| Oracle® Identity Manager Connector Guide for Database Access Release 9.0.1 Part Number B31114-01 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for Database Access Release 9.0.1 Part Number B31114-01 |
|
|
View PDF |
Deploying the connector involves the following steps:
The following table lists the installation requirements for the connector.
All of the required configuration information (such as tablespace name, default database, user name, and password) is provided in the form of parameters that are used by Oracle Identity Manager. This information is required to perform the procedure described in the "Defining Resource Assets" section.
The following sections provide configuration instructions that are specific to the target system database:
You configure Oracle Database by ensuring that:
The service name that is used to create users exists in the target Oracle Database installation.
There is sufficient space in the database to store provisioned users.
The Oracle Database user account that is used to create users has DBA privileges. For example, sys as sysdba/sys or system/manager.
You configure Microsoft SQL Server by ensuring that:
The target database in which users are supposed to be created exists in the target Microsoft SQL Server installation.
The Microsoft SQL Server user account that is used to create users has DBA privileges. For example, sa/sa.
You configure Sybase by ensuring that:
The target database in which users are supposed to be created exists in the target Sybase ASE installation.
The following scripts are run on the target Sybase database:
procGrantAllToUser.sql
procRevokeAllFromUser.sql
Refer to the "Step 4: Copying the Connector Files" section for instructions to copy these files from the installation media ZIP file to the xellerate_home\xellerate\XLIntegrations\DatabaseAccess\scripts directory.
You configure IBM DB2 UDB by ensuring that:
Authentication on IBM DB2 UDB is done through the operating system. Therefore, the user that you want to provision must exist in the security system of the operating system.
For example, if you want to provision the domain, then the target (IBM DB2 UDB server) must exist on the domain server and the user that you want to provision must exist in the domain.
For databases or services that you want to provision, you must enter the relevant lookup codes, corresponding to the databases or services that already exist on the target systems, in the UD_Lookup.DB_Dbnames lookup definition.
For tablespaces that you want to provision, you must enter the relevant lookup codes, corresponding to the tablespaces that already exist on the target systems, in the UD_Lookup.DB_Tablespacenames lookup definition.
For schemas that you want to provision, you must enter the relevant lookup codes, corresponding to the schemas that already exist on the target systems, in the UD_Lookup.DB_Schemas lookup definition.
Note:
Perform this step only if the target system is IBM DB2 UDB.IBM DB2 UDB installed on a Microsoft Windows server does not support the creation of user accounts. Instead, it uses the users that are present in the operating system (Microsoft Windows users). It assigns the required privileges to a Microsoft Windows user to convert the user into a complete IBM DB2 UDB user. After a user account is created in Microsoft Windows, it can be assigned the relevant privileges in IBM DB2 UDB.
Therefore, if you want to use the Database Access connector to provision accounts in IBM DB2 UDB, then you must first deploy the connector for Microsoft Active Directory in the following directory:
xellerate_home\xellerate\XLIntegrations\ActiveDirectory
See Also:
Oracle Identity Manager Connector Guide for Microsoft Active DirectoryThe connector files to be copied and the directories to which you must copy them are given in the following table.
Note:
The directory paths given in the first column of this table correspond to the location of the connector files in the following ZIP file on the installation media:Database Servers\Database User Management\Database Rev 3.1.0.zip
Refer to "Files and Directories That Comprise the Connector" for more information about these files.
| File in the Installation Media Directory | Destination Directory |
|---|---|
The following files in the xml directory:
|
xellerate_home\xellerate\XLIntegrations\DatabaseAccess\xml
|
lib\xliDatabaseAccess.jar |
xellerate_home\xellerate\JavaTasks
|
lib\xliDatabaseAccess.jar |
xellerate_home\xellerate\ScheduleTask
|
The following files in the scripts directory:
|
xellerate_home\xellerate\XLIntegrations\DatabaseAccess\scripts
|
The following contents of the docs directory:
B31114_01.pdf html |
xellerate_home\xellerate\XLIntegrations\DatabaseAccess\docs
|
The location of the external code files depends on the database of the target database system. The following sections provide information that is specific to the target system database:
For connectors used with Oracle8i Database or Oracle9i Database, the required external JAR file required is classes12.jar.
The classes12.jar file is available in the Oracle9i Database installation at the following path:
oracle_home\ora92\jdbc\lib\
In this directory path, oracle_home is the location where Oracle9i Database is installed. For example, C:\Oracle.
You must ensure that the classes12.jar file is in the following directory:
xellerate_home\xellerate\ThirdParty
If the classes12.zip file is used instead of the classes12.jar file, then:
For JBoss Application Server:
Copy the classes12.zip file to the JBOSS_HOME\server\default\lib directory, and then restart the server. Here, JBOSS_HOME is the directory in which JBoss is installed.
For BEA WebLogic:
Copy the classes12.zip file into the xellerate_home\xellerate\ThirdParty directory. Make an entry for the classes12.zip file in the classpath mentioned in the BEA_HOME\user_projects\domains\domain_name\xlStartWLS.bat file, and then restart the server. Here, BEA_HOME is the directory in which JBoss is installed.
