| Oracle® Application Server Developer's Guide for Microsoft Office Interoperability 10g Release 3 (10.1.3.1.0) Part Number B28947-01 |
|
|
View PDF |
| Oracle® Application Server Developer's Guide for Microsoft Office Interoperability 10g Release 3 (10.1.3.1.0) Part Number B28947-01 |
|
|
View PDF |
This chapter describes how you can do the following:
Get up-to-date information about employees whose identity information is integrated in Microsoft Outlook contacts.
Create and receive organization alerts that are sent when any user identity information is changed.
It contains the following sections:
Whether user information is stored in Microsoft Active Directory, or in Oracle Internet Directory, it is expected that information in Microsoft Outlook Contacts is always up-to-date. When changes are made in an enterprise application, such as Sales Force Automation, or a Human Resources Management Systems, updates to the directory should be reflected immediately in Microsoft Outlook Contacts. In addition, alerts about organizational changes may need to be sent as soon as they happen.
Oracle Identity Management enables you to reduce administrative time and costs by integrating your applications and directories, including third-party LDAP directories, with Oracle Internet Directory. It does this by using Oracle Directory Integration Platform.
Throughout the integration process, Oracle Directory Integration Platform ensures that the applications and other directories receive and provide the necessary information in a reliable way. Oracle provides centralized security administration by integrating components with Oracle Identity Management. Similarly, Microsoft provides centralized security administration in Microsoft Windows by integrating Microsoft applications with Microsoft Active Directory. If your environment uses both Oracle Identity Management and Microsoft Active Directory, then, to enable interoperability between the two systems, you must synchronize their data. You can do this by using Oracle's Active Directory Connector.
This chapter describes what must be done to ensure contact data in Microsoft Outlook Contacts is always up-to-date in an environment where both Microsoft Exchange and Microsoft Active Directory are used together with Oracle Internet Directory. Microsoft Active Directory and Oracle Internet Directory must be synchronized (integrated) in order to ensure that both have the same up-to-date contact data. This chapter describes how to achieve accurate and timely directory synchronization.
In addition, this chapter also covers the steps that must be performed if an Oracle solution is used to send alerts about organizational changes. These steps include configuring Oracle Directory Integration Platform and Oracle BPEL Process Manager to generate organization alerts whenever user identity information changes in Oracle Internet Directory.
When user identity information changes in an enterprise application, Oracle Internet Directory is updated with this information. Using Active Directory Connector to synchronize Microsoft Active Directory and Oracle Internet Directory ensures that Microsoft Outlook Contacts data is always up-to-date.
|
Note: If you are using Oracle Collaboration Suite applications with Microsoft Outlook, then you must use Oracle Connector for Outlook, to enable interoperability of management tasks in Oracle Collaboration Suite applications with Microsoft Outlook. Refer to Chapter 9, "Managing Tasks and Collaborating in Microsoft Outlook" for more information. |
The following topics describe the components used in enabling interoperability between Oracle Identity Management and Microsoft Active Directory, and a few related concepts.
Oracle Internet Directory
Oracle Internet Directory is a critical component of Oracle Application Server management and security infrastructure. It ensures that user accounts and groups are managed centrally through the LDAP Version 3 standard. Oracle Application Server enables user accounts and groups to be created centrally in Oracle Internet Directory and shared across all components in Oracle Application Server. When users log in, they are authenticated once by Oracle Application Server Single Sign-On against their Oracle Internet Directory credentials, and can thereby access multiple applications seamlessly.
Oracle Directory Integration Platform
Oracle Directory Integration Platform enables users to synchronize data between various directories and Oracle Internet Directory. Oracle Directory Integration Platform is a set of services and interfaces that makes it possible to develop synchronization solutions with third-party directories and other enterprise repositories. Oracle Directory Integration Platform includes a connector, called Active Directory Connector, for out-of-the-box synchronization with Microsoft Active Directory.
