2 Deploying the Connector

Deploying the connector involves the following steps:

Step 1: Verifying Deployment Requirements
Step 2: Configuring the Target System
Step 3: Copying the Connector Files and External Code Files
Step 4: Configuring the Oracle Identity Manager Server
Step 5: Importing the Connector XML Files

Step 1: Verifying Deployment Requirements

The following table lists the deployment requirements for the connector.

Item	Requirement
Oracle Identity Manager	Oracle Identity Manager release 8.5.3 or later
Target systems	The target system can be any one of the following: Oracle8i Database Oracle9i Database Oracle Database 10g Oracle Real Application Clusters 10g Microsoft SQL Server 2000 Microsoft SQL Server 2005 Sybase Adaptive Server Enterprise 12.5 IBM DB2 UDB 8.1, IBM DB2 UDB 9.1
External code	The external code consists of the following files: `classes12.zip` (Oracle8i Database, Oracle9i Database, and Oracle Database 10g) `msbase.jar,` `mssqlserver.jar,` and `msutil.jar` (Microsoft SQL Server 2000) `sqljdbc.jar` (Microsoft SQL Server 2005) `jconn2.jar` (Sybase Adaptive Server Enterprise 12.5) `db2java.zip` (IBM DB2 UDB) Note: These ZIP and JAR files are available in the corresponding database installation directories.
Target system user account	Depending on the target system, the required user account is one of the following: For Oracle Database: sys, sysdba, or system For Microsoft SQL Server: sa (administrator) For Sybase: sa (administrator) For IBM DB2 UDB: Host operating system administrator account If IBM DB2 UDB DB2 is installed on an Active Directory domain controller, then a Microsoft Windows 2000/2003 Server (Domain Controller) Administrator account must be used. If you do not provide the required rights to this user account, then the following exception is thrown: `ORA-01031: insufficient privileges` You provide the credentials of this user account while performing the procedure in the "Defining IT Resources" section.

Step 2: Configuring the Target System

The following sections provide configuration instructions that are specific to the target system database:

Configuring IBM DB2 UDB
Configuring Microsoft SQL Server
Configuring Oracle Database
Configuring Sybase

Configuring IBM DB2 UDB

You configure IBM DB2 UDB by ensuring that:

Authentication on IBM DB2 UDB is done through the operating system. Therefore, the user that you want to provision must exist in the security system of the operating system.

For example, if you want to provision the domain, then the target (IBM DB2 UDB server) must exist on the domain server and the user that you want to provision must exist in the domain.
For databases or services that you want to provision, you must enter the relevant lookup codes, corresponding to the databases or services that already exist on the target system, in the UD_Lookup.DB_Dbnames lookup definition.
For tablespaces that you want to provision, you must enter the relevant lookup codes, corresponding to the tablespaces that already exist on the target system, in the UD_Lookup.DB_Tablespacenames lookup definition.
For schemas that you want to provision, you must enter the relevant lookup codes, corresponding to the schemas that already exist on the target system, in the UD_Lookup.DB_Schemas lookup definition.

After you configure the IBM DB2 UDB installation, proceed to the "Step 3: Copying the Connector Files and External Code Files" section.

Configuring Microsoft SQL Server

You configure Microsoft SQL Server by ensuring that:

The target database in which users are to be created exists in the target Microsoft SQL Server installation.
The Microsoft SQL Server user account that is used to create users has DBA privileges. For example, sa/sa.
For Microsoft SQL Server 2005, the TCP/IP connection configuration is enabled.

To enable the TCP/IP connection configuration:
1. Open the Microsoft SQL Server Configuration Manager.
2. Click SQL Server 2005 Network Configuration.
3. Click Protocols for MSSQLSERVER.
4. In the right frame, right-click TCP/IP and then click Enable.

After you configure the Microsoft SQL Server installation, proceed to the "Step 3: Copying the Connector Files and External Code Files" section.

Configuring Oracle Database

You configure Oracle Database by ensuring that:

The service name that is used to create users exists in the target Oracle Database installation.
There is sufficient space in the database to store provisioned users.
The Oracle Database user account that is used to create users has DBA privileges. For example, sys as sysdba/sys or system/manager.

After you configure the Oracle Database installation, proceed to the "Step 3: Copying the Connector Files and External Code Files" section.

Configuring Sybase

You configure Sybase by ensuring that:

The target database in which users are to be created exists in the target Sybase ASE installation.
The following scripts are run on the target Sybase database:
- procGrantAllToUser.sql
- procRevokeAllFromUser.sql
Refer to the "Step 3: Copying the Connector Files and External Code Files" section for instructions to copy these files from the installation media ZIP file to the OIM_home/xellerate/XLIntegrations/DatabaseAccess/scripts directory.

Step 3: Copying the Connector Files and External Code Files

The connector files to be copied and the directories to which you must copy them are given in the following table.

Note:

The directory paths given in the first column of this table correspond to the location of the connector files in the following directory on the installation media:

Database Servers/Database User Management

Refer to the "Files and Directories That Comprise the Connector" section for more information about these files.

File in the Installation Media Directory	Destination Directory
lib/xliDatabaseAccess.jar	OIM_home/xellerate/JavaTasks OIM_home/xellerate/ScheduleTask
Files in the `resources` directory	OIM_home/xellerate/connectorResources
Files in the `scripts` directory	OIM_home/xellerate/XLIntegrations/DatabaseAccess/scripts
Files in the `test/config` directory	OIM_home/xellerate/XLIntegrations/test/config
Files in the `test/scripts` directory	OIM_home/xellerate/XLIntegrations/test/scripts
Files in the `xml` directory	OIM_home/xellerate/XLIntegrations/DatabaseAccess/xml

Depending on the target system, perform the steps given in one of the following sections to copy external code files:

Note:

While installing Oracle Identity Manager in a clustered environment, you copy the contents of the installation directory to each node of the cluster. Similarly, you must copy the connectorResources directory and the JAR files to the corresponding directories on each node of the cluster.

Copying External Code Files on IBM DB2 UDB
Copying External Code Files on Microsoft SQL Server
Copying External Code Files on Oracle Database
Copying External Code Files on Sybase

Copying External Code Files on IBM DB2 UDB

For connectors used with IBM DB2 UDB, copy the db2java.zip file from the DB2_HOME/IBM/SQLLIB/java directory into the OIM_home/xellerate/ThirdParty directory.

After you copy the external code file, proceed to the "Step 5: Importing the Connector XML Files" section.

Copying External Code Files on Microsoft SQL Server

For connectors used with Microsoft SQL Server 2000, the required external JAR files are the JDBC driver files: mssqlserver.jar, msbase.jar, and msutil.jar.

To obtain these files, first download Microsoft SQL Server 2000 Driver for JDBC Service Pack 3 from the Microsoft Web site.

For connectors used with Microsoft SQL Server 2005, the required external JAR file is the sqljdbc.jar JDBC driver file. This file can be downloaded from the Microsoft Web site.

You must copy the required JAR files into the following directory:

OIM_home/xellerate/ThirdParty

Copying External Code Files on Oracle Database

If the connector is used with Oracle8i Database, Oracle9i Database, or Oracle Database 10g, then the required external code file is classes12.zip.

The classes12.zip file is available in the Oracle Database installation at, for example, the following path:

oracle_home/ora92/jdbc/lib/

In this directory path, oracle_home is the location where Oracle Database is installed. For example, C:\Oracle.

You must copy the classes12.zip file into the OIM_home/xellerate/ThirdParty directory.

After you copy the external code file, proceed to the "Step 5: Importing the Connector XML Files" section.

Copying External Code Files on Sybase

For connectors used with Sybase ASE, copy the jconn2.jar file from the SYBASE_HOME/jConnect-5_5/classes directory into the OIM_home/xellerate/ThirdParty directory.

