2 Deploying the Connector

Deploying the connector involves the following steps:

• Step 1: Verifying Deployment Requirements

• Step 2: Configuring the Target System

• Step 3: Copying the Connector Files and External Code

• Step 4: Importing the Connector XML File

• Step 5: Configuring Reconciliation

• Step 6: Compiling Adapters

This chapter also discusses the following postdeployment steps:

• Security Considerations

• Troubleshooting

Step 1: Verifying Deployment Requirements

The following table lists the deployment requirements for the connector.

Item	Requirement
Oracle Identity Manager	Oracle Identity Manager release 8.5.3 or later
Target systems	The target system can be one of the following: Oracle9i Database Sybase 12.5.2
Target system host platforms	Solaris 9
External code	xerces.jar (the XML parser) classes12.zip (required if the target system is Oracle Database) jconn2.jar (required if the target system is Sybase)

In addition to the requirements mentioned in the preceding table, you must ensure that the following requirements are addressed:

• JDBC connectivity is available to the target database.

• The target database application schema is analyzed and the corresponding XML file is available according to the IT resource definition.

• The JDBC driver and Xerces classes are available in the Oracle Identity Manager classpath.

• For secure connectivity to the target database, the required configuration has been performed on the database server.

Step 2: Configuring the Target System

For successful provisioning and reconciliation, you must analyze and configure the schema of the target application according to the configuration XML file. The configuration file is validated against the XML schema for database applications. Therefore, it is recommended that you review the schema before creating the XML file.

The configuration XML file can be divided into the following sections:

• target_application

• target_database

• mapping_data

• database_adapter

target_application

This section is used to identify the target application. The purpose of this section is to provide information that simplifies maintenance of the configuration file.

Section	Description	Attributes
Database	Name of the database	name
target_app_name	Name of the application	None
target_app_ver	Version of the application	None
target_app_provider	Vendor or provider of the application	None

target_database

This section contains information that is used to configure the database connection properties.

See Also:

"Security Considerations"

mapping_data

This section is used to keep track of the configuration files modification history.

database_adapter

This section is divided into operations. Each operation is further divided into one or more tasks. The number of tasks in an operation depends on the number of tables involved in the operation. Tasks are divided into columns depending on the target application table.

The following table explains the organization of the database_adapter section.

Description of the Section	Description of the Attributes	Possible Values of the Attributes
operation Each operation is linked with an Oracle Identity Manager connector.	name Type of Oracle Identity Manager operation	create, update, delete, reconcileCreateUpdate, or reconcileDelete
task Each operation is divided into one or more tasks. The number of tasks in an operation depends on the number of tables involved in the operation.	table_name Name of the table on which the task is going to operate	Any valid table name
	xeltask_type Type of task in the database	insert, update, delete, or select
column It is a representation of a single column in the target application table.	col_name Name of the column	Any valid column name
	data_type Data type	VARCHAR, VARCHAR2, CHAR, LONGVARCHAR, REAL, DOUBLE, NUMERIC, DECIMAL, FLOAT, DATE, TIME, TIMESTAMP, NULL, BOOLEAN, OTHER, or INTEGER
	data_typ_size Data type size	20
	col_info Table indexing and relation to other tables	primary or secondary
	required Specifies whether or not the value of this column can be NULL	true or false
	col_type Data source for the column to be used while creating a user	xellerate, default, substitute, or interface substitute: To use, for example, SYSDATE. xellerate: Provided by Oracle Identity Manager default: Some default value interface
	xel_data_source If col_type is substitute, then xel_data_source holds the substitution string (can be used for functions like sysdate, sequence.nextVal). If col_type is default, then xel_data_source holds the default value. If col_type is xellerate, then xel_data_source holds the mapped Oracle Identity Manager attribute name.	<mapped attributes name>/"E"/ SYSDATE
	encrypt Specifies whether or not this data must be encrypted	true or false
	reconcile Specifies whether or not this field can be reconciled	true or false
	encryption_impl Encryption method implementation class that provides this operation	Any fully qualified class name
look_up_group Grouping of lookup fields	logic_operator Used to connect two lookup groups with an operator	AND or OR
record_lookup_key This tag is used to collect the information required to identify a particular record in a table. Note that multiple lookup keys can be used to identify a record in a table.	logic_operator Used to connect two record lookup keys (column) with an operator in a group	AND or OR
	comparison_operator Operator used to compare the data with the given data for the column	&lt; &gt; = &gt;= &lt;= !=
	table_name Name of the table	Any table name
	col_name Name of the column	Any column name
	data_type Data type	VARCHAR, VARCHAR2, CHAR, LONGVARCHAR, REAL, DOUBLE, NUMERIC, DECIMAL, FLOAT, DATE, TIME, TIMESTAMP, NULL, BOOLEAN, OTHER, or INTEGER
	data_typ_size Data type size	20
	col_info Table indexing and relation to other tables	primary or secondary
	required Specifies whether or not the value of this column can be NULL	true or false
	col_type In addition, the following tag is applicable here: join - xel_data_source This tag holds the common column to match for select query.	Xellerate and Default
	xel_data_source In addition to the description in the column section above, if col_type is join, then the value of xel_data_source is the mapped Oracle Identity Manager attribute name that is to be logically compared with the logic_operator.	<mapped attributes name> /"E"/ SYSDATE

