Go to main content
1/15
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Documentation Updates
Conventions
What's New in the Oracle Identity Manager Connector for Database User Management?
Software Updates
Documentation-Specific Updates
1
About the Connector
1.1
Certified Components
1.2
Certified Languages
1.3
Connector Architecture
1.3.1
Reconciliation Process
1.3.2
Provisioning Process
1.4
Features of the Connector
1.4.1
Mapping Standard and Custom Attributes for Reconciliation and Provisioning
1.4.2
Predefined and Custom Reconciliation Queries
1.4.3
Predefined and Custom Provisioning Statements
1.4.4
Framework for Supporting Connector Operations on JDBC-Based Databases
1.4.5
Support for Creating Global and External Users In Oracle Database
1.4.6
Support for Configuring the Connector for Reconciling and Provisioning Object-Level Privileges in Oracle Database
1.4.7
Dependent Lookup Fields
1.4.8
Full and Incremental Reconciliation
1.4.9
Limited (Filtered) Reconciliation
1.4.10
Batched Reconciliation
1.4.11
Specifying Accounts to Be Excluded from Reconciliation and Provisioning Operations
1.4.12
Connection Pooling
1.4.13
Support for Creating Connector Copies
1.4.14
Transformation and Validation of Account Data
1.4.15
Support for Reconciling Data About Deleted Login Entities
1.4.16
Separate Scheduled Tasks for Reconciliation of Users, Logins, and Deleted Login Entities
1.4.17
Support for SSL Communication Between the Target System and Oracle Identity Manager
1.4.18
Support for Managing Authorization to Oracle Database Vault Realms
1.4.19
Support for Configuring the Connector for Enterprise User Security
1.5
Lookup Definitions Used During Connector Operations
1.5.1
Lookup Definitions Synchronized with the Target System
1.5.1.1
Lookup Fields Synchronized with IBM DB2 UDB
1.5.1.2
Lookup Fields Synchronized with Microsoft SQL Server
1.5.1.3
Lookup Fields Synchronized with MySQL
1.5.1.4
Lookup Fields Synchronized with Oracle Database
1.5.1.5
Lookup Fields Synchronized with Sybase
1.5.2
Preconfigured Lookup Definitions
1.5.2.1
Lookup Definitions for IBM DB2 UDB
1.5.2.2
Lookup Definitions for Microsoft SQL Server
1.5.2.3
Lookup Definitions for MySQL
1.5.2.4
Lookup Definitions for Oracle Database
1.5.2.5
Lookup Definitions for Sybase
1.6
Connector Objects Used During Reconciliation
1.6.1
Reconciliation Queries
1.6.2
Target System Columns Used in Reconciliation
1.6.2.1
Target System Columns Used in Target Resource Reconciliation
1.6.2.2
Target System Columns Used in Trusted Source Reconciliation
1.6.3
Reconciliation Rules
1.6.3.1
Reconciliation Rules for Target Resource Reconciliation
1.6.3.2
Reconciliation Rules for Trusted Source Reconciliation
1.6.3.3
Viewing Reconciliation Rules in the Design Console
1.6.4
Reconciliation Action Rules
1.6.4.1
Reconciliation Action Rules for Target Resource Reconciliation
1.6.4.2
Reconciliation Action Rules for Trusted Source Reconciliation
1.6.4.3
Viewing Reconciliation Action Rules
1.7
Connector Objects Used During Provisioning
1.7.1
Provisioning Functions
1.7.1.1
Provisioning Functions for IBM DB2 UDB
1.7.1.2
Provisioning Functions for Microsoft SQL Server
1.7.1.3
Provisioning Functions for MySQL
1.7.1.4
Provisioning Functions for Oracle Database
1.7.1.5
Provisioning Functions for Sybase
1.7.2
Attributes for Provisioning
1.7.2.1
Attributes for Provisioning in IBM DB2 UDB
1.7.2.2
