2 Deploying the Connector

Deploying the connector involves the following steps:

Step 1: Verifying Deployment Requirements
Step 2: Configuring the Target System
Step 3: Copying the Connector Files and External Code
Step 4: Configuring the Oracle Identity Manager Server
Step 5: Importing the Connector XML File
Step 6: Configuring Reconciliation
Step 7: Compiling Adapters

If you want to configure the connector for multiple installations of Database Application Tables, then perform the following procedure:

Configuring the Connector for Multiple Sets of Database Application Tables

This chapter also discusses the following postdeployment topic:

Security Considerations

Step 1: Verifying Deployment Requirements

The following table lists the deployment requirements for the connector.

Item	Requirement
Oracle Identity Manager	Oracle Identity Manager release 8.5.3 or later
Target systems	The target system can be any one of the following: Oracle9i Database Sybase 12.5.2
External code	`xerces.jar` (the XML parser) `ojdbc14.jar` (required if the target system is Oracle Database) `jconn2.jar` (required if the target system is Sybase)
Target system user account	If target database tables are to be created, then the user account must have the CONNECT privilege. If existing target database tables are to be used, then the user account must have the following privileges on the tables: CONNECT INSERT DELETE UPDATE SELECT You provide the credentials of this user account while performing the procedure in the "Defining IT Resources" section.

In addition to the requirements mentioned in the preceding table, you must ensure that the following requirements are addressed:

JDBC connectivity is available to the target database.
The target database application schema is analyzed and the corresponding XML file is available according to the IT resource definition.
The JDBC driver and Xerces classes are available in the CLASSPATH environment variable on the Oracle Identity Manager server.
For secure connectivity to the target database, the required configuration has been performed on the database server.

Step 2: Configuring the Target System

You must analyze and modify the configuration XML file that you want to use so that it matches the structure of the target application tables.

Section	Description	Attributes
`Database`	Name of the database	`name`
`target_app_name`	Name of the application	None
`target_app_ver`	Version of the application	None
`target_app_provider`	Vendor or provider of the application	None

Description of the Section	Description of the Attributes	Possible Values of the Attributes
`operation` Each operation is linked with an Oracle Identity Manager connector.	`name` Type of Oracle Identity Manager operation	`create,` `update,` `delete,` `reconcileCreateUpdate,` or `reconcileDelete`
`task` Each operation is divided into one or more tasks. The number of tasks in an operation depends on the number of tables involved in the operation.	`table_name` Name of the table on which the task is going to operate	Any valid table name
	`xeltask_type` Type of task in the database	`insert,` `update,` `delete,` or `select`
`column` It is a representation of a single column in the target application table.	`col_name` Name of the column	Any valid column name
	`data_type` Data type	`VARCHAR,` `VARCHAR2,` `CHAR,` `LONGVARCHAR,` `REAL,` `DOUBLE, NUMERIC,` `DECIMAL,` `FLOAT,` `DATE,` `TIME,` `TIMESTAMP,` `NULL,` `BOOLEAN,` `OTHER,` or `INTEGER`
	`data_typ_size` Data type size	`20`
	`col_info` Table indexing and relation to other tables	`primary` or `secondary`
	`required` Specifies whether or not the value of this column can be NULL	`true` or `false`
	`col_type` Data source for the column to be used while creating a user	`substitute:` To use, for example, `SYSDATE.` `xellerate:` Provided by Oracle Identity Manager `default:` Some default value
	`xel_data_source` If `col_type` is `substitute,` then `xel_data_source` holds the substitution string (can be used for functions like `sysdate` and `sequence.nextVal`). If `col_type` is `default,` then `xel_data_source` holds the default value. If `col_type` is `xellerate,` then `xel_data_source` holds the mapped Oracle Identity Manager attribute name.	Sample string value if `col_type` is `substitute:` column col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="60" required="false" col_type="substitute" Sample string value if `col_type` is `default:` col_name="USR_STATUS" data_type="VARCHAR2" data_typ_size="5" required="true" col_type="default" xel_data_source="true" Sample string value if `col_type` is `xellerate:` col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id"
	`encrypt` Specifies whether or not this data must be encrypted	`true` or `false`
	`reconcile` Specifies whether or not this field can be reconciled	`true` or `false`
	`encryption_impl` Encryption method implementation class that provides this operation	Any fully qualified class name
`look_up_group` Grouping of lookup fields	`logic_operator` Used to connect two lookup groups with an operator	`AND` or `OR`
`record_lookup_key` This tag is used to collect the information required to identify a particular record in a table. Note that multiple lookup keys can be used to identify a record in a table.	`logic_operator` Used to connect two record lookup keys (columns) with an operator in a group	`AND` or `OR`
	`comparison_operator` Operator used to compare the data with the given data for the column	`<` `>` `=` `>=` `<=` `!=`
	`table_name` Name of the table	Any table name
	`col_name` Name of the column	Any column name
	`data_type` Data type	`VARCHAR,` `VARCHAR2,` `CHAR,` `LONGVARCHAR,` `REAL,` `DOUBLE, NUMERIC,` `DECIMAL,` `FLOAT,` `DATE,` `TIME,` `TIMESTAMP,` `NULL,` `BOOLEAN,` `OTHER,` or `INTEGER`
	`data_typ_size` Data type size	`20`
	`col_info` Table indexing and relation to other tables	`primary` or `secondary`
	`required` Specifies whether or not the value of this column can be NULL	`true` or `false`
	`col_type` Data source for the column to be used while creating a user In addition to `substitute,` `xellerate,` and `default,` the following tag is also applicable for `record_lookup_key`: `join` This tag contains the name of the column that is common to multiple tables.	`Xellerate` or `Default`
	`xel_data_source` In addition to the description in the `column` section above, if `col_type` is `join,` then the value of `xel_data_source` is the mapped Oracle Identity Manager attribute name that is to be logically compared by using the `logic_operator.`	<record_lookup_key logic_operator="NA" comparison_operator="=" table_name="tcs1234.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="join" xel_data_source="xel_usr_id" /><record_lookup_key logic_operator="AND" comparison_operator="=" table_name="tcs1234.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="join" xel_data_source="xel_usr_id"/>

