2 Deploying the Connector

The procedure to deploy the connector can be divided into the following stages:

Section 2.1, "Preinstallation"
Section 2.2, "Installing the Connector on Oracle Identity Manager Release 9.1.0.x or Release 11.1.1"
Section 2.3, "Postinstallation"

2.1 Preinstallation

Preinstallation information is divided across the following sections:

Section 2.1.1, "Preinstallation on Oracle Identity Manager"
Section 2.1.2, "Preinstallation on the Target System"

2.1.1 Preinstallation on Oracle Identity Manager

This section contains the following topics:

Section 2.1.1.1, "Files and Directories on the Installation Media"
Section 2.1.1.2, "Determining the Release Number of the Connector"

2.1.1.1 Files and Directories on the Installation Media

The files and directories on the installation media are listed and described in Table 2-1.

Table 2-1 Files and Directories On the Connector Installation Media

File in the Installation Media Directory	Description
configuration/OracleInternetDirectory-CI.xml	This XML file contains configuration information that is used during connector installation.
lib/OIDProv.jar	This JAR file contains the class files required for provisioning. During connector installation, this file is copied to the following location: For Oracle Identity Manager release 9.1.0.x: OIM_HOME/xellerate/JavaTasks For Oracle Identity Manager release 11.1.1: Oracle Identity Manager database
lib/OIDRecon.jar	This JAR file contains the class files required for reconciliation. During connector installation, this file is copied to the following location: For Oracle Identity Manager release 9.1.0.x: OIM_HOME/xellerate/ScheduleTask For Oracle Identity Manager release 11.1.1: Oracle Identity Manager database
Files in the resources directory	Each of these resource bundles contains language-specific information that is used by the connector. During connector installation, these resource bundles are copied to the following location: For Oracle Identity Manager release 9.1.0.x: OIM_HOME/xellerate/connectorResources For Oracle Identity Manager release 11.1.1: Oracle Identity Manager database Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the Administrative and User Console. These text strings include GUI element labels and messages.
Files in the test/troubleshoot directory	These files are used to perform basic tests on the connector, even before Oracle Identity Manager is installed.
xml/oimOIDUser.xml	This XML file contains definitions for the following components of the connector: IT resource type Process form Process task and adapters (along with their mappings) Resource object Xellerate User (OIM User) Provisioning process Pre-populate rules Reconciliation process Lookup definitions
xml/OIDXLuser.xml	This XML file contains the configuration for the Xellerate User (OIM User). You must import this file only if you plan to use the connector in trusted source reconciliation mode.

Note:

The files in the test/troubleshoot directory are used only to run tests on the connector.

2.1.1.2 Determining the Release Number of the Connector

Note:

If you are using Oracle Identity Manager release 9.1.0.x, then the procedure described in this section is optional.

If you are using Oracle Identity Manager release 11.1.1, then skip this section.

You might have a deployment of an earlier release of the connector. While deploying the latest release, you might want to know the release number of the earlier release. To determine the release number of the connector that has already been deployed:

In a temporary directory, extract the contents of the following JAR file:

OIM_HOME/xellerate/JavaTasks/OIDProv.jar
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the OIDProv.jar file.

In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.

2.1.2 Preinstallation on the Target System

Preinstallation on the target system involves performing the procedure described in the following sections:

Section 2.1.2.1, "Creating a Target System User Account for Connector Operations"
Section 2.1.2.2, "Using External Code Files"

2.1.2.1 Creating a Target System User Account for Connector Operations

You can create a target system user account for connector operations by performing the procedure described in one of the following sections:

If you are using Oracle Internet Directory release 10.1.x, see Section 2.1.2.1.1, "Creating a Target System User account for Connector Operations using Oracle Directory Manager."
If you are using Oracle Internet Directory release 10.1.x or 11gR1, see Section 2.1.2.1.2, "Creating a Target System User Account for Connector Operations using Oracle Internet Directory Command-Line Utilities."

2.1.2.1.1 Creating a Target System User account for Connector Operations using Oracle Directory Manager

The connector uses a target system account to connect to the target system during reconciliation.To create a target system user account with the minimum permissions required to perform connector operations:

To create a user account on the target system:
1. Log in to Oracle Directory Manager as an administrator.
2. In the left pane, under Oracle Internet Directory Server, expand the directory server instance that you want to access, and then expand Entry Management.
3. Navigate to and right-click the context under which you want to create the user. Then, click Create.
  
  The New Entry window is displayed as shown in the following screenshot:
4. In the Distinguished Name field, enter the DN in which you want to create the user. Alternatively, you can click Browse and find the DN.
5. To add an object class to the user:
  - In the Object Classes section, click Add.
  - In the Super Class Selector dialog box, select the top object class, and then click Select.
    
    The following screenshot shown the Super Class Selector window in which the orclUser object class has been selected:
6. Repeat Step e to add each of the following object classes:
  - person
  - organizationalPerson
  - inetOrgPerson
  - orclUser
  - orclUserV2
7. On the Mandatory Properties tab, enter values for all attributes. For example, in the text field for the sn attribute, enter the last name or surname of user being created.
8. If required, on the Optional Properties tab, enter values for the required attributes.
9. Click OK.
  
  The user is created and is displayed in the left pane under the appropriate content.
To grant the user (that you created in Step 1) access rights to perform connector operations:
1. In the left pane, under Oracle Internet Directory Server, expand the directory server instance that you want to access, and then expand Access Control Management.
2. Right-click Access Control Management and select Create.
  
  The New Access Control Point window is displayed.
3. In the Path to Entry Field, enter the DN that the user should be granted access to. Alternatively, you can click Browse to find the DN.
  
  The following screenshot shows the New Access Control Point window in which a sample value for the Path to Entry Field has been entered:
4. In the Structural Access Items section, click Create.
  
  The Structural Access Item window is displayed.
5. On the By Whom tab, select A Specific Entry, and then in the corresponding field, enter the DN in which the user (created in Step 1) exists.
  
  The following screenshot shows the By Whom tab on which a sample value for the A Specific Entry field has been entered:
6. On the Access Rights tab, select the Browse, Add, and Delete access rights under the Grant column. Under the Unspecified column, select Proxy.
  
