Oracle® Identity Manager Connector Guide for UNIX SSH Release 9.0.2 Part Number B32176-01 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for SSH is used to integrate Oracle Identity Manager with SSH.
Note: Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle. |
This chapter contains the following sections:
The following table lists the functions that are available with this connector.
Function | Type | Description |
---|---|---|
Create User | Provisioning | Creates a user
When you use this function, in the User Defined process form:
|
Delete User | Provisioning | Deletes a user |
Update User UID | Provisioning | Updates user properties according to a change in the User UID attribute |
Update User Group | Provisioning | Updates user properties according to a change in the User Group attribute |
Update User Password Change Time | Provisioning | Updates user properties according to a change in the User Password Change Time attribute |
Update Shell | Provisioning | Updates user properties according to a change in the Shell attribute |
Update Home Directory | Provisioning | Updates user properties according to a change in the Home Directory attribute |
Update Account Expiry Date | Provisioning | Updates user properties according to a change in the Account Expiry Date attribute |
Update User GECOS | Provisioning | Updates user properties according to a change in the User GECOS attribute |
Set Password | Provisioning | Updates user properties according to a change in the Password attribute
The change in the password must be the password settings requirements, if there are any. |
Update Secondary Group Names | Provisioning | Updates user properties according to a change in the Secondary Group Names attribute
Do not update the User Login field when you update the Secondary Group Names value. When you specify the secondary group name for the first time and then run this function, the primary group name is assigned the same value as the secondary group name. However, after the value of the primary group name is changed, you cannot set the secondary group name to the same value. On Solaris, the value of the Secondary Group Names field in the User Defined process form must always be different from the value of the Primary Group Name field. |
Update Inactive Days | Provisioning | Updates user properties according to a change in the Update Inactive Days attribute
This function is not supported on AIX 5.2. |
Update User Login | Provisioning | Updates user properties according to a change in the User Login attribute
Do not update the Secondary Group Names field when you update the User Login field. On AIX 5.2, if the User GECOS value contains spaces, then this function does not work. |
Disable User | Provisioning | Disables an existing user on the UNIX server
Note: Suppose that a user on the UNIX server is disabled. If the Set Password function is run on this user account, then the account is automatically reenabled. |
Enable User | Provisioning | Enables a disabled existing user on the UNIX server
Before running this function, the Set Password function must be run. This function is not supported on an HP-UX (trusted) server. |
Trusted Reconciliation for User | Reconciliation | Creates Xellerate User accounts corresponding to the reconciled user accounts from the UNIX server |
Create User | Reconciliation | Reconciles user accounts from the UNIX server |
Update User | Reconciliation | Updates the attributes of previously reconciled user accounts from the UNIX server |
In addition to English, this release of the connector supports the following languages:
French
Japanese
The reconciliation module extracts the following elements from the target system to construct reconciliation event records:
User Login
User UID
Primary Group Name
Default Shell
Home Directory
GECOS
Password Change Time
Account Expiry Date
Note: For a trusted configuration, such as the HP-UX (trusted) mode, the Password Change Time and Account Expiry Date fields are not reconciled. |
The following fields are provisioned:
User Login
Password
Secondary Group Names
User UID
Primary Group Name
Default Shell
GECOS
Home Directory
Account Expiry Date
Password Change Time
Create Home Directory
Skeleton Directory
Inactive Days
The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:
Operating Systems\UNIX\Unix SSH Rev 4.2.0.zip
These files and directories are listed in the following table.
File in the Installation Media Directory | Description |
---|---|
xml\XLISSH_DM.xml |
This XML file contains definitions for the following SSH User components of the connector:
|
xml\XLISSHSchedulerTask_DM.xml |
This file contains the definition of the scheduled task for reconciliation. |
xml\XLISSH_Trusted_DM.xml |
This file contains definitions for the following SSH User components of the connector for a trusted system (HP-UX):
|
config\sudoers |
This file contains the SUDO user specifications and configurations. |
scripts\privateKeyGen.sh |
This file is used to generate the private key in SSH. |
lib\xliSSH.jar |
This file contains the Java classes that are required to support provisioning in SSH. |
ext\sshfactory.jar |
This file contains the JSCAPE libraries. These libraries are used to open an SSH session with the target server. |
Files in the resources directory |
Each of these files contains locale-specific information that is used by the connector. |
tests\config\config.properties |
This file specifies the properties required by the client for running test calls from the Oracle Identity Manager server. |
tests\lib\xliSSHTest.jar |
This file contains the Java classes that are required to run the client for running test calls from the Oracle Identity Manager server. |
tests\scripts\SSH.bat |
This file contains the script required to run the client for running test calls from the Oracle Identity Manager server. |
docs\B32176_01.pdf |
This guide, which provides instructions to deploy the connector. |
Note: The files in thetests directory are used only to run tests on the connector. |
The "Step 3: Copying the Connector Files" section provides instructions to copy these files into the required directories.
To determine the release number of the connector:
Extract the contents of the xliSSH.jar
file. This file is in the lib
directory inside the installation media directory.
Open the manifest.mf
file in a text editor, which is one of the files bundled inside the xliSSH.jar
file.
In the manifest.mf
file, the release number of the connector is displayed as the value of the Version
property.