This chapter discusses the following optional procedures:
Section 4.1, "Adding Standard Target System Attributes for Reconciliation"
Section 4.2, "Adding Standard Target System Attributes for Provisioning"
Section 4.3, "Configuring the Connector for Multiple Installations of the Target System"
By default, the attributes listed in the "User Attributes for Target Resource Reconciliation and Provisioning" are mapped for reconciliation between Oracle Identity Manager and the target system. If required, you can map additional attributes for reconciliation as follows:
Note:
Perform this procedure only if you want to add new target system attributes for reconciliation. See Oracle Identity Manager Design Console Guide for detailed information about these steps.
Modify the attributemapping_recon.properties file, which is in the OIM_HOME/xellerate/XLIntegrations/LotusNotes/config directory.
At the end of this file, some of the attribute definitions are preceded by comment characters. You can uncomment the definition of an attribute to add the attribute to the list of reconciliation attributes. If required, you can also add new attributes in this file. The format that you must use is as follows:
OimAttributeName=TargetAttributeName
For example:
Users.City=City
In this example, City is the reconciliation field and also the equivalent target system attribute. As a standard, the prefix "Users." is added at the start of all reconciliation field names.
In the resource object definition, add a reconciliation field corresponding to the new attribute as follows:
Open the Resource Objects form. This form is in the Resource Management folder.
Click Query for Records.
On the Resource Objects Table tab, double-click the LOTUSRO resource object to open it for editing.
On the Object Reconciliation tab, click Add Field to open the Add Reconciliation Field dialog box.
Specify a value for the field name.
You must specify the name that is to the left of the equal sign in the line that you uncomment or add while performing Step 1.
For example, if you uncomment the Users.City=City line in Step 1, then you must specify Users.City as the attribute name.
From the Field Type list, select a data type for the field.
For example: String
Save the values that you enter, and then close the dialog box.
If required, repeat Steps d through g to map more fields.
If you are using Oracle Identity Manager release 11.1.1, then click Create Reconciliation Profile. This copies changes made to the resource object into the MDS.
If a corresponding field does not exist in the process form, then add a new column in the process form.
Open the Form Designer form. This form is in the Development tools folder.
Query for the UD_LOTUS form.
Click Create New Version.
The Create a New Version dialog box is displayed.
Click Save and close the dialog box.
From the Current Version box, select the version name that you entered in the Label field in Step d.
On the Additional Columns tab, click Add.
In the Name field, enter the name of the data field and then enter the other details of the field.
Note:
Repeat Steps g and h if you want to add more attributes.
Click Save, and then click Make Version Active.
Modify the process definition to include the mapping between the newly added attribute and the corresponding reconciliation field:
Open the Process Definition form. This form is in the Process Management folder of the Design Console.
Click the Query for Records icon.
On the Process Definition Table tab, double-click the Lotus Process process definition.
On the Reconciliation Field Mappings tab, click Add Field Map to open the Add Reconciliation Field Mapping dialog box.
From the Field Name list, select the name of the resource object that you add in Step 2.e.
Double-click Process Data Field and select the corresponding process form field from the Lookup dialog box. Then, click OK.
Note:
In this section, the term "attribute" refers to the identity data fields that store user data.
Do not repeat steps that you have performed as part of the procedure described in Section 4.1, "Adding Standard Target System Attributes for Reconciliation."
By default, the attributes listed in the "User Attributes for Target Resource Reconciliation and Provisioning" are mapped for provisioning between Oracle Identity Manager and the target system. If required, you can map additional attributes for provisioning as follows:
See Also:
Oracle Identity Manager Design Console Guide
Depending on the attribute that you want add for provisioning, modify the attributemapping_prov.properties file located in the OIM_HOME/xellerate/XLIntegrations/LotusNotes/config directory by performing one of the following steps:
Note:
A provisioning operation fails after you update the Alternate Full Name, Alternate Full Name Language, or Alternate Organizational Unit attributes. This has been documented as a known issue in Chapter 6, "Known Issues and Limitations."
For the Alternate Full Name attribute:
At the end of this file, add the following line:
AlternateName=AlternateName,registerNewUser
Note:
If you add the Alternate Full Name as an attribute for provisioning, then you must also add the Alternate Full Name Language attribute for provisioning.
For the Alternate Full Name Language attribute:
At the end of this file, add the following line:
AlternateNameLanguage=AlternateNameLanguage,registerNewUser
Note:
If you add the Alternate Full Name Language attribute, then you must also add the Alternate Full Name attribute for provisioning.
For the Alternate Organizational Unit attribute:
At the end of this file, add the following line:
AlternateOrgUnit=AlternateOrgUnit,setAltOrgUnit,Vector
Note:
If you add the Alternate Organizational Unit attribute, then you must also add the Alternate Full Name and Alternate Full Name Language attributes for provisioning.
