1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. This guide discusses the procedure to deploy the connector that is used to integrate Oracle Identity Manager with Novell GroupWise.

This chapter contains the following sections:

Note:

In this guide, the term Oracle Identity Manager server refers to the computer on which Oracle Identity Manager is installed.

At some places in this guide, Novell GroupWise has been referred to as the target system.

1.1 Certified Components

Table 1-1 lists the certified components for this connector.

Table 1-1 Certified Components

Item Requirement

Oracle Identity Manager

You can use one of the following releases of Oracle Identity Manager:

  • Oracle Identity Manager release 9.0.1 through 9.0.3.x

  • Oracle Identity Manager release 9.1.0.1 and any later BP in this release track

    Note: In this guide, Oracle Identity Manager release 9.1.0.x has been used to denote Oracle Identity Manager release 9.1.0.1 and future releases in the 9.1.0.x series that the connector supports.

  • Oracle Identity Manager 11g release 1 (11.1.1.3.0) and any later BP in this release track

    Note: In this guide, Oracle Identity Manager release 11.1.1 has been used to denote Oracle Identity Manager 11g release 1 (11.1.1) and future releases in this release track.

  • Oracle Identity Manager 11g release 1 PS1 (11.1.1.5.0) and any later BP in this release track

  • Oracle Identity Manager 11g release 1 PS2 (11.1.1.7.0) and any later BP in this release track

  • Oracle Identity Manager 11g release 2 BP04 (11.1.2.0.4) and any later BP in this release track

    Note: In this guide, Oracle Identity Manager release 11.1.2 has been used to denote Oracle Identity Manager 11g release 2 BP04 (11.1.2) and future releases in this release track.

  • Oracle Identity Manager 11g release 2 PS1 (11.1.2.1.0) and any later BP in this release track

  • Oracle Identity Manager 11g release 2 PS2 (11.1.2.2.0) and any later BP in this release track

The connector does not support Oracle Identity Manager running on Oracle Application Server. For detailed information about certified components of Oracle Identity Manager, see the certification matrix on Oracle Technology Network at

http://www.oracle.com/technetwork/documentation/oim1014-097544.html

Target systems

Novell GroupWise 6.5, 7, or 8.

Target system user account

Novell GroupWise user account to which the Supervisor right has been assigned

You provide the credentials of this user account while performing the procedure in one of the following sections:

If this target system user account is not assigned the specified rights, then the following error message may be displayed during connector operations:

Transaction is not active (Transaction Manager error)

Other systems

Novell eDirectory 8.7.3

External code

tcGroupWise65.dll, ldap.jar, ldapbp.jar

Note: The tcGroupWise65.dll is bundled with the rest of the connector installation files on the installation media.

JDK

The JDK version can be one of the following:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.x, use JDK 1.4.2 or a later release in the 1.4.2 series.

  • For Oracle Identity Manager release 9.1.0.x, use JDK 1.5 or a later release in the 1.5 series.

  • For Oracle Identity Manager release 11.1.x, use JDK 1.6 update 18 or later, or JRockit JDK 1.6 update 17 or later.

1.2 Certified Languages

The connector supports the following languages:

  • Chinese Simplified

  • Chinese Traditional

  • Danish

  • English

  • French

  • German

  • Italian

  • Japanese

  • Korean

  • Portuguese (Brazilian)

  • Spanish

Note:

Novell GroupWise does not support the entry of non-ASCII characters. See Chapter 5, "Known Issues" for more information about this limitation.

See Also:

One of the following guides for information about supported special characters:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.x and release 9.1.0.x:

    Oracle Identity Manager Globalization Guide

  • For Oracle Identity Manager release 11.1.x:

    Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager

1.3 Connector Architecture

Figure 1-1 Connector Architecture

Description of Figure 1-1 follows
Description of "Figure 1-1 Connector Architecture"

Novell Groupwise uses Novell eDirectory as a user repository to store information about a user's mailbox.

