Skip Headers
Oracle® Identity Manager Connector Guide for Database User Management
Release 9.0.4

Part Number E10154-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

2 Deploying the Connector

Deploying the connector involves the following steps:

Step 1: Verifying Deployment Requirements

The following table lists the deployment requirements for the connector.

Item Requirement
Oracle Identity Manager Oracle Identity Manager release 8.5.3 or later
Target systems The target system can be any one of the following:
  • Oracle8i Database

  • Oracle9i Database

  • Oracle Database 10g

  • Oracle Real Application Clusters 10g

  • Microsoft SQL Server 2000

  • Microsoft SQL Server 2005

  • Sybase Adaptive Server Enterprise 12.5

  • IBM DB2 UDB 8.1, IBM DB2 UDB 9.1

External code The external code consists of the following files:
  • classes12.zip (Oracle8i Database, Oracle9i Database, and Oracle Database 10g)

  • msbase.jar, mssqlserver.jar, and msutil.jar (Microsoft SQL Server 2000)

  • sqljdbc.jar (Microsoft SQL Server 2005)

  • jconn2.jar (Sybase Adaptive Server Enterprise 12.5)

  • db2java.zip (IBM DB2 UDB)

Note: These ZIP and JAR files are available in the corresponding database installation directories.

Target system user account Depending on the target system, the required user account is one of the following:
  • For Oracle Database: sys, sysdba, or system

  • For Microsoft SQL Server: sa (administrator)

  • For Sybase: sa (administrator)

  • For IBM DB2 UDB:

    Host operating system administrator account

    If IBM DB2 UDB DB2 is installed on an Active Directory domain controller, then a Microsoft Windows 2000/2003 Server (Domain Controller) Administrator account must be used.

If you do not provide the required rights to this user account, then the following exception is thrown:

ORA-01031: insufficient privileges

You provide the credentials of this user account while performing the procedure in the "Defining IT Resources" section.


Step 2: Configuring the Target System

The following sections provide configuration instructions that are specific to the target system database:

Configuring IBM DB2 UDB

You configure IBM DB2 UDB by ensuring that:

  • Authentication on IBM DB2 UDB is done through the operating system. Therefore, the user that you want to provision must exist in the security system of the operating system.

    For example, if you want to provision the domain, then the target (IBM DB2 UDB server) must exist on the domain server and the user that you want to provision must exist in the domain.

  • For databases or services that you want to provision, you must enter the relevant lookup codes, corresponding to the databases or services that already exist on the target system, in the UD_Lookup.DB_Dbnames lookup definition.

  • For tablespaces that you want to provision, you must enter the relevant lookup codes, corresponding to the tablespaces that already exist on the target system, in the UD_Lookup.DB_Tablespacenames lookup definition.

  • For schemas that you want to provision, you must enter the relevant lookup codes, corresponding to the schemas that already exist on the target system, in the UD_Lookup.DB_Schemas lookup definition.

After you configure the IBM DB2 UDB installation, proceed to the "Step 3: Copying the Connector Files and External Code Files" section.

Configuring Microsoft SQL Server

You configure Microsoft SQL Server by ensuring that:

  • The target database in which users are to be created exists in the target Microsoft SQL Server installation.

  • The Microsoft SQL Server user account that is used to create users has DBA privileges. For example, sa/sa.

  • For Microsoft SQL Server 2005, the TCP/IP connection configuration is enabled.

    To enable the TCP/IP connection configuration:

    1. Open the Microsoft SQL Server Configuration Manager.

    2. Click SQL Server 2005 Network Configuration.

    3. Click Protocols for MSSQLSERVER.

    4. In the right frame, right-click TCP/IP and then click Enable.

After you configure the Microsoft SQL Server installation, proceed to the "Step 3: Copying the Connector Files and External Code Files" section.

Configuring Oracle Database

You configure Oracle Database by ensuring that:

  • The service name that is used to create users exists in the target Oracle Database installation.