For attributes other than Alternate Full Name, Alternate Full Name Language, and Alternate Organizational Unit:
At the end of this file, some of the attribute definitions are preceded by comment characters. You can uncomment the definition of an attribute to make it a part of the list of provisioning attributes. If required, you can also add new attributes in this file. The format that you must use is as follows:
OimAttributeName=TargetAttributeName
For example:
City=City
Add a new column in the process form.
Open the Form Designer form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.
Query for the UD_LOTUS form.
Click Create New Version.
The Create a New Version dialog box is displayed.
In the Label field, enter the name of the version.
Click Save and close the dialog box.
From the Current Version box, select the version name that you entered in the Label field in Step d.
On the Additional Columns tab, click Add.
Specify the new field name and other values.
If you added the Alternate Full Name Language attribute in Step 1, then ensure that you enter LookupField in the Field Type column. In addition, perform the following steps:
On the Properties tab, click the Field Name corresponding to Alternate Full Name Language attribute, and then click Add Property.
The Edit Property dialog box is displayed.
From the Property Name list, select Lookup Code.
In the Property Value field, enter Lookup.Lotus.Languages.
Click the Save icon and close the Edit Property dialog box.
Add entries to the Lookup.Lotus.Languages lookup definition. You use the Lookup.Lotus.Languages lookup definition to specify a language for the user during a provisioning operation.
See Also:
Oracle Identity Manager Design Console for instructions on adding entries to lookup definition
Entries in the Lookup.Lotus.Languages lookup definition must be in the following format:
| Code Key | Decode |
|---|---|
|
LANGUAGE_CODE |
LANGUAGE |
In this format, LANGUAGE_CODE is the code of a language on the target system, and LANGUAGE is the language.
Note:
You must ensure that the languages for which you create entries in this lookup definition are enabled on the target system.
The following table lists sample values in the Lookup.Lotus.Languages lookup definition:
| Code Key | Decode |
|---|---|
|
en |
English |
|
fi |
Finnish |
Add a new variable in the variable list.
Open the Adapter Factory form. This form is in the Development Tools folder of the Oracle Identity Manager Design Console.
Click the Query for Records icon.
On the Adapter Factory Table tab, double-click the adpLNCreateuser adapter from the list.
On the Variable List tab, click Add.
In the Add a Variable dialog box, specify the required values and then save and close the dialog box.
Define an additional adapter task for the newly added variable in the adpLNCreateuser adapter.
On the Adapter Tasks tab of the Adapter Factory form, click Add.
In the Adapter Task Selection dialog box, select Functional Task, select Java from the list of functional task types, and then click Continue.
In the Object Instance Selection dialog box, select Persistent Instance and then click Continue.
In the Add an Adapter Factory Task dialog box, specify the task name, select the setProperty method from the Method list, and then click Save.
Map the application method parameters, and then save and close the dialog box. To map the application method parameters:
For the "Output: String Return variable (Adapter Variable)" parameter:
i. From the Map to list, select Adapter Variables.
ii. From the Name list, select Return variable.
For the "Input: String (Adapter Variable)" parameter:
i. From the Map to list, select Adapter Variables.
ii. From the Name list, select Input.
For the "Input: String (Literal)" parameter:
i. From the Map to list, select Literal.
ii. From the Name list, select String.
iii. In the Value field, specify the name that is to the left of the equal sign in the line that you uncomment or add while performing Step 1.
For example, if you uncomment the City=City line in Step 1, then you must specify City as the attribute name.
For the "Input: String (Adapter Variable)" parameter:
i. From the Map to list, select Adapter Variables.
ii. From the Name list, select the newly added adapter variable.
Repeat Steps a through e to create more adapter tasks.
Create an additional adapter task to set the input variable.
Open the Adapter Factory form. This form is in the Development Tools folder in the Oracle Identity Manager Design Console.
On the Adapter Tasks tab, click Add.
In the Adapter Task Selection dialog box, select Logic Task, select SET VARIABLE from the list, and then click Continue.
In the Edit Set Variable Task Parameters dialog box, select input from the Variable Name list, select Adapter Task from the Operand Type list, and the Operand Qualifier as the Adapter Task that you have created in the previous step. Then, click Save.
Map the process form columns and adapter variables for the Create User process task as follows:
Open the Process Definition form. This form is in the Process Management folder of the Design Console.
Click the Query for Records icon.
On the Process Definition Table tab, double-click the Lotus Process process definition.
On the Tasks tab, double-click the Create User task.
In the Closing Form dialog box, click Yes.
On the Integration tab of the Editing Task Columns Create User dialog box, map the unmapped variables, and then save and close the dialog box. To map an unmapped variable:
i. Double-click the row in which N is displayed in the Status column. The value N signifies that the variable is not mapped.
ii. From the Map to list in the Edit Data Mapping for Variables dialog box, select Process Data.
iii. From the Qualifier list, select the name of the variable.
If you want to enable updates of the attribute that you add for provisioning:
Note:
If you want to enable updates of the Alternate Name, Alternate Language, or Alternate Organizational Unit attributes, then ensure that you provision (create) a user with appropriate values for the Alternate Name and Alternate Language fields.
The Alternate Full Name and Alternate Full Name Language attributes work in conjunction with each other. If you provide a value for one of these attributes, then you must also provide a value for the other attribute.
Some of the steps in the following procedure are specific to the values that have been used. If you use other values, then these steps might need to be performed differently.
Log in to the Oracle Identity Manager Design Console.
Expand Process Management and then double-click Process definition.
Enter Lotus Process in the Name field, and then click the Query for records button.
In the process definition, add a new task for updating the field as follows:
i. Click Add and enter the task name. For example, if you add the City field for provisioning, then add the City Updated task.
ii. In the Task Properties section, ensure that the following fields only are selected:
Conditional
Disable Manual Insert
Allow Cancellation while Pending
Allow Multiple Instances
iii. On the Task Dependency tab, under the Preceding Tasks section, click Assign.
The Assign Preceding Tasks dialog box is displayed.
iv. From the Existing Tasks section, select Create User, and the move it to the Preceding Tasks section by clicking the right arrow.
v. Click OK.
Click the Integration tab of the newly added task, and then click Add.
Select Adapter as the handler type and then perform the following:
If you are enabling updates on the Alternate Full Name, Alternate Full Name Language, or Alternate Organizational Unit fields, then select LNUpdateUserName and click Save.
If you are enabling updates on fields other than Alternate Full Name, Alternate Full Name Language, or Alternate Organizational Unit, then select LNUpdateUserInfo and click Save.
In Adapter Variables, double click attrName. A window is displayed for editing the data mapping of the variable.
From the Map To list, select Literal.
Depending on the fields on which you are enabling updates, perform one of the following steps:
* If you are enabling updates on the Alternate Full Name, Alternate Full Name Language, or Alternate Organizational Unit fields, then in the Literal field, enter any value. For example, enter AlternateFullName.
* If you are enabling updates on fields other than Alternate Full Name, Alternate Full Name Language, or Alternate Organizational Unit, then in the Literal field, enter City as the name of the Oracle Identity Manager attribute. This value must be the same as that specified in the attributemapping_prov.properties file.
Create all required mappings.
Click the Responses tab of the task that you created in Step d. Add the SUCCESS and ERROR responses. Enter C for the SUCCESS response and R for the ERROR response.
If you are adding the Alternate Name, Alternate Language or Alternate Organizational Unit attribute as a UDF, then you must add the following response in addition to ones stated above:
Response: ALT_FIELDS_ERROR
Description: Error in updating Alternate field.
Status: R
Save the changes.
If you are enabling updates on the Alternate Full Name, Alternate Full Name Language, or Alternate Organizational Unit fields, then update the Lookup.Lotus.AltFieldMappings lookup definition.
See Also:
Oracle Identity Manager Design Console for instructions on updating entries in a lookup definition
Depending on the field on which you are enabling updates, enter a Decode value for the corresponding Code Key. The Decode value must be the value that you entered in the Literal field in Step f.e. For example, if you are enabling updates on the Alternate Full Name field, then enter AlternateFullName as the Decode value for the AltFullName Code Key.
Save the changes.
Note:
Perform this procedure only if you want to configure the connector for multiple installations of IBM Lotus Notes and Domino.
You might want to configure the connector for multiple installations of the target system. The following example illustrates this requirement:
The London and New York offices of Example Multinational Inc. have their own installations of the target system. The company has recently installed Oracle Identity Manager, and they want to configure Oracle Identity Manager to link all the installations of the target system.
To meet the requirement posed by such a scenario, you can create copies of connector objects, such as the IT resource and scheduled task.
The decision to create a copy of a connector object is based on a requirement. For example, an IT resource can hold connection information for one target system installation. Therefore, it is mandatory to create a copy of the IT resource for each target system installation.
To create copies of the connector objects:
Note:
For this connector, it is assumed that all installation of the target system have the same set of attributes for reconciliation and provisioning.
See the Oracle Identity Manager Design Console Guide for detailed information about the steps in this procedure.
Create a copy of the IT resource. See "Configuring the IT Resource" for information about this IT resource.
Create a copy of the Lotus Notes User Reconciliation scheduled task. See "Reconciliation Scheduled Tasks" for information about this scheduled task.
To reconcile data from a particular target system installation, specify the name of the IT resource for that target system installation as the value of the ITResource scheduled task attribute.