1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with external, identity-aware applications. This guide discusses the connector that enables you to use Novell eDirectory either as a managed (target) resource or as an authoritative (trusted) source of identity data for Oracle Identity Manager.

Note:

At some places in this guide, Novell eDirectory has been referred to as the target system.

In the account management (target resource) mode of the connector, information about users created or modified directly on the target system can be reconciled into Oracle Identity Manager. In addition, you can use Oracle Identity Manager to perform provisioning operations on the target system.

In the identity reconciliation (trusted source) configuration of the connector, users are created or modified only on the target system and information about these users is reconciled into Oracle Identity Manager.

Note:

It is recommended that you do not configure the target system as both an authoritative (trusted) source and a managed (target) resource.

This chapter contains the following sections:

1.1 Certified Components

Table 1-1 lists the certified components for this connector.

Table 1-1 Certified Components

Item Requirement

Oracle Identity Manager

You can use one of the following releases of Oracle Identity Manager:

  • Oracle Identity Manager release 9.0.1 through 9.0.3.2

  • Oracle Identity Manager release 9.1.0.1 and any later BP in this release track

    Note: In this guide, Oracle Identity Manager release 9.1.0.x has been used to denote Oracle Identity Manager release 9.1.0.1 and future releases in the 9.1.0.x series that the connector supports.

  • Oracle Identity Manager 11g release 1 (11.1.1.3.0) and any later BP in this release track

    Note: In this guide, Oracle Identity Manager release 11.1.1 has been used to denote Oracle Identity Manager 11g release 1 (11.1.1) and future releases in this release track.

  • Oracle Identity Manager 11g Release 1 PS1 (11.1.1.5.0) and any later BP in this release track

  • Oracle Identity Manager 11g Release 1 PS2 (11.1.1.7.0) and any later BP in this release track

  • Oracle Identity Manager 11g release 2 BP04 (11.1.2.0.4) and any later BP in this release track

    Note: In this guide, Oracle Identity Manager release 11.1.2 has been used to denote Oracle Identity Manager 11g release 2 BP04 (11.1.2) and future releases in this release track.

Target systems

Novell eDirectory 8.7.3 and 8.8

Target system user account

Novell eDirectory user account to which the Supervisor right has been assigned

You provide the credentials of this user account while configuring the IT resource. The procedure is described later in this guide.

If this target system user account is not assigned the specified rights, then the following error message may be displayed during connector operations:

Transaction is not active (Transaction Manager error)

JDK

The JDK version can be one of the following:

  • For Oracle Identity Manager release Oracle Identity Manager release 9.0.1 through 9.0.3.2, use JDK 1.4.2 or a later release in the 1.4.2 series.

  • For Oracle Identity Manager release 9.1.0.x, use JDK 1.5 or a later release in the 1.5 series.

  • For Oracle Identity Manager release 11.1.x, use JDK 1.6 update 18 or later, or JRockit JDK 1.6 update 17 or later.

1.2 Certified Languages

This release of the connector supports the following languages:

  • Arabic

  • Chinese Simplified

  • Chinese Traditional

  • Danish

  • English

  • French

  • German

  • Italian

  • Japanese

  • Korean

  • Portuguese (Brazilian)

  • Spanish

See Also:

For information about supported special characters:

  • For Oracle Identity Manager release from 9.0.1 through 9.0.3.2 and release 9.1.0.x, see Oracle Identity Manager Globalization Guide.

  • For Oracle Identity Manager release 11.1.x, see Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

1.3 Connector Architecture

Figure 1-1 shows the connector integrating Novell eDirectory with Oracle Identity Manager.

Figure 1-1 Connector Architecture

Description of Figure 1-1 follows
Description of "Figure 1-1 Connector Architecture"

Novell eDirectory is configured as a target resource of Oracle Identity Manager. Through provisioning operations performed on Oracle Identity Manager, accounts are created and updated on the target system for OIM Users. Through reconciliation, account data that is created and updated on the target system is fetched into Oracle Identity Manager and stored against the corresponding OIM Users.

During provisioning, adapters carry provisioning data submitted through the process form to the target system. APIs on the target system accept provisioning data from the adapters, carry out the required operation on the target system, and return the response from the target system to the adapters. The adapters return the response to Oracle Identity Manager.

During reconciliation, a scheduled task establishes a connection with the target system and sends reconciliation criteria to the APIs. The APIs extracts user records that match the reconciliation criteria and hand them over to the scheduled task, which brings the records to Oracle Identity Manager.