Sample Configuration

The sample configuration discussed in this section is based on code from the OraApp2.xml configuration XML file. However, instructions described in this section apply to any configuration XML file that you decide to use.

The following tables correspond to the records defined in the OraApp2.xml configuration XML file.

MDL2_USER_PROF

Field Name	Type and Length	Comments	Required/Optional
`USR_ID`	`VARCHAR(20)`	Primary Key	Required
`USR_FIRST_NAME`	`VARCHAR(60)`	None	Required
`USR_LAST_NAME`	`VARCHAR(60)`	None	Required
`USR_PASSWORD`	`VARCHAR(40)`	None	Required
`USR_STATUS`	`VARCHAR(5)`	Default value is `true`	Required
`USR_LAST_UPDATE`	`DATE`	`SYSDATE`	Required

MDL2_USER_ADDN_DET

Field Name	Type and Length	Comments	Required/Optional
`USR_ID`	`VARCHAR(20)`	Foreign Key	Required
`USR_GROUP`	`VARCHAR(50)`	None	Optional
`USR_ROLE`	`VARCHAR(50)`	None	Optional
`USR_TITLE`	`VARCHAR(50)`	None	Optional
`USR_DEPT`	`VARCHAR(50)`	None	Optional
`USR_EMAIL`	`VARCHAR(60)`	None	Optional
`USR_COMM_LANG`	`VARCHAR(50)`	None	Optional
`USR_LOGON_LANG`	`VARCHAR(50)`	None	Optional
`USR_TEL_NO`	`VARCHAR(15)`	None	Optional
`USR_TIME_ZONE`	`VARCHAR(50)`	None	Optional
`USR_DATE_FMT`	`VARCHAR(50)`	None	Optional
`USR_DEC_NTN`	`VARCHAR(50)`	None	Optional
`USR_LAST_UPDATE`	`DATE`	`SYSDATE`	Required

Note:

In these code samples, XELUSER1 is a dummy login ID for the database user.

The configuration information is divided into the following sections:

Create User Configuration
Update User Properties Configuration
Update User Password Configuration
Delete User Configuration

Create User Configuration

To create a user, the configuration XML must contain the table name, column names, and properties of each column. This is illustrated in the following sample XML code.

