Skip Headers
Oracle® Identity Manager Connector Guide for Database Tables
Release 9.0.1
Part Number B31115-01
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for database tables is used to integrate Oracle Identity Manager with database tables.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Supported Functionality

The following table lists the functions that are available with this connector.

Function Type Description
Create User Provisioning Creates a user
Delete User Provisioning Deletes a user
Enable User

or

Disable User

 Provisioning Enables or disables a user
Reset User's Password Provisioning Resets a user's password
Update User's First Name Provisioning Updates a user's first name
Update User's Last Name Provisioning Updates a user's last name
Update User's Group Provisioning Updates a user's group
Update User's Title Provisioning Updates a user's title
Update User's Department Provisioning Updates a user's department
Update User's Communication Language Provisioning Updates a user's communication language
Update User's Logon Language Provisioning Updates a user's logon language
Update User's Email Address Provisioning Updates a user's e-mail address
Update User's Telephone Number Provisioning Updates a user's telephone number
Update User's Time Zone Provisioning Updates a user's time zone
Update User's Date Format Provisioning Updates a user's date format
Update User's Role Provisioning Updates a user's role
Create User (Account Discovery) Reconciliation Reconciles new user accounts created
Delete User Reconciliation Reconciles user accounts that are deleted from the target system
Enable User

or

Disable User

 Reconciliation Reconciles user accounts that are enabled or disabled
Reset User's Password Reconciliation Reconciles user accounts with modified password
Update User's First name Reconciliation Reconciles user accounts with modified first name
Update User's Last Name Reconciliation Reconciles user accounts with modified last name
Update User's Group Reconciliation Reconciles user accounts with modified group
Update User's Title Reconciliation Reconciles user accounts with modified title
Update User's Department Reconciliation Reconciles user accounts with modified department
Update User's Communication Language Reconciliation Reconciles user accounts with modified communication language
Update User's Logon Language Reconciliation Reconciles user accounts with modified logon language
Update User's Email Address Reconciliation Reconciles user accounts found with modified e-mail address
Update User's Telephone Number Reconciliation Reconciles user accounts found with modified telephone number
Update User's Time Zone Reconciliation Reconciles user accounts found with modified time zone
Update User's Date Format Reconciliation Reconciles user accounts with modified date format
Update User's Decimal Notation Reconciliation Reconciles user accounts with modified decimal notation
Update User's Role Reconciliation Reconciles user accounts found with modified role

Reconciliation Module

The reconciliation module handles the reconciliation of new, updated, and deleted profiles in the target database application. It creates a reconciliation event for each user profile to be reconciled.

The default data fields of each reconciliation event record must be taken from the configuration XML file. For reconciliation of new or updated user profiles, the default data fields are declared in the reconcileCreateUpdate section of the XML file. For reconciliation of deleted user profiles, the default data elements are declared in the reconcileDelete section. The reconciliation configuration XML code for reconciliation provides the flexibility for enabling or disabling the reconciliation of created, updated, and deleted users.

The following sections describe the configuration XML file content for the following reconciliation types:

Reconciliation of New and Updated User Profiles

The following is sample code from the configuration XML file for reconciliation of new and updated user profiles:

<operation name = "reconcileCreateUpdate" enabled="true">
    <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select">
        <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
        data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
        required="true"
        col_type="xellerate" xel_data_source="xel_usr_id" /> 
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" 
        data_type="VARCHAR2" data_typ_size="20" col_info="foreign"
        required="true"  col_type="xellerate" xel_data_source="xel_usr_id" />
        <look_up_group logic_operator="NA">
             <record_lookup_key table_name="XELUSER1.MDL2_USER_PROF"
             logic_operator="NA" comparison_operator="&gt;="
             col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" 
             col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
             <record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET" 
             logic_operator="AND" comparison_operator="&gt;=" 
             col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" 
             col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
        </look_up_group>
        <look_up_group logic_operator="AND">
             <record_lookup_key logic_operator="NA" comparison_operator="="
             table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
             data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
             required="true" col_type="join" xel_data_source="xel_usr_id" /> 
             <record_lookup_key logic_operator="AND" comparison_operator="=" 
             table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" 
             data_type="VARCHAR2" data_typ_size="20" col_info="foreign"
             required="true" col_type="join" xel_data_source="xel_usr_id" />
        </look_up_group> 
    </task>
    <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select">
        <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" 
        data_type="VARCHAR2" data_typ_size="20" col_info="primary"
        required="true" col_type="xellerate" xel_data_source="xel_usr_id" />
        <column table_name="XELUSER1.MDL2_USER_PROF
        col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60" 
        required="true" col_type="xellerate" xel_data_source="xel_usr_first_
        name" /> 
        <column table_name="XELUSER1.MDL2_USER_PROF" 
        col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60" 
        required="true" col_type="xellerate" xel_data_source="xel_usr_first_
        name" />
        <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_LAST_NAME" 
        data_type="VARCHAR2" data_typ_size="60" required="true" col_
        type="xellerate" xel_data_source="xel_usr_last_name" />
        <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_PASSWORD" 
        data_type="VARCHAR2" data_typ_size="40" required="true" col_
        type="xellerate" xel_data_source="xel_usr_password" encrypt="false"
        reconcile="true" encryption_impl=
        "com.thortech.xl.integration.dbadapter.security.EncryptionSupportImpl
        "/>
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" 
        col_name="USR_GROUP" data_type="VARCHAR2" data_typ_size="50"
        required="true" col_type="xellerate" xel_data_source="xel_usr_group"
        />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ROLE"
        data_type="VARCHAR2" data_typ_size="50" required="false" col_
        type="xellerate" xel_data_source="xel_usr_role" /> 
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_TITLE"
        data_type="VARCHAR2" data_typ_size="50" required="false" col_
        type="xellerate" xel_data_source="xel_usr_title" /> 
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_DEPT"
        data_type="VARCHAR2" data_typ_size="50" required="false" col_ 
        type="xellerate" xel_data_source="xel_usr_dept" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_EMAIL"
        data_type="VARCHAR2" data_typ_size="60" required="false" col_ 
        type="xellerate" xel_data_source="xel_usr_email" /> 
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_COMM_LANG" data_type="VARCHAR2" data_typ_size="50"
        required="false" col_type="xellerate" xel_data_source="xel_usr_comm_ 
        lang" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_LOGON_LANG" data_type="VARCHAR2" data_typ_size="50"
        required="false" col_type="xellerate" xel_data_source="xel_usr_logon_
        lang" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_TEL_NO" data_type="VARCHAR2" data_typ_size="15" 
        required="false" col_type="xellerate" xel_data_source="xel_usr_tel_
        no" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_TIME_ZONE" data_type="VARCHAR2" data_typ_size="50"
       required="false" col_type="xellerate" xel_data_source="xel_usr_time_zone"        />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_DATE_FMT" data_type="VARCHAR2" data_typ_size="50"
        required="false" col_type="xellerate" xel_data_source="xel_usr_date_
        fmt" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_DEC_NTN" data_type="VARCHAR2" data_typ_size="50"
        required="false" col_type="xellerate" xel_data_source="xel_usr_dec_
        ntn" />
        <look_up_group logic_operator="NA">
            <record_lookup_key table_name="XELUSER1.MDL2_USER_PROF"
            logic_operator="NA" comparison_operator="&gt;=" 
            col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50"
            col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
            <record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET" 
           logic_operator="AND" comparison_operator="&gt;="
           col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50"
           col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
       </look_up_group> 
       <look_up_group logic_operator="AND">
           <record_lookup_key logic_operator="NA" comparison_operator="="
           table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
           data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
           required="true" col_type="xellerate" xel_data_source="xel_usr_id" 
           />
       </look_up_group>
       <look_up_group logic_operator="AND">
           <record_lookup_key logic_operator="NA" comparison_operator="="
           table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
           data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
           required="true" col_type="join" xel_data_source="xel_usr_id" />
           <record_lookup_key logic_operator="AND" comparison_operator="="
           table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID"
           data_type="VARCHAR2" data_typ_size="20" col_info="foreign"
           required="true" col_type="join" xel_data_source="xel_usr_id" />
       </look_up_group>
    </task>
</operation>

In the preceding sample configuration XML, the names of the data elements are the values given for the xel_data_source tag. You can change these names. For example, the value XEL_LAST_RECON_TIME highlighted in bold font in the preceding sample configuration XML code. The same name is also used as the label for elements in each reconciliation event record.