Each record fetched from the target system is compared with Novell eDirectory resources that are already provisioned to OIM Users. If a match is found, then the update made to the record on the target system is copied to the Novell eDirectory resource in Oracle Identity Manager. If no match is found, then the user ID of the record is compared with the user ID of each OIM User. If a match is found, then data in the target system record is used to provision a Novell eDirectory resource to the OIM User.

1.4 Features of the Connector

1.4.1 Support for Both Target Resource and Trusted Source Reconciliation

You can use the connector to configure Novell eDirectory as either a target resource or trusted source of Oracle Identity Manager.

See Section 3.3, "Configuring Reconciliation" for more information.

1.4.2 Support for Limited Reconciliation

You can set a reconciliation filter as the value of the SearchFilter attribute of the scheduled tasks. This filter specifies the subset of newly added and modified target system records that must be reconciled.

See Section 3.3.2, "Limited Reconciliation" for more information.

1.4.3 Support for Batched Reconciliation

You can break down a reconciliation run into batches by specifying the number of records that must be included in each batch.

See Section 3.3.3, "Batched Reconciliation" for more information.

1.4.4 Support for Paged Reconciliation

Paged reconciliation is the reconciliation of a specified set of target system records at a time, within a reconciliation run. Multiple pages of records are fetched to complete the reconciliation run. This feature helps reduce memory issues that might arise when there are a large number of records to be reconciled.

Note:

Only Novell eDirectory 8.8 and later versions support paged reconciliation.

Paged reconciliation is implemented using the PageSize entry in the Lookup.EDIR.Configuration lookup definition.

See Section 2.3.7.1, "Setting Up the Lookup.EDIR.Configuration Lookup Definition" for information about this lookup definition.

1.4.5 Support for Reconciliation of Deleted User Records

You can configure scheduled tasks for reconciliation of deleted user records. In target resource mode, if a record is deleted on the target system, then the corresponding Novell eDirectory resource is revoked from the OIM User. In trusted source mode, if a record is deleted on the target system, then the corresponding OIM User is deleted.

The scheduled tasks for reconciliation of deleted user records are described in Section 3.3.4, "Reconciliation Scheduled Tasks."

1.4.6 Support for Both Full and Incremental Reconciliation

After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, change-based or incremental reconciliation is automatically enabled from the next run of the user reconciliation.

You can perform a full reconciliation run at any time.

See Section 3.3.1, "Full Reconciliation vs. Incremental Reconciliation" for more information.

1.4.7 Support for Adding New Single-Valued and Multivalued Attributes for Reconciliation and Provisioning

If you want to add to the standard set of single-valued and multivalued attributes for reconciliation and provisioning, then perform the procedures described in Chapter 4, "Extending the Functionality of the Connector".

1.4.8 Support for Transformation of Data During Reconciliation

You can configure transformation of data during reconciliation. For example, you can automate the look up of the field name from an external system and set the value based on the field name.

See Section 4.10, "Configuring Transformation of Data During Reconciliation" for more information.

1.4.9 Support for Reconciliation and Provisioning of Home Directories

From this release onward, the connector supports reconciliation and provisioning of Home directories for users. The procedure to enable and use this feature is optional. This feature makes use of the transformation feature.

See Section 4.9, "Linking the Home Directory Provisioning Operation with the Create User Provisioning Operation" for more information.

1.4.10 Support for High-Availability Configuration of the Target System

The connector can be configured to work with high-availability target system environments. If the primary installation becomes unavailable, then the connector reads information about backup target system installations from the Lookup.EDIR.BackupServers lookup definition and uses this information to switch to a backup target system installation. The timeout interval stored in the LDAPConnectTimeOut entry of the Lookup.EDIR.Configuration lookup definition is used to determine when to switch to the backup target system installation.

See Section 2.3.9, "Configuring High Availability of the Target System" for more information.

1.5 Lookup Definitions Used During Reconciliation and Provisioning

Lookup definitions used during connector operations can be divided into the following categories:

1.5.1 Lookup Definitions Synchronized with the Target System

The following lookup definitions are populated with values fetched from the target system by the scheduled tasks for lookup field synchronization:

See Also:

Section 3.2, "Lookup Field Synchronization" for information about these scheduled tasks

  • For organizations and organization units: Lookup.EDIR.Organization

  • For groups: Lookup.EDIR.UserGroup

  • For roles: Lookup.EDIR.AssignedRole

  • For domain scopes: Lookup.EDIR.DomainScope

  • For profiles: Lookup.EDIR.Profile

1.5.2 Other Lookup Definitions

Table 1-2 describes the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed.

Table 1-2 Other Lookup Definitions

Lookup Definition Description of Values Method to Specify Values for the Lookup Definition

Lookup.EDIR.Configuration

This lookup definition holds connector configuration entries that are used during reconciliation and provisioning.

Some of the entries in this lookup definition are preconfigured. See Section 2.3.7.1, "Setting Up the Lookup.EDIR.Configuration Lookup Definition" for information about the entries for which you can set values.

Lookup.EDIR.Constants

This lookup definition stores values that are used internally by the connector. The connector development team can use this lookup definition to make minor configuration changes in the connector.

You must not modify the entries in this lookup definition.

Lookup.EDIR.Transformation

This lookup definition is used to configure transformation of attribute values fetched from the target system during reconciliation.

It is optional to enter values in this lookup definition. Section 4.10, "Configuring Transformation of Data During Reconciliation" provides information about this lookup definition.

AttrName.Recon.Map.EDIR

This lookup definition holds mappings between the eDirectory User resource object fields and target system attributes.

This lookup definition is preconfigured. Table 1-3 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for user reconciliation. Chapter 4, "Extending the Functionality of the Connector" provides more information.

AttrName.Prov.Map.EDIR

This lookup definition holds mappings between eDirectory User process form fields and target system attributes.

This lookup definition is preconfigured. Table 1-3 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for user provisioning. Chapter 4, "Extending the Functionality of the Connector" provides more information.

AttrName.ReconGroup.Map.EDIR

This lookup definition holds mappings between eDirectory Group resource object fields and target system attributes.

This lookup definition is preconfigured. Table 1-6 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for group reconciliation. Chapter 4, "Extending the Functionality of the Connector" provides more information.

AttrName.ProvGroup.EDIR.Map

This lookup definition holds mappings between eDirectory Group process form fields and target system attributes.

This lookup definition is preconfigured. Table 1-6 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for group provisioning. Chapter 4, "Extending the Functionality of the Connector" provides more information.

AttrName.ReconRole.Map.EDIR

This lookup definition holds mappings between eDirectory Role resource object fields and target system attributes.

This lookup definition is preconfigured. Table 1-7 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for role reconciliation. Chapter 4, "Extending the Functionality of the Connector" provides more information.

AttrName.ProvRole.EDIR.Map

This lookup definition holds mappings between eDirectory Role process form fields and target system attributes.

This lookup definition is preconfigured. Table 1-7 lists the default entries in this lookup definition. You can add entries in this lookup definition if you want to map new target system attributes for group provisioning. Chapter 4, "Extending the Functionality of the Connector" provides more information.

Lookup.EDIR.BackupServers

This lookup definition holds mappings between primary Novell eDirectory servers and secondary Novell eDirectory servers.

It is optional to enter values in this lookup definition. Section 2.3.9, "Configuring High Availability of the Target System" provides information about this lookup definition

Lookup.EDIR.Volume

This lookup definition holds the names of volume objects created on the target system. Home directories that you provision are created on these volume objects.

You enter the names of the volume objects in this lookup definition. Section 2.3.7, "Setting Up Lookup Definitions in Oracle Identity Manager" provides more information.

Lookup.EDIR.NetworkRestriction

During a provisioning operation, you use this lookup definition to specify the IP addresses of the workstations from which the user can log in. If you do not specify an IP address, then the user can log in from any workstation.

Section 2.3.7, "Setting Up Lookup Definitions in Oracle Identity Manager" provides information about creating entries in this lookup definition.

Lookup.EDIR.CommLang

During a provisioning operation, you use this lookup definition to specify a language for the user.

Section 2.3.7, "Setting Up Lookup Definitions in Oracle Identity Manager" provides information about creating entries in this lookup definition.

Lookup.EDIR.TrusteeProperty

During a provisioning operation, you use this lookup definition to specify trustee rights on the property for the user.

Section 2.3.7, "Setting Up Lookup Definitions in Oracle Identity Manager" provides information about creating entries in this lookup definition.

1.6 Connector Objects Used During Target Resource Reconciliation and Provisioning

The following sections provide information about connector objects used during target resource reconciliation and provisioning:

See Also:

The "Reconciliation" section in Oracle Identity Manager Connector Concepts for conceptual information about reconciliation

1.6.1 User Attributes for Target Resource Reconciliation and Provisioning

Table 1-3 provides information about user attribute mappings for target resource reconciliation and provisioning.

Note:

When a user is assigned a role, the equivalentToMe, securityEquals, and rBSAssignedRoles attributes are added to the user object.

Table 1-3 User Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Novell eDirectory Attribute Description

Guid

GUID

GUID

Note: This is a hidden field.

