| Oracle® Identity Manager Connector Guide for Database Application Tables Release 9.0.3 Part Number B32352-01 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for Database Application Tables Release 9.0.3 Part Number B32352-01 |
|
|
View PDF |
You customize the connector by modifying the configuration XML file that you decide to use for enabling provisioning and reconciliation. This chapter describes how to analyze and modify the configuration XML file so that it matches the structure of the target database application tables.
Refer to the "Files and Directories That Comprise the Connector" section for information about the sample configuration XML files bundled along with the other connector files.
In this chapter, a sample configuration exercise is used to explain the various changes that you can make to customize the sample configuration XML file that you decide to use.
The configuration XML file is validated against the schema definition in the xdb_app_map.xsd file to ensure that changes you make in the configuration XML file conform to the schema definition. Therefore, it is recommended that you review the schema definition in the xdb_app_map.xsd file before modifying the configuration XML file.
Note:
In the configuration XML file that you decide to use, you must specify
xdb_app_map.xsd as the value of the xsi:noNamespaceSchemaLocation parameter. For example:
<xdb_app_map xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="xdb_app_map.xsd" name="OracleApp1">
The configuration XML file can be divided into the following sections:
This section is used to identify the target application. The purpose of this section is to provide information that simplifies maintenance of the configuration file.
| Section | Description | Attributes |
|---|---|---|
Database |
Name of the database | name |
target_app_name |
Name of the application | None |
target_app_ver |
Version of the application | None |
target_app_provider |
Vendor or provider of the application | None |
This section contains information that is used to configure the database connection properties.
This section is used to keep track of the configuration files modification history.
This section is divided into operations. Each operation is further divided into one or more tasks. The number of tasks in an operation depends on the number of tables involved in the operation. Tasks are divided into columns depending on the target application table.
The following table explains the organization of the database_adapter section.
| Description of the Section | Description of the Attributes | Possible Values of the Attributes |
|---|---|---|
operation
Each operation is linked with an Oracle Identity Manager connector. |
name
Type of Oracle Identity Manager operation |
create, update, delete, reconcileCreateUpdate, or reconcileDelete |
task
Each operation is divided into one or more tasks. The number of tasks in an operation depends on the number of tables involved in the operation. |
table_name
Name of the table on which the task is going to operate |
Any valid table name |
xeltask_type
Type of task in the database |
insert, update, delete, or select |
|
column
It is a representation of a single column in the target application table. |
col_name
Name of the column |
Any valid column name |
data_type
Data type |
VARCHAR, VARCHAR2, CHAR, LONGVARCHAR, REAL, DOUBLE, NUMERIC, DECIMAL, FLOAT, DATE, TIME, TIMESTAMP, NULL, BOOLEAN, OTHER, or INTEGER |
|
data_typ_size
Data type size |
20 |
|
col_info
Table indexing and relation to other tables |
primary or secondary |
|
required
Specifies whether or not the value of this column can be NULL |
true or false |
|
col_type
Data source for the column to be used while creating a user |
|
|
xel_data_source
If If If |
|
|
encrypt
Specifies whether or not this data must be encrypted |
true or false |
|
reconcile
Specifies whether or not this field can be reconciled |
true or false |
|
encryption_impl
Encryption method implementation class that provides this operation |
Any fully qualified class name | |
look_up_group
Grouping of lookup fields |
logic_operator
Used to connect two lookup groups with an operator |
AND or OR |
record_lookup_key
This tag is used to collect the information required to identify a particular record in a table. Note that multiple lookup keys can be used to identify a record in a table. |
logic_operator
Used to connect two record lookup keys (columns) with an operator in a group |
AND or OR |
comparison_operator
Operator used to compare the data with the given data for the column |
<
|
|
table_name
Name of the table |
Any table name | |
col_name
Name of the column |
Any column name | |
data_type
Data type |
VARCHAR, VARCHAR2, CHAR, LONGVARCHAR, REAL, DOUBLE, NUMERIC, DECIMAL, FLOAT, DATE, TIME, TIMESTAMP, NULL, BOOLEAN, OTHER, or INTEGER |
|
data_typ_size
Data type size |
20 |
|
col_info
Table indexing and relation to other tables |
primary or secondary |
|
required
Specifies whether or not the value of this column can be NULL |
true or false |
|
col_type
Data source for the column to be used while creating a user In addition to
This tag contains the name of the column that is common to multiple tables. |
Xellerate or Default |
|
xel_data_source
In addition to the description in the |
<record_lookup_key logic_operator="NA" comparison_operator="=" table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="join" xel_data_source="xel_usr_id" /><record_lookup_key logic_operator="AND" comparison_operator="=" table_name="tcs1234.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="join" xel_data_source="xel_usr_id"/> |
The sample configuration discussed in this chapter is based on code from the OraApp2.xml configuration XML file. However, instructions described in this section apply to any configuration XML file that you decide to use.
The following sample tables correspond to the records defined in the OraApp2.xml configuration XML file.
MDL2_USER_PROF
| Field Name | Type and Length | Comments | Required/Optional |
|---|---|---|---|
USR_ID |
VARCHAR(20) |
Primary Key | Required |
USR_FIRST_NAME |
VARCHAR(60) |
None | Required |
USR_LAST_NAME |
VARCHAR(60) |
None | Required |
USR_PASSWORD |
VARCHAR(40) |
None | Required |
USR_STATUS |
VARCHAR(5) |
Default value is true |
Required |
USR_LAST_UPDATE |
DATE |
SYSDATE |
Required |
MDL2_USER_ADDN_DET
| Field Name | Type and Length | Comments | Required/Optional |
|---|---|---|---|
USR_ID |
VARCHAR(20) |
Foreign Key | Required |
USR_GROUP |
VARCHAR(50) |
None | Optional |
USR_ROLE |
VARCHAR(50) |
None | Optional |
USR_TITLE |
VARCHAR(50) |
None | Optional |
USR_DEPT |
VARCHAR(50) |
None | Optional |
USR_EMAIL |
VARCHAR(60) |
None | Optional |
USR_COMM_LANG |
VARCHAR(50) |
None | Optional |
USR_LOGON_LANG |
VARCHAR(50) |
None | Optional |
USR_TEL_NO |
VARCHAR(15) |
None | Optional |
USR_TIME_ZONE |
VARCHAR(50) |
None | Optional |
USR_DATE_FMT |
VARCHAR(50) |
None | Optional |
USR_DEC_NTN |
VARCHAR(50) |
None | Optional |
USR_LAST_UPDATE |
DATE |
SYSDATE |
Required |
Based on these sample tables, the following sections provide information about modifying the configuration XML file:
Note:
In the XML code samples discussed in these sections,XELUSER1 is a dummy login ID for the database user.Instructions to enable the connector for various provisioning actions are described in the following sections:
These sections explain the instructions based on changes to be made in code from the OraApp2.xml configuration XML file. You must make similar changes in the configuration XML file that you specify as the value of the Configuration XML Path parameter listed in the "Defining IT Resources" section.
See Also:
The "Files and Directories That Comprise the Connector" section for information about the various configuration XML files that are available in the connector installation media directoryTo create a user, the configuration XML file must contain the table name, column names, and properties of each column. This is illustrated in the following sample XML code from the OraApp2.xml configuration XML file.