During provisioning, adapters carry provisioning data submitted through the process form to the target system. The Remote Manager on the target system passes the provisioning data to the native GroupWise code. By using the information available in the user's eDirectory profile, the native GroupWise code creates the mailbox.

During reconciliation, scheduled tasks fetch user mailbox data from the target system into Oracle Identity Manager.

1.4 Features of the Connector

1.4.1 Support for Both Target Resource and Trusted Source Reconciliation

You can use the connector to configure Novell GroupWise as either a target resource or trusted source of Oracle Identity Manager.

See Section 3.3, "Configuring Reconciliation" for more information.

1.4.2 Support for Limited Reconciliation

You can set a reconciliation filter as the value of the CustomizedReconQuery attribute of the GroupWise IT Resource. This filter specifies the subset of newly added and modified target system records that must be reconciled.

See Section 3.3.2, "Limited Reconciliation" for more information.

1.4.3 Support for Batched Reconciliation

You can break down a reconciliation run into batches by specifying the number of records that must be included in each batch.

See Section 3.3.3, "Batched Reconciliation" for more information.

1.4.4 Support for Both Full and Incremental Reconciliation

After you deploy the connector, you can perform full reconciliation to bring all existing user data from the target system to Oracle Identity Manager. After the first full reconciliation run, incremental reconciliation is automatically enabled from the next run of the user reconciliation.

You can perform a full reconciliation run at any time. See Section 3.3.1, "Full Reconciliation" for more information.

1.4.5 Support for Reconciliation of Deleted User Records

You can configure the connector for reconciliation of deleted user records by setting the value of the XLDeleteUsersAllowed attribute of the scheduled task to true. In target resource mode, if a record is deleted on the target system, then the corresponding GroupWise resource is revoked from the OIM User. In trusted source mode, if a record is deleted on the target system, then the corresponding OIM User is deleted.

See Section 3.3.4, "User Reconciliation Scheduled Task" for more information about the XLDeleteUsersAllowed attribute.

1.5 Lookup Definitions Used During Reconciliation and Provisioning

Lookup definitions used during connector operations can be divided into the following categories:

1.5.1 Lookup Definitions Synchronized with the Target System

The following lookup definitions are populated with values fetched from the target system by the scheduled tasks for lookup field synchronization:

See Also:

Section 3.2, "Scheduled Task for Lookup Field Synchronization" for information about these scheduled tasks

  • For Distribution List: Lookup.NGW.DistributionLists

  • For Post Office List: Lookup.NGW.PostOffices

1.5.2 Other Lookup Definitions

Table 1-2 describes the other lookup definitions that are created in Oracle Identity Manager when you deploy the connector. These lookup definitions are either prepopulated with values or values must be manually entered in them after the connector is deployed.

Table 1-2 Other Lookup Definitions

Lookup Definition Description of Values Method to Specify Values for the Lookup Definition

Lookup.NGW.Configuration

This lookup definition maps visibility levels of accounts fetched from the target system with corresponding visibility levels to be displayed in the Visibility field of the OIM User form.

This lookup definition is prepopulated with values. You cannot add or modify entries in this lookup definition.

AttrName.Recon.Map.GW

This lookup definition user attribute mappings between Novell GroupWise and Oracle Identity Manager.

This lookup definition is prepopulated with values, and it is used during reconciliation runs.

Note: Fields in the AttrName.Recon.Map.GW lookup definition that do not begin with the ldap prefix cannot have duplicate values.

Lookup.NGW.ParticipationType

This lookup definition holds information about the participation type that you can select for the user being added to the distribution list.

This lookup definition is prepopulated with values. You cannot add or modify entries in this lookup definition.

Lookup.NGW.Visibility

This lookup definition holds information about the visibility levels that you can select for the target system account that you create through Oracle Identity Manager.

This lookup definition is prepopulated with values. You cannot add or modify entried in this lookup definition.