Sample Configuration

Consider the following target database tables in Oracle Database.

MDL2_USER_PROF

Field Name	Type and Length	Comments	Required/Optional
USR_ID	VARCHAR(20)	Primary Key	Required
USR_FIRST_NAME	VARCHAR(60)	None	Required
USR_LAST_NAME	VARCHAR(60)	None	Required
USR_PASSWORD	VARCHAR(40)	None	Required
USR_STATUS	VARCHAR(5)	Default value is true	Required
USR_LAST_UPDATE	DATE	SYSDATE	Required

MDL2_USER_ADDN_DET

Field Name	Type and Length	Comments	Required/Optional
USR_ID	VARCHAR(20)	Foreign Key	Required
USR_GROUP	VARCHAR(50)	None	Optional
USR_ROLE	VARCHAR(50)	None	Optional
USR_TITLE	VARCHAR(50)	None	Optional
USR_DEPT	VARCHAR(50)	None	Optional
USR_EMAIL	VARCHAR(60)	None	Optional
USR_COMM_LANG	VARCHAR(50)	None	Optional
USR_LOGON_LANG	VARCHAR(50)	None	Optional
USR_TEL_NO	VARCHAR(15)	None	Optional
USR_TIME_ZONE	VARCHAR(50)	None	Optional
USR_DATE_FMT	VARCHAR(50)	None	Optional
USR_DEC_NTN	VARCHAR(50)	None	Optional
USR_LAST_UPDATE	DATE	SYSDATE	Required

Sample configurations discussed in the following sections are based on the structure of these two tables:

• Create User Configuration

• Update User Properties Configuration

• Update User Password Configuration

• Delete User Configuration

Create User Configuration

To create a user, the configuration XML must contain the table name, column names, and properties of each column. This is illustrated in the following sample XML code.

<operation name="create">
    <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="insert">
        <column col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" 
        col_info="primary" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_id" />
        <column col_name="USR_FIRST_NAME" data_type="VARCHAR2" 
        data_typ_size="60" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_first_name" />
        <column col_name="USR_LAST_NAME" data_type="VARCHAR2" 
        data_typ_size="60" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_last_name" />
        <column col_name="USR_PASSWORD" data_type="VARCHAR2" 
        data_typ_size="40" required="true" col_type="xellerate"
        xel_data_source="xel_usr_password" encrypt="false" reconcile="false" 
        encryption_impl=
        "com.thortech.xl.integration.dbadapter.security.EncryptionSu
        pportImpl" />
        <column col_name="USR_LAST_UPDATE" data_type="DATE" 
        data_typ_size="60" required="true" col_type="substitute" 
        xel_data_source="sysdate" />
    </task>
    <task table_name="XELUSER1.MDL2_USER_ADDN_DET" xeltask_type="insert">
        <column col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" 
        col_info="primary" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_id" />
        <column col_name="USR_GROUP" data_type="VARCHAR2" 
        data_typ_size="50" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_group" />
        <column col_name="USR_ROLE" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_role" />
        <column col_name="USR_TITLE" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_title" />
        <column col_name="USR_DEPT" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_dept" />
        <column col_name="USR_EMAIL" data_type="VARCHAR2" 
        data_typ_size="60" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_email" />
        <column col_name="USR_COMM_LANG" data_type="VARCHAR2"
        data_typ_size="50" required="false" col_type="xellerate"
        xel_data_source="xel_usr_comm_lang" />
        <column col_name="USR_LOGON_LANG" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_logon_lang" />
        <column col_name="USR_TEL_NO" data_type="VARCHAR2" 
        data_typ_size="15" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_tel_no" />
        <column col_name="USR_TIME_ZONE" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_time_zone" />
        <column col_name="USR_DATE_FMT" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_date_fmt" />
        <column col_name="USR_DEC_NTN" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_dec_ntn" />
        <column col_name="USR_LAST_UPDATE" data_type="DATE" 
        data_typ_size="60" required="true" col_type="substitute"
        xel_data_source="sysdate"/>
    </task>
</operation>

Update User Properties Configuration

The update operation requires lookup information for identifying the user and properties of the columns that are to be updated. This is illustrated in the following sample XML code.

<operation name="update" xel_data_source="xel_usr_dept">
     <task table_name="XELUSER1.MDL2_USER_ADDN_DET" xeltask_type="update"> 
          <column col_name="USR_DEPT" data_type="VARCHAR2"
          data_typ_size="50" required="true" col_type="xellerate" 
          xel_data_source="xel_usr_dept" /> 
          <column col_name="USR_LAST_UPDATE" data_type="DATE" 
          data_typ_size="60"  required="true" col_type="substitute" 
          xel_data_source="sysdate" />
          <look_up_group logic_operator="NA"> 
              <record_lookup_key 
              table_name="XELUSER1.MDL2_USER_ADDN_DET" 
              logic_operator="NA"  comparison_operator="=" col_name="USR_ID" 
              data_type="VARCHAR2" data_typ_size="20" required="true" 
              col_type="xellerate" xel_data_source="xel_usr_id"/>
          </look_up_group>
     </task>
</operation>

Update User Password Configuration

The update password operation works the same way as the update user operation. In addition, it performs data encryption if the encrypt attribute is set to true. In such a situation, the Java class corresponding to the EncriptionSupportInf implementation class name from the encryption_impl attribute is loaded and used for data encryption before it is updated into the database.

This is illustrated in the following sample XML code.

<operation name="update" xel_data_source="xel_usr_password">
    <task table_name="XELUSER1.MDL1_USER_PROF" xeltask_type="update"> 
         <column col_name="USR_PASSWORD" data_type="VARCHAR2" 
         data_typ_size="40" required="true" col_type="xellerate" 
         xel_data_source="xel_usr_password" encrypt="true" reconcile="false" 
         encryption_impl=
         "com.thortech.xl.integration.dbadapter.security.EncryptionSu
         pportImpl" />
         <column col_name="USR_LAST_UPDATE" data_type="DATE" 
         data_typ_size="60"  required="true" col_type="substitute" 
         xel_data_source="sysdate" />
         <look_up_group logic_operator="NA"> 
              <record_lookup_key table_name="XELUSER1.MDL1_USER_PROF" 
              logic_operator="NA"  comparison_operator="=" col_name="USR_ID"
              data_type="VARCHAR2" data_typ_size="20" required="true" 
              col_type="xellerate" xel_data_source="xel_usr_id"/>
         </look_up_group>  
    </task>
</operation>

Delete User Configuration

The delete operation requires only lookup information to find the user. Column information is used to find the user in the table. The following is sample configuration XML code based on the structure of the MDL2_USER_PROF and MDL2_USER_ADDN_DET tables.

The lookup_up_group tags are used to group lookup conditions provided in record_lookup_key.

Note:

There are two tasks to delete the user record from both tables. It is important to run the task related to the secondary table before the primary table task. If the order is not correct, then a referential integrity exception is thrown.

<operation name="delete">
    <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="delete"> 
        <look_up_group logic_operator="NA"> 
             <record_lookup_key logic_operator="NA"  comparison_operator="=" 
             col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" 
             required="true" col_type="xellerate" xel_data_source="xel_usr_
             id"/>
        </look_up_group> 
    </task>
    <task table_name="XELUSER1.MDL1_USER_PROF" xeltask_type="delete"> 
        <look_up_group logic_operator="NA"> 
             <record_lookup_key logic_operator="NA"  comparison_operator="=" 
             col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20"  
             required="true" col_type="xellerate" xel_data_source="xel_usr_
             id"/>
        </look_up_group> 
    </task> 
</operation>

Step 3: Copying the Connector Files and External Code

The connector files to be copied and the directories to which you must copy them are given in the following table.

Note:

The directory paths given in the first column of this table correspond to the location of the connector files in the following ZIP file on the installation media:

Database Servers\Database Application Table\Database Application Table Rev 2.1.1.zip

Refer to "Files and Directories That Comprise the Connector" for more information about these files.

Files in the Installation Media Directory	Destination Directory
The following files in the xml\Xellerate Config directory: CreateUserAdapter.xml DBTablesresadp.xml DeleteUserAdapter.xml UpdateCommLangAdapter.xml UpdateDaetFmtAdapter.xml UpdateDateFmtAdapter.xml UpdateDecNotnAdapter.xml UpdateDeptAdapter.xml UpdateEmailAdapter.xml UpdateFirstNameAdapter.xml UpdateGroupAdapter.xml UpdateLastNameAdapter.xml UpdateLogonLangAdapter.xml UpdatePasswordAdapter.xml UpdateRoleAdapter.xml UpdateStatusAdapter.xml UpdateTelNoAdapter.xml UpdateTimeZoneAdapter.xml UpdateTitleAdapter.xml	xellerate_home\xellerate\XLIntegrations\xml\Xellerate Config
The following files in the xml\DB Schema XML directory: OraApp1.xml OraApp2.xml OraPerf1.xml SybApp1.xml SybApp2.xml xdb_app_map.xsd	xellerate_home\xellerate\XLIntegrations\xml\DB Schema
jar\dbadapter.jar	xellerate_home\xellerate\JavaTasks
docs\B31115_01.pdf docs\html	xellerate_home\xellerate\XLIntegrations\docs

Copy the following files to the xellerate_home\xellerate\ext directory:

• classes12.zip (for Oracle Database) or jconn2.jar (for Sybase)

• xerces.jar

Step 4: Importing the Connector XML File

To import the connector XML file into Oracle Identity Manager:

1. Open the Oracle Identity Manager Administrative and User Console.

2. Click the Deployment Management link on the left navigation bar.

3. Click the Import link under Deployment Management. A dialog box for locating files is displayed.

4. Locate and open the DBTablesresadp.xml file, which is in the xellerate_home\xellerate\XLIntegrations\xml\Xellerate Config directory. Details of this XML file are shown on the File Preview page.

5. Click Add File. The Substitutions page is displayed.

6. Click Next. The Confirmation page is displayed.

7. Click Next. The Provide IT Resource Instance Data page for the Oracle IT resource is displayed.

8. Specify values for the parameters of the Oracle IT resource. Use the table given in the "Defining IT Resources" section for information about the values to be specified.

9. Click Next. The Provide IT Resource Instance Data page for a new instance of the Database IT resource type is displayed.

10. Click Skip to specify that you do not want to define another IT resource. The Confirmation page is displayed.

    See Also:

    If you want to define another IT resource, then refer to Oracle Identity Manager Tools Reference Guide for instructions.

11. Click View Selections.

    The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. You must remove these nodes. To do this, right-click each such node and then select Remove.

12. Click Import. The connector file is imported into Oracle Identity Manager.

After you import the connector XML file, proceed to the "Step 5: Configuring Reconciliation" section.

Defining IT Resources

You must specify values for the Oracle IT resource parameters listed in the following table.

Parameter Name	Parameter Description
Database User ID	Database user ID on the target database Sample value: xeluser
Database Password	Database user password on the target database Sample value: xeluser
Database URL	JDBC URL for the target database Sample value: jdbc:acmewidgets:thin:@server ip:port:sid
Database Driver	JDBC driver class Sample value: acmewidgets.jdbc.driver.AcmeDriver
Application Name	Target application name Sample value: myapplication
Configuration XML Path	Database connector configuration XML file path
Reconciliation Timestamp	Variable to store last create/update reconciliation time. This value is updated by the reconciliation adapter. You need not manually provide any data.

After you specify values for these IT resource parameters, go to Step 9 of the procedure to import connector XML files.

Step 5: Configuring Reconciliation

Configuring reconciliation involves creating the reconciliation scheduled task.

To create this scheduled task:

1. Open the Oracle Identity Manager Design Console.

2. Expand the Xellerate Administration folder.

3. Select Task Scheduler.

4. Click Find. The details of the predefined scheduled task are displayed.

5. Enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager should attempt to complete the task before assigning the ERROR status to the task.

6. Ensure that the Disabled and Stop Execution check boxes are cleared.

7. In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.

8. In the Interval region, set the following schedule parameters:

   • To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.

     If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.

   • To set the task to run only once, select the Once option.

9. Provide values for the attributes of the scheduled task. Refer to the appropriate table in the "Specifying Values for the Scheduled Task Attributes"section for information about the values to be specified.

   See Also:

   Oracle Identity Manager Design Console Guide for information about adding and removing task attributes

10. Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.

After you define the scheduled task, proceed to the "Step 6: Compiling Adapters" section.

Specifying Values for the Scheduled Task Attributes

You must specify values for the following attributes of the reconciliation scheduled task.

Note:

Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

Attribute	Description
resource	Name of the IT resource for which the reconciliation process is to be run
application	Name of the target database application that should be reconciled
objectName	Resource object name of the connector

After you specify values for these scheduled task attributes, go to Step 10 of the procedure to create scheduled tasks.

Step 6: Compiling Adapters

The following adapters are imported into Oracle Identity Manager when you import the XML connector file. You must compile these adapters before you can use them to provision accounts on the target system.

• DBRES Create User

• DBRES Update First Name

• DBRES Update Last Name

• DBRES Update Password

• DBRES Update Status

• DBRES Update Title

• DBRES Update Department

• DBRES Update Email

• DBRES Update Communication Language

• DBRES Update Logon Language

• DBRES Update Time Zone

• DBRES Update Date Format

• DBRES Update Telephone Number

• DBRES Update Decimal Notation

• DBRES Delete User

To compile adapters by using the Adapter Manager form:

1. Open the Adapter Manager form.

2. To compile all the adapters that you import into the current database, select the Compile All option.

   To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select the Compile Selected option.

3. Click Start. Oracle Identity Manager compiles the adapters that you specify.

To view detailed information about an adapter:

1. Highlight the adapter in the Adapter Manager form.

2. Double-click the row header of the adapter, or right-click the adapter.

3. Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.

Note:

To compile multiple adapters simultaneously, use the Adapter Manager form. To compile one adapter at a time, use the Adapter Factory form. Refer to Oracle Identity Manager Tools Reference Guide for information about how to use these forms.

Security Considerations

This section outlines security considerations that you must address when working with this connector. The following topics are discussed in this section:

• Secure JDBC Connectivity

• Password Encryption and Decryption

Secure JDBC Connectivity

It is possible to establish secure JDBC connectivity with the target database by including the appropriate configuration in the configuration XML file and enabling the database server. Note that the security configuration differs with respect to the target database.

Configuration for Oracle Database

The following is the security configuration for Oracle Database:

<target_database>
     <database name="Oracle">
           <properties>
           <encryption_nego_level impl_class_name="oracle.net.encryption_
           client" value ="REQUESTED"/>
           <encryption_algorithm impl_class_name="oracle.net.encryption_
          client" value="DES40"/> 
          <crypto_seed impl_class_name="oracle.net.crypto_seed" 
          value="xelsysadmin_seed"/>
          <crypto_checksum_level 
          impl_class_name="oracle.net.crypto_checksum_client" 
          value="REQUIRED"/>
          <crypto_checksum_client 
          impl_class_name="oracle.net.crypto_checksum_types_client" 
          value="MD5"/>
    </properties>
    </database
</target_database> 

This configuration contains the security properties to be provided to the JDBC driver for establishing a secure connection to Oracle Database. Note that if these parameters are not provided, then a nonsecure JDBC connection is established to the target database.