<operation name="create"> <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="insert"> <column col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <column col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60" required="true" col_type="xellerate" xel_data_source="xel_usr_first_name" /> <column col_name="USR_LAST_NAME" data_type="VARCHAR2" data_typ_size="60" required="true" col_type="xellerate" xel_data_source="xel_usr_last_name" /> <column col_name="USR_PASSWORD" data_type="VARCHAR2" data_typ_size="40" required="true" col_type="xellerate" xel_data_source="xel_usr_password" encrypt="false" reconcile="false" encryption_impl= "com.thortech.xl.integration.dbadapter.security.EncryptionSu pportImpl" /> <column col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="60" required="true" col_type="substitute" xel_data_source="sysdate" /> </task> <task table_name="XELUSER1.MDL2_USER_ADDN_DET" xeltask_type="insert"> <column col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <column col_name="USR_GROUP" data_type="VARCHAR2" data_typ_size="50" required="true" col_type="xellerate" xel_data_source="xel_usr_group" /> <column col_name="USR_ROLE" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_role" /> <column col_name="USR_TITLE" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_title" /> <column col_name="USR_DEPT" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_dept" /> <column col_name="USR_EMAIL" data_type="VARCHAR2" data_typ_size="60" required="false" col_type="xellerate" xel_data_source="xel_usr_email" /> <column col_name="USR_COMM_LANG" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_comm_lang" /> <column col_name="USR_LOGON_LANG" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_logon_lang" /> <column col_name="USR_TEL_NO" data_type="VARCHAR2" data_typ_size="15" required="false" col_type="xellerate" xel_data_source="xel_usr_tel_no" /> <column col_name="USR_TIME_ZONE" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_time_zone" /> <column col_name="USR_DATE_FMT" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_date_fmt" /> <column col_name="USR_DEC_NTN" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_dec_ntn" /> <column col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="60" required="true" col_type="substitute" xel_data_source="sysdate"/> </task> </operation>
The update operation requires lookup information for identifying the user and properties of the columns that are to be updated. This is illustrated in the following sample code from the OraApp2.xml configuration XML file.
<operation name="update" xel_data_source="xel_usr_dept"> <task table_name="XELUSER1.MDL2_USER_ADDN_DET" xeltask_type="update"> <column col_name="USR_DEPT" data_type="VARCHAR2" data_typ_size="50" required="true" col_type="xellerate" xel_data_source="xel_usr_dept" /> <column col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="60" required="true" col_type="substitute" xel_data_source="sysdate" /> <look_up_group logic_operator="NA"> <record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET" logic_operator="NA" comparison_operator="=" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" required="true" col_type="xellerate" xel_data_source="xel_usr_id"/> </look_up_group> </task> </operation>
The update password operation works the same way as the update user operation. In addition, it performs data encryption if the encrypt attribute is set to true.
This is illustrated in the following sample code from the OraApp2.xml configuration XML file.
<operation name="update" xel_data_source="xel_usr_password"> <task table_name="XELUSER1.MDL1_USER_PROF" xeltask_type="update"> <column col_name="USR_PASSWORD" data_type="VARCHAR2" data_typ_size="40" required="true" col_type="xellerate" xel_data_source="xel_usr_password" encrypt="true" reconcile="false" encryption_impl= "com.thortech.xl.integration.dbadapter.security.EncryptionSu pportImpl" /> <column col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="60" required="true" col_type="substitute" xel_data_source="sysdate" /> <look_up_group logic_operator="NA"> <record_lookup_key table_name="XELUSER1.MDL1_USER_PROF" logic_operator="NA" comparison_operator="=" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" required="true" col_type="xellerate" xel_data_source="xel_usr_id"/> </look_up_group> </task> </operation>
The delete operation requires only lookup information to find the user to be deleted. Column information is used to find the user in the table. This is illustrated in the following sample XML code from the OraApp2.xml configuration XML file.
The lookup_up_group tags are used to group lookup conditions provided in record_lookup_key.
Note:
Two tasks are run to delete user records from both tables. The task related to the secondary table must be run before the primary table task. If the order is not correct, then a referential integrity exception is thrown.<operation name="delete"> <task table_name="XELUSER1.MDL2_USER_ADDN_DET" xeltask_type="delete"> <look_up_group logic_operator="NA"> <record_lookup_key logic_operator="NA" comparison_operator="=" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" required="true" col_type="xellerate" xel_data_source="xel_usr_ id"/> </look_up_group> </task> <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="delete"> <look_up_group logic_operator="NA"> <record_lookup_key logic_operator="NA" comparison_operator="=" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" required="true" col_type="xellerate" xel_data_source="xel_usr_ id"/> </look_up_group> </task> </operation>
Instructions to enable the connector for various reconciliation actions are described in the following sections:
These sections explain the instructions based on changes to be made in code from the OraApp2.xml configuration XML file. You must make similar changes in the configuration XML file that you specify as the value of the Configuration XML Path parameter listed in the "Defining IT Resources" section.
See Also:
The "Files and Directories That Comprise the Connector" section for information about the various configuration XML files that are available in the connector installation media directoryNote:
This is a mandatory procedure.The default data fields of each reconciliation event record are taken from the configuration XML file. For reconciliation of new and updated user profiles, the data fields are declared in the reconcileCreateUpdate section of the XML file.
The following is sample code from the OraApp2.xml file for reconciliation of new and updated user profiles.
See Also:
TheOraApp2.xml file listed in the "Files and Directories That Comprise the Connector" section<operation name = "reconcileCreateUpdate" enabled="true"> <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select"> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <look_up_group logic_operator="NA"> <record_lookup_key table_name="XELUSER1.MDL2_USER_PROF" logic_operator="NA" comparison_operator=">=" col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/> <record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET" logic_operator="AND" comparison_operator=">=" col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/> </look_up_group> <look_up_group logic_operator="AND"> <record_lookup_key logic_operator="NA" comparison_operator="=" table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="join" xel_data_source="xel_usr_id" /> <record_lookup_key logic_operator="AND" comparison_operator="=" table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="join" xel_data_source="xel_usr_id" /> </look_up_group> </task> <task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select"> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> <column table_name="XELUSER1.MDL2_USER_PROF col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60" required="true" col_type="xellerate" xel_data_source="xel_usr_first_ name" /> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_FIRST_NAME" data_type="VARCHAR2" data_typ_size="60" required="true" col_type="xellerate" xel_data_source="xel_usr_first_ name" /> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_LAST_NAME" data_type="VARCHAR2" data_typ_size="60" required="true" col_ type="xellerate" xel_data_source="xel_usr_last_name" /> <column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_PASSWORD" data_type="VARCHAR2" data_typ_size="40" required="true" col_ type="xellerate" xel_data_source="xel_usr_password" encrypt="false" reconcile="true" encryption_impl= "com.thortech.xl.integration.dbadapter.security.EncryptionSupportImpl "/> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_GROUP" data_type="VARCHAR2" data_typ_size="50" required="true" col_type="xellerate" xel_data_source="xel_usr_group" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ROLE" data_type="VARCHAR2" data_typ_size="50" required="false" col_ type="xellerate" xel_data_source="xel_usr_role" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_TITLE" data_type="VARCHAR2" data_typ_size="50" required="false" col_ type="xellerate" xel_data_source="xel_usr_title" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_DEPT" data_type="VARCHAR2" data_typ_size="50" required="false" col_ type="xellerate" xel_data_source="xel_usr_dept" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_EMAIL" data_type="VARCHAR2" data_typ_size="60" required="false" col_ type="xellerate" xel_data_source="xel_usr_email" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_COMM_LANG" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_comm_ lang" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_LOGON_LANG" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_logon_ lang" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_TEL_NO" data_type="VARCHAR2" data_typ_size="15" required="false" col_type="xellerate" xel_data_source="xel_usr_tel_ no" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_TIME_ZONE" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_time_zone"/> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_DATE_FMT" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_date_ fmt" /> <column table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_DEC_NTN" data_type="VARCHAR2" data_typ_size="50" required="false" col_type="xellerate" xel_data_source="xel_usr_dec_ ntn" /> <look_up_group logic_operator="NA"> <record_lookup_key table_name="XELUSER1.MDL2_USER_PROF" logic_operator="NA" comparison_operator=">=" col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/> <record_lookup_key table_name="XELUSER1.MDL2_USER_ADDN_DET" logic_operator="AND" comparison_operator=">=" col_name="USR_LAST_UPDATE" data_type="DATE" data_typ_size="50" col_type="join" xel_data_source="XEL_LAST_RECON_TIME"/> </look_up_group> <look_up_group logic_operator="AND"> <record_lookup_key logic_operator="NA" comparison_operator="=" table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="xellerate" xel_data_source="xel_usr_id" /> </look_up_group> <look_up_group logic_operator="AND"> <record_lookup_key logic_operator="NA" comparison_operator="=" table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="primary" required="true" col_type="join" xel_data_source="xel_usr_id" /> <record_lookup_key logic_operator="AND" comparison_operator="=" table_name="XELUSER1.MDL2_USER_ADDN_DET" col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20" col_info="foreign" required="true" col_type="join" xel_data_source="xel_usr_id" /> </look_up_group> </task> </operation>
In the preceding sample configuration XML, the names of the data elements are the values given for the xel_data_source tag. You can change these names. The same name is also used as the label for elements in each reconciliation event record.