  • There is sufficient space in the database to store provisioned users.

  • The Oracle Database user account that is used to create users has DBA privileges. For example, sys as sysdba/sys or system/manager.

After you configure the Oracle Database installation, proceed to the "Step 3: Copying the Connector Files and External Code Files" section.

Configuring Sybase

You configure Sybase by ensuring that:

  • The target database in which users are to be created exists in the target Sybase ASE installation.

  • The following scripts are run on the target Sybase database:

    • procGrantAllToUser.sql

    • procRevokeAllFromUser.sql

    Refer to the "Step 3: Copying the Connector Files and External Code Files" section for instructions to copy these files from the installation media ZIP file to the OIM_home/xellerate/XLIntegrations/DatabaseAccess/scripts directory.

Step 3: Copying the Connector Files and External Code Files

The connector files to be copied and the directories to which you must copy them are given in the following table.

Note:

The directory paths given in the first column of this table correspond to the location of the connector files in the following directory on the installation media:
Database Servers/Database User Management

Refer to the "Files and Directories That Comprise the Connector" section for more information about these files.

File in the Installation Media Directory Destination Directory
lib/xliDatabaseAccess.jar
OIM_home/xellerate/JavaTasks
OIM_home/xellerate/ScheduleTask
Files in the resources directory
OIM_home/xellerate/connectorResources
Files in the scripts directory
OIM_home/xellerate/XLIntegrations/DatabaseAccess/scripts
Files in the test/config directory
OIM_home/xellerate/XLIntegrations/test/config
Files in the test/scripts directory
OIM_home/xellerate/XLIntegrations/test/scripts
Files in the xml directory
OIM_home/xellerate/XLIntegrations/DatabaseAccess/xml

Depending on the target system, perform the steps given in one of the following sections to copy external code files:

Note:

While installing Oracle Identity Manager in a clustered environment, you copy the contents of the installation directory to each node of the cluster. Similarly, you must copy the connectorResources directory and the JAR files to the corresponding directories on each node of the cluster.

Copying External Code Files on IBM DB2 UDB

For connectors used with IBM DB2 UDB, copy the db2java.zip file from the DB2_HOME/IBM/SQLLIB/java directory into the OIM_home/xellerate/ThirdParty directory.

After you copy the external code file, proceed to the "Step 5: Importing the Connector XML Files" section.

Copying External Code Files on Microsoft SQL Server

For connectors used with Microsoft SQL Server 2000, the required external JAR files are the JDBC driver files: mssqlserver.jar, msbase.jar, and msutil.jar.

To obtain these files, first download Microsoft SQL Server 2000 Driver for JDBC Service Pack 3 from the Microsoft Web site.

For connectors used with Microsoft SQL Server 2005, the required external JAR file is the sqljdbc.jar JDBC driver file. This file can be downloaded from the Microsoft Web site.

You must copy the required JAR files into the following directory:

OIM_home/xellerate/ThirdParty

Copying External Code Files on Oracle Database

If the connector is used with Oracle8i Database, Oracle9i Database, or Oracle Database 10g, then the required external code file is classes12.zip.

The classes12.zip file is available in the Oracle Database installation at, for example, the following path:

oracle_home/ora92/jdbc/lib/

In this directory path, oracle_home is the location where Oracle Database is installed. For example, C:\Oracle.

You must copy the classes12.zip file into the OIM_home/xellerate/ThirdParty directory.

After you copy the external code file, proceed to the "Step 5: Importing the Connector XML Files" section.

Copying External Code Files on Sybase

For connectors used with Sybase ASE, copy the jconn2.jar file from the SYBASE_HOME/jConnect-5_5/classes directory into the OIM_home/xellerate/ThirdParty directory.

Step 4: Configuring the Oracle Identity Manager Server

This section discusses the following topics:

Note:

In a clustered environment, you must perform this step on each node of the cluster.

Deploying the Microsoft Active Directory Connector If IBM DB2 UDB Is Used

Note:

Perform this step only if the target system is IBM DB2 UDB.

IBM DB2 UDB installed on a Microsoft Windows server does not support the creation of user accounts. Instead, it uses operating system users. It assigns the required privileges to a Microsoft Windows user to convert the user into a complete IBM DB2 UDB user. After a user account is created in Microsoft Windows, it can be assigned the relevant privileges in IBM DB2 UDB.

Therefore, if you want to use the Database User Management connector to provision accounts in IBM DB2 UDB, then you must first deploy the connector for Microsoft Active Directory in the following directory:

OIM_home/xellerate/XLIntegrations/ActiveDirectory

See Also:

Oracle Identity Manager Connector Guide for Microsoft Active Directory

Changing to the Required Input Locale

Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.

You may require the assistance of the system administrator to change to the required input locale.

Modifying the SVP Table

Change the length of the SVP_FIELD_VALUE column in the SVP table to 2000 as follows:

  1. Log in to the Oracle Identity Manager database by using the Oracle Identity Manager database user credentials.

  2. Enter the following command at the SQL prompt:

    For Oracle Database:

    ALTER TABLE SVP MODIFY SVP_FIELD_VALUE VARCHAR2(2000);
    
    

    For Microsoft SQL Server:

    ALTER TABLE SVP ALTER COLUMN SVP_FIELD_VALUE VARCHAR(2000);
    

Clearing Content Related to Connector Resource Bundles from the Server Cache

While performing the instructions described in the "Step 3: Copying the Connector Files and External Code Files" section, you copy files from the resources directory on the installation media into the OIM_home/xellerate/connectorResources directory. Whenever you add a new resource bundle in the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

  1. In a command window, change to the OIM_home/xellerate/bin directory.

    Note:

    You must perform Step 1 before you perform Step 2. If you run the command described in Step 2 as follows, then an exception is thrown:
    OIM_home\xellerate\bin\batch_file_name
    
  2. Enter one of the following commands:

    • On Microsoft Windows:

      PurgeCache.bat ConnectorResourceBundle
      
      
    • On UNIX:

      PurgeCache.sh ConnectorResourceBundle
      

    Note:

    You can ignore the exception that is thrown when you perform Step 2.

    In this command, ConnectorResourceBundle is one of the content categories that you can remove from the server cache. Refer to the following file for information about the other content categories:

    OIM_home/xellerate/config/xlConfig.xml
    

Enabling Logging

When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

  • ALL

    This level enables logging for all events.

  • DEBUG

    This level enables logging of information about fine-grained events that are useful for debugging.

  • INFO

    This level enables logging of informational messages that highlight the progress of the application at coarse-grained level.

  • WARN

    This level enables logging of information about potentially harmful situations.

  • ERROR

    This level enables logging of information about error events that may still allow the application to continue running.

  • FATAL

    This level enables logging of information about very severe error events that could cause the application to stop functioning.

  • OFF

    This level disables logging for all events.

The file in which you set the log level and the log file path depend on the application server that you use:

  • BEA WebLogic

    To enable logging:

    1. Add the following line in the OIM_home/xellerate/config/log.properties file:

      log4j.logger.DB_Adapter=log_level
      
      
    2. In this line, replace DB_Adapter with the name if the adapter for the database that is in use and log_level with the log level that you want to set.

      For example:

      • IBM DB2 UDB

        log4j.logger.Adapter.DB2UDB=INFO
        
        
      • Microsoft SQL Server

        log4j.logger.Adapter.MSSQL=INFO
        
        
      • Oracle Database

        log4j.logger.Adapter.ORACLE=INFO
        
        
      • Sybase

        log4j.logger.Adapter.DatabaseAccess=INFO
        
        

    After you enable logging, log information is written to the following file:

    WebLogic_home/user_projects/domains/domain_name/server_name/server_name.log
    
    
  • IBM WebSphere

    To enable logging:

    1. Add the following line in the OIM_home/xellerate/config/log.properties file:

      log4j.logger.DB_Adapter=log_level
      
      
    2. In this line, replace DB_Adapter with the name if the adapter for the database that is in use and log_level with the log level that you want to set.

