropertyValue("sn"); if ((firstname != null) && (lastname != null)) { String mailid = firstname + "." + lastname + "@foo.com";
The preceding code generates the user ID from the firstname
and lastname
of the base user.
modifiedBaseUserAttrs.deleteProperty("mail"); modifiedBaseUserAttrs.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"mail", mailid); }
This example assigns an Oracle Collaboration Suite Database based on the country in which the user resides or works. This example assumes the following:
c
attribute of the base userusdb.foo.com
indb.foo.com
ocsms.foo.com
String country = originalBaseUserAttrs.getModPropertyValue("c"); if (country != null) { String mailstore = "ocsms.foo.com"; if (country.equalsIgnoreCase("usa")) mailstore = "usdb.foo.com"; if (country.equalsIgnoreCase("india")) mailstore = "indb.foo.com"; modifiedMailUserAttrs.deleteProperty("orclmailstore"); modifiedMailUserAttrs.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"orclmailstore", mailstore); }
This example assigns higher mail quota to managers, while for all other users, the default mail quota that is set at the domain level applies. This example assumes the following:
title
attribute of the base user is Manager for managersString title = originalBaseUserAttrs.getModPropertyValue("title"); if ((title != null) && (title.equalsIgnoreCase("manager"))) { modifiedMailUserAttrs.deleteProperty("orclmailquota"); modifiedMailUserAttrs.addProperty(LDIF.ATTRIBUTE_CHANGE_TYPE_ADD,"orclmailquota", "200"); }
This example provisions users selectively. This example assumes the following:
title
attribute of the base user is temporary, do not provision.if ((title != null) && (title.equalsIgnoreCase("temporary"))) { pluginStatus.setProvStatus(IdmUser.PROVISION_NOT_REQUIRED); } } } }
Setting the provisioning status to PROVISION_NOT_REQUIRED
causes Oracle Delegated Administration Services to show no provisioning for Oracle Mail, and Oracle Directory Integration and Provisioning does not create an Oracle Mail user.
If the custom plug-in requires any base user attributes other than mail
, run the oidprovtool
utility in the Applications tier or Oracle Collaboration Suite Infrastructure (Infrastructure) $ORACLE_HOME
to add the additional attributes, as in the following example, where cn
and sn
attributes are added:
oidprovtool operation=modify ldap_host=OID_HOST ldap_port=OID_PORT ldap_user_dn='cn=orcladmin'ldap_user_password=ORCLADMIN_PASSWORD application_type=EMAIL application_dn='cn=EmailServerContainer,cn=Products,cn=OracleContext' application_name=EMAIL event_subscription='USER:ANY:MODIFY(mail,dn,orcluserApplnProvStatus;email)' event_subscription='USER:ANY:ADD (mail,dn,orclguid,cn,sn)' event_subscription='USER:ANY:DELETE' interface_version=3.0
This example assumes the following:
OID_HOST
is the Infrastructure Oracle Internet Directory host nameOID_PORT
is the Infrastructure Oracle Internet Directory port numberORCLADMIN_PASSWORD
is the password for cn=orcladmin
Note: Ensure thatmail,dn,orclguid attributes are always included in the list of subscribed attributes. Otherwise, e-mail provisioning will not work as expected. |
To compile and load the policy jar
file, follow these instructions on an Applications tier $ORACLE_HOME
. In multiple Applications tiers, these steps must be performed on the Applications tier that contains the latest Oracle Mail provisioning patches.
To compile EmailCustomPolicyPlugin.java
, the CLASSPATH
must include the following jar files:
$ORACLE_HOME/jlib/esprovisioning.jar
$ORACLE_HOME/jlib/ldapjclnt10.jar
Compile the policy plug-in.
$ORACLE_HOME/jdk/bin/javac oracle/mail/provisioning/policy/EmailCustomPolicyPlugin.java
Create the policy plug-in jar file.
$ORACLE_HOME/jdk/bin/jar cvf $ORACLE_HOME/oes/provisioning_policyplugin/policyplugin.jar oracle/mail/provisioning/policy/*.class
Load the policy jar file into the provisioning framework.
Substitute $ORACLE_HOME
with the full path of the Applications tier $ORACLE_HOME
and create an ldif
file with following lines:
dn: cn=Plugins, cn=EMAIL, cn=Applications, cn=Provisioning,cn=Directory Integration Platform,cn=Products,cn=OracleContext changetype: modify replace: orclODIPPluginExecData orclODIPPluginExecData: $ORACLE_HOME/jlib/esprovisioning.jar dn: cn=Plugins, cn=EMAIL, cn=Applications, cn=Provisioning,cn=Directory Integration Platform,cn=Products,cn=OracleContext changetype: modify add: orclODIPPluginExecData orclODIPPluginExecData: $ORACLE_HOME/oes/provisioning_policyplugin/policyplugin.jar
Assuming the ldif
file is $ORACLE_HOME/oes/provisioning_policyplugin/loadpolicy.ldif
, run the following command to upload the policy jar file into the provisioning framework:
$ORACLE_HOME/bin/ldapmodify -b -v -Dcn=orcladmin -w orcladmin_password -h oid_host -p oid_port -f $ORACLE_HOME/oes/provisioning_policyplugin/loadpolicy.ldif