Skip Headers
Oracle® Identity Manager Connector Guide for Database Application Tables
Release 9.0.2
Part Number B32154-01
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Index
Index
Go to previous page
Previous		 Go to next page
Next
View PDF

1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. This guide discusses the deployment procedure for the connector that is used to integrate Oracle Identity Manager with database application tables.


Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Supported Functionality

The following table lists the functions that are available with this connector.

Function Type Description
Create User Provisioning Creates a user
Delete User Provisioning Deletes a user
Enable User

or

Disable User

 Provisioning Enables or disables a user
Reset User's Password Provisioning Resets a user's password
Update User's First Name Provisioning Updates a user's first name
Update User's Last Name Provisioning Updates a user's last name
Update User's Group Provisioning Updates a user's group
Update User's Title Provisioning Updates a user's title
Update User's Department Provisioning Updates a user's department
Update User's Communication Language Provisioning Updates a user's communication language preference
Update User's Logon Language Provisioning Updates a user's logon language preference
Update User's Email Address Provisioning Updates a user's e-mail address
Update User's Telephone Number Provisioning Updates a user's telephone number
Update User's Time Zone Provisioning Updates a user's time zone
Update User's Date Format Provisioning Updates a user's date format
Update User's Role Provisioning Updates a user's role
Create User (Account Discovery) Reconciliation Reconciles new user accounts
Delete User Reconciliation Reconciles user accounts that are deleted from the target system
Enable User

or

Disable User

 Reconciliation Reconciles user accounts that are enabled or disabled
Reset User's Password Reconciliation Reconciles user accounts with modified password
Update User's First name Reconciliation Reconciles user accounts with modified first name
Update User's Last Name Reconciliation Reconciles user accounts with modified last name
Update User's Group Reconciliation Reconciles user accounts with modified group
Update User's Title Reconciliation Reconciles user accounts with modified title
Update User's Department Reconciliation Reconciles user accounts with modified department
Update User's Communication Language Reconciliation Reconciles user accounts with modified communication language preference
Update User's Logon Language Reconciliation Reconciles user accounts with modified logon language preference
Update User's Email Address Reconciliation Reconciles user accounts with modified e-mail address
Update User's Telephone Number Reconciliation Reconciles user accounts with modified telephone number
Update User's Time Zone Reconciliation Reconciles user accounts with modified time zone
Update User's Date Format Reconciliation Reconciles user accounts with modified date format
Update User's Decimal Notation Reconciliation Reconciles user accounts with modified decimal notation
Update User's Role Reconciliation Reconciles user accounts with modified role

Multilanguage Support

In addition to English, this release of the connector supports the following languages:

Reconciliation Module

The reconciliation module handles the reconciliation of new, updated, and deleted user profiles in the target database application. A reconciliation event is created for each user profile to be reconciled.

The default data fields of each reconciliation event record are taken from the configuration XML file. For reconciliation of new or updated user profiles, the data fields are declared in the reconcileCreateUpdate section of the XML file. For reconciliation of deleted user profiles, the default data elements are declared in the reconcileDelete section. The reconciliation configuration XML code for reconciliation provides the flexibility for enabling or disabling the reconciliation of created, updated, and deleted users.

The following sections describe the configuration XML file content for the following reconciliation types:

Reconciliation of New and Updated User Profiles

The following is sample code from the configuration XML file, OraApp2.xml, for reconciliation of new and updated user profiles:


See Also:

The OraApp2.xml file listed in the "Files and Directories That Comprise the Connector" section		 

<operation name = "reconcileCreateUpdate" enabled="true">
    <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select">
        <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
        data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
        required="true"
        col_type="xellerate" xel_data_source="xel_usr_id" /> 
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" 
        data_type="VARCHAR2" data_typ_size="20" col_info="foreign"
        required="true"  col_type="xellerate" xel_data_source="xel_usr_id" />
        <look_up_group logic_operator="NA">
             <record_lookup_key table_name="XELUSER1.MDL2_USER_PROF"
             logic_operator="NA" comparison_operator="&gt;="
             col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" 
             col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
             <record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET" 
             logic_operator="AND" comparison_operator="&gt;=" 
             col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" 
             col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
        </look_up_group>
        <look_up_group logic_operator="AND">
             <record_lookup_key logic_operator="NA" comparison_operator="="
             table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
             data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
             required="true" col_type="join" xel_data_source="xel_usr_id" /> 
             <record_lookup_key logic_operator="AND" comparison_operator="=" 
             table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" 
             data_type="VARCHAR2" data_typ_size="20" col_info="foreign"
             required="true" col_type="join" xel_data_source="xel_usr_id" />
        </look_up_group> 
    </task>
    <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select">
        <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" 
        data_type="VARCHAR2" data_typ_size="20" col_info="primary"
        required="true" col_type="xellerate" xel_data_source="xel_usr_id" />
        <column table_name="XELUSER1.MDL2_USER_PROF
        col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60" 
        required="true" col_type="xellerate" xel_data_source="xel_usr_first_
        name" /> 
        <column table_name="XELUSER1.MDL2_USER_PROF" 
        col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60" 
        required="true" col_type="xellerate" xel_data_source="xel_usr_first_
        name" />
        <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_LAST_NAME" 
        data_type="VARCHAR2" data_typ_size="60" required="true" col_
        type="xellerate" xel_data_source="xel_usr_last_name" />
        <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_PASSWORD" 
        data_type="VARCHAR2" data_typ_size="40" required="true" col_
        type="xellerate" xel_data_source="xel_usr_password" encrypt="false"
        reconcile="true" encryption_impl=
        "com.thortech.xl.integration.dbadapter.security.EncryptionSupportImpl
        "/>
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" 
        col_name="USR_GROUP" data_type="VARCHAR2" data_typ_size="50"
        required="true" col_type="xellerate" xel_data_source="xel_usr_group"
        />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ROLE"
        data_type="VARCHAR2" data_typ_size="50" required="false" col_
        type="xellerate" xel_data_source="xel_usr_role" /> 
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_TITLE"
        data_type="VARCHAR2" data_typ_size="50" required="false" col_
        type="xellerate" xel_data_source="xel_usr_title" /> 
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_DEPT"
        data_type="VARCHAR2" data_typ_size="50" required="false" col_ 
        type="xellerate" xel_data_source="xel_usr_dept" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_EMAIL"
        data_type="VARCHAR2" data_typ_size="60" required="false" col_ 
        type="xellerate" xel_data_source="xel_usr_email" /> 
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_COMM_LANG" data_type="VARCHAR2" data_typ_size="50"
        required="false" col_type="xellerate" xel_data_source="xel_usr_comm_ 
        lang" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_LOGON_LANG" data_type="VARCHAR2" data_typ_size="50"
        required="false" col_type="xellerate" xel_data_source="xel_usr_logon_
        lang" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_TEL_NO" data_type="VARCHAR2" data_typ_size="15" 
        required="false" col_type="xellerate" xel_data_source="xel_usr_tel_
        no" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_TIME_ZONE" data_type="VARCHAR2" data_typ_size="50"
       required="false" col_type="xellerate" xel_data_source="xel_usr_time_zone"        />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_DATE_FMT" data_type="VARCHAR2" data_typ_size="50"
        required="false" col_type="xellerate" xel_data_source="xel_usr_date_
        fmt" />
        <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
        col_name="USR_DEC_NTN" data_type="VARCHAR2" data_typ_size="50"
        required="false" col_type="xellerate" xel_data_source="xel_usr_dec_
        ntn" />
        <look_up_group logic_operator="NA">
            <record_lookup_key table_name="XELUSER1.MDL2_USER_PROF"
            logic_operator="NA" comparison_operator="&gt;=" 
            col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50"
            col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
            <record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET" 
           logic_operator="AND" comparison_operator="&gt;="
           col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50"
           col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/>
       </look_up_group> 
       <look_up_group logic_operator="AND">
           <record_lookup_key logic_operator="NA" comparison_operator="="
           table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
           data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
           required="true" col_type="xellerate" xel_data_source="xel_usr_id" 
           />
       </look_up_group>
       <look_up_group logic_operator="AND">
           <record_lookup_key logic_operator="NA" comparison_operator="="
           table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
           data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
           required="true" col_type="join" xel_data_source="xel_usr_id" />
           <record_lookup_key logic_operator="AND" comparison_operator="="
           table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID"
           data_type="VARCHAR2" data_typ_size="20" col_info="foreign"
           required="true" col_type="join" xel_data_source="xel_usr_id" />
       </look_up_group>
    </task>
</operation>

In the preceding sample configuration XML, the names of the data elements are the values given for the xel_data_source tag. You can change these names. The same name is also used as the label for elements in each reconciliation event record.

The create or update reconciliation operation involves running two tasks. The first task identifies the users who have been created or modified after the last reconciliation. This returns a list of key field values for the new and modified users.

For example, if the key field to identify a user is the user ID, then this task returns a list of user IDs corresponding to the user profiles that have been created or modified after the last reconciliation run.

The second task collects all required information about all new and modified users for creating the reconciliation event. The division of tasks is designed for optimal use of memory.

The lookup groups in the task help to create lookup conditions for retrieving relevant data. The preceding sample configuration XML code implements the following lookup conditions:

  • Join the two tables in which user profile information is stored, and retrieve nonrepeated data for these users.

  • Perform incremental reconciliation by retrieving only those records that are modified after the last reconciliation.

The second task has one more lookup for the user ID, so that user information can be retrieved for each user ID by using the first task.

The time at which the previous reconciliation run was completed is stored in the Reconciliation Timestamp IT resource parameter. This value is updated with the new system timestamp after the end of the current reconciliation run. This value is compared against the last updated time in the target database tables, as given in the configuration XML file. In this file, the time at which the last reconciliation run was completed is represented as XEL_LAST_RECON_TIME. It is a connector configuration constant.

If you update any user field, then you must set the value of XEL_LAST_RECON_TIME to the current system date (sysdate) in both tables.

For example, suppose you update the first name of the user as follows:

UPDATE MDL2_USER_PROF SET usr_first_name = 'John' WHERE usr_id='jdoe'

Then, you must also make the following changes:

UPDATE MDL2_USER_PROF SET usr_last_update =sysdate WHERE usr_id='jdoe'
UPDATE MDL2_USER_ADDN_DET SET usr_last_update =sysdate WHERE usr_id=' jdoe'

Note:

Incremental reconciliation is possible only if the target application is capable of updating the last update time in its database while modifying or creating records. If the target application does not have this feature, then you must not create the lookup group for comparing the last reconciliation time.

Reconciliation of Deleted Users

The following is sample code from the configuration XML file, OraApp2.xml, for reconciliation of users deleted from the target system:

<operation name = "reconcileDelete" enabled="true">
     <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select">
          <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
          data_type="VARCHAR2" data_typ_size="20" col_info="primary" 
          required="true" col_type="xellerate" xel_data_source="xel_usr_id" 
          />  
          <column table_name="XELUSER1.MDL2_USER_ADDN_DET"
          col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20"
          col_info="foreign" required="true" col_type="xellerate"
          xel_data_source="xel_usr_id" />
          <look_up_group logic_operator="NA"> 
               <record_lookup_key logic_operator="NA" comparison_operator="="
               table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
               data_type="VARCHAR2" data_typ_size="20" col_info="primary"
               required="true" col_type="join"xel_data_source="xel_usr_id"/>
               <record_lookup_key logic_operator="AND" comparison_
               operator="=" table_name="XELUSER1.MDL2_USER_ADDN_DET"
               col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20"
               col_info="foreign" required="true" col_type="join
               xel_data_source="xel_usr_id" />
          </look_up_group>
     </task>
</operation>

Only user IDs are required for creating deletion reconciliation events. Therefore, the preceding configuration XML code shows only the user ID as the data element to be retrieved according to the conditions given in the lookup group.

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:

Database Servers\Database Application Table\Database Application Table Rev 2.2.0.zip

These files and directories are listed in the following table.

File in the Installation Media Directory Description 
xml\Xellerate Config\dbtablesResAdp.xml
This XML file contains definitions for the following connector components:

  • IT resource type

  • Process form

  • Process task and task adapter

  • Resource object
Files in the xml\DB Schema XML directory These files contain information about the configuration of the target database schema mapping. 
xml\DB Schema XML\OraApp1.xml
For an Oracle Database installation, you must use this configuration XML file if all the user attributes are stored in a single table.

If you use this file, then you cannot update the attributes of users you disable during provisioning.

 
xml\DB Schema XML\OraPerf1.xml
For an Oracle Database installation, you must use this configuration XML file if all the user attributes are stored in a single table.

If you use this file, then you can update the attributes of users, regardless of whether or not the user accounts are disabled.

 
xml\DB Schema XML\OraApp2.xml
For an Oracle Database installation, you must use this configuration XML file if all the user attributes are stored in two tables, a parent table and a child table.

Note: In this guide, the OraApp2.xml file has been used to illustrate some of the procedures described in this guide.

 
xml\DB Schema XML\SybApp1.xml
For a Sybase installation, you must use this configuration XML file if all the user attributes are stored in a single table. 
xml\DB Schema XML\SybApp2.xml
For a Sybase installation, you must use this configuration XML file if all the user attributes are stored in two tables, a parent table and a child table. 
xml\DB Schema XML\xdb_app_map.xsd
This XML file contains information about the validation rules of the configuration XML files that are placed in the same directory. 
jar\dbadapter.jar
This JAR file contains the class files that are used to implement provisioning and reconciliation.
Files in the resources directory Each of these files contains locale-specific information that is used by the connector. 
docs\B32154_01.pdf
This guide, which provides instructions to deploy the connector.

The "Step 3: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.

Determining the Release Number of the Connector

To determine the release number of the connector:

  1. Extract the contents of the dbadapter.jar file. This file is in the jar directory inside the installation media directory.

  2. Open the manifest.mf file in a text editor, which is one of the files bundled inside the dbadapter.jar file.

    In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Index
Index