User ID

cn

User ID

First Name

givenname

First name

Last Name

sn

Last name

Middle Name

initials

Middle name

Department

departmentNumber

Department

Location

l

Location

Telephone

telephoneNumber

Telephone

Email

mail

Email

Communication Language

preferredLanguage

Communication language

Timezone

timezone

Timezone

Logon Script

loginScript

Logon script

Title

title

Title

Profile

profile

Profile

Container DN

NA

Container in which the user is present on the target system

For example: o=abc,dc=Company

Security Group (multiple group names can be entered)

GroupMembership

List of groups of which the user is a member

Network Address

networkAddressRestriction

Network address

Volume Name

NA

Name of the volume object in Novell Netware

Home Directory Name

NA

Name of the user's Home directory

Table 1-4 lists the role attributes of the user record for target resource reconciliation and provisioning.

Note:

When a role is assigned to a user, the equivalentToMe and rBSTrusteeOf attributes are added to the role object.

Table 1-4 Role (Child Form) Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Novell eDirectory Role Attribute Description

Role Name

rBSMember

Role name

Scope

Scope

Scope

Inheritance

Inheritable

Inheritance

Table 1-5 lists the trustee rights attributes of the user record for target resource reconciliation and provisioning.

Table 1-5 Trustee Rights (Child Form) Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Novell eDirectory Trustee Rights Attribute Description

Property

Property

Property

Supervisor

Supervisor

Supervisor

Read

Read

Read permission

Write

Write

Write permission

Compare

Compare

Compare permission

Add Self

Add Self

Add Self permission

1.6.2 Group Attributes for Target Resource Reconciliation and Provisioning

Note:

If you are using Oracle Identity Manager release 11.1.x, then you cannot reconcile data from group attributes of the target system. This is tracked by Bug 9799541 in Chapter 6, "Known Issues."

Table 1-6 provides information about group attribute mappings for target resource reconciliation and provisioning.

Table 1-6 Group Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Novell eDirectory Group Attribute Description

Group Name

cn

Group name

Organization

NA

Container in which the group object is located on the target system

Guid

GUID

GUID

1.6.3 Role Attributes for Target Resource Reconciliation and Provisioning

Note:

If you are using Oracle Identity Manager release 11.1.x, then you cannot reconcile data from role attributes of the target system. This is tracked by Bug 9799541 in Chapter 6, "Known Issues."

Table 1-7 provides information about role attribute mappings for target resource reconciliation and provisioning.

Table 1-7 Role Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Novell eDirectory Role Attribute Description

Role Name

cn

Role name

Organization

NA

Container in which the role object is located on the target system

Guid

GUID

GUID

1.6.4 Reconciliation Rule for Target Resource Reconciliation

See Also:

Oracle Identity Manager Connector Concepts for generic information about reconciliation matching and action rules

The following is the process matching rule:

Rule name: eDir Recon User

Rule element: (GUID Equals GUID) OR (User Login Equals User ID)

In the first rule component:

  • GUID to the left of "Equals" is the GUID of the resource assigned to the OIM User.

  • GUID to the right of "Equals" is the GUID of the resource on the target system.

In the second rule component:

  • User Login is one of the following:

    • For Oracle Identity Manager Release 9.0.1 through 9.0.3.2:

      User ID field on the Xellerate User form.

    • For Oracle Identity Manager release 9.1.0.x or release 11.1.x:

      User ID field on the OIM User form.

  • User ID is the cn field on the target system.

This rule supports the following scenarios:

  • You can provision multiple Novell eDirectory resources to the same OIM User, either on Oracle Identity Manager or directly on the target system.

  • You can change the user ID of a user on the target system.

This is illustrated by the following use cases:

  • Use case 1: You provision a Novell eDirectory account for an OIM User, and you also create an account for the user directly on the target system.

    When the first rule condition is applied, no match is found. Then, the second rule condition is applied and it is determined that a second account has been given to the user on the target system. The second account is linked with the OIM User at the end of the reconciliation run.

  • Use case 2: An OIM User has a Novell eDirectory account. You then change the user ID of the user on the target system.

    During the next reconciliation run, application of the first rule condition helps match the resource with the record.

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Development Tools.

  3. Double-click Reconciliation Rules.

  4. Search for eDir Recon User. Figure 1-2 shows the reconciliation rule for target resource reconciliation.

    Figure 1-2 Reconciliation Rule for Target Resource Reconciliation

    Description of Figure 1-2 follows
    Description of "Figure 1-2 Reconciliation Rule for Target Resource Reconciliation"

1.6.5 Reconciliation Action Rules for Target Resource Reconciliation

Table 1-8 lists the action rules for target resource reconciliation.