Attributes for Provisioning in Microsoft SQL Server
1.7.2.3
Attributes for Provisioning in MySQL
1.7.2.4
Attributes for Provisioning in Oracle Database
1.7.2.5
Attributes for Provisioning in Sybase
1.8
Roadmap for Deploying and Using the Connector
2
Deploying the Connector
2.1
Preinstallation
2.1.1
Preinstallation on Oracle Identity Manager
2.1.1.1
Files and Directories on the Installation Media
2.1.1.2
Determining the Release Number of the Connector
2.1.1.3
Creating a Backup of the Existing Common.jar File
2.1.2
Preinstallation on the Target System
2.1.2.1
Configuring Microsoft SQL Server
2.1.2.2
Using External Code Files
2.2
Installation
2.2.1
Running the Connector Installer
2.2.2
Copying Files to the Oracle Identity Manager Host Computer
2.3
Postinstallation
2.3.1
Postinstallation on Oracle Identity Manager
2.3.1.1
Configuring the Target System As a Trusted Source
2.3.1.2
Changing to the Required Input Locale
2.3.1.3
Modifying the SVP Table
2.3.1.4
Clearing Content Related to Connector Resource Bundles from the Server Cache
2.3.1.5
Enabling Logging
2.3.1.6
Modifying the Lookup.DBUM.MSSQL.TargetRecon.Role.Mapping Lookup Definition
2.3.1.7
Configuring the Connector for Incremental Reconciliation
2.3.1.8
Configuring Oracle Identity Manager for Request-Based Provisioning
2.3.2
Creating the Administrator Account on Oracle Database Vault
2.3.3
Configuring Secure Communication Between the Target System and Oracle Identity Manager
2.3.3.1
Configuring Secure Communication Between IBM DB2 UDB and Oracle Identity Manager
2.3.3.2
Configuring Secure Communication Between Microsoft SQL Server and Oracle Identity Manager
2.3.3.3
Configuring Secure Communication Between MySQL and Oracle Identity Manager
2.3.3.4
Configuring Secure Communication Between Oracle Database and Oracle Identity Manager
2.3.3.5
Configuring Secure Communication Between Sybase and Oracle Identity Manager
2.3.4
Determining Values for the JDBC URL and Connection Properties Parameters
2.3.4.1
JDBC URL and Connection Properties for IBM DB2 UDB
2.3.4.2
JDBC URL and Connection Properties for Microsoft SQL Server
2.3.4.3
JDBC URL and Connection Properties for MySQL
2.3.4.4
JDBC URL and Connection Properties for Oracle Database
2.3.4.5
JDBC URL and Connection Properties for Sybase Adaptive Server Enterprise
2.3.5
Configuring the IT Resource
3
Using the Connector
3.1
Setting Up Lookup Definitions in Oracle Identity Manager
3.1.1
Setting Up the Configuration Lookup Definition for a Target Resource
3.1.2
Setting Up the Configuration Lookup Definition for a Trusted Source
3.1.3
Setting Up the ExclusionList Lookup Definition
3.2
Guidelines on Configuring Reconciliation
3.3
Scheduled Task for Lookup Field Synchronization
3.4
Configuring Reconciliation
3.4.1
Performing Full Reconciliation
3.4.2
Reconciliation Time Stamp
3.4.3
Batched Reconciliation
3.4.4
Configuring Limited Reconciliation
3.4.4.1
Specifying a Value for the Custom Query Attribute
3.4.4.2
Adding a Filter Parameter in the Reconciliation Query
3.4.5
Reconciliation Scheduled Tasks
3.4.5.1
Scheduled Tasks for Reconciling Data About Users and Logins
3.4.5.2
Scheduled Tasks for Reconciling Data About Deleted Users or Logins
3.5
Configuring Scheduled Tasks
3.6
Guidelines on Performing Provisioning Operations
3.6.1
Guidelines Common to Performing Provisioning Operations on Any Target System
3.6.2
Guidelines on Performing Provisioning Operations in IBM DB2 UDB