The create or update reconciliation operation involves running two tasks. The first task identifies the users who have been created or modified after the last reconciliation. This returns a list of key field values for the new and modified users.
For example, if the key field to identify a user is the user ID, then this task returns a list of user IDs corresponding to the user profiles that have been created or modified after the last reconciliation run.
The second task collects all required information about all new and modified users for creating the reconciliation event. The division of tasks is designed for optimal use of memory.
The lookup groups in the task help to create lookup conditions for retrieving relevant data. The preceding sample configuration XML code implements the following lookup conditions:
Join the two tables in which user profile information is stored, and retrieve nonrepeated data for these users.
Perform incremental reconciliation by retrieving only those records that are modified after the last reconciliation.
The second task has one more lookup for the user ID, so that user information can be retrieved for each user ID by using the first task.
The time at which the previous reconciliation run was completed is stored in the Reconciliation Timestamp IT resource parameter. This value is updated with the new system timestamp after the end of the current reconciliation run. This value is compared against the last updated time in the target database tables, as given in the configuration XML file. In this file, the time at which the last reconciliation run was completed is represented as XEL_LAST_RECON_TIME. It is a connector configuration constant.
If you update any user field, then you must set the value of XEL_LAST_RECON_TIME to the current system date (sysdate) in both tables.
For example, suppose you update the first name of the user as follows:
UPDATE MDL2_USER_PROF SET usr_first_name = 'John' WHERE usr_id='jdoe'
Then, you must also make the following changes:
UPDATE MDL2_USER_PROF SET usr_last_update =sysdate WHERE usr_id='jdoe' UPDATE MDL2_USER_ADDN_DET SET usr_last_update =sysdate WHERE usr_id=' jdoe'
Note:
Incremental reconciliation is possible only if the target application is capable of updating the last update time in its database while modifying or creating records. If the target application does not have this feature, then you must not create the lookup group for comparing the last reconciliation time.Note:
You need not perform this procedure if you do not want to configure the reconciliation of deleted user profiles.For reconciliation of deleted user profiles, the default data elements are declared in the reconcileDelete section of the configuration XML file.
The following is sample code from the OraApp2.xml configuration XML file for reconciliation of users deleted from the target system:
<operation name = "reconcileDelete" enabled="true">
<task table_name="XELUSER1.MDL2_USER_PROF" xeltask_type="select">
<column table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="primary"
required="true" col_type="xellerate" xel_data_source="xel_usr_id"
/>
<column table_name="XELUSER1.MDL2_USER_ADDN_DET"
col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20"
col_info="foreign" required="true" col_type="xellerate"
xel_data_source="xel_usr_id" />
<look_up_group logic_operator="NA">
<record_lookup_key logic_operator="NA" comparison_operator="="
table_name="XELUSER1.MDL2_USER_PROF" col_name="USR_ID"
data_type="VARCHAR2" data_typ_size="20" col_info="primary"
required="true" col_type="join"xel_data_source="xel_usr_id"/>
<record_lookup_key logic_operator="AND" comparison_
operator="=" table_name="XELUSER1.MDL2_USER_ADDN_DET"
col_name="USR_ID" data_type="VARCHAR2" data_typ_size="20"
col_info="foreign" required="true" col_type="join
xel_data_source="xel_usr_id" />
</look_up_group>
</task>
</operation>
Only user IDs are required for creating deletion reconciliation events. Therefore, the preceding configuration XML code shows only the user ID as the data element to be retrieved according to the conditions given in the lookup group.
This section outlines security considerations that you must address when working with this connector. The following topics are discussed in this section:
These topics explain the procedure based on changes to be made in code from the OraApp2.xml configuration XML file. You must make similar changes in the configuration XML file that you specify as the value of the Configuration XML Path parameter listed in the "Defining IT Resources" section.
See Also:
The "Files and Directories That Comprise the Connector" section for information about the various configuration XML files that are available in the connector installation media directoryYou can establish secure JDBC connectivity with the target database by providing information about security properties in the configuration XML file and enabling secure connectivity for the database server. The security configuration differs with respect to the target database.
