| Oracle® Identity Manager Connector Guide for Database User Management Release 9.0.4 Part Number E10425-07 |
|
|
View PDF |
| Oracle® Identity Manager Connector Guide for Database User Management Release 9.0.4 Part Number E10425-07 |
|
|
View PDF |
This chapter provides an overview of the updates made to the software and documentation for the Database User Management connector in release 9.0.4.5.
The updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software.
Documentation-Specific Updates
This section describes major changes made to this guide. These changes are not related to software updates.
The following sections discuss updates made from release 9.0.4 to the current release of the connector:
The following are software updates in release 9.0.4.1:
This release of the connector supports trusted source reconciliation. The required information has been included at appropriate places in the guide.
In this release of the connector, there are separate user reconciliation scheduled tasks for trusted source and target resource reconciliation. In the "Configuring the Reconciliation Scheduled Tasks" section, the attributes of these scheduled tasks are described.
This release of the connector provides timeout support for provisioning and reconciliation. In the "IT Resources" section, the IT resource parameters that are used to implement this feature are described.
You can customize the reconciliation process by specifying the subset of added or modified target system records that must be reconciled. This feature is discussed in the "Partial Reconciliation" section.
In this release, you can specify the number of records to be reconciled by using the Record Size user reconciliation scheduled task attribute. This is described in the "Specifying the Number of Records to Be Reconciled" section.
By following the instructions in the "Enabling Logging" section, you can configure the generation of log information that is specific to the target system.
In this release of the connector, you can set up a secure JDBC connection between Oracle Identity Manager and the Oracle Database only. This feature is not available for the other target systems. This is achieved by using the isSecure parameter, which is described in the "IT Resources" section.
The testing utility has been added in this release of the connector. The required information has been added in the following sections:
The following table describes issues resolved in release 9.0.4.1_6728658:
| Bug Number | Issue | Resolution |
|---|---|---|
| 6974826 | On the Oracle Database target system, a Create User provisioning operation failed if the target system did not contain a temporary tablespace named TEMP. The "The task was rejected by ORA - 959" error message was displayed as the outcome of the provisioning operation. | You can now perform a Create User provisioning operation on the Oracle Database target system even if there is no temporary tablespace named TEMP on the target system. The default temporary tablespace of the target system is used to provision the user. |
| 6371580 and 6488890 | On Oracle Database, the minimum permissions to be assigned to the target system user account for performing connector operations was not known. You had to create and use an administrator-level user account for connector operations. | For this target system, a script to create the target system user account has been shipped along with the connector installation package. When you run the script, the target system user account is created and the minimum required permissions are automatically assigned to the user account.
See "Configuring Oracle Database" for information about this script. |
| 6438096 | For the Microsoft SQL Server target system, the UD_Lookup.DB_Dbnames-sql lookup definition had to be manually updated with names of databases on the target system installation. | The DBAccessLookupReconTask lookup reconciliation scheduled task has been provided to automate updating of the database names in the UD_Lookup.DB_SQL_DBNames lookup definition. You can use the Exclusion List attribute of this scheduled task to specify the database names that must not be included in the reconciliation process. |
| 6468961 | Logging conventions were not consistent across target systems. | The logging functionality has been enhanced and made consistent. |
| 6603690 | There was a requirement for enhancement in the organization of process forms used for User and Login accounts. | See the information given after this table about changes made in the connector. |
| 6617547 | The status of the Create User process task remained at Rejected when the user could not be created on the target system. This is expected behavior. However, you could perform an Update Password provisioning operation on the user. | This has been resolved. If the user is not created on the target system, then you cannot perform Update User provisioning operations on the user through Oracle Identity Manager. |
| 6624875 | On Oracle Database, users in the Locked state could not be detected during a reconciliation run. | This issue has been resolved. You can now use the ReconcileLockedUser scheduled task attribute to specify whether or not you want target system user who are in the Locked state to be reconciled during a reconciliation run. |
| 6639559 | During a target resource reconciliation run, the resource object remained in the Provisioning state even after the reconciliation event was successfully linked. | In the provisioning processes, the response mapping for the Reconciliation Update Received task has been modified. For the "Event Processed" response code, the "C" (Completed) status code has been mapped to the "Provisioned" object status. |
| 5496483 | During a target resource reconciliation run on Microsoft SQL Server or Sybase, multiple user IDs were generated for users who belonged to two or more databases on the target system installation. | In the process definition for Microsoft SQL Server Users and Sybase Users, the "Database Name" field has been made a key field along with Parent Login Name and Username. That is, a composite key field is used. |
| 5505785 | The Authentication Type field is a required parameter for creating a login account. However, this field was not a mandatory field on the process form. Provisioning failed if you did not enter a value in this field on the process form. | This issue has been resolved.
See the information given after this table about changes made in the connector. |
| 5582717 | If you tried to change the login or user name through a provisioning operation, then the operation would always fail. | The Update Login and Update User provisioning operations are not supported. If you try to perform these operations, then an appropriate message is displayed. |
| 6279025 | If the max_retry IT resource parameter was left blank, then the numberformatexception exception was thrown during reconciliation and provisioning. |
This issue has been resolved. If you do not specify values for the max_retry and delay_retry parameters while configuring the IT resource, then default values are used for these parameters during reconciliation and provisioning. |
| 6455965 | Microsoft SQL Server, Oracle Database, and Sybase do not support Enable/Disable User operations. If you performed the Enable or Disable provisioning operation on any of these target systems, the state of the resource in Oracle Identity Manager remained at "Provisioning." | The Enable/Disable User provisioning operation is supported only for IBM DB2 UDB. If you try to perform these provisioning operations on any of the other target systems, then a message stating that the operation is not supported is displayed. |
The following resource objects replace the resource objects used in release 9.0.4.1:
Database Access Oracle User RO: This resource object is equivalent to the login account on the target system.
Database Access DB2UDB User RO: This resource object is equivalent to the login account on the target system.
Database Access SQLServer Login RO: This resource object is equivalent to the login account on the target system.
Database Access SQLServer User RO: This resource object is equivalent to the user account on the target system. A Microsoft SQL Server login can have one user account for each database. The number of users for a login depends on the number of databases on which the users are created.
Database Access Sybase Login RO: This resource object is equivalent to the login account on the target system.
Database Access Sybase User RO: This resource object is equivalent to the user account on the target system. A Sybase login can have one user account for each database. The number of users for a login depends on the number of databases on which the users are created.
Note:
On Microsoft SQL Server and Sybase, user accounts are child elements of login accounts. However, Oracle Identity Manager does not maintain this relationship between the login and user account for the same user. In other words, Oracle Identity Manager treats the login and user resource as independent resources.The following is a summary of the changes that have been made in the connector object definitions:
| Connector Object | IBM DB2 UDB | Microsoft SQL Server | Oracle Database | Sybase |
|---|---|---|---|---|
| Resource objects | Database Access DB2UDB User RO | Database Access SQLServer Login RO
Database Access SQLServer User RO |
Database Access Oracle User RO | Database Access Sybase Login RO
Database Access Sybase User RO |
| Process forms | UD_DB_DB2_U (parent form for User entity)
UD_DB_DB2_S (child form for schema) UD_DB_DB2_T (child form for tablespace) |
UD_DB_SQL_L (parent form for Login entity)
UD_DB_SQL_U (parent form for User entity) UD_DB_SQL_R (child form for role) |
UD_DB_ORA_U (parent form for User entity)
UD_DB_ ORA _R (child form for role) UD_DB_ ORA _P (child form for privilege) |
UD_DB_SYB_L (parent form for Login entity)
UD_DB_SYB_R (child form for role) UD_DB_SYB_U (parent form for User entity) |
| Provisioning processes | Database Access DB2UDB User | Database Access MSSQL Login
Database Access MSSQL User |
Database Access Oracle User | Database Access Sybase Login
Database Access Sybase User |
The following connector objects are the same for all the target systems:
Adapters
IT resource type
Definition of the user reconciliation scheduled task
Definition of the lookup reconciliation scheduled task
Definitions of the connector objects are in the following XML files:
For IBM DB2 UDB, the connector object definitions are in the xliDBAccessLogin_DM Nontrusted.xml file.
For Microsoft SQL Server, the connector object definitions are in the xliDBAccessLogin_DM Nontrusted.xml and xliDBAccessUser_DM Nontrusted.xml files.
For Oracle Database, the connector object definitions are in the xliDBAccessLogin_DM Nontrusted.xml file.
For Sybase, the connector object definitions are in the xliDBAccessLogin_DM Nontrusted.xml and xliDBAccessUser_DM Nontrusted.xml files.
The following software updates have been made in release 9.0.4.2:
From Oracle Identity Manager release 9.1.0 onward, the Administrative and User Console provides the Connector Installer feature. This feature can be used to automate the connector installation procedure.
See "Installing the Connector on Oracle Identity Manager Release 9.1.0 or Later" for details.
The following are issues resolved in release 9.0.4.2:
| Bug Number | Issue | Resolution |
|---|---|---|
| 7355039 | The change in the Oracle Identity Manager objects delivered through patch number 9.0.4.1_6728658 were not reflected in the resource bundle of the connector. | This issue has been resolved. The resource bundle keys for both English and Non-English languages have been modified based on the new user configurations. |
The following is an issue resolved in release 9.0.4.3:
| Bug Number | Issue | Resolution |
|---|---|---|
| 8206597 | If the target system was Microsoft SQL Server 2000, then the following error was encountered during reconciliation:
Column index 7 is out of range |
This issue has been resolved. The error is not encountered during reconciliation with a Microsoft SQL Server 2000 database. |
The following are software updates in release 9.0.4.4:
From this release onward, Sybase Adaptive Server Enterprise 15.x has been added to the list of certified target systems. This has been mentioned in the "Verifying Deployment Requirements" section.
The following is an issue resolved in release 9.0.4.4:
| Bug Number | Issue | Resolution |
|---|---|---|
| 8211696 | Reconciliation failed on Sybase. | This issue has been resolved. Reconciliation can be performed with a Sybase database. |
The following are software updates in release 9.0.4.5:
The Update Tablespace provisioning operation is supported from this release onward.
The following is an issue resolved in release 9.0.4.5:
| Bug Number | Issue | Resolution |
|---|---|---|
| 7346730 | Suppose a user with a single role assigned was reconciled from the target system. If this role was revoked from the user on the target system, then the role was not revoked from the user on Oracle Identity Manager during the next reconciliation run. | This issue has been resolved. The role is now revoked at the end of the next reconciliation run. |
| 7233670 | The following issue was observed during target resource reconciliation of login accounts:
Even when you specified a database name as the value of the DBName attribute of the scheduled task, reconciliation was run on all databases. |
This issue has been resolved. The DBName attribute is automatically applied during reconciliation. |
| 8274800 | If the target system was Microsoft SQL Server, then the Login Name and Record Size attributes of the scheduled task did not work correctly. | This issue has been resolved. The Login Name and Record Size attributes work on all certified target systems. |
| 8284824 | The following issue was observed on Oracle Database target systems:
If you entered a value in the Username field in lowercase or mixed case characters, then the user had to use the following format to log in to the target system:
|
This issue has been resolved. The user can use the usual sqlplus username/password format, regardless of the case in which the Username value is specified. |
| 7716122 | The ReconcileLockedUser attribute of the scheduled task could not be used to reconcile users whose status was EXPIRED & LOCKED. |
This issue has been resolved. The ReconcileLockedUser attribute can be used to reconcile users whose status is LOCKED or EXPIRED & LOCKED. |
| 8274794 | The Update Group provisioning operation did not work correctly. | This issue has been resolved. The Update Group provisioning operation works as expected. |
| 7409831 | The status of a resource was changed to Provisioning even after a task was rejected. |
For all tasks other than the Create User task, the status of a provisioned resource does not change to Provisioning even if a task is rejected. |
The following sections discuss documentation-specific updates that have been made in this guide:
Major changes have been made to the structure of the guide. The objective of these changes is to synchronize the guide with the changes made to the connector and to improve the usability of information provided by the guide.
There are no documentation-specific updates in release 9.0.4.1_6728658.
There are no documentation-specific updates in release 9.0.4.2.
In the "Known Issues" chapter:
Items that are not related to limitations of the connector have been removed.
Bug numbers have been added for the remaining items.
Issues related to Bugs 8274794 and 8274800 have been added.
The following are documentation-specific updates in release 9.0.4.4:
The Default Role attribute is not provisioned or reconciled. This attribute has been removed from the following sections:
Bug 8424404 has been added in the "Known Issues" chapter.
The following changes have been made to the list of supported functions in the "Database Access Entity: Login Provisioning" section:
The Account Status Updated provisioning function has been removed.
The Default Tablespace Updated provisioning function has been added.
The Account Status reconciliation event has been added.
In the table given in "Testing Connector Functionality" chapter, the value of the Authentication_Type attribute has been changed from isSqlAuth to SQL_SERVER_AUTHENTICATION.
The following item has been removed from the "Known Issues" chapter:
Bug 7300590
On Microsoft SQL Server, you cannot use the testing utility to test the Delete User provisioning operation.
In the "Verifying Deployment Requirements" section, changes have been made in the "Target Systems" row.
Oracle8i Database is no longer a supported target system version. All occurrences of "Oracle8i Database" have been removed from this guide
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