      For example:

      • IBM DB2 UDB

        log4j.logger.Adapter.DB2UDB=INFO
        
        
      • Microsoft SQL Server

        log4j.logger.Adapter.MSSQL=INFO
        
        
      • Oracle Database

        log4j.logger.Adapter.ORACLE=INFO
        
        
      • Sybase

        log4j.logger.Adapter.DatabaseAccess=INFO
        
        

    After you enable logging, log information is written to the following file:

    WebSphere_home/AppServer/logs/server_name/startServer.log
    
    
  • JBoss Application Server

    To enable logging:

    1. In the JBoss_home/server/default/conf/log4j.xml file, locate the following lines:

      <category name="DB_Adapter">
         <priority value="log_level"/>
      </category>
      
      
    2. In the second XML code line, replace DB_Adapter with the name if the adapter for the database that is in use and log_level with the log level that you want to set.

      For example:

      • IBM DB2 UDB

        <category name="Adapter.DB2UDB">
           <priority value="INFO"/>
        </category>
        
        
      • Microsoft SQL Server

        <category name="Adapter.MSSQL">
           <priority value="INFO"/>
        </category>
        
        
      • Oracle Database

        <category name="Adapter.ORACLE">
           <priority value="INFO"/>
        </category>
        
        
      • Sybase

        <category name="Adapter.DatabaseAccess">
           <priority value="INFO"/>
        </category>
        
        

    After you enable logging, log information is written to the following file:

    JBoss_home/server/default/log/server.log
    
    
  • OC4J

    To enable logging:

    1. Add the following line in the OIM_home/xellerate/config/log.properties file:

      log4j.logger.DB_Adapter=log_level
      
      
    2. In this line, replace DB_Adapter with the name if the adapter for the database that is in use and log_level with the log level that you want to set.

      For example:

      • IBM DB2 UDB

        log4j.logger.Adapter.DB2UDB=INFO
        
        
      • Microsoft SQL Server

        log4j.logger.Adapter.MSSQL=INFO
        
        
      • Oracle Database

        log4j.logger.Adapter.ORACLE=INFO
        
        
      • Sybase

        log4j.logger.Adapter.DatabaseAccess=INFO
        
        

    After you enable logging, log information is written to the following file:

    OC4J_home/opmn/logs/default_group~home~default_group~1.log
    

Step 5: Importing the Connector XML Files

To import the connector XML files into Oracle Identity Manager:

  1. Open the Oracle Identity Manager Administrative and User Console.

  2. Click the Deployment Management link on the left navigation bar.

  3. Click the Import link under Deployment Management. A dialog box for locating files is displayed.

  4. Locate and open the xliDBAccessLogin_DM.xml file, which is in the OIM_home/xellerate/XLIntegrations/DatabaseAccess/xml directory. Details of this XML file are shown on the File Preview page.

  5. Click Add File. The Substitutions page is displayed.

  6. Click Next. The Confirmation page is displayed.

  7. Click Next. The Provide IT Resource Instance Data page for the OracleITResource IT resource is displayed. If this is the IT resource corresponding to the database that you are using, then perform the next step. Otherwise, click Next until the Provide IT Resource Instance Data page for the IT resource of the database that you are using is displayed.

  8. Depending on the database that you are using, specify values for the parameters of the IT resource. Refer to the appropriate table in the "Defining IT Resources" section for information about the values to be specified.

  9. Click Next. The Provide IT Resource Instance Data page for a new instance of the Database IT resource type is displayed.

  10. Click Skip to specify that you do not want to define a new IT resource. The Confirmation page is displayed.

    See Also:

    If you want to define another IT resource, then refer to Oracle Identity Manager Tools Reference Guide for instructions.
  11. Click View Selections.

    The contents of the XML file are displayed on the Import page. You may see a cross-shaped icon along with some nodes. These nodes represent Oracle Identity Manager entities that are redundant. Before you import the connector XML file, you must remove these entities by right-clicking each node and then selecting Remove.

  12. Click Import. The connector file is imported into Oracle Identity Manager.

  13. Perform the same procedure to import the xliDBAccessUser_DM.xml and xliDBAccessScheduleTask_DM.xml files. These files are in the OIM_home/xellerate/XLIntegrations/DatabaseAccess/xml directory.

    Note:

    Ensure that you import the connector XML files in the specified order.

After you import the connector XML files, proceed to the next chapter.

Defining IT Resources

This section provides IT resource parameter values for the following databases:

IT Resource Parameter Values for IBM DB2 UDB

You must specify values for the IBM DB2 UDB IT resource parameters listed in the following table.

Parameter Description
DataBaseType Type of RDBMS

Value: DB2

DatabaseName Not required
Driver JDBC driver class

Value:

COM.ibm.db2.jdbc.net.DB2Driver

URL JDBC URL for the target database (Note: The URL that you specify must be less than 2000 characters long.)

Value:

jdbc:db2://Target_Host:6789/DatabaseName

Sample value:

jdbc:db2://10.1.1.127:6789/TESTDB

Note: Use the IP address, not the computer name or host name.

UserID User name of the DBA login that is used to create users

Value: sa

Password Not required
Target Locale: Country Country code

Default value: US

Note: You must specify the value in uppercase.

Target Locale: Language Language code

Default value: en

Note: You must specify the value in lowercase.

isSecure Specifies whether or not a secure connection must be set up to the target system

The value can be Yes or No. The default value is Yes.

Note: This feature is supported only on for the Oracle Database.

max_retry Number of times that the connector must retry connecting to the target server, if the connection fails

Default value: 2

delay_retry Delay (in milliseconds) before the connector attempts to retry connecting to the target system, if the connection fails

Default value: 10000


After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.

IT Resource Parameter Values for Microsoft SQL Server

You must specify values for the Microsoft SQL Server IT resource parameters listed in the following table.

Parameter Description
DataBaseType Type of RDBMS

Value: MSSQL

DatabaseName Name of the target database in which users are created

Sample value: XELL

Driver For Microsoft SQL Server 2000

JDBC driver class:

com.microsoft.jdbc.sqlserver.SQLServerDriver

For Microsoft SQL Server 2005

JDBC driver class:

com.microsoft.sqlserver.jdbc.SQLServerDriver

URL JDBC URL for the target database (Note: The URL that you specify must be less than 2000 characters long.)

For Microsoft SQL Server 2000

Value:

jdbc:microsoft:sqlserver://Target_Host:1433;DatabaseName=DatabaseName

Sample value:

jdbc:microsoft:sqlserver://192.168.49.64:1433;DatabaseName=XELL

Note: Use the IP address, not the computer name or host name in this URL.

For Microsoft SQL Server 2005

Value:

jdbc:sqlserver://serverName;instanceName:portNumber;property=value[;property=value]

Sample value:

jdbc:sqlserver://123.12.23.321:1433;database=master

Note: Use the IP address, not the computer name or host name in this URL.

UserID User name of the DBA login that is used to create users

Value: sa

Password Password of the DBA login that is used to create users

Value: sa

Target Locale: Country Country code

Default value: US

Note: You must specify the value in uppercase.

Target Locale: Language Language code

Default value: en

Note: You must specify the value in lowercase.

isSecure Specifies whether or not a secure connection must be set up to the target system

The value can be Yes or No. The default value is Yes.

Note: This feature is supported only on for the Oracle Database.

max_retry Number of times that the connector must retry connecting to the target server, if the connection fails

Default value: 2

delay_retry Delay (in milliseconds) before the connector attempts to retry connecting to the target system, if the connection fails

Default value: 10000


After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.