  The following screenshot shows the Access Rights tab on which access rights have been selected:
7. Click OK.
8. In the Content Access Items section, click Create.
  
  The Content Access Item window is displayed.
9. On the By Whom tab, select A Specific Entry, and then in the corresponding field, enter the DN in which the user (created in Step 1) exists.
  
  The following screenshot shows the By Whom tab on which a sample value for the A Specific Entry field has been entered:
10. On the Attribute tab, from the Attribute list on the right side, select *, which specifies that the user is granted access to all attributes.
  
  On left hand side, select EQ, which is the matching operation to be performed against the attribute.
  
  For example, if you select EQ and *, then the access rights that you grant apply to all attributes. The following screenshot shows the values used in the example:
11. On the Access Rights tab, select the Read, Search, Write, and Compare permissions under the Grant column. Under the Unspecified column, select Selfwrite.
  
  The following screenshot shows the Access Rights tab on which permissions have been selected:
12. Click OK.
13. In the New Access Control Point window, click OK.
  
  The access control point is created.
To verify whether the access control point (created in Step 2) was created properly:
1. Log in to Oracle Directory Server with the complete DN of the user (created in Step 1).
2. If the following error message is displayed, then the access control point is not created properly.
  
  Bind of request to LDAP Server failed.
  
  Otherwise, the access control point is created successfully.
Note:

After creating the user you will be able to login to OID via that user, but you will not able to create user on the target system as it shows insufficient rights and throws LDAP error code 50. To overcome this error, you need to add the new administrator to a group REALM ADMINISTRATORS in groups in ORACLE CONTEXT on the target system.

2.1.2.1.2 Creating a Target System User Account for Connector Operations using Oracle Internet Directory Command-Line Utilities

The following procedure creates an admin user, admin group, and ACIs using the Oracle Internet Directory command-line utilities.

To use this procedure, you must be an administrator on the OID target system who is familiar with command-line utilities such as ldapsearch and ldapmodify. Alternatively, you can also use Oracle Directory Services Manager to perform these functions.

For more information, see the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.

Note:

In this procedure, replace:

dc=example, dc=com with the root suffix.
cn=MyAccounts,dc=example,dc=com with the base location of the users and groups that will be managed by the connector.
admin user name with the administrator user name. For example, oimAdminUser.
password with the administrator user password.
admin group name with the name of the group that the administror belongs to. For example, oimAdminGroup.
OID-Server with the hostname or IP address of the computer that is running OID.
OID-Port with the port at which the OID server is listening.

To create the admin user, group, and ACIs for connector operations:

Create a new file name oidadmin.ldif and add the following entries:

dn: cn=systemids,dc=example,dc=com
changetype: add
objectclass: orclContainer
objectclass: top
cn: systemids

dn: cn=oimAdminUser,cn=systemids,dc=example,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetorgperson
objectclass: orcluser
objectclass: orcluserV2
mail: oimAdminUser
givenname: oimAdminUser
sn: oimAdminUser
cn: oimAdminUser
uid: oimAdminUser
userPassword: welcome1

dn: cn=oimAdminGroup,cn=systemids,dc=example,dc=com
changetype: add
objectclass: groupOfUniqueNames
objectclass: orclPrivilegeGroup
objectclass: top
cn: oimAdminGroup
description: OIM administrator role
uniquemember: cn=oimAdminUser,cn=systemids,dc=example,dc=com

dn: cn=oracleAccounts,dc=example,dc=com
changetype: modify
add: orclaci
orclaci: access to entry by
group="cn=oimAdminGroup,cn=systemids,dc=example,dc=com" (add,browse,delete) by * (none)
orclaci: access to attr=(*) by
group="cn=oimAdminGroup,cn=systemids,dc=example,dc=com" (read,search,write,compare) by * (none)

dn: cn=changelog
changetype: modify
add: orclaci
orclaci: access to entry by
group="cn=oimAdminGroup,cn=systemids,dc=example,dc=com" (browse) by * (none)
orclaci: access to attr=(*) by
group="cn=oimAdminGroup,cn=systemids,dc=example,dc=com" (read,search,compare) by * (none)

Run the following command to load the oidadmin.ldif file:

./ldapmodify -h OID-Server -p OID-port -D OID-Admin-ID -w OID-Admin-password -c-v-f oidadmin.ldif

Run the following command to check if the ACI is added:

/ldapsearch -h OID-Server -p OID-Port -D "cn=orcladmin" -w OID-Admin-password -b "dc=example,dc=com" -s one "objectclass=*" orclaci

Run the following command to check if the proxy user is working against OID. Before running this command ensure that the changenumber is catalogued.

./ldapsearch -h OID-Server -p OID-Port -D "cn=oimAdminUser,cn=systemids,dc=example,dc=com" -w OID-Admin-password -b "cn=changelog" -s sub "changenumber>=0"

If the above command returns an error, run the following command:

./ldapsearch -h OID-Server -p OID-Port -D "cn=oimAdminUser,cn=systemids,dc=example,dc=com" -w OID-Admin-password -b "cn=changelog" -s sub "changenumber>=0"

2.1.2.2 Using External Code Files

The ldap.jar file contains APIs that are used to connect to the target system. The ldapbp.jar file is used by the connector to enable LDAP-based search of user records on the target system. You must download this file from the Sun Web site and copy it into the ThirdParty directory as follows:

Log on to the JNDI Downloads section of the Sun Web site at

http://java.sun.com/products/jndi/downloads/index.html
On the JNDI Downloads page, click Download JNDI 1.2.1 & More.
Select the I agree to the Software License Agreement check box, and then click Continue.
Select LDAP Service Provider, 1.2.4.
Click jndi-1_2_4.zip.
Specify the temporary directory into which you want to download the ldap-1_2_4.zip file.
Extract the contents of the ldap-1_2_4.zip file.
From the lib directory inside the ldap-1_2_4.zip file, copy the ldap.jar and ldapbp.jar files into one of the following directories:

Note:

In an Oracle Identity Manager cluster, copy this JAR files into the ThirdParty directory on each node of the cluster.
- For Oracle Identity Manager release 9.1.0.x:
  
  OIM_HOME/xellerate/ThirdParty
- For Oracle Identity Manager release 11.1.1:
  
  OIM_HOME/server/ThirdParty

2.2 Installing the Connector on Oracle Identity Manager Release 9.1.0.x or Release 11.1.1

Note:

In this guide, the term Connector Installer has been used to refer to the Connector Installer feature of the Oracle Identity Manager Administrative and User Console.