Step 4: Configuring the Oracle Identity Manager Server

This section discusses the following topics:

Note:

In a clustered environment, you must perform this step on each node of the cluster.

Deploying the Microsoft Active Directory Connector If IBM DB2 UDB Is Used
Changing to the Required Input Locale
Modifying the SVP Table
Clearing Content Related to Connector Resource Bundles from the Server Cache
Enabling Logging

Deploying the Microsoft Active Directory Connector If IBM DB2 UDB Is Used

Note:

Perform this step only if the target system is IBM DB2 UDB.

IBM DB2 UDB installed on a Microsoft Windows server does not support the creation of user accounts. Instead, it uses operating system users. It assigns the required privileges to a Microsoft Windows user to convert the user into a complete IBM DB2 UDB user. After a user account is created in Microsoft Windows, it can be assigned the relevant privileges in IBM DB2 UDB.

Therefore, if you want to use the Database User Management connector to provision accounts in IBM DB2 UDB, then you must first deploy the connector for Microsoft Active Directory in the following directory:

OIM_home/xellerate/XLIntegrations/ActiveDirectory

Changing to the Required Input Locale

Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.

You may require the assistance of the system administrator to change to the required input locale.

Modifying the SVP Table

Change the length of the SVP_FIELD_VALUE column in the SVP table to 2000 as follows:

Enter the following command at the SQL prompt:

For Oracle Database:

ALTER TABLE SVP MODIFY SVP_FIELD_VALUE VARCHAR2(2000);

For Microsoft SQL Server:

ALTER TABLE SVP ALTER COLUMN SVP_FIELD_VALUE VARCHAR(2000);

Clearing Content Related to Connector Resource Bundles from the Server Cache

While performing the instructions described in the "Step 3: Copying the Connector Files and External Code Files" section, you copy files from the resources directory on the installation media into the OIM_home/xellerate/connectorResources directory. Whenever you add a new resource bundle in the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

In a command window, change to the OIM_home/xellerate/bin directory.
Note:
You must perform Step 1 before you perform Step 2. If you run the command described in Step 2 as follows, then an exception is thrown:
```
OIM_home\xellerate\bin\batch_file_name
```
Enter one of the following commands:
- On Microsoft Windows:
```
PurgeCache.bat ConnectorResourceBundle
```
- On UNIX:
```
PurgeCache.sh ConnectorResourceBundle
```
Note:
You can ignore the exception that is thrown when you perform Step 2.

In this command, ConnectorResourceBundle is one of the content categories that you can remove from the server cache. Refer to the following file for information about the other content categories:
```
OIM_home/xellerate/config/xlConfig.xml
```

Enabling Logging

When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

ALL

This level enables logging for all events.
DEBUG

This level enables logging of information about fine-grained events that are useful for debugging.
INFO

This level enables logging of informational messages that highlight the progress of the application at coarse-grained level.
WARN

This level enables logging of information about potentially harmful situations.
ERROR

This level enables logging of information about error events that may still allow the application to continue running.
FATAL

This level enables logging of information about very severe error events that could cause the application to stop functioning.
OFF

This level disables logging for all events.

The file in which you set the log level and the log file path depend on the application server that you use:

BEA WebLogic

To enable logging:
1. Add the following line in the OIM_home/xellerate/config/log.properties file:
```
log4j.logger.DB_Adapter=log_level
```
2. In this line, replace DB_Adapter with the name if the adapter for the database that is in use and log_level with the log level that you want to set.
  
  For example:
  - IBM DB2 UDB
```
log4j.logger.Adapter.DB2UDB=INFO
```
  - Microsoft SQL Server
```
log4j.logger.Adapter.MSSQL=INFO
```
  - Oracle Database
```
log4j.logger.Adapter.ORACLE=INFO
```
  - Sybase
```
log4j.logger.Adapter.DatabaseAccess=INFO
```
After you enable logging, log information is written to the following file:
```
WebLogic_home/user_projects/domains/domain_name/server_name/server_name.log
```
IBM WebSphere

To enable logging:
1. Add the following line in the OIM_home/xellerate/config/log.properties file:
```
log4j.logger.DB_Adapter=log_level
```
2. In this line, replace DB_Adapter with the name if the adapter for the database that is in use and log_level with the log level that you want to set.
  
  For example:
  - IBM DB2 UDB
```
log4j.logger.Adapter.DB2UDB=INFO
```
  - Microsoft SQL Server
```
log4j.logger.Adapter.MSSQL=INFO
```
  - Oracle Database
```
log4j.logger.Adapter.ORACLE=INFO
```
  - Sybase
```
log4j.logger.Adapter.DatabaseAccess=INFO
```
After you enable logging, log information is written to the following file:
```
WebSphere_home/AppServer/logs/server_name/startServer.log
```

JBoss Application Server

To enable logging:

In the JBoss_home/server/default/conf/log4j.xml file, locate the following lines:
```
<category name="DB_Adapter">
   <priority value="log_level"/>
</category>
```

In the second XML code line, replace DB_Adapter with the name if the adapter for the database that is in use and log_level with the log level that you want to set.

For example:

IBM DB2 UDB

<category name="Adapter.DB2UDB">
   <priority value="INFO"/>
</category>

Microsoft SQL Server

<category name="Adapter.MSSQL">
   <priority value="INFO"/>
</category>

Oracle Database

<category name="Adapter.ORACLE">
   <priority value="INFO"/>
</category>

Sybase

<category name="Adapter.DatabaseAccess">
   <priority value="INFO"/>
</category>

After you enable logging, log information is written to the following file:

JBoss_home/server/default/log/server.log

OC4J

To enable logging:
1. Add the following line in the OIM_home/xellerate/config/log.properties file:
```
log4j.logger.DB_Adapter=log_level
```
2. In this line, replace DB_Adapter with the name if the adapter for the database that is in use and log_level with the log level that you want to set.
  
  For example:
  - IBM DB2 UDB
```
log4j.logger.Adapter.DB2UDB=INFO
```
  - Microsoft SQL Server
```
log4j.logger.Adapter.MSSQL=INFO
```
  - Oracle Database
```
log4j.logger.Adapter.ORACLE=INFO
```
  - Sybase
```
log4j.logger.Adapter.DatabaseAccess=INFO
```
After you enable logging, log information is written to the following file:
```
OC4J_home/opmn/logs/default_group~home~default_group~1.log
```

Step 5: Importing the Connector XML Files

To import the connector XML files into Oracle Identity Manager:

Open the Oracle Identity Manager Administrative and User Console.
Click the Deployment Management link on the left navigation bar.
Click the Import link under Deployment Management. A dialog box for locating files is displayed.
Locate and open the xliDBAccessLogin_DM.xml file, which is in the OIM_home/xellerate/XLIntegrations/DatabaseAccess/xml directory. Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Next. The Provide IT Resource Instance Data page for the OracleITResource IT resource is displayed. If this is the IT resource corresponding to the database that you are using, then perform the next step. Otherwise, click Next until the Provide IT Resource Instance Data page for the IT resource of the database that you are using is displayed.
Depending on the database that you are using, specify values for the parameters of the IT resource. Refer to the appropriate table in the "Defining IT Resources" section for information about the values to be specified.
Click Next. The Provide IT Resource Instance Data page for a new instance of the Database IT resource type is displayed.
Click Skip to specify that you do not want to define a new IT resource. The Confirmation page is displayed.

See Also:
If you want to define another IT resource, then refer to Oracle Identity Manager Tools Reference Guide for instructions.
Click View Selections.

The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. These nodes represent Oracle Identity Manager entities that are redundant. Before you import the connector XML file, you must remove these entities by right-clicking each node and then selecting Remove.
Click Import. The connector file is imported into Oracle Identity Manager.
Perform the same procedure to import the xliDBAccessUser_DM.xml and xliDBAccessScheduleTask_DM.xml files. These files are in the OIM_home/xellerate/XLIntegrations/DatabaseAccess/xml directory.

Note:
Ensure that you import the connector XML files in the specified order.

After you import the connector XML files, proceed to the next chapter.

Defining IT Resources

This section provides IT resource parameter values for the following databases:

IT Resource Parameter Values for IBM DB2 UDB
IT Resource Parameter Values for Microsoft SQL Server
IT Resource Parameter Values for Oracle Database
IT Resource Parameter Values for Sybase

IT Resource Parameter Values for IBM DB2 UDB

You must specify values for the IBM DB2 UDB IT resource parameters listed in the following table.

Parameter	Description
`DataBaseType`	Type of RDBMS Value: `DB2`
`DatabaseName`	Not required
`Driver`	JDBC driver class Value: COM.ibm.db2.jdbc.net.DB2Driver
`URL`	JDBC URL for the target database (Note: The URL that you specify must be less than 2000 characters long.) Value: jdbc:db2://Target_Host:6789/DatabaseName Sample value: jdbc:db2://10.1.1.127:6789/TESTDB Note: Use the IP address, not the computer name or host name.
`UserID`	User name of the DBA login that is used to create users Value: `sa`
`Password`	Not required
`Target Locale: Country`	Country code Default value: `US` Note: You must specify the value in uppercase.
`Target Locale: Language`	Language code Default value: `en` Note: You must specify the value in lowercase.
`isSecure`	Specifies whether or not a secure connection must be set up to the target system The value can be `Yes` or `No`. The default value is `Yes`. Note: This feature is supported only on for the Oracle Database.
`max_retry`	Number of times that the connector must retry connecting to the target server, if the connection fails Default value: `2`
`delay_retry`	Delay (in milliseconds) before the connector attempts to retry connecting to the target system, if the connection fails Default value: `10000`

After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.

IT Resource Parameter Values for Microsoft SQL Server

You must specify values for the Microsoft SQL Server IT resource parameters listed in the following table.

Parameter	Description
`DataBaseType`	Type of RDBMS Value: `MSSQL`
`DatabaseName`	Name of the target database in which users are created Sample value: `XELL`
`Driver`	For Microsoft SQL Server 2000 JDBC driver class: com.microsoft.jdbc.sqlserver.SQLServerDriver For Microsoft SQL Server 2005 JDBC driver class: com.microsoft.sqlserver.jdbc.SQLServerDriver
`URL`	JDBC URL for the target database (Note: The URL that you specify must be less than 2000 characters long.) For Microsoft SQL Server 2000 Value: jdbc:microsoft:sqlserver://Target_Host:1433;DatabaseName=DatabaseName Sample value: jdbc:microsoft:sqlserver://192.168.49.64:1433;DatabaseName=XELL Note: Use the IP address, not the computer name or host name in this URL. For Microsoft SQL Server 2005 Value: jdbc:sqlserver://serverName;instanceName:portNumber;property=value[;property=value] Sample value: jdbc:sqlserver://123.12.23.321:1433;database=master Note: Use the IP address, not the computer name or host name in this URL.
`UserID`	User name of the DBA login that is used to create users Value: `sa`
`Password`	Password of the DBA login that is used to create users Value: `sa`
`Target Locale: Country`	Country code Default value: `US` Note: You must specify the value in uppercase.
`Target Locale: Language`	Language code Default value: `en` Note: You must specify the value in lowercase.
`isSecure`	Specifies whether or not a secure connection must be set up to the target system The value can be `Yes` or `No`. The default value is `Yes`. Note: This feature is supported only on for the Oracle Database.
`max_retry`	Number of times that the connector must retry connecting to the target server, if the connection fails Default value: `2`
`delay_retry`	Delay (in milliseconds) before the connector attempts to retry connecting to the target system, if the connection fails Default value: `10000`

After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.

IT Resource Parameter Values for Oracle Database

You must specify values for the Oracle IT resource parameters listed in the following table.

Parameter	Description
`DataBaseType`	Type of database Value: `Oracle`
`DatabaseName`	Name of the target database in which users are created Sample value: `xeldb`
`Driver`	JDBC driver class Value: `oracle.jdbc.driver.OracleDriver`
`URL`	JDBC URL for the target database (Note: The URL that you specify must be less than 2000 characters long.) The URL value that you must specify depends on the number of database instances and the services they support: One database instance supports multiple services URL value: jdbc:oracle:thin:@//Oraclehost.domain:Oracleportnumber/Oracleservicename Sample value: jdbc:oracle:thin:@//host1.acmewidgets.com:1521/srvce1 Multiple database instances support one service URL value: jdbc:oracle:thin:loginid/password@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=host1_name.domain)(PORT=port1_number))(ADDRESS=(PROTOCOL=TCP)(HOST=host2_name.domain)(PORT=port2_number))(ADDRESS=(PROTOCOL=TCP)(HOST=host3_name.domain)(PORT=port3_number)) . . . (ADDRESS=(PROTOCOL=TCP)(HOST=hostn_name.domain)(PORT=portn_number))(CONNECT_DATA=(SERVICE_NAME=<name_of_Oracle_service_that_connects_all_given_hosts>))) Sample value: jdbc:oracle:thin:sys/welcome1@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST= host1.acmewidgets.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host2.acmewidgets.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host3.acmewidgets.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host4.acmewidgets.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME= srvce1))) One database instance supports one service URL value: jdbc:oracle:thin:@host_name.domain:port_number:name_of_Oracle_Database_service Sample value: jdbc:oracle:thin:@host1.acemwidgets:1521:srvce1
`UserID`	User name of the DBA login that is used to create users Value: `sys as sysdba` or `system`
`Password`	Password of the DBA login that is used to create users Value: `sys` or `manager`
`Target Locale: Country`	Country code Default value: `US` Note: You must specify the value in uppercase.
`Target Locale: Language`	Language code Default value: `en` Note: You must specify the value in lowercase.
`isSecure`	Specifies whether or not a secure connection must be set up to the target system The value can be `Yes` or `No`. The default value is `Yes`.
`max_retry`	Number of times that the connector must retry connecting to the target server, if the connection fails Default value: `2`
`delay_retry`	Delay (in milliseconds) before the connector attempts to retry connecting to the target system, if the connection fails Default value: `10000`

After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.

IT Resource Parameter Values for Sybase

You must specify values for the Sybase Server IT resource parameters listed in the following table.

Parameter	Description
`DataBaseType`	Type of RDBMS Value: `SYBASE`
`DatabaseName`	Name of the target database in which users are created Sample value: `master`
`Driver`	JDBC driver class Value: com.sybase.jdbc2.jdbc.SybDriver
`URL`	JDBC URL for the target database (Note: The URL that you specify must be less than 2000 characters long.) Value: jdbc:sybase:Tds:Target_Host:5000/DatabaseName Sample value: jdbc:sybase:Tds:integnt:5000/master
`UserID`	User name of the DBA login that is used to create users Value: `sa`
`Password`	Password of the DBA login that is used to create users Value: `sa`
`Target Locale: Country`	Country code Default value: `US` Note: You must specify the value in uppercase.
`Target Locale: Language`	Language code Default value: `en` Note: You must specify the value in lowercase.
`isSecure`	Specifies whether or not a secure connection must be set up to the target system The value can be `Yes` or `No`. The default value is `Yes`. Note: This feature is supported only on for the Oracle Database.
`max_retry`	Number of times that the connector must retry connecting to the target server, if the connection fails Default value: `2`
`delay_retry`	Delay (in milliseconds) before the connector attempts to retry connecting to the target system, if the connection fails Default value: `10000`

After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.