The create or update reconciliation operation involves running two tasks. The first task identifies the users who have been modified or created after the last reconciliation. This returns a list of key field values for the modified and new users.

For example, if the key field to identify a user is the user ID, then this task returns a list of user IDs corresponding to the user profiles that have been modified or created after the last reconciliation.

The second task collects all required information about these users for creating the reconciliation event. The division of tasks is designed for optimal use of memory.

The lookup groups in the task help create lookup conditions for retrieving relevant data. The preceding sample configuration XML code implements the following lookup conditions:

  • Join the two tables in which user profile information is stored, and retrieve nonrepeated data for these users.

  • Perform incremental reconciliation by retrieving only those records that are modified after the last reconciliation.

The second task has one more lookup for the user ID, so that user information can be retrieved for each user ID by using the first task.

The time at which the previous reconciliation run was completed is stored in the Reconciliation Timestamp IT resource parameter. This value is updated with the new system timestamp after the end of the current reconciliation run. This value is compared against the last updated time in the target database tables, as given in the configuration XML file. In this file, the time at which the last reconciliation run was completed is represented as XEL_LAST_RECON_TIME. It is a connector configuration constant. You must not change it.

Note that incremental reconciliation is possible only if the target application is capable of updating the last update time in its database while modifying or creating records. If the target application does not have this feature, then you must not create the lookup group for comparing the last reconciliation time.

Reconciliation of Deleted Users

The following is sample code from the configuration XML file for reconciliation of users deleted from the target system:

<operation name = "reconcileDelete" enabled="true">
     <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select">
          <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
          data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
          required="true" col_type="xellerate" xel_data_source="xel_usr_id" 
          />  
          <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
          col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20"
          col_info="foreign" required="true" col_type="xellerate"
          xel_data_source="xel_usr_id" />
          <look_up_group logic_operator="NA"> 
               <record_lookup_key logic_operator="NA" comparison_operator="="
               table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
               data_type="VARCHAR2" data_typ_size="20" col_info="primary"
               required="true" col_type="join"xel_data_source="xel_usr_id"/>
               <record_lookup_key logic_operator="AND" comparison_
               operator="=" table_name="XELUSER1.MDL2_USER_ADDN_DET"
               col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20"
               col_info="foreign" required="true" col_type="join
               xel_data_source="xel_usr_id" />
          </look_up_group>
     </task>
</operation>

Only user IDs are required for creating deletion reconciliation events. Therefore, the preceding configuration shows only the user ID as the data element to be retrieved according to the conditions given in the lookup group.

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:

Database Servers\Database Application Table\Database Application Table Rev 2.1.1.zip

These files and directories are listed in the following table.

File in the Installation Media Directory Description
The following files in the xml\Xellerate Config directory: 
CreateUserAdapter.xml
DBTablesresadp.xml
DeleteUserAdapter.xml
UpdateCommLangAdapter.xml
UpdateDaetFmtAdapter.xml
UpdateDateFmtAdapter.xml
UpdateDecNotnAdapter.xml
UpdateDeptAdapter.xml
UpdateEmailAdapter.xml
UpdateFirstNameAdapter.xml
UpdateGroupAdapter.xml
UpdateLastNameAdapter.xml
UpdateLogonLangAdapter.xml
UpdatePasswordAdapter.xml
UpdateRoleAdapter.xml
UpdateStatusAdapter.xml
UpdateTelNoAdapter.xml
UpdateTimeZoneAdapter.xml
UpdateTitleAdapter.xml
These XML files contain code for the functionality implemented by the connector.
The following files in the xml\DB Schema XML directory: 
OraApp1.xml
OraApp2.xml
OraPerf1.xml
SybApp1.xml
SybApp2.xml
xdb_app_map.xsd



jar\dbadapter.jar
This JAR file contains the class files that are used to implement provisioning and reconciliation. 
docs\B31115_01.pdf
docs\html
These are PDF and HTML versions of this guide, which provides instructions to deploy the connector.

The "Step 3: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us