For IBM WebSphere:
Copy the classes12.zip file to the WEBSPHERE_HOME\AppServer\lib directory, and then restart the server.
For connectors used with Microsoft SQL Server 2000, the external JAR files required are the JDBC driver files: mssqlserver.jar, msbase.jar, and msutil.jar. To obtain these files, first download Microsoft SQL Server 2000 Driver for JDBC Service Pack 3 from the Microsoft Web site. Then, copy these files into the following directory:
xellerate_home\xellerate\ThirdParty
Copy the JDBC driver files (mssqlserver.jar, msbase.jar, and msutil.jar) into the JBOSS_HOME\server\default\lib directory, and then restart the server. Here, JBOSS_HOME is the directory in which JBoss is installed.
If you are using BEA WebLogic as the application server, then edit the xlStartWLS.cmd file to specify the location of the JDBC driver files. To do this:
Open the xlStartWLS.cmd file in a text editor.
This file is in the following directory:
WEBLOGIC_HOME\user_projects\domains\DOMAIN_NAME\
In this directory path, WEBLOGIC_HOME is the BEA WebLogic home directory, and DOMAIN_NAME is the name of the domain.
Add the following lines in the xlStartWLS.cmd file:
SET SQL_DB_ACCESS_INT_JARS=xellerate_home\xellerate\ThirdParty\mssqlserver.jar; xellerate_home\xellerate\ThirdParty\msbase.jar; xellerate_home\xellerate\ThirdParty\msutil.jar;
Append the following text to the start of the set classpath command:
%SQL_DB_ACCESS_INT_JARS%;
For connectors used with Sybase ASE, copy the jconn2.jar file from the SYBASE_HOME\jConnect-5_5\classes\ directory to the xellerate_home\xellerate\ThirdParty\ directory.
For connectors used with IBM DB2 UDB, copy the db2java.zip file from the DB2_HOME\IBM\SQLLIB\java directory to one of the following directories:
For JBoss Application Server:
Copy the db2java.zip file to the JBOSS_HOME\server\default\lib directory, and then restart the server. Here, JBOSS_HOME is the directory in which JBoss is installed.
For BEA WebLogic:
Copy the db2java.zip file into the xellerate_home\xellerate\ThirdParty directory. Make an entry for the classes12.zip file in the classpath mentioned in the BEA_HOME\user_projects\domains\domain_name\xlStartWLS.bat file, and then restart the server. Here, BEA_HOME is the directory in which JBoss is installed.
For IBM WebSphere:
Copy the db2java.zip file to the WEBSPHERE_HOME\AppServer\lib directory, and then restart the server.
To import the connector XML files into Oracle Identity Manager:
Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for locating files is displayed.
Locate and open the xliDBAccessLogin_DM.xml file, which is in the xellerate_home\xellerate\XLIntegrations\DatabaseAccess\xml directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Next. The Provide IT Resource Instance Data page for the Oracle IT resource is displayed.
Specify values for the parameters of the OracleITResource IT resource. Refer to the table in the "IT Resource Parameter Values for Oracle Database" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for the Microsoft SQL Server 2000 IT resource is displayed.
Specify values for the parameters of the Microsoft SQL Server 2000 IT resource. Refer to the table in the "IT Resource Parameter Values for Microsoft SQL Server" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for the Sybase Server IT resource is displayed.
Specify values for the parameters of the Sybase Server IT resource. Refer to the table in the "IT Resource Parameter Values for Sybase" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for the IBM DB2 UDB IT resource is displayed.
Specify values for the parameters of the IBM DB2 UDB IT resource. Refer to the table in the "IT Resource Parameter Values for IBM DB2 UDB" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for a new instance of the Database IT resource type is displayed.
Click Skip to specify that you do not want to define a new IT resource. The Confirmation page is displayed.
See Also:
If you want to define another IT resource, then refer to Oracle Identity Manager Tools Reference Guide for instructions.Click View Selections.
The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. You must remove these nodes. To do this, right-click each such node and then select Remove.
Click Import. The connector file is imported into Oracle Identity Manager.
Perform the same procedure to import the xliDBAccessUser_DM.xml file, which is in the xellerate_home\xellerate\XLIntegrations\DatabaseAccess\xml\ directory.
Note:
Ensure that you import the connector XML files in the specified order.Perform the same procedure to import the xliDBAccessScheduleTask_DM.xml file, which is in the xellerate_home\xellerate\XLIntegrations\DatabaseAccess\xml\ directory.