3.6.3
Guidelines on Performing Provisioning Operations in Microsoft SQL Server
3.6.4
Guidelines on Performing Provisioning Operations in Oracle Database
3.6.5
Guidelines on Performing Provisioning Operations in Sybase
3.7
Performing Provisioning Operations
3.7.1
Direct Provisioning
3.7.2
Request-Based Provisioning
3.7.2.1
End User's Role in Request-Based Provisioning
3.7.2.2
Approver's Role in Request-Based Provisioning
3.8
Switching Between Request-Based Provisioning and Direct Provisioning on Oracle Identity Manager Release 11.1.1
4
Extending the Functionality of the Connector
4.1
Guidelines on Extending the Functionality of the Connector
4.1.1
Guidelines for Configuring Queries Used in Lookup Field Synchronization
4.1.2
Guidelines for Configuring Queries Used in Reconciliation
4.1.3
Guidelines Common to Configuring Both Types of Queries
4.1.4
Guidelines on Modifying Predefined Attribute Mappings for Provisioning
4.2
Adding or Removing Attributes for Reconciliation
4.2.1
Adding New Standard and Custom Attributes for Reconciliation
4.2.2
Adding New Standard and Custom Multivalued Attributes for Target Resource Reconciliation
4.2.3
Removing Attributes Used for Reconciliation
4.3
Adding or Removing Attribute Mappings for Provisioning
4.3.1
Adding New Standard and Custom Attributes for Provisioning
4.3.2
Adding New Standard and Custom Multivalued Attributes for Provisioning
4.3.3
Removing Attributes for Provisioning
4.4
Modifying Field Lengths on the Process Form
4.5
Configuring the Connector for Multiple Installations of the Target System
4.5.1
Enabling the Dependent Lookup Fields Feature
4.6
Configuring the Connector for Multiple Trusted Source Reconciliation
4.7
Configuring Reconciliation Queries
4.8
Configuring Validation of Data During Reconciliation and Provisioning
4.9
Configuring Transformation of Data During Reconciliation
4.10
Configuring the Connector for Reconciling and Provisioning Object-Level Privileges
4.10.1
Configuring the Connector for Provisioning Object-Level Privileges
4.10.2
Configuring the Connector for Reconciling Object-Level Privileges
4.11
Configuring the Connector for Reconciling and Provisioning Authorization to Oracle Database Vault Realms
4.11.1
Configuring the Connector for Provisioning Authorization to Oracle Database Vault Realms
4.11.2
Configuring the Connector for Reconciling Authorization to Oracle Database Vault Realms
5
Configuring the Connector for a JDBC-Based Database
5.1
Deploying the Connector
5.2
Creating an IT Resource for Your Database
5.3
Creating a Resource Object
5.4
Creating a Process Form
5.5
Adding Attributes for Provisioning
5.6
Creating Lookup Definitions Used During Connector Operations
5.7
Creating a Process Definition
5.8
Adding Process Tasks, Assigning Adapters, and Mapping Adapter Variables
5.9
Configuring Oracle Identity Manager for Request-Based Provisioning
5.10
Adding Attributes for Reconciliation
5.11
Guidelines on Creating or Configuring Queries Used for Reconciliation and Lookup Synchronization
5.12
Creating Scheduled Tasks
5.12.1
Creating Scheduled Tasks on Oracle Identity Manager Release 9.1.0.
x
5.12.2
Creating Scheduled Jobs on Oracle Identity Manager Release 11.1.1
5.13
Configuring Status Reconciliation
6
Testing the Connector
7
Known Issues
A
Preconfigured Lookup Definitions
A.1
Lookup Definitions for IBM DB2 UDB
A.1.1
Lookup.DBUM.DB2.Configuration
A.1.2