The following sections discuss code from the OraApp2.xml configuration XML file. You must make similar changes in the configuration XML file that you specify in the IT resource definition as the value of the Configuration XML Path parameter.
See Also:
The "Defining IT Resources" section for information about the Configuration XML Path parameter.
The "Files and Directories That Comprise the Connector" section for information about the various configuration XML files that are available in the connector installation media directory.
Depending on the database that you use, refer to one of the following sections for information about securing JDBC connectivity:
If you do not want to use secure JDBC connectivity, then refer to the following section:
Secure JDBC Connectivity Configuration for Oracle Database
In the configuration XML file, the following is the security configuration XML code for Oracle Database:
<target_database>
<database name="Oracle">
<properties>
<encryption_nego_level impl_class_name="oracle.net.encryption_
client" value ="REQUESTED"/>
<encryption_algorithm impl_class_name="oracle.net.encryption_
client" value="DES40"/>
<crypto_seed impl_class_name="oracle.net.crypto_seed"
value="xelsysadmin_seed"/>
<crypto_checksum_level
impl_class_name="oracle.net.crypto_checksum_client"
value="REQUIRED"/>
<crypto_checksum_client
impl_class_name="oracle.net.crypto_checksum_types_client"
value="MD5"/>
</properties>
</database
</target_database>
This configuration contains the security properties to be provided to the JDBC driver for establishing a secure connection to Oracle Database. Note that if these parameters are not provided, then a nonsecure JDBC connection is established to the target database.
The following are the permitted values for each configuration parameter mentioned in the configuration XML code listed earlier.
| Configuration Parameter | Permitted Value |
|---|---|
encryption_nego_level |
REJECTED, ACCEPTED, REQUESTED, or REQUIRED |
encryption_algorithm |
RC4_256, RC4_128, RC4_56, RC4_40, AES256, AES192, AES128, 3DES168, 3DES112, DES, or DES40 |
crypto_seed |
xelsysadmin_seed |
crypto_checksum_level |
REJECTED, ACCEPTED, REQUESTED, or REQUIRED |
crypto_checksum_client |
MD5 or SHA1 |
In addition to the changes in the configuration XML file, you must add the following parameters in the sqlnet.ora file:
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (MD5) SQLNET.AUTHENTICATION_SERVICES= (NTS) SQLNET.ENCRYPTION_TYPES_SERVER= (DES40) SQLNET.CRYPTO_SEED = xelsysadmin_seed
Depending on the Oracle Database release that you are using, this file is in a directory whose path is similar to the following:
oracle_home\ora92\network\admin
Secure JDBC Connectivity Configuration for Sybase
In the configuration XML file, the following is the security configuration for Sybase:
<target_database>
<database name="Sybase">
<properties>
<cipher_suites impl_class_name="CIPHER_SUITES_1"
value="SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"/>
</properties>
</database>
</target_database>
In this XML code, you can assign any one of the following values to cipher suite:
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
Disabling Secure JDBC Connectivity
If you do not want to implement secure JDBC connectivity, then in the configuration XML file, put the child tags of the <database> tag in a comment.
This is shown in the following example:
<target_database> <database name="Oracle"> <!--<properties> <encryption_nego_level impl_class_name="oracle.net.encryption_client" value ="REQUESTED"/> <encryption_algorithm impl_class_name="oracle.net.encryption_client" value="DES40"/> <crypto_seed impl_class_name="oracle.net.crypto_seed"value="xelsysadmin_seed"/> <crypto_checksum_levelimpl_class_name="oracle.net.crypto_checksum_client" value="REQUIRED"/> <crypto_checksum_clientimpl_class_name="oracle.net.crypto_checksum_types_client"value="MD5"/> </properties>--> </database> </target_database>
You can implement third-party encryption and decryption algorithms when you use this connector. The connector exposes the EncryptionSupportIntf interface, which you must implement and make available in the CLASSPATH environment variable.
While configuring the encryption for a column, the fully qualified class name must be provided. Before updating the data in the database, the connector encrypts the data. If reconciliation of the encrypted password is possible, then the decryption method is used to retrieve the actual password and to reconcile the password in Oracle Identity Manager.