This section provides IT resource parameter values for the following databases:
You must specify values for the Oracle IT resource parameters listed in the following table.
| Parameter Name | Parameter Description |
|---|---|
DataBaseType |
Type of database
Value: |
DatabaseName |
Name of the target database on which the users are created
Sample value: |
Driver |
JDBC driver class
Value: |
URL |
JDBC URL for the target database
Value: Sample value: |
UserID |
User name of the DBA login that is used to create users
Value: |
Password |
Password of the DBA login that is used to create users
Value: |
You must specify values for the Microsoft SQL Server 2000 IT resource parameters listed in the following table.
| Parameter Name | Parameter Description |
|---|---|
DataBaseType |
Type of RDBMS
Value: |
DatabaseName |
Name of the target database in which users are created
Sample value: |
Driver |
JDBC driver class
Value: |
URL |
JDBC URL for the target database
Value: jdbc:microsoft:sqlserver://Target_ Host:1433;DatabaseName=DatabaseName Sample value: jdbc:microsoft:sqlserver://192.168 .49.64:1433;DatabaseName=XELL Note: Use the IP address, not the computer name or the host name in this URL. |
UserID |
User name of the DBA login that is used to create users
Value: |
Password |
Password of the DBA login that is used to create users
Value: |
You must specify values for the Sybase Server IT resource parameters listed in the following table.
| Parameter Name | Parameter Description |
|---|---|
DataBaseType |
Type of RDBMS
Value: |
DatabaseName |
Name of the target database in which users are created
Sample value: |
Driver |
JDBC driver class
Value: com.sybase.jdbc2.jdbc.SybDriver |
URL |
JDBC URL for the target database
Value: jdbc:sybase:Tds:Target_Host:5000/DatabaseName Sample value: jdbc:sybase:Tds:integnt:5000/master |
UserID |
User name of the DBA login that is used to create users
Value: |
Password |
Password of the DBA login that is used to create users
Value: |
You must specify values for the IBM DB2 UDB IT resource parameters listed in the following table.
| Parameter Name | Parameter Description |
|---|---|
DataBaseType |
Type of RDBMS
Value: DB2 |
DatabaseName |
Not required |
Driver |
JDBC driver class
Value: |
URL |
The JDBC URL for the target database
Value: Sample value: Note: Use the IP address, not the computer name or the host name. |
UserID |
User name of the DB login used to create users Value: sa |
Password |
Not needed |
Configuring reconciliation involves creating scheduled tasks for Lookup Fields and User reconciliations. To create these scheduled tasks:
Open the Oracle Identity Manager Design Console.
Expand the Xellerate Administration folder.
Select Task Scheduler.
Click Find. The details of the predefined scheduled tasks are displayed on two different tabs.
Enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager should attempt to complete the task before assigning the ERROR status to the task.
Ensure that the Disabled and Stop Execution check boxes are cleared.
In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.
In the Interval region, set the following schedule parameters:
To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.
If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.
To set the task to run only once, select the Once option.
Provide values for the attributes of the scheduled task. Refer to the appropriate table in the "Specifying Values for the Scheduled Task Attributes"section for information about the values to be specified.
See Also:
Oracle Identity Manager Design Console Guide for information about adding and removing task attributesClick Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.
Repeat Step 5 through 11 to create the second scheduled task.
After you create both scheduled tasks, proceed to the "Step 8: Compiling Adapters" section.
The following table describes the required attributes for the relevant scheduled task on the Task Scheduler form.
| Attribute Name | Description | Sample Value |
|---|---|---|
Server |
Name of the IT resource | OracleITResource |
Target System Login Recon - Resource Object name |
Name of the target system parent resource object | Database Access (Login) |
Target System User Recon - Resource Object name |
Name of the target system child resource object | Database Access (User) |
Trusted Source Recon - Resource Object name |
Name of the trusted source resource object | Xellerate User |
DB2DBName |
Name of the IBM DB2 UDB target database from where data is reconciled
This attribute is required only for IBM DB2 UDB databases. |
TESTDB |
The following adapters are imported into Oracle Identity Manager when you import the connector XML file. You must compile these adapters before you can use them to provision accounts on the target system.
DB Revoke Role
DB Modify Password
DB Modify Login
DB Enable login
DB Disable login
adpDBDELETETABLESPACE
DB Delete Login
DB Create Login
DB Add TableSpace
DB Add Schema
DB Add Role
DB Delete TableSpace
DB Prepopulate UserLogin
DB Update Group
DB EnableSybaseUser
DB DisableSybaseUser
DB Delete User
DB Create User
DB Prepopulate UserLogin
To compile adapters by using the Adapter Manager form:
Open the Adapter Manager form.
To compile all the adapters that you import into the current database, select the Compile All option.
To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select the Compile Selected option.
Note:
Click Compile Previously Failed to recompile only those adapters that were not compiled successfully. Such adapters do not have anOK compilation status.Click Start. Oracle Identity Manager compiles the adapters that you specify.
To view detailed information about an adapter:
Highlight the adapter in the Adapter Manager form.
Double-click the row header of the adapter, or right-click the adapter.
Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.
Note:
To compile multiple adapters simultaneously, use the Adapter Manager form. To compile one adapter at a time, use the Adapter Factory form. Refer to Oracle Identity Manager Tools Reference Guide for information about how to use these forms.