Lookup.DBUM.DB2.Error.Mapping
A.1.3
Lookup.DBUM.DB2.ExclusionList
A.1.4
Lookup.DBUM.DB2.Parameter.Configuration
A.1.5
Lookup.DBUM.DB2.Provisioning.Validation
A.1.6
Lookup.DBUM.DB2.Query.Configuration
A.1.7
Lookup.DBUM.DB2.TargetRecon.Delete.Mapping
A.1.8
Lookup.DBUM.DB2.TargetRecon.Mapping
A.1.9
Lookup.DBUM.DB2.TargetRecon.QueryFilter
A.1.10
Lookup.DBUM.DB2.TargetRecon.Schema.Configuration
A.1.11
Lookup.DBUM.DB2.TargetRecon.Schema.Mapping
A.1.12
Lookup.DBUM.DB2.TargetRecon.Schema.QueryFilter
A.1.13
Lookup.DBUM.DB2.TargetRecon.Tablespace.Configuration
A.1.14
Lookup.DBUM.DB2.TargetRecon.Tablespace.Mapping
A.1.15
Lookup.DBUM.DB2.TargetRecon.Tablespace.QueryFilter
A.1.16
Lookup.DBUM.DB2.TargetRecon.Transformation
A.1.17
Lookup.DBUM.DB2.TargetRecon.UserTypeMapping
A.1.18
Lookup.DBUM.DB2.TargetRecon.Validation
A.1.19
Lookup.DBUM.DB2.TrustedRecon.Configuration
A.1.20
Lookup.DBUM.DB2.TrustedRecon.Delete.Mapping
A.1.21
Lookup.DBUM.DB2.TrustedRecon.ExclusionList
A.1.22
Lookup.DBUM.DB2.TrustedRecon.Mapping
A.1.23
Lookup.DBUM.DB2.TrustedRecon.QueryFilter
A.1.24
Lookup.DBUM.DB2.TrustedRecon.Transformation
A.1.25
Lookup.DBUM.DB2.TrustedRecon.Validation
A.1.26
Lookup.DBUM.DB2.UserType
A.1.27
Lookup.DBUM.DB2.WithGrantOption
A.2
Lookup Definitions for Microsoft SQL Server
A.2.1
Lookup.DBUM.MSSQL.AuthType
A.2.2
Lookup.DBUM.MSSQL.AuthType.KeyMapping.CreateLogin
A.2.3
Lookup.DBUM.MSSQL.AuthType.KeyMapping.CreateUser
A.2.4
Lookup.DBUM.MSSQL.AuthType.KeyMapping.DeleteLogin
A.2.5
Lookup.DBUM.MSSQL.AuthType.KeyMapping.DeleteUser
A.2.6
Lookup.DBUM.MSSQL.AuthType.KeyMapping.DisableLogin
A.2.7
Lookup.DBUM.MSSQL.AuthType.KeyMapping.EnableLogin
A.2.8
Lookup.DBUM.MSSQL.Configuration
A.2.9
Lookup.DBUM.MSSQL.Error.Mapping
A.2.10
Lookup.DBUM.MSSQL.ExclusionList
A.2.11
Lookup.DBUM.MSSQL.Parameter.Configuration
A.2.12
Lookup.DBUM.MSSQL.Provisioning.Validation
A.2.13
Lookup.DBUM.MSSQL.Query.Configuration
A.2.14
Lookup.DBUM.MSSQL.TargetRecon.Auth.Mapping
A.2.15
Lookup.DBUM.MSSQL.TargetRecon.Delete.Login.Mapping
A.2.16
Lookup.DBUM.MSSQL.TargetRecon.Delete.User.Mapping
A.2.17
Lookup.DBUM.MSSQL.TargetRecon.Login.Mapping
A.2.18
Lookup.DBUM.MSSQL.TargetRecon.Login.Transformation
A.2.19
Lookup.DBUM.MSSQL.TargetRecon.Login.Validation
A.2.20
Lookup.DBUM.MSSQL.TargetRecon.QueryFilter
A.2.21
Lookup.DBUM.MSSQL.TargetRecon.Role.Mapping
A.2.22
Lookup.DBUM.MSSQL.TargetRecon.User.Mapping
A.2.23
Lookup.DBUM.MSSQL.TargetRecon.User.Transformation
A.2.24
Lookup.DBUM.MSSQL.TargetRecon.User.Validation
A.2.25
Lookup.DBUM.MSSQL.TrustedRecon.Configuration
A.2.26
Lookup.DBUM.MSSQL.TrustedRecon.Delete.Mapping
A.2.27
Lookup.DBUM.MSSQL.TrustedRecon.ExclusionList
A.2.28
Lookup.DBUM.MSSQL.TrustedRecon.Mapping
A.2.29
Lookup.DBUM.MSSQL.TrustedRecon.QueryFilter
A.2.30
Lookup.DBUM.MSSQL.TrustedRecon.Transformation
A.2.31
Lookup.DBUM.MSSQL.TrustedRecon.Validation
A.3
Lookup Definitions for MySQL
A.3.1
Lookup.DBUM.MySQL.Configuration
A.3.2
Lookup.DBUM.MySQL.Error.Mapping
A.3.3
Lookup.DBUM.MySQL.ExclusionList
A.3.4
Lookup.DBUM.MySQL.Parameter.Configuration
A.3.5
Lookup.DBUM.MySQL.Provisioning.Validation
A.3.6
Lookup.DBUM.MySQL.Query.Configuration
A.3.7
Lookup.DBUM.MySQL.TargetRecon.Delete.Mapping
A.3.8
Lookup.DBUM.MySQL.TargetRecon.Mapping
A.3.9
Lookup.DBUM.MySQL.TargetRecon.QueryFilter
A.3.10
Lookup.DBUM.MySQL.TargetRecon.SchemaPrivilege.Configuration
A.3.11
Lookup.DBUM.MySQL.TargetRecon.SchemaPrivilege.Mapping
A.3.12
Lookup.DBUM.MySQL.TargetRecon.SchemaPrivilege.QueryFilter
A.3.13
Lookup.DBUM.MySQL.TargetRecon.Transformation
A.3.14
Lookup.DBUM.MySQL.TargetRecon.Validation
A.3.15
Lookup.DBUM.MySQL.TrustedRecon.Configuration
A.3.16
Lookup.DBUM.MySQL.TrustedRecon.Delete.Mapping
A.3.17
Lookup.DBUM.MySQL.TrustedRecon.ExclusionList
A.3.18
Lookup.DBUM.MySQL.TrustedRecon.Mapping
A.3.19
Lookup.DBUM.MySQL.TrustedRecon.QueryFilter
A.3.20
Lookup.DBUM.MySQL.TrustedRecon.Transformation
A.3.21
Lookup.DBUM.MySQL.TrustedRecon.Validation
A.4
Lookup Definitions for Oracle Database
A.4.1
Lookup.DBUM.Oracle.AuthType
A.4.2
Lookup.DBUM.Oracle.AuthType.KeyMapping.CreateUser
A.4.3
Lookup.DBUM.Oracle.AuthType.KeyMapping.UpdateUser
A.4.4
Lookup.DBUM.Oracle.Configuration
A.4.5
Lookup.DBUM.Oracle.Error.Mapping
A.4.6
Lookup.DBUM.Oracle.ExclusionList
A.4.7
Lookup.DBUM.Oracle.Parameter.Configuration
A.4.8
Lookup.DBUM.Oracle.Provisioning.Validation
A.4.9
Lookup.DBUM.Oracle.Query.Configuration
A.4.10
Lookup.DBUM.Oracle.TargetRecon.Delete.Mapping
A.4.11
Lookup.DBUM.Oracle.TargetRecon.Mapping
A.4.12
Lookup.DBUM.Oracle.TargetRecon.Privilege.Configuration
A.4.13
Lookup.DBUM.Oracle.TargetRecon.Privilege.Mapping
A.4.14
Lookup.DBUM.Oracle.TargetRecon.Privilege.QueryFilter
A.4.15
Lookup.DBUM.Oracle.TargetRecon.QueryFilter
A.4.16
Lookup.DBUM.Oracle.TargetRecon.Role.Configuration
A.4.17
Lookup.DBUM.Oracle.TargetRecon.Role.Mapping
A.4.18
Lookup.DBUM.Oracle.TargetRecon.Role.QueryFilter
A.4.19
Lookup.DBUM.Oracle.TargetRecon.Transformation
A.4.20
Lookup.DBUM.Oracle.TargetRecon.Validation
A.4.21
Lookup.DBUM.Oracle.WithAdminOption
A.4.22
Lookup.DBUM.Oracle.TrustedRecon.Configuration
A.4.23
Lookup.DBUM.Oracle.TrustedRecon.Delete.Mapping
A.4.24
Lookup.DBUM.Oracle.TrustedRecon.ExclusionList
A.4.25
Lookup.DBUM.Oracle.TrustedRecon.Mapping
A.4.26
Lookup.DBUM.Oracle.TrustedRecon.QueryFilter
A.4.27
Lookup.DBUM.Oracle.TrustedRecon.Transformation
A.4.28
Lookup.DBUM.Oracle.TrustedRecon.Validation
A.5
Lookup Definitions for Sybase
A.5.1
Lookup.DBUM.Sybase.Configuration
A.5.2
Lookup.DBUM.Sybase.Error.Mapping
A.5.3
Lookup.DBUM.Sybase.ExclusionList
A.5.4
Lookup.DBUM.Sybase.Parameter.Configuration
A.5.5
Lookup.DBUM.Sybase.Provisioning.Validation
A.5.6
Lookup.DBUM.Sybase.Query.Configuration
A.5.7
Lookup.DBUM.Sybase.TargetRecon.Delete.Login.Mapping
A.5.8
Lookup.DBUM.Sybase.TargetRecon.Delete.User.Mapping
A.5.9
Lookup.DBUM.Sybase.TargetRecon.Login.Mapping
A.5.10
Lookup.DBUM.Sybase.TargetRecon.Login.Transformation
A.5.11
Lookup.DBUM.Sybase.TargetRecon.Login.Validation
A.5.12
Lookup.DBUM.Sybase.TargetRecon.QueryFilter
A.5.13
Lookup.DBUM.Sybase.TargetRecon.Role.Mapping
A.5.14
Lookup.DBUM.Sybase.TargetRecon.User.Mapping
A.5.15
Lookup.DBUM.Sybase.TargetRecon.User.Transformation
A.5.16
Lookup.DBUM.Sybase.TargetRecon.User.Validation
A.5.17
Lookup.DBUM.Sybase.TrustedRecon.Configuration
A.5.18
Lookup.DBUM.Sybase.TrustedRecon.Delete.Mapping
A.5.19
Lookup.DBUM.Sybase.TrustedRecon.ExclusionList
A.5.20
Lookup.DBUM.Sybase.TrustedRecon.Mapping
A.5.21
Lookup.DBUM.Sybase.TrustedRecon.QueryFilter
A.5.22
Lookup.DBUM.Sybase.TrustedRecon.Transformation
A.5.23
Lookup.DBUM.Sybase.TrustedRecon.Validation
A.6
Other Lookup Definitions
A.6.1
Lookup.DBUM.TargetRecon.StatusMapping
A.6.2
Lookup.DBUM.TrustedRecon.StatusMapping
Index
Scripting on this page enhances content navigation, but does not change the content in any way.