Table 1-8 Action Rules for Target Resource Reconciliation

Rule Condition Action

No Matches Found

Assign to Administrator With Least Load

One Entity Match Found

Establish Link

One Process Match Found

Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See Oracle Identity Manager Design Console Guide for information about modifying or creating reconciliation action rules.

After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Resource Management.

  3. Double-click Resource Objects.

  4. Search for and open the eDirectory User resource object.

  5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-3 shows the reconciliation action rule for target resource reconciliation.

    Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation

    Description of Figure 1-3 follows
    Description of "Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation"

1.6.6 Provisioning Functions

Table 1-9 lists the provisioning functions that are supported by the connector. The Adapter column gives the name of the adapter that is used when the function is performed.

Table 1-9 Provisioning Functions

Function Adapter

Create a user

EDIR Create User

Delete a user

EDIR Delete User

Enable a user

EDIR Modify User

Disable a user

EDIR Modify User

Move a user from one container to another in Novell eDirectory

Note: The Move User provisioning operation is not supported when the Novell eDirectory and Novell GroupWise resources are provisioned to an OIM User. This is because the association between the Novell GroupWise mailbox and Novell eDirectory object is lost after the Move User provisioning operation.

EDIR Move User

Update user password

EDIR Modify User

Add user to a group

EDIR Add user to Group

Remove User from Group

EDIR Remove user from Group

Assign a role to a user

EDIR Add Assigned Role to User

Remove assigned role from user

EDIR Remove Assigned Role from User

Assign trustee right to a user

EDIR Add Trustee Right to User

Remove trustee right from a user

EDIR Remove Trustee Right from User

Add network address restriction to user

EDIR Add Network Restriction

Remove network address restriction from user

EDIR Remove Network Restriction

Create OU

EDIR Create OU

Change OU name

EDIR Change Org Name

Delete OU

EDIR Delete OU

Move an organization sub unit to another parent organizational unit

EDIR Move OU

Create eDirectory group

EDIR Create Group

Delete eDirectory group

EDIR Delete Group

Update group name

Update eDirectory Group Details

Create eDirectory role

EDIR Create Role

Delete eDirectory role

EDIR Delete Role

Update role name

Update eDirectory Role Details

Create Home directory

EDIR Create Home Directory

1.7 Connector Objects Used During Trusted Source Reconciliation

The following sections provide information about connector objects used during trusted source reconciliation:

1.7.1 User Attributes for Trusted Source Reconciliation

Table 1-10 lists user attributes for trusted source reconciliation.

Table 1-10 User Attributes for Trusted Source Reconciliation

OIM User Form Field Novell eDirectory Attribute Description

User ID

cn

Common name

First Name

givenname

Given name

Last Name

sn

Last name

Employee Type

NA

Default value: Consultant

User Type

NA

Default value: End-User Administrator

Organization

NA

Default value: Xellerate Users

1.7.2 Reconciliation Rule for Trusted Source Reconciliation

See Also:

Oracle Identity Manager Connector Concepts for generic information about reconciliation matching and action rules

The following is the process matching rule:

Rule name: eDir Trusted Recon Rule

Rule element: User Login Equals User ID

In this rule element:

  • User Login is one of the following:

    • For Oracle Identity Manager Release 9.0.1 through 9.0.3.2:

      User ID field on the Xellerate User form.

    • For Oracle Identity Manager release 9.1.0.x or release 11.1.x:

      User ID field on the OIM User form.

  • User ID is the cn field of Novell eDirectory.

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Development Tools.

  3. Double-click Reconciliation Rules.

  4. Search for eDir Trusted Recon Rule. Figure 1-4 shows the reconciliation rule for trusted source reconciliation.

    Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation

    Description of Figure 1-4 follows
    Description of "Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation"

1.7.3 Reconciliation Action Rules for Trusted Source Reconciliation

Table 1-11 lists the action rules for trusted source reconciliation.

Table 1-11 Action Rules for Trusted Source Reconciliation

Rule Condition Action

No Matches Found

Create User

One Entity Match Found

Establish Link

One Process Match Found

Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. See Oracle Identity Manager Design Console Guide for information about modifying or creating reconciliation action rules.

After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Resource Management.

  3. Double-click Resource Objects.

  4. Search for and open the Xellerate User resource object.

  5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-5 shows the reconciliation action rules for trusted source reconciliation.

    Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation

    Description of Figure 1-5 follows
    Description of "Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation"

1.8 Roadmap for Deploying and Using the Connector

The following is the organization of information in the rest of this guide: