Oracle® Identity Manager Connector Guide for IBM i5/OS (OS/400) Advanced Release 9.0.3 Part Number B32447-01 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The advanced connector for IBM i5/OS (OS/400) is used to integrate Oracle Identity Manager with IBM i5/OS (OS/400).
Note:
Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.The Oracle Identity Manager IBM i5/OS (OS/400) Advanced Connector provides a native interface between IBM i5/OS (OS/400) and Oracle Identity Manager. The advanced connector functions as a trusted virtual administrator on the targeted platform, performing tasks such as creating login IDs, suspending IDs, changing passwords, and performing other functions that administrators usually perform manually.
The IBM i5/OS (OS/400) Advanced Connector enables provisioning and reconciliation to IBM i5/OS (OS/400) security facilities. This chapter discusses the following topics:
Note:
In earlier releases, IBM i5/OS (OS/400) was known as IBM AS/400. Because the connector development started before the change in nomenclature was formally announced by IBM, the IBM i5/OS (OS/400) connector code, scripts, and nomenclature in the connector pack may have occurrences of AS/400. These instances are not errors in the documentation.The IBM i5/OS (OS/400) Advanced Connector includes the following components:
i5/OS (OS/400)LDAP Gateway: The LDAP Gateway receives instructions from Oracle Identity Manager in the same way as any LDAP version 3 identity store. These LDAP commands are then converted into native i5/OS (OS/400) commands and sent to the Provisioning Agent. The response is also native to IBM i5/OS (OS/400), which is then parsed into an LDAP response. After execution, an LDAP-formatted response is returned to the requesting application.
i5/OS (OS/400)Provisioning Agent: The Provisioning Agent is an i5/OS (OS/400) component, receiving native i5/OS (OS/400) provisioning commands from the LDAP Gateway. These requests are processed against the IBM i5/OS (OS/400) authentication repository with the response parsed and returned to the LDAP Gateway.
i5/OS (OS/400)Reconciliation Agent: The Oracle Identity Manager Reconciliation Agent captures native i5/OS (OS/400) events using advanced exit technology for seamless reconciliation to Oracle Identity Manager through the LDAP Gateway. The Reconciliation Agent captures events occurring from the i5/OS (OS/400) logins, command prompt, batch jobs, and other native events in real time. The Reconciliation Agent captures these events and transforms them into notification messages for Oracle Identity Manager through the LDAP Gateway.
i5/OS (OS/400)Message Transport Layer: The message transport layer enables the exchange of messages between the LDAP Gateway and the IBM i5/OS (OS/400) Provisioning and Reconciliation Agent. The i5/OS (OS/400) Advanced Connector uses JTOpen for the message transport layer.
The Advanced connector is also engineered for high-performance environments and transactions.
See Also:
For more information on the IBM i5/OS (OS/400) Advanced Connector architecture and the message transport layer, refer to Appendix B.The following table lists the functions that are available with this connector.
The elements that the Reconciliation Agent extracts from the target system to construct reconciliation event records:
uid
userPassword
sn
cn
givenName
status
owner
initialProgram
description
userControls
This release of the connector supports the following languages:
English
Brazilian Portuguese
French
German
Italian
Japanese
Korean
Simplified Chinese
Spanish
Traditional Chinese
See Also:
Oracle Identity Manager Globalization Guide for information about supported special charactersThe files and directories that comprise this connector are located in the following directory on the installation media:
Security Applications/IBM i5/IBM i5 Advanced Connector
Copy the contents of this file to the oim_home
directory. The contents of this file are described in brief in the following table:
File or Directory on the Installation Media | Description of Files and Contents |
---|---|
etc/LDAP Gateway/ldapgateway.zip |
Files required for LDAP Gateway deployment on the Oracle Identity Manager system. |
etc/Provisioning and Reconciliation Connector/OIMIDFEX.SAVF |
Connector agent file to be placed on the target system (i5/OS (OS/400) or AS/400) for deployment on the mid-range system. |
lib/as400-adv-provisioning.jar |
Connector JAR file to be deployed on the Oracle Identity Manager system to enable provisioning. |
lib/as400-adv-agent-recon.jar |
Connector JAR file to be deployed on the Oracle Identity Manager system to enable reconciliation. |
lib/as400Connection.properties |
Properties file that specifies controls for the initial reconciliation run between the Oracle Identity Manager system and the target IBM i5/OS (OS/400) system. |
Files in the resources directory |
Each of these files contains locale-specific information that is used by the connector.
Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console. |
scripts/run_initial_recon_provisioning.sh
|
Scripts that perform the initial reconciliation run. |
scripts/run_initial_recon_disable.sh
|
Scripts that perform the initial reconciliation run and further, check for users disabled on the target system and disables them on Oracle Identity Manager |
xml/oimAs400AdvConnector.xml |
The XML file that contains component definitions for the connector. |
See Also:
The Step 2: Copying the Connector Files section in Chapter 2 for information about copying these files to the appropriate destinations.The IBM i5/OS (OS/400) Advanced connector deployment primarily consists of installing the LDAP Gateway, Reconciliation Agent, and Provisioning Agent. The LDAP Gateway is installed on the same system as the Oracle Identity Manager server. The Provisioning Agent and Reconciliation Agents are installed on the IBM i5/OS (OS/400) system.
The deployment procedure on the Oracle Identity Manager server is different in nature from the deployment procedure on i5/OS (OS/400). For simplicity, these instructions have been divided into two chapters in this guide:
Chapter 2, "Deployment on the Oracle Identity Manager Server" covers instructions for deploying the connector on the Oracle Identity Manager system. This consists of configuring the Oracle Identity Manager server, importing the connector XML file, compiling adapters, installing the LDAP Gateway, configuring the message transport layer, and so on.
Chapter 3, "Connector Deployment on the Target i5/OS (OS/400) System" includes the instructions to deploy the connector on i5/OS (OS/400). While it may be possible for the Oracle Identity Manager administrator to perform these tasks, it is recommended that these tasks be performed with the assistance of the administrator of the IBM i5/OS (OS/400) (earlier IBM AS/400) system.