IT Resource Parameter Values for Oracle Database

You must specify values for the Oracle IT resource parameters listed in the following table.

Parameter Description
DataBaseType Type of database

Value: Oracle

DatabaseName Name of the target database in which users are created

Sample value: xeldb

Driver JDBC driver class

Value: oracle.jdbc.driver.OracleDriver

URL JDBC URL for the target database (Note: The URL that you specify must be less than 2000 characters long.)

The URL value that you must specify depends on the number of database instances and the services they support:

  • One database instance supports multiple services

    URL value:

    jdbc:oracle:thin:@//Oraclehost.domain:Oracleportnumber/Oracleservicename
    
    

    Sample value:

    jdbc:oracle:thin:@//host1.acmewidgets.com:1521/srvce1
    
    
  • Multiple database instances support one service

    URL value:

    jdbc:oracle:thin:loginid/password@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=host1_name.domain)(PORT=port1_number))(ADDRESS=(PROTOCOL=TCP)(HOST=host2_name.domain)(PORT=port2_number))(ADDRESS=(PROTOCOL=TCP)(HOST=host3_name.domain)(PORT=port3_number)) . . . (ADDRESS=(PROTOCOL=TCP)(HOST=hostn_name.domain)(PORT=portn_number))(CONNECT_DATA=(SERVICE_NAME=<name_of_Oracle_service_that_connects_all_given_hosts>)))
    
    

    Sample value:

    jdbc:oracle:thin:sys/welcome1@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST= host1.acmewidgets.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host2.acmewidgets.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host3.acmewidgets.com)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST= host4.acmewidgets.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME= srvce1)))
    
    
  • One database instance supports one service

    URL value:

    jdbc:oracle:thin:@host_name.domain:port_number:name_of_Oracle_Database_service
    
    

    Sample value:

    jdbc:oracle:thin:@host1.acemwidgets:1521:srvce1
    
UserID User name of the DBA login that is used to create users

Value: sys as sysdba or system

Password Password of the DBA login that is used to create users

Value: sys or manager

Target Locale: Country Country code

Default value: US

Note: You must specify the value in uppercase.

Target Locale: Language Language code

Default value: en

Note: You must specify the value in lowercase.

isSecure Specifies whether or not a secure connection must be set up to the target system

The value can be Yes or No. The default value is Yes.

max_retry Number of times that the connector must retry connecting to the target server, if the connection fails

Default value: 2

delay_retry Delay (in milliseconds) before the connector attempts to retry connecting to the target system, if the connection fails

Default value: 10000


After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.

IT Resource Parameter Values for Sybase

You must specify values for the Sybase Server IT resource parameters listed in the following table.

Parameter Description
DataBaseType Type of RDBMS

Value: SYBASE

DatabaseName Name of the target database in which users are created

Sample value: master

Driver JDBC driver class

Value:

com.sybase.jdbc2.jdbc.SybDriver

URL JDBC URL for the target database (Note: The URL that you specify must be less than 2000 characters long.)

Value:

jdbc:sybase:Tds:Target_Host:5000/DatabaseName

Sample value:

jdbc:sybase:Tds:integnt:5000/master

UserID User name of the DBA login that is used to create users

Value: sa

Password Password of the DBA login that is used to create users

Value: sa

Target Locale: Country Country code

Default value: US

Note: You must specify the value in uppercase.

Target Locale: Language Language code

Default value: en

Note: You must specify the value in lowercase.

isSecure Specifies whether or not a secure connection must be set up to the target system

The value can be Yes or No. The default value is Yes.

Note: This feature is supported only on for the Oracle Database.

max_retry Number of times that the connector must retry connecting to the target server, if the connection fails

Default value: 2

delay_retry Delay (in milliseconds) before the connector attempts to retry connecting to the target system, if the connection fails

Default value: 10000


After you specify values for these IT resource parameters, proceed to Step 9 of the procedure to import connector XML files.