Oracle® Identity Manager Connector Guide for Database Application Tables Release 9.0.2 Part Number B32154-01 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. This guide discusses the deployment procedure for the connector that is used to integrate Oracle Identity Manager with database application tables.
Note: Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle. |
This chapter contains the following sections:
The following table lists the functions that are available with this connector.
Function | Type | Description |
---|---|---|
Create User | Provisioning | Creates a user |
Delete User | Provisioning | Deletes a user |
Enable User
or Disable User |
Provisioning | Enables or disables a user |
Reset User's Password | Provisioning | Resets a user's password |
Update User's First Name | Provisioning | Updates a user's first name |
Update User's Last Name | Provisioning | Updates a user's last name |
Update User's Group | Provisioning | Updates a user's group |
Update User's Title | Provisioning | Updates a user's title |
Update User's Department | Provisioning | Updates a user's department |
Update User's Communication Language | Provisioning | Updates a user's communication language preference |
Update User's Logon Language | Provisioning | Updates a user's logon language preference |
Update User's Email Address | Provisioning | Updates a user's e-mail address |
Update User's Telephone Number | Provisioning | Updates a user's telephone number |
Update User's Time Zone | Provisioning | Updates a user's time zone |
Update User's Date Format | Provisioning | Updates a user's date format |
Update User's Role | Provisioning | Updates a user's role |
Create User (Account Discovery) | Reconciliation | Reconciles new user accounts |
Delete User | Reconciliation | Reconciles user accounts that are deleted from the target system |
Enable User
or Disable User |
Reconciliation | Reconciles user accounts that are enabled or disabled |
Reset User's Password | Reconciliation | Reconciles user accounts with modified password |
Update User's First name | Reconciliation | Reconciles user accounts with modified first name |
Update User's Last Name | Reconciliation | Reconciles user accounts with modified last name |
Update User's Group | Reconciliation | Reconciles user accounts with modified group |
Update User's Title | Reconciliation | Reconciles user accounts with modified title |
Update User's Department | Reconciliation | Reconciles user accounts with modified department |
Update User's Communication Language | Reconciliation | Reconciles user accounts with modified communication language preference |
Update User's Logon Language | Reconciliation | Reconciles user accounts with modified logon language preference |
Update User's Email Address | Reconciliation | Reconciles user accounts with modified e-mail address |
Update User's Telephone Number | Reconciliation | Reconciles user accounts with modified telephone number |
Update User's Time Zone | Reconciliation | Reconciles user accounts with modified time zone |
Update User's Date Format | Reconciliation | Reconciles user accounts with modified date format |
Update User's Decimal Notation | Reconciliation | Reconciles user accounts with modified decimal notation |
Update User's Role | Reconciliation | Reconciles user accounts with modified role |
In addition to English, this release of the connector supports the following languages:
French
Japanese
The reconciliation module handles the reconciliation of new, updated, and deleted user profiles in the target database application. A reconciliation event is created for each user profile to be reconciled.
The default data fields of each reconciliation event record are taken from the configuration XML file. For reconciliation of new or updated user profiles, the data fields are declared in the reconcileCreateUpdate
section of the XML file. For reconciliation of deleted user profiles, the default data elements are declared in the reconcileDelete
section. The reconciliation configuration XML code for reconciliation provides the flexibility for enabling or disabling the reconciliation of created, updated, and deleted users.
The following sections describe the configuration XML file content for the following reconciliation types:
The following is sample code from the configuration XML file, OraApp2.xml,
for reconciliation of new and updated user profiles:
See Also: TheOraApp2.xml file listed in the "Files and Directories That Comprise the Connector" section |
<operation name = "reconcileCreateUpdate" enabled="true"> <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select"> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <look_up_group logic_operator="NA"> <record_lookup_key table_name="XELUSER1.MDL2_USER_PROF" logic_operator="NA" comparison_operator=">=" col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/> <record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET" logic_operator="AND" comparison_operator=">=" col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/> </look_up_group> <look_up_group logic_operator="AND"> <record_lookup_key logic_operator="NA" comparison_operator="=" table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="join" xel_data_source="xel_usr_id" /> <record_lookup_key logic_operator="AND" comparison_operator="=" table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="join" xel_data_source="xel_usr_id" /> </look_up_group> </task> <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select"> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <column table_name="XELUSER1.MDL2_USER_PROF col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60" required="true" col_type="xellerate" xel_data_source="xel_usr_first_ name" /> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60" required="true" col_type="xellerate" xel_data_source="xel_usr_first_ name" /> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_LAST_NAME" data_type="VARCHAR2" data_typ_size="60" required="true" col_ type="xellerate" xel_data_source="xel_usr_last_name" /> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_PASSWORD" data_type="VARCHAR2" data_typ_size="40" required="true" col_ type="xellerate" xel_data_source="xel_usr_password" encrypt="false" reconcile="true" encryption_impl= "com.thortech.xl.integration.dbadapter.security.EncryptionSupportImpl "/> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_GROUP" data_type="VARCHAR2" data_typ_size="50" required="true" col_type="xellerate" xel_data_source="xel_usr_group" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ROLE" data_type="VARCHAR2" data_typ_size="50" required="false" col_ type="xellerate" xel_data_source="xel_usr_role" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_TITLE" data_type="VARCHAR2" data_typ_size="50" required="false" col_ type="xellerate" xel_data_source="xel_usr_title" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_DEPT" data_type="VARCHAR2" data_typ_size="50" required="false" col_ type="xellerate" xel_data_source="xel_usr_dept" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_EMAIL" data_type="VARCHAR2" data_typ_size="60" required="false" col_ type="xellerate" xel_data_source="xel_usr_email" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_COMM_LANG" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_comm_ lang" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_LOGON_LANG" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_logon_ lang" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_TEL_NO" data_type="VARCHAR2" data_typ_size="15" required="false" col_type="xellerate" xel_data_source="xel_usr_tel_ no" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_TIME_ZONE" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_time_zone" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_DATE_FMT" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_date_ fmt" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_DEC_NTN" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_dec_ ntn" /> <look_up_group logic_operator="NA"> <record_lookup_key table_name="XELUSER1.MDL2_USER_PROF" logic_operator="NA" comparison_operator=">=" col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/> <record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET" logic_operator="AND" comparison_operator=">=" col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/> </look_up_group> <look_up_group logic_operator="AND"> <record_lookup_key logic_operator="NA" comparison_operator="=" table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> </look_up_group> <look_up_group logic_operator="AND"> <record_lookup_key logic_operator="NA" comparison_operator="=" table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="join" xel_data_source="xel_usr_id" /> <record_lookup_key logic_operator="AND" comparison_operator="=" table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="join" xel_data_source="xel_usr_id" /> </look_up_group> </task> </operation>
In the preceding sample configuration XML, the names of the data elements are the values given for the xel_data_source
tag. You can change these names. The same name is also used as the label for elements in each reconciliation event record.
The create or update reconciliation operation involves running two tasks. The first task identifies the users who have been created or modified after the last reconciliation. This returns a list of key field values for the new and modified users.
For example, if the key field to identify a user is the user ID, then this task returns a list of user IDs corresponding to the user profiles that have been created or modified after the last reconciliation run.
The second task collects all required information about all new and modified users for creating the reconciliation event. The division of tasks is designed for optimal use of memory.
The lookup groups in the task help to create lookup conditions for retrieving relevant data. The preceding sample configuration XML code implements the following lookup conditions:
Join the two tables in which user profile information is stored, and retrieve nonrepeated data for these users.
Perform incremental reconciliation by retrieving only those records that are modified after the last reconciliation.
The second task has one more lookup for the user ID, so that user information can be retrieved for each user ID by using the first task.
The time at which the previous reconciliation run was completed is stored in the Reconciliation Timestamp
IT resource parameter. This value is updated with the new system timestamp after the end of the current reconciliation run. This value is compared against the last updated time in the target database tables, as given in the configuration XML file. In this file, the time at which the last reconciliation run was completed is represented as XEL_LAST_RECON_TIME.
It is a connector configuration constant.
If you update any user field, then you must set the value of XEL_LAST_RECON_TIME
to the current system date (sysdate) in both tables.
For example, suppose you update the first name of the user as follows:
UPDATE MDL2_USER_PROF SET usr_first_name = 'John' WHERE usr_id='jdoe'
Then, you must also make the following changes:
UPDATE MDL2_USER_PROF SET usr_last_update =sysdate WHERE usr_id='jdoe' UPDATE MDL2_USER_ADDN_DET SET usr_last_update =sysdate WHERE usr_id=' jdoe'
Note: Incremental reconciliation is possible only if the target application is capable of updating the last update time in its database while modifying or creating records. If the target application does not have this feature, then you must not create the lookup group for comparing the last reconciliation time. |
The following is sample code from the configuration XML file, OraApp2.xml,
for reconciliation of users deleted from the target system:
<operation name = "reconcileDelete" enabled="true"> <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select"> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <look_up_group logic_operator="NA"> <record_lookup_key logic_operator="NA" comparison_operator="=" table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="join"xel_data_source="xel_usr_id"/> <record_lookup_key logic_operator="AND" comparison_ operator="=" table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="join xel_data_source="xel_usr_id" /> </look_up_group> </task> </operation>
Only user IDs are required for creating deletion reconciliation events. Therefore, the preceding configuration XML code shows only the user ID as the data element to be retrieved according to the conditions given in the lookup group.
The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:
Database Servers\Database Application Table\Database Application Table Rev 2.2.0.zip
These files and directories are listed in the following table.
The "Step 3: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.
To determine the release number of the connector:
Extract the contents of the dbadapter.jar
file. This file is in the jar
directory inside the installation media directory.
Open the manifest.mf
file in a text editor, which is one of the files bundled inside the dbadapter.jar
file.
In the manifest.mf
file, the release number of the connector is displayed as the value of the Version
property.