Installing the connector on Oracle Identity Manager release 9.1.0.x or release 11.1.1 involves the following procedures:

Section 2.2.1, "Running the Connector Installer"
Section 2.2.2, "Configuring the IT Resource"

2.2.1 Running the Connector Installer

To run the Connector Installer:

Copy the contents of the connector installation media directory into the following directory:

Note:

In an Oracle Identity Manager cluster, perform this step on each node of the cluster.
- For Oracle Identity Manager release 9.1.0.x: OIM_HOME/xellerate/ConnectorDefaultDirectory
- For Oracle Identity Manager release 11.1.1: OIM_HOME/server/ConnectorDefaultDirectory
Log in to the Administrative and User Console by using the user account described in the "Creating the User Account for Installing Connectors" section of the following guide:
- For Oracle Identity Manager release 9.1.0.x:
  
  Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager
- For Oracle Identity Manager release 11.1.1:
  
  Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager
Depending on the Oracle Identity Manager release you are using, perform one of the following steps:
- For Oracle Identity Manager release 9.1.0.x:
  
  Click Deployment Management, and then click Install Connector.
- For Oracle Identity Manager release 11.1.1:
  
  On the Welcome to Identity Manager Advanced Administration page, in the System Management region, click Install Connector.
From the Connector List list, select Oracle Internet Directory RELEASE_NUMBER. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory in Step 1.

If you have copied the installation files into a different directory, then:
1. In the Alternative Directory field, enter the full path and name of that directory.
2. To repopulate the list of connectors in the Connector List list, click Refresh.
3. From the Connector List list, select Oracle Internet Directory RELEASE_NUMBER.
Click Load.
To start the installation process, click Continue.

The following tasks are performed in sequence:
1. Configuration of connector libraries.
2. Import of the connector XML files (by using the Deployment Manager). If you want to import the target system as a trusted source for reconciliation, then see Section 2.3.1.1, "Configuring Trusted Source Reconciliation."
3. Compilation of adapters.
On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure are displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:
- Retry the installation by clicking Retry.
- Cancel the installation and begin again from Step 0.
If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of the steps that you must perform after the installation is displayed. These steps are as follows:
1. Ensuring that the prerequisites for using the connector are addressed
  
  Note:
  
  At this stage, run the Oracle Identity Manager PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. See Section 2.3.1.3, "Clearing Content Related to Connector Resource Bundles from the Server Cache" for information about running the PurgeCache utility.
  
  There are no prerequisites for some predefined connectors.
2. Configuring the IT resource for the connector
  
  Record the name of the IT resource displayed on this page. The procedure to configure the IT resource is described later in this guide.
3. Configuring the scheduled tasks that are created when you installed the connector
  
  Note:
  
  In Oracle Identity Manager release 11.1.1, a scheduled job is an instance of a scheduled task. In this guide, the term scheduled task used in the context of Oracle Identity Manager release 9.1.0.x is the same as the term scheduled job in the context of Oracle Identity Manager release 11.1.1.
  
  See Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for more information about scheduled tasks and scheduled jobs.
  
  Record the names of the scheduled tasks displayed on this page. The procedure to configure these scheduled tasks is described later in this guide.

When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Table 2-1.

Installing the Connector in an Oracle Identity Manager Cluster

While installing Oracle Identity Manager in a cluster, you must copy all the JAR files and the contents of the connectorResources directory into the corresponding directories on each node of the cluster. See Section 2.1.1.1, "Files and Directories on the Installation Media" for information about the files that you must copy and their destination locations on the Oracle Identity Manager server.

2.2.2 Configuring the IT Resource

Note:

The "modifytimestamp" code key and decode entry is newly added to the AttrName.Recon.Map.OID lookup definition. This entry holds the timestamp of the last successfully reconciled user record from the target system. This timestamp value is retrieved from the target system and is saved as the value of the Last Target Recon TimeStamp IT resource parameter.

You must specify values for the parameters of the OID Server IT resource as follows:

Log in to the Administrative and User Console.
If you are using Oracle Identity Manager release 9.1.0.x, expand Resource Management, and then click Manage IT Resource.
If you are using Oracle Identity Manager release 11.1.1, then:
- On the Welcome page, click Advanced in the upper-right corner of the page.
- On the Welcome to Oracle Identity Manager Advanced Administration page, in the Configuration section, click Manage IT Resource.
In the IT Resource Name field on the Manage IT Resource page, enter OID Server and then click Search.
Click the edit icon for the IT resource.
From the list at the top of the page, select Details and Parameters.

Specify values for the parameters of the IT resource. The following table describes each parameter:

Parameter	Description
Admin Id	DN value of the user who has administrator rights on the Oracle Internet Directory server Sample value: `cn=Admin,ou=People, o=xyz`
Admin Password	Password of the user who has administrator rights on the target Oracle Internet Directory server
Server Address	IP address of the Oracle Internet Directory server
Port	Port number to connect to the Oracle Internet Directory server Sample value: `389`
Root DN	Base DN on which all the user operations are to be carried out Sample value: dc=host_name, dc=com If the domain name is different from the host name, then specify the domain name as the value of this parameter. For example: If the host name is myhost.example.com and domain name is mydomain.example.com, then specify the following as the value of this parameter: `dc=mydomain, dc=example, dc=com`
SSL	If this parameter is set to `true,` then SSL is used to secure communication between Oracle Identity Manager and the Oracle Internet Directory server. In this case, the authentication certificate of the Oracle Internet Directory server must be imported into the Oracle Identity Manager server. If this parameter is set to `false,` then SSL is not used to secure communication between Oracle Identity Manager and the Oracle Internet Directory server. Note: It is recommended that you enable SSL to secure communication with the target system.
Prov Attribute Lookup Code	Name of the lookup definition that has the target attribute mappings required for provisioning a user. The value must be `AttrName.Prov.Map.OID`.
Prov Group Attribute Lookup Code	Name of the lookup definition that has the target attribute mappings required for provisioning a group. The value must be `AttrName.Group.Prov.Map.OID`.
Prov Role Attribute Lookup Code	Name of the lookup definition that has the target attribute mappings required for provisioning a role. The value must be `AttrName.Role.Prov.Map.OID`.
Use XL Org Structure	If set to `true`, then the Oracle Identity Manager organization structure is used during provisioning and reconciliation. During provisioning, you can configure the users to be provisioned in a different organization instead of the default `Xellerate Users` in Oracle Identity Manager. Consider the following example. Suppose a custom organization `org1` exists in the target system: ou=org1,dc=corp,dc=company,dc=com In the preceding sample, you can choose `org1` from the lookup in the Xellerate form and provision the user to the target system. In the preceding sample, the lookup must be populated with specific organization values. Oracle recommends that you first run a full reconciliation with `Use XL Org Structure=true` and then provision a user. Once the full reconciliation is run, the data in the target system is replicated in Oracle Identity Manager. As a result lookup gets populated with the organization/organizational unit values automatically during the reconciliation. If you do not run a full reconciliation, then the organization must first be manually created and then the user should be provisioned. The name of the entity should be the same as that in the target system with identical casing. During reconciliation, if this attribute is set to `true`, then the users are reconciled in the respective organization as specified in the target system. Suppose, a user belongs to `ou=org2,dc=corp,dc=company,dc=com` in the target system. During reconciliation, the user gets updated in `org2` in Oracle Identity Manager. This helps in maintaining the same organization structure in the target system and Oracle Identity Manager. If set to `false`, then the value of the Organization field in the process form is used for provisioning and the organization or container in the target Oracle Internet Directory is used for reconciliation. If the value is set to `false`, then all the users are provisioned and reconciled in the default Oracle Identity Manager organization, `Xellerate Users`.
Last Trusted Recon TimeStamp	For the first trusted user reconciliation run, the timestamp value is not set. For subsequent rounds of reconciliation, the timestamp of the last successfully reconciled user record is stored in this parameter. You do not need to provide a value for this parameter. Sample value: `20060524110907Z`
Last Target Recon TimeStamp	For the first target user reconciliation run, the timestamp value is not set. For subsequent rounds of reconciliation, the timestamp of the last successfully reconciled user record is stored in this parameter. You do not need to provide a value for this parameter. Sample value: `20060524110907Z`
Last Trusted Delete Recon TimeStamp	For the first trusted delete user reconciliation run, the timestamp value is not set. For subsequent rounds of reconciliation, the timestamp of the last successfully reconciled deleted user record is stored in this parameter. You do not need to provide a value for this parameter. Sample value: `20060524110907Z`
Last Target Delete Recon TimeStamp	For the first target delete user reconciliation run, the timestamp value is not set. For subsequent rounds of reconciliation, the timestamp of the last successfully reconciled deleted user record is stored in this parameter You do not need to provide a value for this parameter. Sample value: `20060524110907Z`
Group Reconciliation Time Stamp	For the first group reconciliation run, the timestamp value is not set. For subsequent rounds of reconciliation, the time at which the previous round of group reconciliation was completed is stored in this parameter. You do not need to provide a value for this parameter. Sample value: `20060524110907Z`
Role Reconciliation Time Stamp	For the first role reconciliation run, the timestamp value is not set. For subsequent rounds of reconciliation, the time at which the previous round of role reconciliation was completed is stored in this parameter. You do not need to provide a value for this parameter. Sample value: `20060524110907Z`

To save the values, click Update.

2.3 Postinstallation

Postinstallation steps are divided across the following sections:

Section 2.3.1, "Postinstallation on Oracle Identity Manager Server"
Section 2.3.2, "Postinstallation on the Target System"
Section 2.3.3, "Configuring SSL"

2.3.1 Postinstallation on Oracle Identity Manager Server

Postinstallation on Oracle Identity Manager involves performing the procedure described in the following sections:

Note:

In an Oracle Identity Manager cluster, you must perform this step on each node of the cluster.

Section 2.3.1.1, "Configuring Trusted Source Reconciliation"
Section 2.3.1.2, "Changing to the Required Input Locale"
Section 2.3.1.3, "Clearing Content Related to Connector Resource Bundles from the Server Cache"
Section 2.3.1.4, "Enabling Logging"
Section 2.3.1.5, "Modifying the Value of the checkouttime Attribute"
Section 2.3.1.6, "Setting Up Lookup Definitions in Oracle Identity Manager"
Section 2.3.1.7, "Configuring High Availability of the Target System"
Section 2.3.1.8, "Configuring Oracle Identity Manager for Request-Based Provisioning"
Section 2.3.2.1, "Configuring the Target System"

2.3.1.1 Configuring Trusted Source Reconciliation

While configuring the connector, the target system can be designated as a trusted source or target resource. If you designate the target system as a trusted source, then during a reconciliation run:

For each newly created user on the target system, an OIM User is created.
Updates made to each user on the target system are propagated to the corresponding OIM User.

If you designate the target system as a target resource, then during a reconciliation run:

For each account created on the target system, a resource is assigned to the corresponding OIM User.
Updates made to each account on the target system are propagated to the corresponding resource.

Note:

Skip this section if you do not want to designate the target system as a trusted source for reconciliation.

Configuring trusted source reconciliation involves the following steps:

Import the XML file for trusted source reconciliation, OIDXLuser.xml, by using the Deployment Manager. Section 2.3.1.1.1, "Importing the XML File for Trusted Source Reconciliation" describes the procedure to import the XML file.

Note:

Only one target system can be designated as a trusted source. If you import the OIDXLuser.xml file while you have another trusted source configured, then both connector reconciliations would stop working.
Add the default password policy to the Xellerate User resource object. Section 2.3.1.1.2, "Adding the Default Password Policy for Xellerate User Resource Object" describes the procedure to add the default password policy.
Use the OID User Trusted Recon scheduled task to run trusted reconciliation.

Note:

The OID Trusted Delete User Recon task is run with the DN value, which is the value for the SearchBase attribute in the User Reconciliation scheduled task. The value of this attribute specifies the organizational unit from where users are reconciled from the target system into Oracle Identity Manager. When you run the OID Trusted Delete User Recon task, all of the users in the other organizational units are deleted in Oracle Identity Manager.

2.3.1.1.1 Importing the XML File for Trusted Source Reconciliation

To import the XML file for trusted source reconciliation:

Open the Oracle Identity Manager Administrative and User Console.
If you are using Oracle Identity Manager release 9.1.0.x, then:
1. Click the Deployment Management link on the left navigation pane.
2. Click the Import link under Deployment Management. A dialog box for opening files is displayed.
If you are using Oracle Identity Manager release 11.1.1, then:
1. On the Welcome page, click Advanced in the upper-right corner of the page.
2. On the Welcome to Oracle Identity Manager Advanced Administration page, in the System Management region, click Import Deployment Manager File. A dialog box for opening files is displayed.
Locate and open the OIDXLuser.xml file located in the following directory:
- For Oracle Identity Manager release 9.1.0.x:
  
  OIM_HOME/xellerate/ConnectorDefaultDirectory/OID_904140/xml
- For Oracle Identity Manager release 11.1.1:
  
  OIM_HOME/server/ConnectorDefaultDirectory/OID_904140/xml
Details of this XML file are shown on the File Preview page.
Click Add File. The Substitutions page is displayed.
Click Next. The Confirmation page is displayed.
Click Import.
In the message that is displayed, click Import to confirm that you want to import the XML file and then click OK.

After you import the XML file for trusted source reconciliation, you must add the default password policy to the Xellerate User resource object.

2.3.1.1.2 Adding the Default Password Policy for Xellerate User Resource Object

To add the default password policy to the Xellerate User resource object:

Log in to Design Console.
Expand Resource Management, then double-click Resorce Objects.
Search for and open the Xellerate User resource object.
On the Password Policies Rule tab, click Add.
From the row that is displayed, double-click the Rule lookup field.
From the Lookup dialog box, select Default, and assign it to the resource object.
Click OK.
In the adjacent column, double-click the Policy lookup field.
From the Lookup dialog box, select Default Policy, and assign it to the resource object.
Click OK.
In the Priority field, enter the numeric value 1.
Click Save.

After you add the default password policy to the resource object, you must specify values for the attributes of the OID User Trusted Recon scheduled task. This procedure is described in Section 3.4, "Configuring Scheduled Tasks."

2.3.1.2 Changing to the Required Input Locale

Changing to the required input locale (language and country setting) involves installing the required fonts and setting the required input locale.

You may require the assistance of the system administrator to change to the required input locale.

2.3.1.3 Clearing Content Related to Connector Resource Bundles from the Server Cache

Note:

In an Oracle Identity Manager cluster, you must perform this step on each node of the cluster. Then, restart each node.

When you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the OIM_HOME/xellerate/connectorResources directory for Oracle Identity Manager release 9.1.0.x, and Oracle Identity Manager database for Oracle Identity Manager release 11.1.1. Whenever you add a new resource bundle to the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

In a command window, perform one of the following steps:
- If you are using Oracle Identity Manager release 9.1.0.x, then switch to the OIM_HOME/xellerate/bin directory.
- If you are using Oracle Identity Manager release 11.1.1, then switch to the OIM_HOME/server/bin directory.
Note:

You must perform Step 1 before you perform Step 2. An exception is thrown if you run the command described in Step 2 as follows:

For Oracle Identity Manager release 9.1.0.x:
```
OIM_HOME/xellerate/bin/SCRIPT_FILE_NAME
```
For Oracle Identity Manager release 11.1.1:
```
OIM_HOME/server/bin/SCRIPT_FILE_NAME
```
Enter one of the following commands:

Note:

You can use the PurgeCache utility to purge the cache for any content category. Run PurgeCache.bat CATEGORY_NAME on Microsoft Windows or PurgeCache.sh CATEGORY_NAME on UNIX. The CATEGORY_NAME argument represents the name of the content category that must be purged.

For example, the following commands purge Metadata entries from the server cache:

PurgeCache.bat MetaData

PurgeCache.sh MetaData
- For Oracle Identity Manager release 9.1.0.x:
  
  On Microsoft Windows: PurgeCache.bat ConnectorResourceBundle
  
  On UNIX: PurgeCache.sh ConnectorResourceBundle
  
  Note:
  
  You can ignore the exception that is thrown when you perform Step 2. This exception is different from the one mentioned in Step 1.
  
  In this command, ConnectorResourceBundle is one of the content categories that you can delete from the server cache. See the following file for information about the other content categories:
  
  OIM_HOME/xellerate/config/xlconfig.xml
- For Oracle Identity Manager release 11.1.1:
  
  On Microsoft Windows: PurgeCache.bat All
  
  On UNIX: PurgeCache.sh All
  
  When prompted, enter the user name and password of an account belonging to the SYSTEM ADMINISTRATORS group. In addition, you are prompted to enter the service URL in the following format:
```
t3://OIM_HOST_NAME:OIM_PORT_NUMBER
```
  In this format:
  - Replace OIM_HOST_NAME with the host name or IP address of the Oracle Identity Manager host computer.
  - Replace OIM_PORT_NUMBER with the port on which Oracle Identity Manager is listening.
See Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager for more information about the PurgeCache utility.

2.3.1.4 Enabling Logging

Depending on the Oracle Identity Manager release you are using, perform instructions in one of the following sections:

Section 2.3.1.4.1, "Enabling Logging on Oracle Identity Manager Release 9.1.0.x"
Section 2.3.1.4.2, "Enabling Logging on Oracle Identity Manager Release 11.1.1"

2.3.1.4.1 Enabling Logging on Oracle Identity Manager Release 9.1.0.x

Note:

In an Oracle Identity Manager cluster, perform this procedure on each node of the cluster. Then, restart each node.

When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

ALL

This level enables logging for all events.
DEBUG

This level enables logging of information about fine-grained events that are useful for debugging.
INFO

This level enables logging of messages that highlight the progress of the application at a coarse-grained level.
WARN

This level enables logging of information about potentially harmful situations.
ERROR

This level enables logging of information about error events that might allow the application to continue running.
FATAL

This level enables logging of information about very severe error events that could cause the application to stop functioning.
OFF

This level disables logging for all events.

The file in which you set the log level and the log file path depend on the application server that you use:

IBM WebSphere Application Server

To enable logging:
1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:
```
log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.OID=log_level
```
2. In these lines, replace log_level with the log level that you want to set.
  
  For example:
```
log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.OID=INFO
```
After you enable logging, log information is written to the following file:

WEBSPHERE_HOME/AppServer/logs/SERVER_NAME/SystemOut.log
JBoss Application Server

To enable logging:
1. In the JBOSS_HOME/server/default/conf/log4j.xml file, add the following lines if they are not already present in the file:
```
<category name="XELLERATE">
   <priority value="log_level"/>
</category>
```
```
<category name="XL_INTG.OID">
   <priority value="log_level"/>
</category>
```
2. In the second XML code line of each set, replace log_level with the log level that you want to set. For example:
```
<category name="XELLERATE">
   <priority value="INFO"/>
</category>
```
```
<category name="XL_INTG.OID">
   <priority value="INFO"/>
</category>
```
After you enable logging, log information is written to the following file:

JBOSS_HOME/server/default/log/server.log
Oracle Application Server

To enable logging:
1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:
```
log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.OID=log_level
```
2. In these lines, replace log_level with the log level that you want to set.
  
  For example:
```
log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.OID=INFO
```
After you enable logging, log information is written to the following file:
```
ORACLE_HOME/opmn/logs/default_group~home~default_group~1.log
```
Oracle WebLogic Server

To enable logging:
1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:
```
log4j.logger.XELLERATE=log_level
log4j.logger.XL_INTG.OID=log_level
```
2. In these lines, replace log_level with the log level that you want to set.
  
  For example:
```
log4j.logger.XELLERATE=INFO
log4j.logger.XL_INTG.OID=INFO
```
After you enable logging, log information is displayed on the server console.

2.3.1.4.2 Enabling Logging on Oracle Identity Manager Release 11.1.1

Note:

In an Oracle Identity Manager cluster, perform this procedure on each node of the cluster. Then, restart each node.

Oracle Identity Manager release 11.1.1 uses Oracle Java Diagnostic Logging (OJDL) for logging. OJDL is based on java.util.logger. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

SEVERE.intValue()+100

This level enables logging of information about fatal errors.
SEVERE

This level enables logging of information about errors that might allow Oracle Identity Manager to continue running.
WARNING

This level enables logging of information about potentially harmful situations.
INFO

This level enables logging of messages that highlight the progress of the application.
CONFIG

This level enables logging of information about fine-grained events that are useful for debugging.
FINE, FINER, FINEST

These levels enable logging of information about fine-grained events, where FINEST logs information about all events.

These log levels are mapped to ODL message type and level combinations as shown in Table 2-2.

Table 2-2 Log Levels and ODL Message Type:Level Combinations

Log Level	ODL Message Type:Level
SEVERE.intValue()+100	INCIDENT_ERROR:1
SEVERE	ERROR:1
WARNING	WARNING:1
INFO	NOTIFICATION:1
CONFIG	NOTIFICATION:16
FINE	TRACE:1
FINER	TRACE:16
FINEST	TRACE:32

The configuration file for OJDL is logging.xml, which is located at the following path:

DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml

Here, DOMAIN_HOME and OIM_SERVER are the domain name and server name specified during the installation of Oracle Identity Manager.

To enable logging in Oracle WebLogic Server:

Edit the logging.xml file as follows:

Add the following blocks in the file:

<log_handler name='oid-handler' level='[LOG_LEVEL]' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='logreader:' value='off'/>
     <property name='path' value='[FILE_NAME]'/>
     <property name='format' value='ODL-Text'/>
     <property name='useThreadName' value='true'/>
     <property name='locale' value='en'/>
     <property name='maxFileSize' value='5242880'/>
     <property name='maxLogSize' value='52428800'/>
     <property name='encoding' value='UTF-8'/>
   </log_handler>

<logger name="XL_INTG.OID" level="[LOG_LEVEL]" useParentHandlers="false">
     <handler name="oid-handler"/>
     <handler name="console-handler"/>
   </logger>

Replace both occurrences of [LOG_LEVEL] with the ODL message type and level combination that you require. Table 2-2 lists the supported message type and level combinations.

Similarly, replace [FILE_NAME] with the full path and name of the log file in which you want log messages to be recorded.

The following blocks show sample values for [LOG_LEVEL] and [FILE_NAME]:

<log_handler name='oid-handler' level='NOTIFICATION:1' class='oracle.core.ojdl.logging.ODLHandlerFactory'>
<property name='logreader:' value='off'/>
     <property name='path' value='F:\MyMachine\middleware\user_projects\domains\base_domain1\servers\oim_server1\logs\oim_server1-diagnostic-1.log'/>
     <property name='format' value='ODL-Text'/>
     <property name='useThreadName' value='true'/>
     <property name='locale' value='en'/>
     <property name='maxFileSize' value='5242880'/>
     <property name='maxLogSize' value='52428800'/>
     <property name='encoding' value='UTF-8'/>
   </log_handler>
 
<logger name="XL_INTG.OID" level="NOTIFICATION:1" useParentHandlers="false">
     <handler name="oid-handler"/>
     <handler name="console-handler"/>
   </logger>

With these sample values, when you use Oracle Identity Manager, all messages generated for this connector that are of a log level equal to or higher than the NOTIFICATION:1 level are recorded in the specified file.

Save and close the file.
Set the following environment variable to redirect the server logs to a file:

For Microsoft Windows:
```
set WLS_REDIRECT_LOG=FILENAME
```
For UNIX:
```
export WLS_REDIRECT_LOG=FILENAME
```
Replace FILENAME with the location and name of the file to which you want to redirect the output.
Restart the application server.

2.3.1.5 Modifying the Value of the checkouttime Attribute

To ensure that the connector XML files are correctly imported, you must provide a higher value, 50000 or more, for the checkouttimeout attribute in the following file:

For Oracle Identity Manager release 9.1.0.x

OIM_HOME/xellerate/config/xlconfig.xml
For Oracle Identity Manager release 11.1.1

/db/oim-config.xml

The oim-config.xml file is in the metadata store (MDS).

To modify the xlconfig.xml file:

In a text editor, open the OIM_HOME/xellerate/config/xlconfig.xml file for editing.
Search for and set the value of the checkouttime attribute to value greater than 50000.
Save and close the file.

To modify the oim-config.xml file:

Export the /db/oim-config.xml file from MDS to a temporary location on the Oracle Identity Manager host computer as follows:
1. Ensure that you have set the environment for running the Oracle Identity Manager MDS Export utility. See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for detailed information about setting up the environment for MDS utilities.
2. In a command window, change to the OIM_HOME\server\bin directory.
3. Run one of the following commands:
  - On Microsoft Windows
```
weblogicExportMetadata.bat
```
  - On UNIX
```
weblogicExportMetadata.sh
```
In a text editor, open the oim-config.xml file for editing.
Search for and set the value of the checkouttime attribute to value greater than 50000.
Save and close the file.
Import the oim-config.xml file into the db directory in MDS as follows:
1. Ensure that you have set the environment for running the Oracle Identity Manager MDS Import utility. See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for detailed information about setting up the environment for MDS utilities.
2. In a command window, change to the OIM_HOME\server\bin directory.
3. Run one of the following commands:
  - On Microsoft Windows
```
weblogicImportMetadata.bat
```
  - On UNIX
```
weblogicImportMetadata.sh
```
4. When prompted, enter value for the following:
  - Please enter your username [weblogic]
    
    Enter the username used to log in to the WebLogic server
    
    Sample value: WL_User
  - Please enter your password [weblogic]
    
    Enter the password used to log in to the WebLogic server.
  - Please enter your server URL [t3://localhost:7001]
    
    Enter the URL of the application server in the following format:
    
    t3://HOST_NAME_IP_ADDRESS:PORT
    
    In this format, replace:
    
    - HOST_NAME_IP_ADDRESS with the host name or IP address of the computer on which Oracle Identity Manager is installed.
    
    - PORT with the port on which Oracle Identity Manager is listening.
  The oim-config file is imported into MDS.

2.3.1.6 Setting Up Lookup Definitions in Oracle Identity Manager

You must enter values in some of the lookup definitions that are created when you install the connector. To enter values in a lookup definition:

Log in to the Design Console.
Expand Administration, and double-click Lookup Definition.
Search for and open the lookup definitions described in the following sections. After you enter values in each lookup definitions, save the changes.

The following sections discuss lookup definitions that you must manually configure in Oracle Identity Manager:

Section 2.3.1.6.1, "Setting Up the Lookup.OID.Configuration Lookup Definition"
Section 2.3.1.6.2, "Setting Up the Lookup.OID.PrefLang Lookup Definition"

2.3.1.6.1 Setting Up the Lookup.OID.Configuration Lookup Definition

You can specify values for the following entries in the Lookup.OID.Configuration lookup definition:

specialcharacter

Use the specialcharacter parameter to specify the special characters that must not be allowed in the User ID and Common Name fields during reconciliation and provisioning operations. To add a special character to the default value, append the character to the default value without adding a space or any other delimiter.

Default value: ~`!@#%^&*_-+=:,.?|
ldapConnectTimeOut

Enter the timeout interval (in milliseconds) after which the connector must start trying to establish a connection with the backup target system installations.

Default value: 3000

2.3.1.6.2 Setting Up the Lookup.OID.PrefLang Lookup Definition

You use the Lookup.OID.PrefLang lookup definition to specify a language for the user during a provisioning operation.

Note:

If you want to add entries in this lookup definition, then ensure that the entries are in the format used for the default values.

Table 2-3 Entries in the Lookup.OID.PrefLang Lookup Definition

Code Key	Decode
BrazilianPortuguese	BrazilianPortuguese
English	English
French	French
German	German
Italian	Italian
Japanese	Japanese
SimplifiedChinese	SimplifiedChinese
Spanish	Spanish
TraditionalChinese	TraditionalChinese

2.3.1.7 Configuring High Availability of the Target System

Suppose you have set up multiple, replicated installations of the target system for high availability. You can use the Lookup.OID.Backup server lookup definition to ensure that if the primary target system installation becomes unavailable, then Oracle Identity Manager switches to one of the secondary target system installations. The Lookup.OID.Backup server lookup definition is one of the lookup definitions created when you deploy the connector.

For a single primary installation, you can have any number of secondary installations. In addition, if you configure the connector to work with multiple primary installations, then you can specify secondary installations for each primary installation.

To use the Lookup.OID.Backup server lookup definition, open it in the Design Console and enter code key and decode values for each combination of primary and secondary target system installation.

Code Key	Decode
172.20.55.64	172.20.55.65:389
172.20.55.64	172.20.55.66:390
172.20.55.97	172.20.55.98:440

2.3.1.8 Configuring Oracle Identity Manager for Request-Based Provisioning

Note:

Perform the procedure described in this section only if you are using Oracle Identity Manager release 11.1.1 and you want to configure request-based provisioning.

In request-based provisioning, an end user creates a request for a resource by using the Administrative and User Console. Administrators or other users can also create requests for a particular user. Requests for a particular resource on the resource can be viewed and approved by approvers designated in Oracle Identity Manager.

The following are features of request-based provisioning:

A user can be provisioned only one resource (account) on the target system.

Note:

Direct provisioning allows the provisioning of multiple Oracle Internet Directory accounts on the target system.
Direct provisioning cannot be used if you enable request-based provisioning.

To configure request-based provisioning, perform the following procedures:

Section 2.3.1.8.1, "Copying Predefined Request Datasets"
Section 2.3.1.8.2, "Importing Request Datasets into MDS"
Section 2.3.1.8.3, "Enabling the Auto Save Form Feature"
Section 2.3.1.8.4, "Running the PurgeCache Utility"

2.3.1.8.1 Copying Predefined Request Datasets

A request dataset is an XML file that specifies the information to be submitted by the requester during a provisioning operation. Predefined request datasets are shipped with this connector. These request datasets specify information about the default set of attributes for which the requester must submit information during a request-based provisioning operation. The following is the predefined request dataset available in the DataSets directory on the installation media:

ProvisionResourceOID User.xml

Copy the file from the DataSets directory on the installation media to the OIM_HOME/DataSet/file directory.

Depending on your requirement, you can modify the file names of the request datasets. In addition, you can modify the information in the request datasets. See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for information on modifying request datasets.

2.3.1.8.2 Importing Request Datasets into MDS

Note:

In an Oracle Identity Manager cluster, perform this procedure on any node of the cluster.

All request datasets must be imported into MDS, which can be done by using the MDS Import utility.

To import a request dataset definition into MDS:

Ensure that you have set the environment for running the MDS Import utility. See Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager for detailed information about setting up the environment for MDS utilities.
In a command window, change to the OIM_HOME\server\bin directory.
Run one of the following commands:
- On Microsoft Windows
```
weblogicImportMetadata.bat
```
- On UNIX
```
weblogicImportMetadata.sh
```
When prompted, enter the following values:
- Please enter your username [weblogic]
  
  Enter the username used to log in to the WebLogic server
  
  Sample value: WL_User
- Please enter your password [weblogic]
  
  Enter the password used to log in to the WebLogic server.
- Please enter your server URL [t3://localhost:7001]
  
  Enter the URL of the application server in the following format:
  
  t3://HOST_NAME_IP_ADDRESS:PORT
  
  In this format, replace:
  - HOST_NAME_IP_ADDRESS with the host name or IP address of the computer on which Oracle Identity Manager is installed.
  - PORT with the port on which Oracle Identity Manager is listening.
The request dataset is imported into MDS.

2.3.1.8.3 Enabling the Auto Save Form Feature

To enable the Auto Save Form feature:

Log in to the Design Console.
Expand Process Management, and then double-click Process Definition.
Search for and open the OID User process definition.
Select the Auto Save Form check box.
Click the Save icon.

2.3.1.8.4 Running the PurgeCache Utility

Run the PurgeCache utility to clear content belonging to the Metadata category from the server cache. See Section 2.3.1.3, "Clearing Content Related to Connector Resource Bundles from the Server Cache" for instructions.

The procedure to configure request-based provisioning ends with this step.

2.3.2 Postinstallation on the Target System

Postinstallation on the target system consists of the following procedure.

2.3.2.1 Configuring the Target System

You must configure incremental and role reconciliation by making the modifytimestamp and roleoccupant attributes, respectively, searchable attributes.

Similarly, you must configure full reconciliation by making both the modifytimestamp and roleoccupant attributes searchable.

To configure the target system for incremental, role, or full reconciliation:

If you want to configure incremental reconciliation, then make modifytimestamp a searchable attribute. To do so, use the catalog.sh file to index modifytimestamp.

See Oracle Identity Management User Reference Release 10g (10.1.4.0.1) for information about the procedure.
If you want to configure role reconciliation, then make roleoccupant a searchable attribute. To do so, use the catalog.sh file to index roleoccupant.

See Oracle Identity Management User Reference Release 10g (10.1.4.0.1) for information about the procedure.
If you want to configure full reconciliation, then make modifytimestamp and roleoccupant searchable attributes. To do so, use the catalog.sh file to index both modifytimestamp and roleoccupant.

See Oracle Identity Management User Reference Release 10g (10.1.4.0.1) for information about the procedure.
Restart Oracle Internet Directory for the change to take effect.

2.3.3 Configuring SSL

Note:

This is an optional step of the deployment procedure.

The connector supports only Mode 1 secure connections to Oracle Internet Directory.

To set up SSL connectivity between Oracle Identity Manager and the Oracle Internet Directory server:

Configure SSL on Oracle Internet Directory and then export the Oracle Internet Directory server certificate using Wallet Manager.

See the "Secure Sockets Layer and the Directory" chapter of Oracle Internet Directory Administrator's Guide for detailed instructions.

Note:

For Mode 1 secure connection, you must select SSL Server Authentication as the SSL Authentication.

The default non-SSL port is 389. The default SSL port is 636. When you create a configuration set of Oracle Internet Directory, it is recommended that you select a different port (for example, 1636) for SSL communication with Oracle Identity Manager.
Check if the Oracle Internet Directory server is listening at the SSL port. If it is not, then set it to the SSL port (typically, the default SSL port is 636). Then, restart the server.
Import the certificate from the target system into the JSDK (the JSDK that is used during installation of Oracle Identity Manager) cacerts keystore as follows:
```
keytool -import –alias alias_name -file certificate_file_name_with_complete_path –keystore java_home/jre/lib/security/cacerts
```
If you are using Oracle Identity Manager release 11.1.1, then import the target system certificate into the WebLogic keystore by running the following command:
```
keytool -import -keystore WEBLOGIC_HOME/server/lib/DemoTrust.jks -file CERT_FILE_NAME -storepass PASSWORD
```
In this command:
- CERT_FILE_NAME is the full path and name of the certificate file.
- PASSWORD is the password of the keystore.
The following is a sample command:

keytool -import -keystore WEBLOGIC_HOME/server/lib/DemoTrust.jks -file /home/testoc4j/OIM/globalv.crt -storepass DemoTrustKeyStorePassPhrase
Restart the Oracle Identity Manager server.
In the OID Server IT resource definition:
- Set the SSL parameter value to true.
- Set the Port parameter value to the SSL port number. Typically, this number is 636.