1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for Microsoft Active Directory is used to integrate Oracle Identity Manager with Microsoft Active Directory.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

• Supported Functionality

• Multilanguage Support

• Reconciliation Module

• Provisioning Module

• Files and Directories That Comprise the Connector

• Determining the Release Number of the Connector

Supported Functionality

The following table lists the functions that are available with this connector.

Function	Type	Description
Create User	Provisioning	Creates a user
Move User	Provisioning	Moves a user from one organization to another
Delete User	Provisioning	Deletes a user
Enable User	Provisioning	Enables a disabled user
Disable User	Provisioning	Disables a user
Get Organization USN	Provisioning	Retrieves the USN of an organization
Create Organization	Provisioning	Creates an organization
Get Organization USN Changed	Provisioning	Retrieves the USN of an organization after an update
Delete Organization	Provisioning	Deletes an organization
Get User objectGUID	Provisioning	Retrieves the objectGUID of a user
User Must Change Password at Next Logon Updated	Provisioning	Updates a user's profile according to a change in the User Must Change Password at Next Logon attribute
Set Account Expiration Date	Provisioning	Updates a user's profile according to a change in the Account Expiration Date attribute
Password Never Expires Updated	Provisioning	Updates a user's profile according to a change in the Password Never Expires attribute
Update User ID	Provisioning	Updates a user's profile according to a change in the User ID attribute
Add User to Group	Provisioning	Adds a user to a group
Remove User from Group	Provisioning	Removes a user from a group
Create AD Group	Provisioning	Creates an AD group
Delete AD Group	Provisioning	Deletes an AD group
Update Group Name	Provisioning	Updates an AD group name
Get Group objectGUID	Provisioning	Retrieves the objectGUID of a group
Trusted Reconciliation for User	Reconciliation	Creates OIM User accounts corresponding to reconciled Microsoft Active Directory accounts
Create User	Reconciliation	Reconciles Microsoft Active Directory accounts
Create Organization	Reconciliation	Creates organizations along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their root organizations)
Create Group	Reconciliation	Creates groups along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their parent groups)

Multilanguage Support

This release of the connector supports the following languages:

• English

• Brazilian Portuguese

• French

• German

• Italian

• Japanese

• Korean

• Simplified Chinese

• Spanish

• Traditional Chinese

See Also:

Oracle Identity Manager Globalization Guide for information about supported special characters

Reconciliation Module

This section discusses the elements that the reconciliation module extracts from the target system to construct reconciliation event records. This section discusses the following reconciliation types:

• AD Lookup Fields

• AD Group

• AD User

AD Lookup Fields

To populate the Lookup.ADReconliation.GroupLookup lookup definition, the following fields of AD Groups are reconciled:

• sAMAccountName

• objectGUID

AD Group

The reconciliation module extracts the following elements from the target system to construct AD Group reconciliation event records:

• sAMAccountName

• objectGUID

• Organization Name

• instanceType

• cn

AD User

The reconciliation module extracts the following elements from the target system to construct AD User reconciliation event records:

• sAMAccountName

• objectGUID

• name

• memberOf

• sn

• cn

• Initials

Provisioning Module

In Microsoft Active Directory, the provisioning module can be divided into the following:

• AD Organization

• AD Group

• AD User

AD Organization

The following fields are provisioned:

• USN Create

• USN Change

• objectGUID

• Organization Name

  This is the value of the Name field in the Create Organization form of the Oracle Identity Manager Administrative and User Console.

AD Group

The following fields are provisioned:

• Group Name

• Organization Name

• objectGUID

• Group Type

• Group Display Name

AD User

The following fields are provisioned:

• User ID

  Note:

  Microsoft Active Directory restricts the number of characters in the user ID field to 20 characters. Therefore, while provisioning a user through Oracle Identity Manager, you must not enter more than 20 characters in this field.

• Password

• objectGUID

• Organization Name

• First Name

• Last Name

• Middle Name

• User Must Change Password at Next Logon

• Password Never Expires

• Account Expiration Date

• Full Name

• Group Name

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are in the following directory on the installation media:

Directory Servers\Microsoft Active Directory\Microsoft Active Directory Base

These files and directories are listed in the following table.

File in the Installation Media Directory	Description
ext\ldapsdk-4.1.jar	This external JAR file contains the JNDI LDAP booster package that is required for the connector.
ext\ldapbp.jar	This external JAR file is used for batched reconciliation.
lib\xliActiveDirectory.jar	This JAR file contains the class files required for provisioning.
lib\xliADRecon.jar	This JAR file contains the class files required for reconciliation.
Files in the resources directory	Each of these resource bundle files contains language-specific information that is used by the connector. Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console.
scripts\install.bat	This batch file is used to add a certificate to the keystore if Oracle Identity Manager is installed on a Microsoft Windows operating system.
scripts\install.sh	This file is used to add a certificate to the keystore if Oracle Identity Manager is installed on a UNIX-based system.
test\config\config.properties	This file is used to set input test data for the connector test suite.
test\lib\xliADTest.jar	This JAR file contains the class files required for the connector test suite.
test\logs	This directory is used by the connector test suite to log the results of the tests. The log files are created in this directory.
test\scripts\runADTest.bat	This file is used to run a test using the connector test suite.
xml\xliActiveDirectoryScheduleTask_DM.xml	This XML file contains definitions for the Oracle Identity Manager components of the connector related to the reconciliation module.
xml\xliADGroupObject_DM.xml	This XML file contains definitions for the connector components related to AD Group provisioning. These components include: Resource object for AD Group provisioning IT resource type Custom process form Process task and adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules
xml\xliADOrganizationObject_DM.xml	This XML file contains definitions for the connector components related to AD Organization provisioning. These components include: Resource object for AD Organization provisioning IT resource type Custom process form Process task and adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules
xml\xliADUserObject_DM.xml	This XML file contains definitions for the connector components related to AD User provisioning. These components include: Resource object for AD User provisioning IT resource type Custom process form Process task and adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules

Note:

The files in the test directory are used only to run tests on the connector.

The "Step 3: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.

Determining the Release Number of the Connector

To determine the release number of a connector that you have deployed:

1. Extract the contents of the xliActiveDirectory.jar file. For a connector that has been deployed, this file is in the following directory:

   OIM_home\xellerate\JavaTasks
   
   

2. Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xliActiveDirectory.jar file.

   In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.

See Also:

Oracle Identity Manager Design Console Guide