To deploy the connector, perform the procedures described in the following sections:
This section is divided into the following topics:
This section contains the following topics:
Section 2.1.1.1, "Files and Directories on the Installation Media"
Section 2.1.1.3, "Determining the Release Number of the Connector"
Table 2-1 describes the files and directories on the installation media.
Table 2-1 Files and Directories on the Installation Media
| File in the Installation Media Directory | Description |
|---|---|
|
dataset\ProvisionResourceWindows.xml dataset\ModifyResourceWindows.xml Note: dataset is specific to OIM versions prior to 11g R2 |
These request dataset XML files are used to enable request-based provisioning. Section 2.3.7, "Enabling Request-Based Provisioning" provides more information. |
|
configuration\MS Windows-CI.xml |
This XML file contains configuration information that is used during connector installation. |
|
config\debug.properties |
This file contains the debug parameter that you use to specify whether or not the connector must run in debug mode. |
|
lib\tcWindowsNT40.dll |
This DLL file contains the native code required for provisioning directories on a Microsoft Windows 2003 server. |
|
lib\xliWindows2000.jar |
This JAR file contains the class files required for provisioning. During connector deployment, this file is copied to the following location:
|
|
Files in the resources directory |
Each of these resource bundles contains language-specific information that is used by the connector. During connector deployment, these resource bundles are copied to the following location:
Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the Administrative and User Console. These text strings include GUI element labels and messages. |
|
test\config\config.properties |
This file contains the connection attributes required for Oracle Identity Manager to connect to the target system and perform test provisioning operations. |
|
test\scripts\runWindowsTest.bat |
This file is used to start the testing utility. |
|
This XML file contains definitions for the following components of the connector:
|
Note:
The files in the test directory are used only to run tests on the connector.
The connector uses records stored in Oracle Identity Manager by Oracle Identity Manager Connector for Microsoft Active Directory User Management. Shared folders can be created on the target system only for OIM Users who already have a Microsoft Active Directory account in Oracle Identity Manager. Therefore, you must ensure that the Microsoft Active Directory User Management connector is installed before you start using the Microsoft Windows connector.
Note:
The release of the Microsoft Active Directory User Management connector that you install must support the GUID attribute. To verify whether the connector supports the GUID attribute, check the documentation for that release.
Note:
If you are using Oracle Identity Manager release 9.1.0.x, then the procedure described in this section is optional.
If you are using Oracle Identity Manager releases 11.1.1 or 11.1.2, then skip this section.
You might have a deployment of an earlier release of the connector. While deploying the latest release, you might want to know the release number of the earlier release. To determine the release number of the connector that has already been deployed:
In a temporary directory, extract the contents of the following JAR file:
OIM_HOME/xellerate/JavaTasks/xliWindows2000.jar
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xliWindows2000.jar file.
In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.
Configure the file server and the target system in the domain in which you install Microsoft Active Directory. In addition, ensure that a value has been set for the TEMP or TMP environment variable.
Installation on Oracle Identity Manager consists of the following procedures:
Note:
In this guide, the term Connector Installer has been used to refer to the Connector Installer feature of the Administrative and User Console.
Direct provisioning is automatically enabled after you run the Connector Installer. If required, you can enable request-based provisioning in the connector. Direct provisioning is automatically disabled when you enable request-based provisioning. See Section 2.3.7, "Enabling Request-Based Provisioning" if you want to use the request-based provisioning feature for this target system.
To run the Connector Installer:
Copy the contents of the connector installation media directory into the following directory:
Note:
In an Oracle Identity Manager cluster, perform this step on each node of the cluster.
For Oracle Identity Manager release 9.1.0.x: OIM_HOME/xellerate/ConnectorDefaultDirectory
For Oracle Identity Manager release 11.1.1 or 11.1.2: OIM_HOME/server/ConnectorDefaultDirectory
Log in to the Administrative and User Console by using the user account described in the "Creating the User Account for Installing Connectors" section of Oracle Identity Manager Administrative and User Console Guide.
Depending on the Oracle Identity Manager release you are using, perform one of the following steps:
For Oracle Identity Manager release 9.1.0.x:
Click Deployment Management, and then click Install Connector.
For Oracle Identity Manager release 11.1.1:
On the Welcome to Identity Manager Advanced Administration page, under the System Management section, click Install Connector.
For Oracle Identity Manager release 11.1.2:
In the left pane of Identity System Administration page, under System Management, click Manage Connector.
From the Connector List list, select Microsoft Windows RELEASE_NUMBER This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory specified Step 1.
If you have copied the installation files into a different directory, then:
In the Alternative Directory field, enter the full path and name of that directory.
To repopulate the list of connectors in the Connector List list, click Refresh.
From the Connector List list, select Microsoft Windows RELEASE_NUMBER
Click Load.
To start the installation process, click Continue.
The following tasks are performed in sequence:
Configuration of connector libraries
Import of the connector XML files (by using the Deployment Manager)
Compilation of adapters
On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure are displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:
Retry the installation by clicking Retry.
Cancel the installation and begin again from Step 0.
If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of the steps that you must perform after the installation is displayed. These steps are as follows:
Ensuring that the prerequisites for using the connector are addressed
Note:
At this stage, run the PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. See Section 2.3.5, "Clearing Content Related to Connector Resource Bundles from the Server Cache" for information about running the PurgeCache utility.
There are no prerequisites for some predefined connectors.
Configuring the IT resource for the connector
Record the name of the IT resource displayed on this page. The procedure to configure the IT resource is described later in this guide.
Configuring the scheduled tasks that are created when you installed the connector
Record the names of the scheduled tasks displayed on this page. The procedure to configure these scheduled tasks is described later in this guide.
Copy the files listed in the first column of the following table to the destination directories specified in the second column:
Table 2-2 Files Copied to the Oracle Identity Manager Host Computer
| File in the Installation Media Directory | Destination for Oracle Identity Manager Release 9.1.0.x | Destination for Oracle Identity Manager Release 11.1.1 | Destination for Oracle Identity Manager Release 11.1.2 |
|---|---|---|---|
|
config\debug.properties |
OIM_HOME\xellerate\XLIntegrations\Windows2000\config |
Oracle Identity Manager database |
Oracle Identity Manager database |
|
lib\tcWindowsNT40.dll |
OIM_HOME\xellerate\XLIntegrations\Windows2000\dll
|
For Oracle WebLogic Server, you must also copy this file into the following directory: WEBLOGIC_HOME\server\bin |
For Oracle WebLogic Server, you must also copy this file into the following directory: WEBLOGIC_HOME\server\bin |
|
test\config directory |
OIM_HOME\xellerate\XLIntegrations\Windows2000\config |
OIM_HOME\server\XLIntegration\Windows2000\config |
OIM_HOME\server\XLIntegration\Windows2000\config |
|
test\scripts directory |
OIM_HOME\xellerate\XLIntegrations\Windows2000\scripts |
OIM_HOME\server\XLIntegration\Windows2000\scripts |
OIM_HOME\server\XLIntegration\Windows2000\scripts |
Note:
When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Table 2-1.
Installing the Connector in an Oracle Identity Manager Cluster
While installing the connector in a cluster, you must copy all the JAR files and the contents of the resources directory into the destination directories on each node of the cluster. Then, restart each node. See Section 2.1.1.1, "Files and Directories on the Installation Media" for information about the files that you must copy and their destination locations on the Oracle Identity Manager server.
You must specify values for the parameters of the IT resource as follows:
Log in to the Administrative and User Console.
Depending on the Oracle Identity Manager release you are using, perform one of the following steps:
If you are using Oracle Identity Manager release 9.1.0.x, expand Resource Management, and then click Manage IT Resource.
If you are using Oracle Identity Manager release 11.1.1, then:
On the Welcome to Oracle Identity Manager Self Service page, click Advanced.
On the Welcome to Oracle Identity Manager Advanced Administration page, in the Configuration region, click Manage IT Resource.
If you are using Oracle Identity Manager release 11.1.2, then:
Click on IT Resource under Configuration on Identity System Administration page.
On the Manage IT Resource page, enter W2K File Server in the IT Resource Type field and then click Search.
Click the edit icon for the IT resource.
From the list at the top of the page, select Details and Parameters.
Specify values for the parameters of the IT resource. The following table describes each parameter:
| Parameter | Parameter Description |
|---|---|
|
AdminName |
Enter the user ID of the admin user on the Microsoft Windows computer that is used as the file server. |
|
AdminPassword |
Enter the password of the admin user on the Microsoft Windows computer that is used as the file server. |
|
ComputerName |
Enter the host name or IP address of the Microsoft Windows computer that is used as the file server. |
|
DomainName |
Enter the domain of the Microsoft Windows computer that is used as the file server. |
To save the values, click Update.
On the Manage IT Resource page, enter Windows AD Server in the IT Resource Name list and then click Search.
Note:
This IT resource is used to connect to Microsoft Active Directory.
Click the edit icon for the IT resource.
From the list at the top of the page, select Details and Parameters.
Specify values for the parameters of the IT resource. The following table describes each parameter:
| Parameter | Parameter Description |
|---|---|
|
Admin FQDN |
Enter the fully qualified domain name of the admin user account whose user ID you enter as the value of the AdminName parameter of the W2K File Server IT resource. You can use any one of the following formats to enter the domain name:
Sample values:
|
|
Admin Login |
Enter the user ID that you specify as the value of the AdminName parameter of the W2K File Server IT resource. |
|
Admin Password |
Enter the password that you specify as the value of the AdminPassword parameter of the W2K File Server IT resource. |
|
Root Context |
Enter the fully qualified domain name of the parent or root organization. For example, the root suffix. Format: Sample value: |
|
Server Address |
Enter the host name or IP address of the Microsoft Windows computer on which Microsoft Active Directory is installed. Sample values:
|
|
Use SSL |
Use this parameter to specify whether or not SSL has been used to secure communication between Oracle Identity Manager and Microsoft Active Directory. Default value: Note: It is recommended that you enable SSL to secure communication with the target system. |
|
SSL Port Number |
Enter the number of the port at which SSL is running on the target system host computer. Sample values:
|
|
Target Locale: Country |
Enter the country code. Default value: Note: You must specify the value in uppercase. |
|
Target Locale: Language |
Enter the language code. Default value: Note: You must specify the value in lowercase. |
|
Invert Display Name |
Enter the value that you had entered for the Invert Display Name parameter of the ADITResource IT Resource. If you enter For example, if you enter Default value: Note: If you want to set this parameter to |
|
isLookupDN |
This parameter has been deprecated. It will be removed from the IT resource definition in a future release. Do not change the default value of this parameter. |
To save the values, click Update.
The following sections describe postinstallation steps:
Note:
In an Oracle Identity Manager cluster, you must perform this step on each node of the cluster.
Section 2.3.1, "Setting Up the Lookup.Windows.Configuration Lookup Definition"
Section 2.3.2, "Setting a Value for the PATH Environment Variable"
Section 2.3.5, "Clearing Content Related to Connector Resource Bundles from the Server Cache"
The Microsoft Active Directory User Management connector stores the GUID of users that you manage through the Microsoft Windows connector. You use the Lookup.Windows.Configuration lookup definition to store details of the Microsoft Active Directory User Management connector used by the Microsoft Windows connector. To enter these details in the lookup definition:
On the Design Console, determine the column name for the GUID attribute on the process form of the Microsoft Active Directory User Management connector.
On the Design Console, determine the name of the resource object of the Microsoft Active Directory User Management connector.
On the Design Console, expand Administration and double-click Lookup Definition.
Search for and open the Lookup.Windows.Configuration lookup definition.
In the Decode column for the ADGUIDColunmName entry, enter the name of the process form field (column) that stores the GUID, which you determined in Step 1.
In the Decode column for the ADROName entry, enter the name of the resource object, which you determined in Step 2.
Click the Save icon.
To set a value for the PATH environment variable:
Use a text editor to open the following file:
If you are using Oracle Identity Manager 9.1.0.x, then:
OIM_HOME\xellerate\bin\xlStartServer.bat
If you are using Oracle Identity Manager 11.1.1, then:
OIM_HOME\server\bin\StartManagedWeblogic.bat
If you are using Oracle Identity Manager 11.1.2, then:
MW_HOME\user_projects\domains\base_domain\bin\StartManagedWeblogic.bat.
Here MW_HOME is the middleware home.
Add the following line at the start of this file:
If you are using Oracle Identity Manager 9.1.0.x, then:
SET PATH=OIM_HOME\xellerate\XLIntegrations\Windows2000\dll
If you are using Oracle Identity Manager 11.1.1, then:
SET PATH=OIM_HOME\server\XLIntegrations\Windows2000\dll
If you are using Oracle Identity Manager 11.1.2, then:
SET PATH=WEBLOGIC_HOME\server\bin
Save and close the file.
Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.
You may require the assistance of the system administrator to change to the required input locale.
Note:
Perform the procedure described in this section only if you are using Oracle Identity Manager release 11.1.2, and you want to localize UI form field labels.
To localize field label that you add to in UI forms:
Publish the sandbox containing application instance form that is supposed to be localized.
Log in to Oracle Enterprise Manager.
In the left pane, expand Application Deployments and then select oracle.iam.console.identity.sysadmin.ear.
In the right pane, from the Application Deployment list, select MDS Configuration.
On the MDS Configuration page, click Export and save the archive to the local computer.
Extract the contents of the archive, and open the following file in a text editor:
SAVED_LOCATION\xliffBundles\oracle\iam\ui\runtime\BizEditorBundle.xlf
Edit the BizEditorBundle.xlf file as follows:
Search for the following text:
<file source-language="en" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
Replace with the following text:
<file source-language="en" target-language="LANG_CODE" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
In this text, replace LANG_CODE with the code of the language that you want to localize the form field labels. The following is a sample value for localizing the form field labels in Japanese:
<file source-language="en" target-language="ja" original="/xliffBundles/oracle/iam/ui/runtime/BizEditorBundle.xlf" datatype="x-oracle-adf">
Search for the application instance code. The original code will be in the following format:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_<Field_Name>__c_description']}">
<source><Field_Label></source>
<target/>
</trans-unit>
<trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.<UI_Form_Name>.entity. <UI_Form_Name>EO.UD_<Field_Name>__c_LABEL">
<source><Field_Label></source>
<target/>
</trans-unit>
As an example, the code for Share Path field would be:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_DIR_SPATH__c_description']}">
<source>Share Path</source>
<target/>
</trans-unit>
<trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.windows1.entity.windows1EO.UD_DIR_SPATH__c_LABEL">
<source>Share Path</source>
<target/>
</trans-unit>
Open the resource file from the connector package, for example Windows2000_ja.properties, and get the value of the attribute from the file, for example global.udf.UD_DIR_SPATH=\u5171\u6709\u30D1\u30B9.
Replace the original code shown in Step 6.c with the following:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_<Field_Name>__c_description']}">
<source>< global.udf.UD_Field_Name></source>
<target/>
</trans-unit>
<trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.<UI_Form_Name>.entity. <UI_Form_Name>EO.UD_<Field_Name>__c_LABEL">
<source><Field_Label></source>
<target/>
</trans-unit>
As an Example, the code for Share field translation would be:
<trans-unit id="${adfBundle['oracle.adf.businesseditor.model.util.BaseRuntimeResourceBundle']['persdef.sessiondef.oracle.iam.ui.runtime.form.model.user.entity.userEO.UD_DIR_SPATH__c_description']}">
<source>\u5171\u6709\u30D1\u30B9 </source>
<target/>
</trans-unit>
<trans-unit id="sessiondef.oracle.iam.ui.runtime.form.model.windows1.entity.windows1EO.UD_DIR_SPATH__c_LABEL">
<source>Share Path</source>
<target/>
</trans-unit>
Repeat Steps 6.a through 6.d for all attributes of the process form.
Save the file as BizEditorBundle_LANG_CODE.xlf. In this file name, replace LANG_CODE with the code of the language to which you are localizing. Sample file name: BizEditorBundle_ja.xlf.
Repackage the ZIP file and import it into MDS.
Log out of and relog in to Oracle Identity Manager.
Note:
In an Oracle Identity Manager cluster, you must perform this step on each node of the cluster. Then, restart each node.
When you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the OIM_HOME/xellerate/connectorResources directory for Oracle Identity Manager release 9.1.0.x and Oracle Identity Manager database for Oracle Identity Manager release 11.1.1. Whenever you add a new resource bundle to the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.
To clear content related to connector resource bundles from the server cache:
In a command window, perform one of the following steps:
If you are using Oracle Identity Manager release 9.1.0.x, then switch to the OIM_HOME/xellerate/bin directory.
If you are using Oracle Identity Manager releases 11.1.1 or 11.1.2, then switch to the OIM_HOME/server/bin directory.
Note:
You must perform Step 1 before you perform Step 2. An exception is thrown if you run the command described in Step 2 as follows:
For Oracle Identity Manager release 9.1.0.x:
OIM_HOME/xellerate/bin/SCRIPT_FILE_NAME
For Oracle Identity Manager releases 11.1.1 and 11.1.2:
OIM_HOME/server/bin/SCRIPT_FILE_NAME
Enter one of the following commands:
Note:
You can use the PurgeCache utility to purge the cache for any content category. Run PurgeCache.bat CATEGORY_NAME on Microsoft Windows or PurgeCache.sh CATEGORY_NAME on UNIX. The CATEGORY_NAME argument represents the name of the content category that must be purged.
For example, the following commands purge Metadata entries from the server cache:
PurgeCache.bat MetaData
PurgeCache.sh MetaData
For Oracle Identity Manager release 9.1.0.x:
On Microsoft Windows: PurgeCache.bat ConnectorResourceBundle
On UNIX: PurgeCache.sh ConnectorResourceBundle
Note:
You can ignore the exception that is thrown when you perform Step 2. This exception is different from the one mentioned in Step 1.
In this command, ConnectorResourceBundle is one of the content categories that you can delete from the server cache. See the following file for information about the other content categories:
OIM_HOME/xellerate/config/xlconfig.xml
For Oracle Identity Manager releases 11.1.1 or 11.1.2:
On Microsoft Windows: PurgeCache.bat All
On UNIX: PurgeCache.sh All
When prompted, enter the user name and password of an account belonging to the SYSTEM ADMINISTRATORS group. In addition, you are prompted to enter the service URL in the following format:
t3://OIM_HOST_NAME:OIM_PORT_NUMBER
In this format:
Replace OIM_HOST_NAME with the host name or IP address of the Oracle Identity Manager host computer.
Replace OIM_PORT_NUMBER with the port on which Oracle Identity Manager is listening.
See Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager for more information about the PurgeCache utility.
Depending on the Oracle Identity Manager release you are using, perform the procedure described in one of the following sections:
Section 2.3.6.1, "Enabling Logging on Oracle Identity Manager Release 9.1.0.x"
Section 2.3.6.2, "Enabling Logging on Oracle Identity Manager Release 11.1.1 and 11.1.2"
Note:
In an Oracle Identity Manager cluster, perform this procedure on each node of the cluster. Then, restart each node.
When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
ALL
This level enables logging for all events.
DEBUG
This level enables logging of information about fine-grained events that are useful for debugging.
INFO
This level enables logging of messages that highlight the progress of the application at a coarse-grained level.
WARN
This level enables logging of information about potentially harmful situations.
ERROR
This level enables logging of information about error events that might allow the application to continue running.
FATAL
This level enables logging of information about very severe error events that could cause the application to stop functioning.
OFF
This level disables logging for all events.
The file in which you set the log level and the log file path depend on the application server that you use:
Oracle WebLogic Server
To enable logging:
Add the following lines in the OIM_HOME/xellerate/config/log.properties file:
log4j.logger.OIMCP.WINDOWS=log_level
In these lines, replace log_level with the log level that you want to set.
For example:
log4j.logger.OIMCP.WINDOWS=INFO
After you enable logging, log information is displayed on the server console.
IBM WebSphere Application Server
To enable logging:
Add the following lines in the OIM_HOME/xellerate/config/log.properties file:
log4j.logger.XELLERATE=log_level log4j.logger.OIMCP.WINDOWS=log_level
In these lines, replace log_level with the log level that you want to set.
For example:
log4j.logger.XELLERATE=INFO log4j.logger.OIMCP.WINDOWS=INFO
After you enable logging, log information is written to the following file:
WEBSPHERE_HOME/AppServer/logs/SERVER_NAME/SystemOut.log
JBoss Application Server
To enable logging:
In the JBOSS_HOME/server/default/conf/log4j.xml file, add the following lines if they are not already present in the file:
<category name="OIMCP.WINDOWS">
<priority value="log_level"/>
</category>
<category name="XL_INTG.LOTUSNOTES">
<priority value="log_level"/>
</category>
In the second XML code line of each set, replace log_level with the log level that you want to set. For example:
<category name="OIMCP.WINDOWS"> <priority value="INFO"/> </category>
<category name="XL_INTG.LOTUSNOTES"> <priority value="INFO"/> </category>
After you enable logging, log information is written to the following file:
JBOSS_HOME/server/default/log/server.log
Oracle Application Server
To enable logging:
Add the following lines in the OIM_HOME/xellerate/config/log.properties file:
log4j.logger.XELLERATE=log_level log4j.logger.OIMCP.WINDOWS=log_level
In these lines, replace log_level with the log level that you want to set.
For example:
log4j.logger.OIMCP.WINDOWS=INFO
After you enable logging, log information is written to the following file:
ORACLE_HOME/opmn/logs/default_group~home~default_group~1.log
Note:
In an Oracle Identity Manager cluster, perform this procedure on each node of the cluster. Then, restart each node.
Oracle Identity Manager releases 11.1.1 and 11.1.2, uses Oracle Java Diagnostic Logging (OJDL) for logging. OJDL is based on java.util.logger. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
SEVERE.intValue()+100
This level enables logging of information about fatal errors.
SEVERE
This level enables logging of information about errors that might allow Oracle Identity Manager to continue running.
WARNING
This level enables logging of information about potentially harmful situations.
INFO
This level enables logging of messages that highlight the progress of the application.
CONFIG
This level enables logging of information about fine-grained events that are useful for debugging.
FINE, FINER, FINEST
These levels enable logging of information about fine-grained events, where FINEST logs information about all events.
These log levels are mapped to ODL message type and level combinations as shown in Table 2-3.
Table 2-3 Log Levels and ODL Message Type:Level Combinations
| Log Level | ODL Message Type:Level |
|---|---|
|
SEVERE.intValue()+100 |
INCIDENT_ERROR:1 |
|
SEVERE |
ERROR:1 |
|
WARNING |
WARNING:1 |
|
INFO |
NOTIFICATION:1 |
|
CONFIG |
NOTIFICATION:16 |
|
FINE |
TRACE:1 |
|
FINER |
TRACE:16 |
|
FINEST |
TRACE:32 |
The configuration file for OJDL is logging.xml, which is located at the following path:
DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml
Here, DOMAIN_HOME and OIM_SERVER are the domain name and server name specified during the installation of Oracle Identity Manager.
To enable logging in Oracle WebLogic Server:
Edit the logging.xml file as follows:
Add the following blocks in the file:
<log_handler name='windows-handler' level='[LOG_LEVEL]' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='logreader:' value='off'/> <property name='path' value='[FILE_NAME]'/> <property name='format' value='ODL-Text'/> <property name='useThreadName' value='true'/> <property name='locale' value='en'/> <property name='maxFileSize' value='5242880'/> <property name='maxLogSize' value='52428800'/> <property name='encoding' value='UTF-8'/> </log_handler>
<logger name="OIMCP.WINDOWS" level="[LOG_LEVEL]" useParentHandlers="false">
<handler name="windows-handler"/>
<handler name="console-handler"/>
</logger>
Replace both occurrences of [LOG_LEVEL] with the ODL message type and level combination that you require. Table 2-3 lists the supported message type and level combinations.
Similarly, replace [FILE_NAME] with the full path and name of the log file in which you want log messages to be recorded.
The following blocks show sample values for [LOG_LEVEL] and [FILE_NAME]:
<log_handler name='windows-handler' level='NOTIFICATION:1' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='logreader:' value='off'/> <property name='path' value='F:\MyMachine\middleware\user_projects\domains\base_domain1\servers\oim_server1\logs\oim_server1-diagnostic-1.log'/> <property name='format' value='ODL-Text'/> <property name='useThreadName' value='true'/> <property name='locale' value='en'/> <property name='maxFileSize' value='5242880'/> <property name='maxLogSize' value='52428800'/> <property name='encoding' value='UTF-8'/> </log_handler> <logger name="OIMCP.WINDOWS" level="NOTIFICATION:1" useParentHandlers="false"> <handler name="windows-handler"/> <handler name="console-handler"/> </logger>
With these sample values, when you use Oracle Identity Manager, all messages generated for this connector that are of a log level equal to or higher than the NOTIFICATION:1 level are recorded in the specified file.
Save and close the file.
Set the following environment variable to redirect the server logs to a file:
For Microsoft Windows:
set WLS_REDIRECT_LOG=FILENAME
For UNIX:
export WLS_REDIRECT_LOG=FILENAME
Replace FILENAME with the location and name of the file to which you want to redirect the output.
Restart the application server.
Note:
This section is not applicable to Oracle Identity Manager release 11.1.2.
Perform the procedure described in this section only if you are using Oracle Identity Manager release 11.1.1 and you want to configure request-based provisioning.
In request-based provisioning, an end user creates a request for a resource by using the Administrative and User Console. Administrators or other users can also create requests for a particular user. Requests for a particular resource on the resource can be viewed and approved by approvers designated in Oracle Identity Manager.
The following are features of request-based provisioning:
A user can be provisioned only one resource (account) on the target system.
Direct provisioning cannot be used if you enable request-based provisioning.
To configure request-based provisioning, perform the following procedures:
A request dataset is an XML file that specifies the information to be submitted by the requester during a provisioning operation. Predefined request datasets are shipped with this connector. These request datasets specify information about the default set of attributes for which the requester must submit information during a request-based provisioning operation. The following are the predefined request datasets available in the dataset directory on the installation media:
ModifyResourceWindows.xml
ProvisionResourceWindows.xml
Copy the file from the dataset directory on the installation media to the OIM_HOME/DataSet/file directory.
Depending on your requirement, you can modify the file names of the request datasets. In addition, you can modify the information in the request datasets. See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information about modifying request datasets.
Note:
In an Oracle Identity Manager cluster, perform this procedure on each node of the cluster.
All request datasets must be imported into the metadata store (MDS), which can be done by using the Oracle Identity Manager MDS Import utility.
To import a request dataset definition into MDS:
Ensure that you have set the environment for running the MDS Import utility. See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for detailed information about setting up the environment for MDS utilities.
In a command window, change to the OIM_HOME\server\bin directory.
Run one of the following commands:
On Microsoft Windows
weblogicImportMetadata.bat
On UNIX
weblogicImportMetadata.sh
When prompted, enter the following values:
Please enter your username [weblogic]
Enter the username used to log in to the WebLogic server
Sample value: WL_User
Please enter your password [weblogic]
Enter the password used to log in to the WebLogic server.
Please enter your server URL [t3://localhost:7001]
Enter the URL of the application server in the following format:
t3://HOST_NAME_IP_ADDRESS:PORT
In this format, replace:
HOST_NAME_IP_ADDRESS with the host name or IP address of the computer on which Oracle Identity Manager is installed.
PORT with the port on which Oracle Identity Manager is listening.
The request dataset is imported into MDS.
To enable the Auto Save Form feature:
Log in to the Design Console.
Expand Process Management, and then double-click Process Definition.
Search for and open the Windows 2000 process definition.
Select the Auto Pre-populate and Auto Save Form check boxes.
Click the Save icon.
Run the PurgeCache utility to clear content belonging to the Metadata category from the server cache. See Section 2.3.5, "Clearing Content Related to Connector Resource Bundles from the Server Cache" for instructions.
The procedure to configure request-based provisioning ends with this step.
For OIM server 11.1.2.0 or later versions, follow below additional steps:
For OIM 11g R2 or later release, it is required to create additional metadata. This includes, tagging certain form fields using design console, creating a UI form, creating an application instance, running entitlement and catalog sync jobs.
To tag certain form fields using design console follow below steps:
Login to OIM Design Console.
Open Windows form(UD_DIR).
Create a new form version
Go to Properties tab and add the following properties:
i) For Share Path, add "AccountName = true" property.
Make the new form version as active version.
To create a new UI form and an application instance follow below steps:
Create a Sandbox – For complete information on Sandboxes, see "Managing Sandboxes" section of Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
Navigate to System Administration page and click link Sandboxes on top right hand corner.
In the Manage Sandboxes tab, click Create Sandbox.
In the Create Sandbox dialog, enter a sandbox name and description and click Save and Close. Click Ok in the confirmation dialog box.
Select the newly created (Active) Sandbox.
Create a new UI form. For complete information, see "Managing Forms" section of Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.
In the System Administration page and click Form Designer under Configuration section.
Under Search Results tab, click Create button.
Select the resource type for which form needs to be created.
Enter a form name and click Create
Create an Application Instance. For complete information, see "Managing Application Instances" section of Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.
In the System Administration page and click Application Instances under Configuration section.
Under Search Results tab, click Create.
Enter appropriate values for fields displayed on the Attributes form and click Save.
Now select the newly created form in the Form dropdown and click Apply.
Publishing an application instance for a particular Organization. See "Managing Organizations Associated With Application Instances" section of Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for more information.
Publishing the Sandbox
In the Manage Sandboxes tab which is open, select the sandbox.
Click Publish Sandbox.
Click Yes in the confirmation dialog.
To harvest entitlements and sync catalog, you must follow the steps below:
Run Entitlement List scheduled job.
Run Catalog Synchronization Job.
Note:
For performing Windows provisioning operations in R2, please follow the steps mentioned in the public MOS note 1535369.1. The IT Resource of windows connector should be considered as the primary ITResource and Active Directory IT Resource the secondary.