<operation name="create">
    <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="insert">
        <column col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" 
        col_info="primary" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_id" />
        <column col_name="USR_FIRST_NAME" data_type="VARCHAR2" 
        data_typ_size="60" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_first_name" />
        <column col_name="USR_LAST_NAME" data_type="VARCHAR2" 
        data_typ_size="60" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_last_name" />
        <column col_name="USR_PASSWORD" data_type="VARCHAR2" 
        data_typ_size="40" required="true" col_type="xellerate"
        xel_data_source="xel_usr_password" encrypt="false" reconcile="false" 
        encryption_impl=
        "com.thortech.xl.integration.dbadapter.security.EncryptionSu
        pportImpl" />
        <column col_name="USR_LAST_UPDATE" data_type="DATE" 
        data_typ_size="60" required="true" col_type="substitute" 
        xel_data_source="sysdate" />
    </task>
    <task table_name="XELUSER1.MDL2_USER_ADDN_DET" xeltask_type="insert">
        <column col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" 
        col_info="primary" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_id" />
        <column col_name="USR_GROUP" data_type="VARCHAR2" 
        data_typ_size="50" required="true" col_type="xellerate" 
        xel_data_source="xel_usr_group" />
        <column col_name="USR_ROLE" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_role" />
        <column col_name="USR_TITLE" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_title" />
        <column col_name="USR_DEPT" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_dept" />
        <column col_name="USR_EMAIL" data_type="VARCHAR2" 
        data_typ_size="60" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_email" />
        <column col_name="USR_COMM_LANG" data_type="VARCHAR2"
        data_typ_size="50" required="false" col_type="xellerate"
        xel_data_source="xel_usr_comm_lang" />
        <column col_name="USR_LOGON_LANG" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_logon_lang" />
        <column col_name="USR_TEL_NO" data_type="VARCHAR2" 
        data_typ_size="15" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_tel_no" />
        <column col_name="USR_TIME_ZONE" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_time_zone" />
        <column col_name="USR_DATE_FMT" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_date_fmt" />
        <column col_name="USR_DEC_NTN" data_type="VARCHAR2" 
        data_typ_size="50" required="false" col_type="xellerate" 
        xel_data_source="xel_usr_dec_ntn" />
        <column col_name="USR_LAST_UPDATE" data_type="DATE" 
        data_typ_size="60" required="true" col_type="substitute"
        xel_data_source="sysdate"/>
    </task>
</operation>

Update User Properties Configuration

The update operation requires lookup information for identifying the user and properties of the columns that are to be updated. This is illustrated in the following sample XML code.

<operation name="update" xel_data_source="xel_usr_dept">
     <task table_name="XELUSER1.MDL2_USER_ADDN_DET" xeltask_type="update"> 
          <column col_name="USR_DEPT" data_type="VARCHAR2"
          data_typ_size="50" required="true" col_type="xellerate" 
          xel_data_source="xel_usr_dept" /> 
          <column col_name="USR_LAST_UPDATE" data_type="DATE" 
          data_typ_size="60"  required="true" col_type="substitute" 
          xel_data_source="sysdate" />
          <look_up_group logic_operator="NA"> 
              <record_lookup_key 
              table_name="XELUSER1.MDL2_USER_ADDN_DET" 
              logic_operator="NA"  comparison_operator="=" col_name="USR_ID" 
              data_type="VARCHAR2" data_typ_size="20" required="true" 
              col_type="xellerate" xel_data_source="xel_usr_id"/>
          </look_up_group>
     </task>
</operation>

Update User Password Configuration

The update password operation works the same way as the update user operation. In addition, it performs data encryption if the encrypt attribute is set to true.

This is illustrated in the following sample XML code.