Oracle Application Server Single Sign-On
OracleAS Single Sign-On enables users to access Oracle Web-based components by logging in only once. Oracle components delegate the login function to the OracleAS Single Sign-On server. When a user first logs in to an Oracle component, the component directs the login to the OracleAS Single Sign-On server. The OracleAS Single Sign-On server compares the credentials entered by the user to those stored in Oracle Internet Directory. After verifying the credentials, the OracleAS Single Sign-On server grants the user access to all components the user is authorized to use throughout the current session.
OracleAS Single Sign-On enables native authentication in a Microsoft Windows environment, using the user's Kerberos credentials.
|
See Also: Oracle Identity Management Integration Guide for details about configuring Windows native authentication. |
Directory Synchronization
Synchronization, which is a service of Oracle Directory Integration Platform, enables you to make changes persist between Oracle Internet Directory and connected directories, like Microsoft Active Directory. For all directories to both use and provide only the latest data, each directory must be informed of change made in the other connected directories. Synchronization ensures that any change to directory information is kept consistent.
Connectors for Directory Synchronization
To synchronize between Oracle Internet Directory and a connected directory, Oracle Directory Integration Platform relies on a prepackaged connectivity solution called a connector. Minimally, this connector consists of a directory integration profile containing all the configuration information required for synchronization, including the following:
Direction of synchronization
Type of interface
Mapping rules and formats
Connection details of the connected directory
Other information
Active Directory Connector
Oracle Directory Integration Platform includes connectors to synchronize Oracle Internet Directory with other LDAP directories or identity stores. One of its connectors, Active Directory Connector, is designed to synchronize Oracle Internet Directory with Microsoft Active Directory.
Active Directory Connector enables any the following:
Establishing one-way or two-way synchronization with Microsoft Active Directory.
Synchronizing a specific subset of attributes. Configure appropriate mapping rules in the connector profile to do this.
Synchronizing with multiple Microsoft Active Directory domains. Synchronize changes with an individual domain or an entire Microsoft Active Directory environment by using Microsoft Global Catalog Server.
Using Active Directory Connector for Microsoft Exchange Provisioning
Active Directory Connector, available as part of Oracle Identity Management release 10.1.2, can be used for provisioning users to Microsoft Exchange. This is applicable in deployments having Microsoft Active Directory Server 2000 or later as their identity store. Provisioning users to Microsoft Exchange Server involves creating a user account in the corresponding Microsoft Active Directory with Microsoft Exchange-specific user attributes. These attributes contain details about the Microsoft Exchange server, mail transfer agent, proxy address, and so on. To configure provisioning to Microsoft Exchange, the default mapping rules for Active Directory Connector are enhanced to include Microsoft Exchange-specific mapping rules.
In the scenario described in this chapter, it is assumed that you have deployed Microsoft Exchange 2000 or later with Microsoft Active Directory as its back-end repository, and Microsoft Office, specifically Microsoft Outlook as the e-mail client. The scenario expects the following Oracle software components to be installed:
Oracle Application Server Infrastructure 10g Release 2 (10.1.2.0.2)
An Oracle Directory Integration Platform patch
This patch is required to perform Microsoft Exchange specific mappings in express configuration. Perform the following steps to install the patch:
Download an Automated Release Update (ARU) for bug 5066404.
You can download ARUs from OracleMetalink at http://metalink.oracle.com.
Follow the instructions provided in the Readme for the patch.
(Optional) Oracle BPEL Process Manager 10g Release 2 (10.1.2.0.2)
To configure organization alerts using Oracle BPEL Process Manager, as shown in Section 10.3.2, "Procedure 2: Configuring BPEL-Based Organization Alerts", the following software must be installed:
To configure the BPEL process, you must use the Oracle JDeveloper BPEL Designer that is part of the standalone version of Oracle BPEL Process Manager. You can install this by selecting the BPEL Process Manager for Developers option during installation.
To deploy the sample BPEL process described in Section 10.3.2, "Procedure 2: Configuring BPEL-Based Organization Alerts", you must install BPEL Process Manager for Oracle Application Server middle tier. This requires a J2EE and Web Cache installation type of Oracle Application Server 10g Release 2 (10.1.2.0.2) in the same Oracle home directory. Additionally, you must have Oracle Application Server Metadata Repository installed.
|
See Also: Oracle Application Server BPEL Process Manager Installation Guide on the Oracle BPEL Process Manager page on OTN at |
The support files and folders in the identitymanagement demonstration folder. Refer to Accessing the Demonstration Support Files in the Preface for details about the demonstration support files. These files and folders are listed and described in Table 10-1.
Table 10-1 Identity Management Files and Folders
| File or Folder | Description |
|---|---|
|
|
Folder that contains the BPEL process called Copy the |
|
|
Folder that contains the SQL script to create the schema, and corresponding packages to propagate organization alerts. |
|
|
SQL script file used to create a schema for organization alerts. |
|
Note: Download the contents of theidentitymanagement folder into a new folder named identitymanagement under the BPEL_ORACLE_HOME\integration\orabpel\samples\demos folder, for example, C:\OraBPELPM_1\integration\orabpel\samples\demos\identitymanagement\. |
This section will provide the following procedures, based on example data:
Procedure 1: Synchronizing Enterprise Identity Information
Configure an enterprise environment where the user identity information is always consistent and up-to-date between Oracle Internet Directory and Microsoft Exchange.
Procedure 2: Configuring BPEL-Based Organization Alerts
Use Oracle Directory Integration Platform and Oracle BPEL Process Manager to create and receive organization alerts that are sent when user identity information changes.
User identity information can be stored in many places, but some common directories are Oracle Internet Directory and Microsoft Active Directory. Microsoft Exchange version 2000 or later uses Microsoft Active Directory as its identity store. This procedure shows you how to synchronize Oracle Internet Directory with Microsoft Active Directory.
A very common enterprise scenario is illustrated in Figure 10-1. Enterprise applications, for example, the Human Resources Management System, update user identity information in Oracle Internet Directory. Oracle Directory Integration Platform synchronizes user identity information between Oracle Internet Directory and Microsoft Active Directory by using Active Directory Connector. Microsoft Active Directory is used by Microsoft Exchange as the identity store. Users in the enterprise use Microsoft Outlook to read their e-mail and to get up-to-date contact information. Besides setting up the Microsoft Active Directory synchronization, you must perform some additional configuration to provision Microsoft Exchange-specific attributes.
Figure 10-1 Oracle Internet Directory Interoperability with Microsoft Active Directory and Microsoft Exchange
The subsequent example describes how Microsoft Exchange and Microsoft Active Directory may need to be synchronized with Oracle Internet Directory.
The context of this example is the Union Loan Company, which has hundreds of employees. Union Loan Company uses Oracle Application Server for its enterprise applications, Oracle Internet Directory for central identity management, and Microsoft Exchange server with Microsoft Active Directory for e-mail and contact information. Employees use Microsoft Outlook.
Assume that Union Loan Company hires John Steinbeck as a new loan approver. John's personal information is entered into the Human Resources Management System, and provisioned to Oracle Internet Directory. Directory synchronization is set up between Oracle Internet Directory and Microsoft Active Directory. Additional configuration modifications ensure that all the Microsoft Exchange-specific attributes were modified appropriately. As a result, John's profile now shows up in Microsoft Outlook and John's manager and co-workers can now quickly look up his telephone number. Directory integration ensures that change in user identity information, such as a change of John's telephone number, will almost immediately be visible in everyone's Microsoft Outlook Contacts.
To provision users in Microsoft Exchange, that is, to push data from Oracle Internet Directory to Microsoft Active Directory, you must use Active Directory Connector to synchronize all the attributes of the data that is exchanged. Figure 10-1 illustrates how this interoperability works. To ensure that this data is ready to be used by Microsoft Exchange, however, you must make some changes to the mapping rules. To synchronize between Oracle Internet Directory and Microsoft Active Directory, a directory integration profile for synchronization must be created that contains all the configuration information required for synchronization to Microsoft Exchange. To do this, perform the steps in the following sections:
The Oracle Directory Integration Platform server includes an express configuration option that you can run with Directory Integration and Provisioning Assistant. This type of configuration uses certain predefined values and creates two synchronization connector profiles, one for import and one for export, pointing to Microsoft Active Directory.
|
See Also: Oracle Identity Management Integration Guide for more information about express configuration. |
Run express configuration by using the Directory Integration and Provisioning Assistant tool as follows:
Start the Oracle Directory Integration Platform Server Administration tool by entering the following command:
INFRA_ORACLE_HOME/bin/dipassistant expressconfig –h <oid_host> -p <oid_non-SSL_port> -configset <DIP_configuration_set> -3rdpartyds adforexchange
where, DIP_configuration_set refers to the configuration set for Oracle Directory Integration Platform. The default value is 1. For example:
INFRA_ORACLE_HOME/bin/dipassistant expressconfig –h m1.abc.com \
-p 389 -configset 1 -3rdpartyds adforexchange
You are prompted for information about the setup. Enter appropriate values as described in Table 10-2.
Table 10-2 Parameters for Running the dipassistant Tool
| Parameter | Description |
|---|---|
|
OID user name |
Oracle Internet Directory user name. Specify the super user, that is, |
|
OID password |
Password for the Oracle Internet Directory user. |
|
Active Directory Host |
Host name of the Microsoft Active Directory. |
|
Active Directory Port |
Microsoft Active Directory port number. |
|
Account Name |
User name of a privileged Microsoft Active Directory user. Note: To synchronize deletions, you must have the necessary administrative privileges in Microsoft Active Directory, for example, |
|
Account Password |
Microsoft Active Directory password. |
|
Connector name |
Name for the connector. Depending on the name specified here, two profiles, an import and an export profile, are created with names as For example, if you specify the name |
|
Options to configure ACLs |
ACL configuration options. Enter |
Running express configuration creates two synchronization connector profiles pointing to Microsoft Active Directory. The <Connectorname>IMPORT profile maintains the configuration information for importing user identity information from Microsoft Active Directory to Oracle Internet Directory and the <Connectorname>EXPORT profile maintains configuration details for exporting changes from Oracle Internet Directory to Microsoft Active Directory. By default, both profiles are configured to synchronize the data between the connected directories in one minute intervals. At the end of the express configuration, the necessary mapping rules are configured to handle Microsoft Active Directory and Microsoft Exchange-specific attributes in case of export of users from Oracle Internet Directory to the Microsoft Active Directory.
You now must enable the export and import profiles by performing the following steps:
If user identity information changes are made only in Human Resources Management System, from which the identity details are synchronized to Oracle Internet Directory, then users are synchronized from Oracle Internet Directory to Microsoft Active Directory. In this case, enable the export synchronization profile by using the Oracle Directory Integration Platform Server Administration tool with the modifyprofile option. The following Oracle Directory Integration Platform assistant command enables an export profile:
INFRA_ORACLE_HOME/bin/dipassistant modifyprofile -profile <profile_name> [-host <oid_host>] [-port <oid_port>] [-dn "<oid_bindDN>"] [-passwd <oid_bindDN_password>] odip.profile.status=ENABLE
The following is an example of a command used to enable an export profile named testExport:
INFRA_ORACLE_HOME/bin/dipassistant modifyprofile –profile testExport \ -host m1.abc.com -port 389 \ -dn "cn=orcladmin" -passwd welcome1 odip.profile.status=ENABLE