The following are the permitted values for each configuration parameter mentioned earlier.

Properties	Possible Values
encryption_nego_level	REJECTED, ACCEPTED, REQUESTED, or REQUIRED
encryption_algorithm	RC4_256, RC4_128, RC4_56, RC4_40, AES256, AES192, AES128, 3DES168, 3DES112, DES, or DES40
crypto_seed	Encryption Seed
crypto_checksum_level	REJECTED, ACCEPTED, REQUESTED, or REQUIRED
crypto_checksum_client	MD5 or SHA1

Configuration for Sybase

The following is the security configuration for Sybase:

<target_database>
<database name="Sybase">
    <properties>
        <cipher_suites impl_class_name="CIPHER_SUITES_1" 
        value="SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"/>
    </properties>
</database>
</target_database> 

The possible values for cipher suite are as follows:

• SSL_DH_anon_EXPORT_WITH_RC4_40_MD5

• SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA

• SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

• SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

Password Encryption and Decryption

You can implement third-party encryption and decryption algorithms when you use this connector. The connector exposes the EncryptionSupportIntf interface, which must be implemented by the target database developer and made available in the Oracle Identity Manager classpath.

While configuring the encryption for a column, the fully qualified class name must be provided. Before updating the data in the database, the connector encrypts the data. If reconciliation of the encrypted password is possible, then the decryption method is used to retrieve the actual password and to reconcile the password to Oracle Identity Manager.

Troubleshooting

The following table provides solutions to some commonly encountered issues associated with this connector.

Problem Description	Returned Error Code	Solution
Oracle Identity Manager cannot establish a connection to the target database.	DATABASE CONNECTION FAILED	Ensure that the target database is running and available on the network. Check the connection information for the target database, which is specified in the IT resource definition. Check the authentication information for the target database, which is specified in the IT resource definition.
	DATABASE DRIVER NOT LOADED	Ensure that the database driver is available in the Oracle Identity Manager classpath.
A provisioning operation fails with an error code other than those described in the following rows.	CONFIGURATION ERROR	Ensure that the configuration XML file given in the IT resource definition exists at the specified file system path. Ensure that the XML schema file exists at the location specified in the configuration XML file. Ensure that the XML file adheres to the XML schema specified inside the file itself.
	DATA SIZE MISMATCH	Ensure that the data size of the user profile attributes in the XML file adheres to the process form limitations.
	MANDATORY FIELD MISSING	Ensure that values are provided for all user attributes specified as required in the configuration XML file. This can happen even if a blank string is provided. Ensure that the process form is designed with fields marked as required according to the configuration XML file.
	DATABASE OPERATION FAILED	Ensure that the maximum size of user profile attributes given in the configuration XML file matches the size defined in the actual database schema. Ensure that all the mandatory fields of the database table are marked as required in the configuration XML file.
Create User provisioning operation fails	USER ALREADY EXISTS	Check if the target database table already has a record with the same user ID (or a combination of whichever primary key fields exist for the table).
Create User or Reset Password provisioning operation fails	ENCRYPTION INTERFACE MISSING	Check if password encryption is set to true in the configuration XML file. Ensure that the encryption interface implementation class is available in the Oracle Identity Manager classpath.
	ENCRYPT/DECRYPT ERROR	This error occurs if an exception is thrown from the encryption implementation class. Check if the encryption implementation class is working correctly. Check the logs for a description of the error and stack trace.
Update Any User Profile Attribute, Delete a User, or Revoke a Provisioned Resource Object from a User provisioning operation fails	USER DOES NOT EXIST	Check if the record for the user for whom the provisioning operation is attempted exists in the target database tables.