<operation name="update" xel_data_source="xel_usr_password">
    <task table_name="XELUSER1.MDL1_USER_PROF" xeltask_type="update"> 
         <column col_name="USR_PASSWORD" data_type="VARCHAR2" 
         data_typ_size="40" required="true" col_type="xellerate" 
         xel_data_source="xel_usr_password" encrypt="true" reconcile="false" 
         encryption_impl=
         "com.thortech.xl.integration.dbadapter.security.EncryptionSu
         pportImpl" />
         <column col_name="USR_LAST_UPDATE" data_type="DATE" 
         data_typ_size="60"  required="true" col_type="substitute" 
         xel_data_source="sysdate" />
         <look_up_group logic_operator="NA"> 
              <record_lookup_key table_name="XELUSER1.MDL1_USER_PROF" 
              logic_operator="NA"  comparison_operator="=" col_name="USR_ID"
              data_type="VARCHAR2" data_typ_size="20" required="true" 
              col_type="xellerate" xel_data_source="xel_usr_id"/>
         </look_up_group>  
    </task>
</operation>

Delete User Configuration

The delete operation requires only lookup information to find the user to be deleted. Column information is used to find the user in the table. This is illustrated in the following sample XML code.

The lookup_up_group tags are used to group lookup conditions provided in record_lookup_key.

Note:

Two tasks are run to delete user records from both tables. The task related to the secondary table must be run before the primary table task. If the order is not correct, then a referential integrity exception is thrown.

<operation name="delete">
    <task table_name="XELUSER1.MDL2_USER_ADDN_DET" xeltask_type="delete"> 
        <look_up_group logic_operator="NA"> 
             <record_lookup_key logic_operator="NA"  comparison_operator="=" 
             col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" 
             required="true" col_type="xellerate" xel_data_source="xel_usr_
             id"/>
        </look_up_group> 
    </task>
    <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="delete"> 
        <look_up_group logic_operator="NA"> 
             <record_lookup_key logic_operator="NA"  comparison_operator="=" 
             col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20"  
             required="true" col_type="xellerate" xel_data_source="xel_usr_
             id"/>
        </look_up_group> 
    </task> 
</operation>

Step 3: Copying the Connector Files and External Code

The connector files to be copied and the directories to which you must copy them are given in the following table.

Note:

The directory paths given in the first column of this table correspond to the location of the connector files in the following ZIP file on the installation media:

Database Servers\Database Application Table\Database Application Table Rev 2.2.0.zip

Refer to the "Files and Directories That Comprise the Connector" section for more information about these files.

Files in the Installation Media Directory	Destination Directory
xml\Xellerate Config\dbtablesResAdp.xml	OIM_home\xellerate\XLIntegrations\xml\Xellerate Config
Files in the `xml\DB Schema XML` directory	OIM_home\xellerate\XLIntegrations\xml\DB_Schema
jar\dbadapter.jar	OIM_home\xellerate\JavaTasks OIM_home\xellerate\ScheduleTask
Files in the `resources` directory	OIM_home\xellerate\connectorResources
docs\B32154_01.pdf	OIM_home\xellerate\docs\DBTables

After you copy the connector files listed in the preceding table, copy the following files to the OIM_home\xellerate\ext directory:

If the target database is Oracle Database, then the ojdbc14.jar file is used. This file is already present in the OIM_home\xellerate\ext directory.

If the target database is Sysbase, then copy the sybase_installation\jConnect-5_2\classes\jconn2.jar file.
xerces.jar

This file is in the OIM_home\xellerate\ext directory.

Note:

While installing Oracle Identity Manager in a clustered environment, you copy the contents of the installation directory to each node of the cluster. Similarly, you must copy the connectorResources directory and the JAR files to the corresponding directories on each node of the cluster.

Step 4: Configuring the Oracle Identity Manager Server

Configuring the Oracle Identity Manager server involves the following procedures:

Note:

In a clustered environment, you must perform this step on each node of the cluster.

Changing to the Required Input Locale
Clearing Content Related to Connector Resource Bundles from the Server Cache

Changing to the Required Input Locale

Changing to the required input locale involves installing the required fonts and setting the required input locale.

To set the required input locale:

Note:

Depending on the operating system used, you may need to perform this procedure differently.

Open Control Panel.
Double-click Regional Options.
On the Input Locales tab of the Regional Options dialog box, add the input locale that you want to use and then switch to the input locale.

Clearing Content Related to Connector Resource Bundles from the Server Cache

Whenever you add a new resource bundle file in the OIM_home\xellerate\connectorResources directory or make a change in an existing resource bundle file, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

In a command window, change to the OIM_home\xellerate\bin directory.
Enter one of the following commands:
Note:
You must perform Step 1 before you perform this step. If you run the command as follows, then an exception is thrown:
OIM_home\xellerate\bin\batch_file_name
- On Microsoft Windows:
```
PurgeCache.bat ConnectorResourceBundle
```
- On UNIX:
```
PurgeCache.sh ConnectorResourceBundle
```
In this command, ConnectorResourceBundle is one of the content categories that you can remove from the server cache. Refer to the following file for information about the other content categories:
```
OIM_home\xellerate\config\xlConfig.xml
```

Note:

You can ignore the exception that is thrown when you perform Step 2.

Step 5: Importing the Connector XML File

To import the connector XML file into Oracle Identity Manager:

Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for locating files is displayed.
Locate and open the dbtablesResAdp.xml file, which is in the OIM_home\xellerate\XLIntegrations\xml\Xellerate Config directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Next. The Provide IT Resource Instance Data page for the IT resource is displayed.
Specify values for the parameters of the IT resource. Refer to the table given in the "Defining IT Resources" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for a new instance of the Database IT resource type is displayed.
Click Skip to specify that you do not want to define another IT resource. The Confirmation page is displayed.

See Also:
If you want to define another IT resource, then refer to Oracle Identity Manager Tools Reference Guide for instructions.
Click View Selections.

The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. Remove these nodes by right-clicking each node and then selecting Remove.
Click Import. The connector file is imported into Oracle Identity Manager.

After you import the connector XML file, proceed to the "Step 6: Configuring Reconciliation" section.

Defining IT Resources

You must specify values for the IT resource parameters listed in the following table.

Parameter	Description
`Database User ID`	Database user ID on the target database Sample value: `xeluser`
`Database Password`	Database user password on the target database Sample value: `xeluser`
`Database URL`	JDBC URL for the target database Format and sample values for Oracle Database: jdbc:oracle:thin:@host:port:sid jdbc:oracle:thin@145.125.23.26:1521:cust_db jdbc:oracle:oci:userid/password@host:port:sid jdbc:oracle:oci:scott/tiger@145.125.23.26:1521:cust_db Format and sample values for Sybase: jdbc:sybase:Tds:host:port/database jdbc:sybase:Tds:123.432.154.12:2639/sales
`Database Driver`	JDBC driver class Value for Oracle Database: oracle.jdbc.driver.OracleDriver Value for Sybase: com.sybase.jdbc3.jdbc.SybDriver
`Application Name`	Target application name Sample value: `myapplication`
`Configuration XML Path`	Directory path and name of the configuration XML file Sample value: OIM_home\xellerate\XLIntegrations\xml\DB_Schema\OraApp2.xml Note: You must ensure that the path that you specify does not contain spaces. See Also: The "Files and Directories That Comprise the Connector" section for information about the various configuration XML files that are available in the connector installation media directory. Based on the description of each configuration XML file, select an XML file that meets your requirements.
`Reconciliation Timestamp`	Variable to store last create/update reconciliation time. This value is updated by the reconciliation adapter. You need not manually provide any data.

After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.

Step 6: Configuring Reconciliation

Configuring reconciliation involves creating the reconciliation scheduled tasks:

Open the Oracle Identity Manager Design Console .
Expand the Xellerate Administration folder.
Select Task Scheduler.
Click Find. The details of the predefined scheduled task are displayed.
Enter a number in the Max Retries field. This number represents the number of times Oracle Identity Manager must attempt to complete the task before assigning the ERROR status to the task.
Ensure that the Disabled and Stop Execution check boxes are not selected.
In the Start region, double-click the Start Time field. From the date-time editor that is displayed, select the date and time at which you want the task to run.
In the Interval region, set the following schedule parameters:
- To set the task to run on a recurring basis, select the Daily, Weekly, Recurring Intervals, Monthly, or Yearly option.
  
  If you select the Recurring Intervals option, then you must also specify the time interval at which you want the task to run on a recurring basis.
- To set the task to run only once, select the Once option.
Provide values for the attributes of the scheduled task. Refer to the "Specifying Values for the Scheduled Task Attributes" section for information about the values to be specified.

See Also:
Oracle Identity Manager Design Console Guide for information about adding and removing task attributes
Click Save. The scheduled task is created. The INACTIVE status is displayed in the Status field, because the task is not currently running. The task is run at the date and time that you set in Step 7.

After you define the scheduled task, proceed to the "Step 7: Compiling Adapters" section.

Specifying Values for the Scheduled Task Attributes

You must specify values for the following attributes of the reconciliation scheduled task.

Note:

Attribute values are predefined in the connector XML file that you import. Specify values only for those attributes that you want to change.

Attribute	Description
`resource`	Name of the IT resource for which the reconciliation process is to be run Sample value: `Oracle Application2`
`application`	Name of the target database application that should be reconciled Sample value: `Oracle Application2`
`objectName`	Resource object name of the connector Sample value: `Database Application Resource`

After you specify values for these scheduled task attributes, proceed to Step 10 of the procedure to create scheduled tasks.

Step 7: Compiling Adapters

The following adapters are imported into Oracle Identity Manager when you import the XML connector file:

DBRES Create User
DBRES Update First Name
DBRES Update Last Name
DBRES Update Password
DBRES Update Status
DBRES Update Title
DBRES Update Department
DBRES Update Email
DBRES Update Communication Language
DBRES Update Logon Language
DBRES Update Time Zone
DBRES Update Date Format
DBRES Update Telephone Number
DBRES Update Decimal Notation
DBRES Delete User
DBRES Update Role
DBRES Update Group

You must compile these adapters before you can use them to provision accounts on the target system.

To compile adapters by using the Adapter Manager form:

Open the Adapter Manager form.
To compile all the adapters that you import into the current database, select Compile All.

To compile multiple (but not all) adapters, select the adapters you want to compile. Then, select Compile Selected.

Note:
Click Compile Previously Failed to recompile only those adapters that were not compiled successfully. Such adapters do not have an OK compilation status.
Click Start. Oracle Identity Manager compiles the selected adapters.
If Oracle Identity Manager is installed in a clustered environment, then copy the compiled adapters from the OIM_home\xellerate\Adapter directory to the same directory on each of the other nodes of the cluster. If required, overwrite the adapter files on the other nodes. Then, restart each node.

To view detailed information about an adapter:

Highlight the adapter in the Adapter Manager form.
Double-click the row header of the adapter, or right-click the adapter.
Select Launch Adapter from the shortcut menu that is displayed. Details of the adapter are displayed.

Note:

To compile one adapter at a time, use the Adapter Factory form. Refer to Oracle Identity Manager Tools Reference Guide for information about using the Adapter Factory and Adapter Manager forms.

Configuring the Connector for Multiple Sets of Database Application Tables

Note:

Perform this procedure only if you want to configure the connector for multiple database application tables. Refer to Oracle Identity Manager Design Console Guide for detailed instructions on performing each step of this procedure.

To configure the connector for multiple sets of database application tables:

Create and configure one IT resource for each set of database application tables.

The IT Resources form is in the Resource Management folder. The Oracle Application2 IT resource is created when you import the connector XML file. You can use this IT resource as the template for creating the remaining IT resources, of the same resource type.
Configure reconciliation for each set of database application tables. Refer to the "Step 6: Configuring Reconciliation" section for instructions. Note that only the value of the resource attribute needs to be changed for each reconciliation scheduled task.

When you use the Administrative and User Console to perform provisioning, you can specify the IT resource corresponding to the set of database application tables to which you want to provision the user.

Security Considerations

This section outlines security considerations that you must address when working with this connector. The following topics are discussed in this section:

Secure JDBC Connectivity
Password Encryption and Decryption

Secure JDBC Connectivity

You can establish secure JDBC connectivity with the target database by providing information about security properties in the configuration XML file and enabling the database server. The security configuration differs with respect to the target database.

Note:

The following sections discuss code from the OraApp2.xml configuration XML file. You must make similar changes in the configuration XML file that you specify in the IT resource definition as the value of the Configuration XML Path parameter.

Refer to:

The "Defining IT Resources" section for information about the Configuration XML Path parameter.
The "Files and Directories That Comprise the Connector" section for information about the various configuration XML files that are available in the connector installation media directory.

Depending on the database that you use, refer to one of the following section for information about securing JDBC connectivity:

Secure JDBC Connectivity Configuration for Oracle Database
Secure JDBC Connectivity Configuration for Sybase

If you do not want to use secure JDBC connectivity, then refer to the following section:

Disabling Secure JDBC Connectivity

Secure JDBC Connectivity Configuration for Oracle Database

The following is the security configuration for Oracle Database:

<target_database>
     <database name="Oracle">
           <properties>
           <encryption_nego_level impl_class_name="oracle.net.encryption_
           client" value ="REQUESTED"/>
           <encryption_algorithm impl_class_name="oracle.net.encryption_
          client" value="DES40"/> 
          <crypto_seed impl_class_name="oracle.net.crypto_seed" 
          value="xelsysadmin_seed"/>
          <crypto_checksum_level 
          impl_class_name="oracle.net.crypto_checksum_client" 
          value="REQUIRED"/>
          <crypto_checksum_client 
          impl_class_name="oracle.net.crypto_checksum_types_client" 
          value="MD5"/>
    </properties>
    </database
</target_database>

This configuration contains the security properties to be provided to the JDBC driver for establishing a secure connection to Oracle Database. Note that if these parameters are not provided, then a nonsecure JDBC connection is established to the target database.

The following are the permitted values for each configuration parameter mentioned in the configuration XML code listed earlier.

Configuration Parameter	Permitted Value
`encryption_nego_level`	`REJECTED,` `ACCEPTED,` `REQUESTED,` or `REQUIRED`
`encryption_algorithm`	`RC4_256,` `RC4_128,` `RC4_56,` `RC4_40,` `AES256,` `AES192,` `AES128,` `3DES168,` `3DES112,` `DES,` or `DES40`
`crypto_seed`	`xelsysadmin_seed`
`crypto_checksum_level`	`REJECTED,` `ACCEPTED,` `REQUESTED,` or `REQUIRED`
`crypto_checksum_client`	`MD5` or `SHA1`

In addition to the changes in the configuration XML file, you must add the following parameters in the sqlnet.ora file:

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5)
SQLNET.AUTHENTICATION_SERVICES= (NTS)
SQLNET.ENCRYPTION_TYPES_SERVER= (DES40)
SQLNET.CRYPTO_SEED = xelsysadmin_seed

Depending on the Oracle Database release that you are using, this file is in a directory whose path is similar to the following:

oracle_home\ora92\network\admin

Secure JDBC Connectivity Configuration for Sybase

The following is the security configuration for Sybase:

<target_database>
<database name="Sybase">
    <properties>
        <cipher_suites impl_class_name="CIPHER_SUITES_1" 
        value="SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"/>
    </properties>
</database>
</target_database>

You can assign any one of the following values to cipher suite:

SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA

Disabling Secure JDBC Connectivity

If you do not want to implement secure JDBC connectivity, then in the configuration XML file, put the child tags of the <database> tag in a comment.

This is shown in the following example:

<target_database>
 <database name="Oracle">
  <!--<properties>
   <encryption_nego_level impl_class_name="oracle.net.encryption_client" value ="REQUESTED"/>
   <encryption_algorithm impl_class_name="oracle.net.encryption_client" value="DES40"/>
   <crypto_seed impl_class_name="oracle.net.crypto_seed"value="xelsysadmin_seed"/>
   <crypto_checksum_levelimpl_class_name="oracle.net.crypto_checksum_client" value="REQUIRED"/>
<crypto_checksum_clientimpl_class_name="oracle.net.crypto_checksum_types_client"value="MD5"/>
  </properties>-->
 </database>
</target_database>

Password Encryption and Decryption

You can implement third-party encryption and decryption algorithms when you use this connector. The connector exposes the EncryptionSupportIntf interface, which you must implement and make available in the CLASSPATH environment variable.

While configuring the encryption for a column, the fully qualified class name must be provided. Before updating the data in the database, the connector encrypts the data. If reconciliation of the encrypted password is possible, then the decryption method is used to retrieve the actual password and to reconcile the password in Oracle Identity Manager.