In addition, if user entries created from a Human Resources Management System can be modified from Microsoft Active Directory and Microsoft Exchange server, then you must synchronize the data from Microsoft Active Directory to Oracle Internet Directory. In this case, you must enable the import profile. The following Oracle Directory Integration Platform assistant command enables an import profile:
INFRA_ORACLE_HOME/bin/dipassistant modifyprofile -profile <profile_name> [-host <oid_host>] [-port <oid_port>] [-dn "<oid_bindDN>"] [-passwd <oid_bindDN_password>] odip.profile.status=ENABLE
The following is an example of a command used to enable an import profile named testImport:
INFRA_ORACLE_HOME/bin/dipassistant modifyprofile –profile testImport \
-host m1.abc.com -port 389 \
-dn "cn=orcladmin" -passwd welcome1 odip.profile.status=ENABLE
Start the Oracle Directory Integration Platform server as follows if this is not already running with the configuration set that contains the Microsoft Exchange profiles:
oidctl connect=<oid_metadatarep_connect_string> server=odisrv instance=<instance_number> configset=<configuration_set_number> [flags="flagname=<value> ..."] {start | stop | restart}
For example:
oidctl connect=dbs1 server=odisrv instance=1 configset=1 \ flags="host=ldaphost.company.com port=389" start
To verify that the synchronization between Oracle Internet Directory and Microsoft Active Directory is working properly, perform the following steps:
After you have enabled the profiles, you can verify the status of synchronization by running the following command (the default interval for change synchronization is 1 minute):
INFRA_ORACLE_HOME/bin/ldapsearch -h <oid_host> -p <oid_port> -D "<DN of privileged oid user>" -w "<password of privileged oid user>" -b "orclodipagentname=testExport,cn=subscriber profile, cn=changelog subscriber,cn=oracle internet directory" -s base "objectclass=*" orclodipsynchronizationstatus orclodiplastsuccessfulexecutiontime
For example:
INFRA_ORACLE_HOME/bin/ldapsearch -h m1.abc.com -p 389 -D "cn=orcladmin" \
-w "welcome1"
-b "orclodipagentname=testExport,cn=subscriber profile,\
cn=changelog subscriber,cn=oracle internet directory" \
-s base "objectclass=*" \
orclodipsynchronizationstatus orclodiplastsuccessfulexecutiontime
When synchronization is successfully started:
The value of the orclodipsynchronizationstatus attribute is Synchronization Successful.
The value of the orclodiplastsuccessfulexecutiontime attribute is the specific date and time of that execution. Note that this must be close to the current date and time.
The following is an example of a result indicating successful synchronization:
orclodipsynchronizationstatus=Synchronization Successful orclodiplastsuccessfulexecutiontime=20060302170214
After verifying that synchronization has started, check if the entries in Oracle Internet Directory are actually synchronized to Microsoft Active Directory by performing the following steps:
Click Start, Programs, Microsoft Exchange, and then Active Directory Users and Computers.
Look for entries under the Users container under the Active Directory domain.
Although it is convenient to always have up-to-date information available in Microsoft Outlook, there are some changes for which you may want to be notified by e-mail. For example, if a change is made in the Human Resources Management System to John Steinbeck's telephone number, John might want to be notified about this.
If you are using Oracle Internet Directory and Microsoft Active Directory in an enterprise environment such as the one described in Figure 10-1, you can optimize the power of Oracle Directory Integration Platform, combined with Oracle BPEL Process Manager, to create a robust alerting system that generates organization alerts based on changes that happen to user identity information in the directory.
User identity information in Oracle Internet Directory can change for the following reasons:
Changes occur in Human Resources Management System and are synchronized to Oracle Internet Directory.
Modifications are directly applied to Oracle Internet Directory from other directory administration components in the deployment such as Oracle Delegated Administration Services or Oracle COREid administration service.
Modifications are made in Microsoft Active Directory or Microsoft Exchange in deployments where Microsoft Active Directory is the enterprise directory.
Extending our first example, Enterprise applications, for example, the Human Resources Management System, update user identity information in Oracle Internet Directory. Oracle Directory Integration Platform synchronizes user identity information between Oracle Internet Directory and Microsoft Active Directory by using Active Directory Connector. A BPEL process can be deployed on the enterprise's Oracle Application Server middle tier to send organization alerts when specific user identity information attributes change in a certain domain.
Figure 10-2 shows how a BPEL process is integrated into the directory synchronization process.
Figure 10-2 Generating Organization Alerts Using Oracle BPEL Process Manager
This example is an extension of Section 10.3.1, "Procedure 1: Synchronizing Enterprise Identity Information". When John's telephone number changes, it is updated in Human Resources Management System and synchronized with Oracle Internet Directory. John would like to receive an e-mail notifying him of the recent change.
Oracle Directory Integration Platform and Oracle BPEL Process Manager enable enterprise applications to create these kinds of organization alerts based on changes in Oracle Internet Directory.
The high-level steps in this scenario are the following:
A change is made in Union Loan's Human Resources Management System. For example, John Steinbeck's telephone number is changed.
This change in John's profile is recorded in Oracle Internet Directory. The telephonenumber attribute in Oracle Internet Directory is updated with John's new telephone number.
Oracle Directory Integration Platform detects the change and writes this change to a database table.
A BPEL process, which is configured to check for changes in the same database table, picks up this change and sends an organization alert to John.
In this example, Oracle Directory Integration Platform must be configured to check Oracle Internet Directory for user identity information changes. It must provision these changes into the EXCHGSYNC schema in OracleAS Metadata Repository. Specifically, the changes should be written to the ORG_ALERTS table.
|
Note: Alternatively, theEXCHGSYNC schema can be present in any Oracle Database. |
A BPEL process must be configured to check for changes in the ORG_ALERTS table, and send an organization alert to the interested parties depending on the attributes that are changed.
The following sections show how to create and send organization alerts that trigger when user information changes:
A sample BPEL process, IdentityNotification, SQL scripts to create EXCHGSYNC schema with the ORG_ALERTS table, and corresponding packages for attribute change propagation to the table are available in the demonstration folder described in Section 10.2, "Prerequisites". The BPEL process checks for user identity information changes in the table, EXCHGSYNC.ORG_ALERTS, and sends organization alerts to the user if specific attributes like telephone number have changed.
To set up the schema, and to configure and test the BPEL process, IdentityNotification, you must perform the steps in the following sections:
Configuring E-Mail Server Settings to Enable Organization Alerts
Compiling and Deploying the IdentityNotification BPEL Process
Installing the EXCHGSYNC Schema
To install the EXCHGSYNC schema, you must perform the following steps:
Locate the notificationsetup.sql script. This is available in the identitymanagement/sql folder in the examples ZIP file, described in Section 10.2, "Prerequisites".
Run the notificationsetup.sql script as follows:
sqlplus "sys/<sys pwd>@<DB connect string> as SYSDBA" @notificationsetup.sql
Set the password for the database user, EXCHGSYNC, by performing the following steps:
Connect to the database as the SYS user.
Run the alter command as follows:
alter user EXCHGSYNC identified by <password>
Configuring the Database Adapter in the BPEL Process
After installing Oracle BPEL Process Manager, you must edit the database adapter's oc4j-ra.xml file to enter connection details for the databases to which you will be connecting. You must create a new connection called eis/DB/IdNotifySample, which lets you run the samples against the EXCHGSYNC schema in OracleAS Metadata Repository or your custom database.
To connect to the EXCHGSYNC schema in the OracleAS Metadata Repository, perform the following steps:
Open the oc4j-ra.xml file, which is available in the BPEL_ORACLE_HOME/j2ee/OC4J_BPEL/application-deployments/default/DbAdapter directory.
Here, BPEL_ORACLE_HOME is Oracle home on the Oracle Application Server middle tier that contains the BPEL Process Manager.
Add a new connector factory element called eis/DB/IdNotifySample, as shown in Example 10-1.
Example 10-1 New Connection String Details in the oc4j-ra.xml File
<connector-factory location="eis/DB/IdNotifySample" connector-name="Database Adapter">
<config-property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
<config-property name="connectionString" value=" jdbc:oracle:thin:@abc.unionloan.com:1521:iasdb "/>
<config-property name="userName" value=" EXCHGSYNC "/>
<config-property name="password" value="secret"/>
<config-property name="minConnections" value="1"/>
<config-property name="maxConnections" value="5"/>
<config-property name="minReadConnections" value="1"/>
<config-property name="maxReadConnections" value="5"/>
<config-property name="usesExternalConnectionPooling" value="false"/>
<config-property name="dataSourceName" value=""/>
<config-property name="usesExternalTransactionController" value="false"/>
<config-property name="platformClassName" value="oracle.toplink.internal.databaseaccess.OraclePlatform"/>
<config-property name="usesNativeSequencing" value="true"/>
<config-property name="sequencePreallocationSize" value="50"/>
</connector-factory>
Replace the values for connectionString and password (in bold) with the connection string for the EXCHGSYNC schema in OracleAS Metadata Repository or your custom database and EXCHGSYNC password respectively.
After editing the file, stop and restart the Oracle BPEL Process Manager server. To do this, click Start, Programs, Oracle-ORACLE_BPEL_HOME, Oracle BPEL Process Manager 10.1.2, Stop BPEL PM Server, and then click Start BPEL PM Server.
Configuring E-Mail Server Settings to Enable Organization Alerts
The default e-mail account is used to send organization alert e-mail messages. Therefore, you must configure the e-mail server settings for the account, Default. To do this, perform the following steps:
Edit the e-mail server configuration file, ORACLE_HOME/integration/orabpel/system/services/config/ns_emails.xml, and change the parameters that are indicated in bold in Example 10-2.
Example 10-2 Parameters in the E-Mail Configuration File
<EmailAccount>
<Name>Default</Name>
<GeneralSettings>
<FromName>Oracle BPM</FromName>
<FromAddress>bpm1@m1.abc.com</FromAddress>
</GeneralSettings>
<OutgoingServerSettings>
<SMTPHost>m1.abc.com</SMTPHost>
<SMTPPort>225</SMTPPort>
</OutgoingServerSettings>
<IncomingServerSettings>
<Server>m1.abc.com</Server>
<Port>2110</Port>
<Protocol>pop3</Protocol>
<UserName>bpm1</UserName>
<Password ns0:encrypted="false" xmlns:ns0="http://xmlns.oracle.com/ias/pcbpel/NotificationService">welcome</Password>
<UseSSL>false</UseSSL>
<Folder>Inbox</Folder>
<PollingFrequency>1</PollingFrequency>
<PostReadOperation>
<MarkAsRead/>
</PostReadOperation>
</IncomingServerSettings>
</EmailAccount>
Compiling and Deploying the IdentityNotification BPEL Process
To compile and deploy the BPEL process to Oracle BPEL Process Manager on the Oracle Application Server middle tier, perform the following steps:
|
Note: The database connector feature in Oracle BPEL Process Manager requires the Oracle Application Server version of Oracle BPEL Process Manager for connectivity with Oracle Internet Directory. You cannot use the standalone version of Oracle BPEL Process Manager for this. |
Open JDeveloper BPEL Designer. Click Start, All Programs, Oracle - ORACLE_HOME, Oracle BPEL Process Manager 10.1.2, and then JDeveloper BPEL Designer.
Open the IdentityNotification.jpr file in JDeveloper BPEL Designer. This contains the IdentityNotification BPEL process shown in Figure 10-3.
The IdentityNotification.jpr file is located in the identitymanagement/IdentityNotification folder in the examples ZIP file, described in Section 10.2, "Prerequisites".
Figure 10-3 IdentityNotification BPEL Process
On the Navigator pane in JDeveloper BPEL Designer, right-click the Project node, and click Deploy.
Click Invoke Deployment Tool.
In the Deploy Properties dialog box, click New. The BPEL Process Manager Connection wizard is displayed.
Specify your connection name, and click Next.
Specify authentication details using the Oracle Application Server middle tier host name and port number, as shown in Figure 10-4.
Figure 10-4 Entering Authentication Details in the BPEL Process Manager Connection Wizard
Click Next.
Test your connection, and click Finish.
Enter your password, and click OK.
You are now ready to deploy the BPEL process to the remote Oracle Application Server middle tier.
To enable this capability, you must configure Oracle Directory Integration Platform by running the following command:
dipassistant exchgalertcfg -h <oid_host> -p <oid_non-ssl_port> -profile <profile_name>
For example:
dipassistant exchgalertcfg -h stadd63 -profile testExport
The script prompts you for the following information. Default answers to the questions are given in brackets. Press Enter to accept the default values.
Account DN:(default: cn=orclAdmin) >
Specify the super user, that is, cn=orcladmin, or any user that is a member of the Directory Integration and Provisioning Administrators group (cn=dipadmingrp, cn=odi, cn=oracle internet directory).
Account Password >
Enter the account password.
User login attribute name:(default: uid) >
If the login ID is different from the user ID, then specify the login ID.
Oracle Database URL for Alert Notification: >
Specify the URL for accessing the database. This must be in the format localhost:port:iasdb.us.oracle.com.
Oracle Database User for Alert Notification:(default: EXCHGSYNC) >
Specify the database user who must receive the organization alert. Accept the default value, EXCHGSYNC, because that is the user you created in the section Installing the EXCHGSYNC Schema.
Oracle Database Password for Alert Notification: >
Specify the EXCHGSYNC user password. This is the password you set in the section Installing the EXCHGSYNC Schema.
Microsoft Exchange Attributes to be propagated for Alert Notification:(default: mail, telephonenumber) >
Specify a comma-delimited list of attributes, for which organization alerts must be generated. For this example, accept the default values of mail and telephone number.
Oracle Directory Integration Platform will now check Oracle Internet Directory for changes to the user's mail information and telephone number. To enable the BPEL process to use this information, you must configure it as described in the next section.
After you configure, compile, and deploy the IdentityNotification BPEL process, you can now test if all these steps were correct, and if the sample BPEL process is working. To do this, perform the following steps:
Log in to Oracle Directory Manager as the Oracle Internet Directory administrator by running the following command:
On UNIX:
ORACLE_HOME/bin/oidadmin
On Windows:
From the Start menu, choose Programs, then ORACLE_HOME, then Integrated Management, then Oracle Directory Manager
Update the telephonenumber attribute with a new telephone number in the container that is set up to be synchronized. To do this, perform the following steps:
Click Entry Management and locate the entry you want to modify. You can also perform a search for the entry.
|
See Also: Oracle Internet Directory Administrator's Guide |
At the top of the tab page, select View Properties: All.
Find the telephonenumber property and modify it.
Click Apply.
Check if the appropriate users receive an organization alert e-mail message about this change.
Access the Oracle BPEL Control. The URL has the following format:
http://<BPEL_Host>:<BPEL_Port>/BPELConsole
Look for the BPEL process that was invoked when the value for the telephonenumber attribute was changed.
Refer to the appendix titled "Troubleshooting Oracle Directory Integration and Provisioning" in Oracle Identity Management Integration Guide.
The following is a list of references to documents that provide more information about synchronizing and provisioning Oracle Identity Management with Microsoft Active Directory:
Chapter titled "Oracle Directory Synchronization Service" in Oracle Identity Management Integration Guide for more information about synchronization between Oracle Internet Directory and Microsoft Active Directory.
Section titled "Model of Integrating Oracle Identity Management in a Windows Environment" in Oracle Identity Management Infrastructure Administrator's Guide.
Section titled "Configuring Mapping Rules" in Oracle Identity Management Integration Guide.
Some Microsoft Exchange Scenarios explained in the chapter titled "Deployment Options for Integrating with Microsoft Active Directory" in Oracle Identity Management Integration Guide.
Oracle Application Server BPEL Process Manager Installation Guide on the Oracle BPEL Process Manager page on OTN at