1.6 Connector Objects Used During Target Resource Reconciliation and Provisioning

The following sections provide information about connector objects used during target resource reconciliation and provisioning:

See Also:

One of the following guides for conceptual information about reconciliation:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.x and release 9.1.0.x: Oracle Identity Manager Connector Concepts

  • For Oracle Identity Manager release 11.1.x: Oracle Fusion Middleware User's Guide for Oracle Identity Manager

The following sections provide information about connector objects used during reconciliation:

1.6.1 User Attributes for Target Resource Reconciliation and Provisioning

Table 1-3 provides information about user attribute mappings for target resource reconciliation and provisioning.

Table 1-3 User Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Target System Field Description

User ID

cn

User's login ID

Visibility

nGWVisibility

Visibility of user in GroupWise system

File ID

nGWFileID

GroupWise user's unique FileID

Exp Date

nGWMailboxExpirationTime

GroupWise Mailbox expiration date

Gateway Account ID

nGWAccountID

User's GateWay account ID

Gateway Access

nGWGatewayAccess

Restricts access to a GroupWise gateway

1.6.2 Distribution List Attributes for Target Resource Reconciliation and Provisioning

Table 1-4 provides information about distribution list attribute mappings for target resource reconciliation and provisioning.

Table 1-4 Distribution List Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Target System Group Attribute Description

Dist List

distlist

Public address list

Participant

participant

Recipient type (To, Cc, or Bcc) of the user for e-mail messages received from the distribution list.

1.6.3 Nick Names Attributes for Target Resource Reconciliation and Provisioning

Table 1-5 provides information about nick names attribute mappings for target resource reconciliation and provisioning.

Table 1-5 Nick Names Attributes for Target Resource Reconciliation and Provisioning

Process Form Field Target System Role Attribute Description

Nick Name

nickname

Alternative address

NNVisibility

visibility

Determines the post office to which the object's information is distributed

1.6.4 Reconciliation Rule for Target Resource Reconciliation

See Also:

One of the following guides for generic information about reconciliation matching and action rules:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.x and release 9.1.0.x: Oracle Identity Manager Connector Concepts

  • For Oracle Identity Manager release 11.1.x: Oracle Fusion Middleware User's Guide for Oracle Identity Manager

The following is the process-matching rule:

Rule name: GroupWise Recon User

Rule element: User Login Equals User ID

In this rule:

  • User Login is one of the following:

    • For Oracle Identity Manager Release 9.0.1 through 9.0.3.x:

      User ID attribute on the Xellerate User form.

    • For Oracle Identity Manager release 9.1.0.x or release 11.1.x:

      User ID attribute on the OIM User form.

  • User ID is the cn attribute of Novell Groupwise.

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Development Tools.

  3. Double-click Reconciliation Rules.

  4. Search for GroupWise Recon User. Figure 1-2 shows the reconciliation rule for target resource reconciliation.

    Figure 1-2 Reconciliation Rule for Target Resource Reconciliation

    Description of Figure 1-2 follows
    Description of "Figure 1-2 Reconciliation Rule for Target Resource Reconciliation"

1.6.5 Reconciliation Action Rules for Target Resource Reconciliation

Table 1-6 lists the action rules for target resource reconciliation.

Table 1-6 Action Rules for Target Resource Reconciliation

Rule Condition Action

One Entity Match Found

Establish Link

One Process Match Found

Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. For information about modifying or creating reconciliation action rules, see one of the following guides:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.x and release 9.1.0.x: Oracle Identity Manager Design Console Guide

  • For Oracle Identity Manager release 11.1.x: Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager

After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Resource Management.

  3. Double-click Resource Objects.

  4. Search for and open the GroupwiseUser resource object.

  5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-3 shows the reconciliation action rule for target resource reconciliation.

    Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation

    Description of Figure 1-3 follows
    Description of "Figure 1-3 Reconciliation Action Rules for Target Resource Reconciliation"

1.6.6 Provisioning Functions

Table 1-7 lists the provisioning functions that are supported by the connector. The Adapter column gives the name of the adapter that is used when the function is performed.

Table 1-7 Provisioning Functions

Function Adapter

Create a mailbox

NGW Create Mailbox

Delete a mailbox

NGW Delete Mailbox

Disable a mailbox

NGW Disable Mailbox

Enable a mailbox

NGW Enable Mailbox

Move a user from one post office to another

NGW Move User To PostOffice

Update a user

NGW Modify Mailbox

Add a user to a distribution list

NGW Add User to Distribution List

Remove a user from a distribution list

NGW Remove User from Distribution List

Add a nickname or alias for a user

NGW Add Nickname to User

Delete the nickname or alias of a user

NGW Delete Nickname of User

Reset user password

NGW Reset Password

1.7 Connector Objects Used During Trusted Source Reconciliation

The following sections provide information about connector objects used during trusted source reconciliation:

1.7.1 User Attributes for Trusted Source Reconciliation

Table 1-8 lists user attributes for trusted source reconciliation.

Table 1-8 User Attributes for Trusted Source Reconciliation

OIM User Form Field Target System Attribute Description

User ID

cn

User's logon name

Note: The value reconciled into the User ID field is also reconciled into both the First Name and Last name fields.

First Name

cn

First name

Last Name

cn

Last name

Employee Type

NA

Default value: Consultant

User Type

NA

Default value: End-User Administrator

Organization

NA

Default value: Xellerate Users

1.7.2 Reconciliation Rule for Trusted Source Reconciliation

See Also:

One of the following guides for generic information about reconciliation matching and action rules:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.x and release 9.1.0.x: Oracle Identity Manager Connector Concepts

  • For Oracle Identity Manager release 11.1.x: Oracle Fusion Middleware User's Guide for Oracle Identity Manager

The following is the process matching rule:

Rule name: Trusted Source recon Rule

Rule element: User Login Equals User ID

In this rule element:

  • User Login is one of the following:

    • For Oracle Identity Manager Release 9.0.1 through 9.0.3.x:

      User ID attribute on the Xellerate User form.

    • For Oracle Identity Manager release 9.1.0.x or release 11.1.x:

      User ID attribute on the OIM User form.

  • User ID is the cn attribute of Novell GroupWise.

After you deploy the connector, you can view the reconciliation rule for target resource reconciliation by performing the following steps:

Note:

Perform the following procedure only after the connector is deployed.

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Development Tools.

  3. Double-click Reconciliation Rules.

  4. Search for Trusted Source recon. Figure 1-4 shows the reconciliation rule for trusted source reconciliation.

    Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation

    Description of Figure 1-4 follows
    Description of "Figure 1-4 Reconciliation Rule for Trusted Source Reconciliation"

1.7.3 Reconciliation Action Rules for Trusted Source Reconciliation

Table 1-9 lists the action rules for target resource reconciliation.

Table 1-9 Action Rules for Target Source Reconciliation

Rule Condition Action

No Matches Found

Create User

One Entity Match Found

Establish Link

One Process Match Found

Establish Link

Note:

No action is performed for rule conditions that are not predefined for this connector. You can define your own action rule for such rule conditions. For information about modifying or creating reconciliation action rules:

  • For Oracle Identity Manager release 9.0.1 through 9.0.3.x and release 9.1.0.x: Oracle Identity Manager Design Console Guide

  • For Oracle Identity Manager release 11.1.x: Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager

After you deploy the connector, you can view the reconciliation action rules for target resource reconciliation by performing the following steps:

  1. Log in to the Oracle Identity Manager Design Console.

  2. Expand Resource Management.

  3. Double-click Resource Objects.

  4. Search for and open the Xellerate User resource object.

  5. Click the Object Reconciliation tab, and then click the Reconciliation Action Rules tab. The Reconciliation Action Rules tab displays the action rules defined for this connector. Figure 1-5 shows the reconciliation action rules for trusted source reconciliation.

    Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation

    Description of Figure 1-5 follows
    Description of "Figure 1-5 Reconciliation Action Rules for Trusted Source Reconciliation"

1.8 Roadmap for Deploying and Using the Connector

The following is the organization of information in the rest of this guide: